From d727cedac5ff4441413143b096b1e334bcbbdf9e Mon Sep 17 00:00:00 2001 From: Eric Adum Date: Fri, 29 Jan 2021 10:33:13 -0500 Subject: [PATCH] chore(ci): enable tls testing on windows (#2722) NODE-2977 --- .evergreen/config.yml | 115 ++++++++++++++++++++----- .evergreen/generate_evergreen_tasks.js | 57 +++++++----- .evergreen/run-tls-tests.sh | 9 +- test/manual/tls_support.test.js | 14 ++- 4 files changed, 148 insertions(+), 47 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 2bf1101bfd..eb5ca2092c 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -802,17 +802,6 @@ tasks: commands: - func: install dependencies - func: run ldap tests - - name: test-tls-support - tags: - - tls-support - commands: - - func: install dependencies - - func: bootstrap mongo-orchestration - vars: - SSL: ssl - VERSION: latest - TOPOLOGY: server - - func: run tls tests - name: test-ocsp-valid-cert-server-staples tags: - ocsp @@ -909,6 +898,28 @@ tasks: - func: run-ocsp-test vars: OCSP_TLS_SHOULD_SUCCEED: 0 + - name: test-tls-support-latest + tags: + - tls-support + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + SSL: ssl + TOPOLOGY: server + - func: run tls tests + - name: test-tls-support-4.2 + tags: + - tls-support + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: '4.2' + SSL: ssl + TOPOLOGY: server + - func: run tls tests - name: test-latest-ocsp-valid-cert-server-staples tags: - ocsp @@ -1188,7 +1199,6 @@ buildvariants: - test-atlas-data-lake - test-auth-kerberos - test-auth-ldap - - test-tls-support - test-ocsp-valid-cert-server-staples - test-ocsp-invalid-cert-server-staples - test-ocsp-valid-cert-server-does-not-staple @@ -1196,6 +1206,8 @@ buildvariants: - test-ocsp-soft-fail - test-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple - test-ocsp-malicious-no-responder-mustStaple-server-does-not-staple + - test-tls-support-latest + - test-tls-support-4.2 - test-latest-ocsp-valid-cert-server-staples - test-latest-ocsp-invalid-cert-server-staples - test-latest-ocsp-valid-cert-server-does-not-staple @@ -1221,19 +1233,73 @@ buildvariants: run_on: rhel70-small expansions: NODE_LTS_NAME: dubnium - tasks: *ref_0 + tasks: &ref_1 + - test-latest-server + - test-latest-replica_set + - test-latest-sharded_cluster + - test-4.4-server + - test-4.4-replica_set + - test-4.4-sharded_cluster + - test-4.2-server + - test-4.2-replica_set + - test-4.2-sharded_cluster + - test-4.0-server + - test-4.0-replica_set + - test-4.0-sharded_cluster + - test-3.6-server + - test-3.6-replica_set + - test-3.6-sharded_cluster + - test-3.4-server + - test-3.4-replica_set + - test-3.4-sharded_cluster + - test-3.2-server + - test-3.2-replica_set + - test-3.2-sharded_cluster + - test-3.0-server + - test-3.0-replica_set + - test-3.0-sharded_cluster + - test-2.6-server + - test-2.6-replica_set + - test-2.6-sharded_cluster + - test-atlas-connectivity + - test-atlas-data-lake + - test-auth-kerberos + - test-auth-ldap + - test-ocsp-valid-cert-server-staples + - test-ocsp-invalid-cert-server-staples + - test-ocsp-valid-cert-server-does-not-staple + - test-ocsp-invalid-cert-server-does-not-staple + - test-ocsp-soft-fail + - test-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple + - test-ocsp-malicious-no-responder-mustStaple-server-does-not-staple + - test-tls-support-latest + - test-tls-support-4.2 + - test-latest-ocsp-valid-cert-server-staples + - test-latest-ocsp-invalid-cert-server-staples + - test-latest-ocsp-valid-cert-server-does-not-staple + - test-latest-ocsp-invalid-cert-server-does-not-staple + - test-latest-ocsp-soft-fail + - test-latest-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple + - test-latest-ocsp-malicious-no-responder-mustStaple-server-does-not-staple + - test-4.4-ocsp-valid-cert-server-staples + - test-4.4-ocsp-invalid-cert-server-staples + - test-4.4-ocsp-valid-cert-server-does-not-staple + - test-4.4-ocsp-invalid-cert-server-does-not-staple + - test-4.4-ocsp-soft-fail + - test-4.4-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple + - test-4.4-ocsp-malicious-no-responder-mustStaple-server-does-not-staple - name: rhel70-erbium display_name: RHEL 7.0 Node Erbium run_on: rhel70-small expansions: NODE_LTS_NAME: erbium - tasks: *ref_0 + tasks: *ref_1 - name: ubuntu-14.04-dubnium display_name: Ubuntu 14.04 Node Dubnium run_on: ubuntu1404-large expansions: NODE_LTS_NAME: dubnium - tasks: &ref_1 + tasks: &ref_2 - test-4.0-server - test-4.0-replica_set - test-4.0-sharded_cluster @@ -1261,14 +1327,14 @@ buildvariants: run_on: ubuntu1404-large expansions: NODE_LTS_NAME: erbium - tasks: *ref_1 + tasks: *ref_2 - name: ubuntu-18.04-dubnium display_name: Ubuntu 18.04 Node Dubnium run_on: ubuntu1804-large expansions: NODE_LTS_NAME: dubnium CLIENT_ENCRYPTION: true - tasks: &ref_2 + tasks: &ref_3 - test-latest-server - test-latest-replica_set - test-latest-sharded_cluster @@ -1294,7 +1360,6 @@ buildvariants: - test-atlas-data-lake - test-auth-kerberos - test-auth-ldap - - test-tls-support - test-ocsp-valid-cert-server-staples - test-ocsp-invalid-cert-server-staples - test-ocsp-valid-cert-server-does-not-staple @@ -1302,6 +1367,8 @@ buildvariants: - test-ocsp-soft-fail - test-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple - test-ocsp-malicious-no-responder-mustStaple-server-does-not-staple + - test-tls-support-latest + - test-tls-support-4.2 - test-latest-ocsp-valid-cert-server-staples - test-latest-ocsp-invalid-cert-server-staples - test-latest-ocsp-valid-cert-server-does-not-staple @@ -1322,14 +1389,14 @@ buildvariants: expansions: NODE_LTS_NAME: erbium CLIENT_ENCRYPTION: true - tasks: *ref_2 + tasks: *ref_3 - name: windows-64-vs2015-dubnium display_name: Windows (VS2015) Node Dubnium run_on: windows-64-vs2015-large expansions: NODE_LTS_NAME: dubnium MSVS_VERSION: 2015 - tasks: &ref_3 + tasks: &ref_4 - test-4.2-server - test-4.2-replica_set - test-4.2-sharded_cluster @@ -1351,27 +1418,29 @@ buildvariants: - test-2.6-server - test-2.6-replica_set - test-2.6-sharded_cluster + - test-atlas-data-lake + - test-tls-support-4.2 - name: windows-64-vs2015-erbium display_name: Windows (VS2015) Node Erbium run_on: windows-64-vs2015-large expansions: NODE_LTS_NAME: erbium MSVS_VERSION: 2015 - tasks: *ref_3 + tasks: *ref_4 - name: windows-64-vs2017-dubnium display_name: Windows (VS2017) Node Dubnium run_on: windows-64-vs2017-large expansions: NODE_LTS_NAME: dubnium MSVS_VERSION: 2017 - tasks: *ref_3 + tasks: *ref_4 - name: windows-64-vs2017-erbium display_name: Windows (VS2017) Node Erbium run_on: windows-64-vs2017-large expansions: NODE_LTS_NAME: erbium MSVS_VERSION: 2017 - tasks: *ref_3 + tasks: *ref_4 - name: lint display_name: lint run_on: rhel70 diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index db59a6174e..3320cf3b4f 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -8,6 +8,7 @@ const NODE_VERSIONS = ['dubnium', 'erbium']; const TOPOLOGIES = ['server', 'replica_set', 'sharded_cluster']; const AWS_AUTH_VERSIONS = ['latest', '4.4']; const OCSP_VERSIONS = ['latest', '4.4']; +const TLS_VERSIONS = ['latest', '4.2']; // also test on 4.2 because 4.4+ currently skipped on windows const OPERATING_SYSTEMS = [ { @@ -59,6 +60,8 @@ const OPERATING_SYSTEMS = [ ) ); +const WINDOWS_SKIP_TAGS = new Set(['atlas-connect', 'auth']); + const TASKS = []; const SINGLETON_TASKS = []; @@ -110,22 +113,6 @@ Array.prototype.push.apply(TASKS, [ tags: ['auth', 'ldap'], commands: [{ func: 'install dependencies' }, { func: 'run ldap tests' }] }, - { - name: 'test-tls-support', - tags: ['tls-support'], - commands: [ - { func: 'install dependencies' }, - { - func: 'bootstrap mongo-orchestration', - vars: { - SSL: 'ssl', - VERSION: 'latest', - TOPOLOGY: 'server' - } - }, - { func: 'run tls tests' } - ] - }, { name: 'test-ocsp-valid-cert-server-staples', tags: ['ocsp'], @@ -245,6 +232,25 @@ Array.prototype.push.apply(TASKS, [ } ]); +TLS_VERSIONS.forEach(VERSION => { + TASKS.push({ + name: `test-tls-support-${VERSION}`, + tags: ['tls-support'], + commands: [ + { func: 'install dependencies' }, + { + func: 'bootstrap mongo-orchestration', + vars: { + VERSION, + SSL: 'ssl', + TOPOLOGY: 'server' + } + }, + { func: 'run tls tests' } + ] + }); +}); + OCSP_VERSIONS.forEach(VERSION => { // manually added tasks Array.prototype.push.apply(TASKS, [ @@ -401,18 +407,27 @@ const BUILD_VARIANTS = []; const getTaskList = (() => { const memo = {}; - return function (mongoVersion, onlyBaseTasks = false) { - const key = mongoVersion + (onlyBaseTasks ? 'b' : ''); + return function (mongoVersion, os) { + const key = mongoVersion + os; if (memo[key]) { return memo[key]; } - const taskList = onlyBaseTasks ? BASE_TASKS : BASE_TASKS.concat(TASKS); + const taskList = BASE_TASKS.concat(TASKS); const ret = taskList .filter(task => { - const tasksWithVars = task.commands.filter(task => !!task.vars); if (task.name.match(/^aws/)) return false; + // skip unsupported tasks on windows + if ( + os.match(/^windows/) && + task.tags && + task.tags.filter(tag => WINDOWS_SKIP_TAGS.has(tag)).length + ) { + return false; + } + + const tasksWithVars = task.commands.filter(task => !!task.vars); if (!tasksWithVars.length) { return true; } @@ -442,7 +457,7 @@ OPERATING_SYSTEMS.forEach( msvsVersion }) => { const testedNodeVersions = NODE_VERSIONS.filter(version => nodeVersions.includes(version)); - const tasks = getTaskList(mongoVersion, !!msvsVersion); + const tasks = getTaskList(mongoVersion, osName.split('-')[0]); testedNodeVersions.forEach(NODE_LTS_NAME => { const nodeLtsDisplayName = `Node ${NODE_LTS_NAME[0].toUpperCase()}${NODE_LTS_NAME.substr(1)}`; diff --git a/.evergreen/run-tls-tests.sh b/.evergreen/run-tls-tests.sh index c7c5ed6480..50dc666894 100644 --- a/.evergreen/run-tls-tests.sh +++ b/.evergreen/run-tls-tests.sh @@ -5,7 +5,14 @@ set -o errexit # Exit the script with error if any of the commands fail export PROJECT_DIRECTORY="$(pwd)" NODE_ARTIFACTS_PATH="${PROJECT_DIRECTORY}/node-artifacts" export NVM_DIR="${NODE_ARTIFACTS_PATH}/nvm" -[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" +if [[ "$OS" == "Windows_NT" ]]; then + export NVM_HOME=`cygpath -m -a "$NVM_DIR"` + export NVM_SYMLINK=`cygpath -m -a "$NODE_ARTIFACTS_PATH/bin"` + export NVM_ARTIFACTS_PATH=`cygpath -m -a "$NODE_ARTIFACTS_PATH/bin"` + export PATH=`cygpath $NVM_SYMLINK`:`cygpath $NVM_HOME`:$PATH +else + [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" +fi export SSL_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem" export SSL_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem" diff --git a/test/manual/tls_support.test.js b/test/manual/tls_support.test.js index 601d26fb9c..78cd870797 100644 --- a/test/manual/tls_support.test.js +++ b/test/manual/tls_support.test.js @@ -13,10 +13,20 @@ describe('TLS Support', function () { const connectionString = process.env.MONGODB_URI; const tlsCertificateKeyFile = process.env.SSL_KEY_FILE; const tlsCAFile = process.env.SSL_CA_FILE; + const tlsSettings = { tls: true, tlsCertificateKeyFile, tlsCAFile }; it( - 'should connect with tls', - makeConnectionTest(connectionString, { tls: true, tlsCertificateKeyFile, tlsCAFile }) + 'should connect with tls via client options', + makeConnectionTest(connectionString, tlsSettings) + ); + + it( + 'should connect with tls via url options', + makeConnectionTest( + `${connectionString}?${Object.keys(tlsSettings) + .map(key => `${key}=${tlsSettings[key]}`) + .join('&')}` + ) ); });