test: add tests for azure and GCP CSFLE (#2662)

This adds new tests, and modifies the test runner to account for the recent addition of Azure and GCP CSFLE support in the CSLFE specification. NODE-2825
mongodb · Jan 13, 2021 · 7e89e47 · 7e89e47
1 parent 8daff7f
commit 7e89e47
Show file tree

Hide file tree

Showing 108 changed files with 12,081 additions and 4,101 deletions.
diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -93,8 +93,7 @@ functions:
           if [ -n "${CLIENT_ENCRYPTION}" ]; then
             cat <<EOT > prepare_client_encryption.sh
             export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION}
-            export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}"
-            export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}"
+            export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}'
           EOT
           fi
     - command: shell.exec

diff --git a/.evergreen/config.yml.in b/.evergreen/config.yml.in
@@ -112,8 +112,7 @@ functions:
           if [ -n "${CLIENT_ENCRYPTION}" ]; then
             cat <<EOT > prepare_client_encryption.sh
             export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION}
-            export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}"
-            export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}"
+            export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}'
           EOT
           fi
     - command: shell.exec
@@ -239,7 +238,7 @@ functions:
           MONGODB_URI='${plain_auth_mongodb_uri}' NODE_LTS_NAME='${NODE_LTS_NAME}' \
           bash ${PROJECT_DIRECTORY}/.evergreen/run-ldap-tests.sh
 
-  "run tls tests":  
+  "run tls tests":
     - command: shell.exec
       type: test
       params:

diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
@@ -52,7 +52,7 @@ if [[ -z "${CLIENT_ENCRYPTION}" ]]; then
   unset AWS_ACCESS_KEY_ID;
   unset AWS_SECRET_ACCESS_KEY;
 else
-  npm install mongodb-client-encryption
+  npm install mongodb-client-encryption@1.1.1-beta.0
 fi
 
 MONGODB_UNIFIED_TOPOLOGY=${UNIFIED} MONGODB_URI=${MONGODB_URI} npm run ${TEST_NPM_SCRIPT}
diff --git a/test/functional/client_side_encryption/corpus.test.js b/test/functional/client_side_encryption/corpus.test.js
@@ -24,17 +24,21 @@ describe('Client Side Encryption Corpus', function() {
     return EJSON.parse(fs.readFileSync(path.resolve(corpusDir, filename), { strict: true }));
   }
 
+  const CSFLE_KMS_PROVIDERS = process.env.CSFLE_KMS_PROVIDERS;
+  const kmsProviders = CSFLE_KMS_PROVIDERS ? EJSON.parse(CSFLE_KMS_PROVIDERS) : {};
+  kmsProviders.local = {
+    key: Buffer.from(
+      'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk',
+      'base64'
+    )
+  };
+
   // TODO: build this into EJSON
   // TODO: make a custom chai assertion for this
   function toComparableExtendedJSON(value) {
     return JSON.parse(EJSON.stringify({ value }, { strict: true }));
   }
 
-  const localKey = Buffer.from(
-    'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk',
-    'base64'
-  );
-
   // Filters out tests that have to do with dbPointer
   // TODO: fix dbpointer and get rid of this.
   function filterImportedObject(object) {
@@ -53,6 +57,8 @@ describe('Client Side Encryption Corpus', function() {
   const corpusSchema = loadCorpusData('corpus-schema.json');
   const corpusKeyLocal = loadCorpusData('corpus-key-local.json');
   const corpusKeyAws = loadCorpusData('corpus-key-aws.json');
+  const corpusKeyAzure = loadCorpusData('corpus-key-azure.json');
+  const corpusKeyGcp = loadCorpusData('corpus-key-gcp.json');
   const corpusAll = filterImportedObject(loadCorpusData('corpus.json'));
   const corpusEncryptedExpectedAll = filterImportedObject(loadCorpusData('corpus-encrypted.json'));
 
@@ -69,13 +75,23 @@ describe('Client Side Encryption Corpus', function() {
   ]);
   const identifierMap = new Map([
     ['local', corpusKeyLocal._id],
-    ['aws', corpusKeyAws._id]
+    ['aws', corpusKeyAws._id],
+    ['azure', corpusKeyAzure._id],
+    ['gcp', corpusKeyGcp._id]
   ]);
   const keyAltNameMap = new Map([
     ['local', 'local'],
-    ['aws', 'aws']
+    ['aws', 'aws'],
+    ['azure', 'azure'],
+    ['gcp', 'gcp']
+  ]);
+  const copyOverValues = new Set([
+    '_id',
+    'altname_aws',
+    'altname_local',
+    'altname_azure',
+    'altname_gcp'
   ]);
-  const copyOverValues = new Set(['_id', 'altname_aws', 'altname_local']);
 
   let client;
 
@@ -102,7 +118,7 @@ describe('Client Side Encryption Corpus', function() {
         break;
       }
       default: {
-        throw new Error('how did you get here?');
+        throw new Error('Unexpected algorithm: ' + expected.algo);
       }
     }
 
@@ -122,7 +138,7 @@ describe('Client Side Encryption Corpus', function() {
     } else if (expected.allowed === false) {
       expect(actualJSON).to.deep.equal(expectedJSON);
     } else {
-      throw new Error('how did you get here?');
+      throw new Error('Unexpected value for allowed: ' + expected.allowed);
     }
   }
 
@@ -142,7 +158,9 @@ describe('Client Side Encryption Corpus', function() {
           .then(() => keyDb.dropCollection(keyVaultCollName))
           .catch(() => {})
           .then(() => keyDb.collection(keyVaultCollName))
-          .then(keyColl => keyColl.insertMany([corpusKeyLocal, corpusKeyAws]));
+          .then(keyColl =>
+            keyColl.insertMany([corpusKeyLocal, corpusKeyAws, corpusKeyAzure, corpusKeyGcp])
+          );
       });
   });
 
@@ -185,7 +203,7 @@ describe('Client Side Encryption Corpus', function() {
           //    Configure both objects with ``keyVaultNamespace`` set to ``keyvault.datakeys``.
           const autoEncryption = {
             keyVaultNamespace,
-            kmsProviders: this.configuration.kmsProviders(null, localKey)
+            kmsProviders
           };
           if (useClientSideSchema) {
             autoEncryption.schemaMap = {
@@ -204,7 +222,7 @@ describe('Client Side Encryption Corpus', function() {
           return clientEncrypted.connect().then(() => {
             clientEncryption = new mongodbClientEncryption.ClientEncryption(client, {
               keyVaultNamespace,
-              kmsProviders: this.configuration.kmsProviders(null, localKey)
+              kmsProviders
             });
           });
         });
@@ -269,7 +287,7 @@ describe('Client Side Encryption Corpus', function() {
                 } else if (field.identifier === 'altname') {
                   encryptOptions.keyAltName = keyAltNameMap.get(field.kms);
                 } else {
-                  throw new Error('wtf how did u get here?');
+                  throw new Error('Unexpected identifier: ' + field.identifier);
                 }
 
                 return Promise.resolve()
@@ -294,7 +312,7 @@ describe('Client Side Encryption Corpus', function() {
                   );
               }
 
-              throw new Error('how did u get here?');
+              throw new Error('Unexpected method: ' + field.method);
             });
           })
           .then(() => {