Skip to content

PYTHON-2404 Update CSFLE spec tests for KMS providers 'azure' and 'gcp' #509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 4, 2020
Merged

PYTHON-2404 Update CSFLE spec tests for KMS providers 'azure' and 'gcp' #509

merged 6 commits into from
Nov 4, 2020

Conversation

prashantmital
Copy link
Contributor

No description provided.

@prashantmital prashantmital marked this pull request as ready for review November 3, 2020 21:44
ShaneHarvey
ShaneHarvey reviewed Nov 3, 2020
View reviewed changes
Copy link
Member

@ShaneHarvey ShaneHarvey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, just two minor comments

test/test_encryption.py Outdated
def run_test(self, provider_name):
# Create data key.
master_key = self.MASTER_KEYS[provider_name]
if master_key is not None:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't both calls to create_data_key equivalent here since master_key=None is valid?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point.

test/test_encryption.py
kms_providers = {'aws': AWS_CREDS,
'azure': AZURE_CREDS,
'gcp': GCP_CREDS}
self.client_encryption = ClientEncryption(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This overwrites the cls.client_encryption that's created in setUpClass. Suggest renaming or moving this logic to setUpClass if possible.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The prose tests explicitly ask for recreating this object for every test so I have simply removed this from setUpClass - it had been left there in error.

ShaneHarvey
ShaneHarvey approved these changes Nov 4, 2020
View reviewed changes
Copy link
Member

@ShaneHarvey ShaneHarvey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ShaneHarvey
Copy link
Member

Interesting, this is an example of a transient network error to azure's KMS (timed out after 10 seconds):

 ERROR: The read operation timed out (EncryptionError)
 Traceback (most recent call last):
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/pymongo/encryption.py", line 73, in _wrap_encryption_errors
     yield
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/pymongo/encryption.py", line 476, in create_data_key
     key_alt_names=key_alt_names)
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/venv-encryption/lib/python3.4/site-packages/pymongocrypt/explicit_encrypter.py", line 135, in create_data_key
     key = run_state_machine(ctx, self.callback)
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/venv-encryption/lib/python3.4/site-packages/pymongocrypt/state_machine.py", line 150, in run_state_machine
     callback.kms_request(kms_ctx)
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/pymongo/encryption.py", line 118, in kms_request
     data = conn.recv(kms_context.bytes_needed)
   File "/opt/python/3.4/lib/python3.4/ssl.py", line 739, in recv
     return self.read(buflen)
   File "/opt/python/3.4/lib/python3.4/ssl.py", line 628, in read
     v = self._sslobj.read(len or 1024)
 socket.timeout: The read operation timed out
 
 During handling of the above exception, another exception occurred:
 
 Traceback (most recent call last):
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/test/test_encryption.py", line 717, in test_data_key_azure
     self.run_test('azure')
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/test/test_encryption.py", line 671, in run_test
     key_alt_names=['%s_altname' % (provider_name,)])
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/pymongo/encryption.py", line 476, in create_data_key
     key_alt_names=key_alt_names)
   File "/opt/python/3.4/lib/python3.4/contextlib.py", line 77, in __exit__
     self.gen.throw(type, value, traceback)
   File "/data/mci/e26102f756f94819d90fed7a6d9fb081/src/pymongo/encryption.py", line 79, in _wrap_encryption_errors
     raise EncryptionError(exc)
 pymongo.errors.EncryptionError: The read operation timed out

https://evergreen.mongodb.com/task/mongo_python_driver_tests_python_version_rhel62_test_encryption__platform~rhel62_auth_ssl~noauth_nossl_python_version~3.4_encryption~encryption_test_4.2_standalone_patch_e49c418264c1a4dde833e16b1cbb1503f24223ec_5fa1eef2c9ec4404d34e4579_20_11_03_23_59_47

@prashantmital
Copy link
Contributor Author

prashantmital commented Nov 4, 2020
edited
Loading

Interesting to be able to observe the timeout on Azure! As per the spec, it doesn't seem like we should be adding any custom handling for that kind of an error so I suppose there is nothing to do there?

I am also seeing the following in the test logs:

 [2020/11/04 00:08:54.758]   Topology <Topology <TopologyDescription id: 5fa1f0698ad53cb215fa7405, topology_type: ReplicaSetWithPrimary, servers: [<ServerDescription ('localhost', 27017) server_type: RSPrimary, rtt: 0.000538420648610058>, <ServerDescription ('localhost', 27018) server_type: RSSecondary, rtt: 0.001056252019849808>, <ServerDescription ('localhost', 27019) server_type: RSArbiter, rtt: 0.0009123198919968762>]>> has THREADS RUNNING: [<PeriodicExecutor(name=pymongo_server_monitor_thread) object at 0x7ff450e41a90>, <PeriodicExecutor(name=pymongo_server_rtt_thread) object at 0x7ff450e41a50>, <PeriodicExecutor(name=pymongo_server_monitor_thread) object at 0x7ff450bfb350>, <PeriodicExecutor(name=pymongo_server_rtt_thread) object at 0x7ff450bfb250>, <PeriodicExecutor(name=pymongo_server_monitor_thread) object at 0x7ff450bfbc10>, <PeriodicExecutor(name=pymongo_server_rtt_thread) object at 0x7ff4524dbbd0>], created at:   File "setup.py", line 431, in <module>
 [2020/11/04 00:08:54.758]     **extra_opts
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/venv-encryption/lib/python3.7/site-packages/setuptools/__init__.py", line 153, in setup
 [2020/11/04 00:08:54.758]     return distutils.core.setup(**attrs)
 [2020/11/04 00:08:54.758]   File "/opt/python/3.7/lib/python3.7/distutils/core.py", line 148, in setup
 [2020/11/04 00:08:54.758]     dist.run_commands()
 [2020/11/04 00:08:54.758]   File "/opt/python/3.7/lib/python3.7/distutils/dist.py", line 966, in run_commands
 [2020/11/04 00:08:54.758]     self.run_command(cmd)
 [2020/11/04 00:08:54.758]   File "/opt/python/3.7/lib/python3.7/distutils/dist.py", line 985, in run_command
 [2020/11/04 00:08:54.758]     cmd_obj.run()
 [2020/11/04 00:08:54.758]   File "setup.py", line 130, in run
 [2020/11/04 00:08:54.758]     result = runner.run(suite)
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/test/__init__.py", line 874, in run
 [2020/11/04 00:08:54.758]     result = super(PymongoXMLTestRunner, self).run(test)
 [2020/11/04 00:08:54.758]   File "/opt/python/3.7/lib/python3.7/site-packages/xmlrunner/runner.py", line 66, in run
 [2020/11/04 00:08:54.758]     test(result)
 [2020/11/04 00:08:54.758]   File "/opt/python/3.7/lib/python3.7/unittest/suite.py", line 84, in __call__
 [2020/11/04 00:08:54.758]     return self.run(*args, **kwds)
 [2020/11/04 00:08:54.758]   File "/opt/python/3.7/lib/python3.7/unittest/suite.py", line 114, in run
 [2020/11/04 00:08:54.758]     self._handleClassSetUp(test, result)
 [2020/11/04 00:08:54.758]   File "/opt/python/3.7/lib/python3.7/unittest/suite.py", line 163, in _handleClassSetUp
 [2020/11/04 00:08:54.758]     setUpClass()
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/test/test_encryption.py", line 630, in setUpClass
 [2020/11/04 00:08:54.758]     cls.client = rs_or_single_client(event_listeners=[cls.listener])
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/test/utils.py", line 500, in rs_or_single_client
 [2020/11/04 00:08:54.758]     return _mongo_client(h, p, **kwargs)
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/test/utils.py", line 461, in _mongo_client
 [2020/11/04 00:08:54.758]     **client_options)
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/pymongo/mongo_client.py", line 727, in __init__
 [2020/11/04 00:08:54.758]     direct_connection=options.direct_connection)
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/pymongo/settings.py", line 72, in __init__
 [2020/11/04 00:08:54.758]     self._stack = ''.join(traceback.format_stack())
 [2020/11/04 00:08:56.982] Finished 'shell.exec' in "run tests" in 5m27.200032659s
 [2020/11/04 00:08:56.982] Task completed - SUCCESS.

I will open a JIRA ticket to track this.

@prashantmital prashantmital merged commit 1e2a52f into mongodb:master Nov 4, 2020
ShaneHarvey
ShaneHarvey reviewed Nov 4, 2020
View reviewed changes
test/test_encryption.py
@classmethod
def tearDownClass(cls):
cls.client.close()
cls.vault.drop()
Copy link
Member

@ShaneHarvey ShaneHarvey Nov 4, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These two lines should be swapped. Dropping the vault collection reopens the client we just closed.

This will fixed the unclosed client issue:

 [2020/11/04 00:08:54.758]   Topology <Topology <TopologyDescription id: 5fa1f0698ad53cb215fa7405, topology_type: ReplicaSetWithPrimary, servers: [<ServerDescription ('localhost', 27017) server_type: RSPrimary, rtt: 0.000538420648610058>, <ServerDescription ('localhost', 27018) server_type: RSSecondary, rtt: 0.001056252019849808>, <ServerDescription ('localhost', 27019) server_type: RSArbiter, rtt: 0.0009123198919968762>]>> has THREADS RUNNING: [<PeriodicExecutor(name=pymongo_server_monitor_thread) object at 0x7ff450e41a90>, <PeriodicExecutor(name=pymongo_server_rtt_thread) object at 0x7ff450e41a50>, <PeriodicExecutor(name=pymongo_server_monitor_thread) object at 0x7ff450bfb350>, <PeriodicExecutor(name=pymongo_server_rtt_thread) object at 0x7ff450bfb250>, <PeriodicExecutor(name=pymongo_server_monitor_thread) object at 0x7ff450bfbc10>, <PeriodicExecutor(name=pymongo_server_rtt_thread) object at 0x7ff4524dbbd0>], created at:
...
 [2020/11/04 00:08:54.758]   File "/data/mci/1d06ce731bf44d878db71873b3380fd4/src/test/test_encryption.py", line 630, in setUpClass
 [2020/11/04 00:08:54.758]     cls.client = rs_or_single_client(event_listeners=[cls.listener])

@prashantmital prashantmital deleted the PYTHON-2404/csfle-spec-tests branch November 4, 2020 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShaneHarvey ShaneHarvey ShaneHarvey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@prashantmital @ShaneHarvey