Skip to content

NODE-2825: Add tests for azure and GCP CSFLE #2662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 13, 2021
Merged

NODE-2825: Add tests for azure and GCP CSFLE #2662

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d0c012d
sync tests
mbroadst Nov 16, 2020
522fbe5
find spec tests in new subdirectory
mbroadst Nov 16, 2020
6662597
implemented all changes needed to test runners
mbroadst Nov 17, 2020
3fdbff2
update tested version of `mongodb-client-encryption`
mbroadst Dec 4, 2020
0412809
add CSFLE_KMS_PROVIDERS to config.yml
mbroadst Dec 4, 2020
3a20e47
skip all tests run against 240.0.0.1
mbroadst Jan 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions .evergreen/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,7 @@ functions:
if [ -n "${CLIENT_ENCRYPTION}" ]; then
cat <<EOT > prepare_client_encryption.sh
export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION}
export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}"
export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}'
EOT
fi
- command: shell.exec
Expand Down
5 changes: 2 additions & 3 deletions .evergreen/config.yml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,7 @@ functions:
if [ -n "${CLIENT_ENCRYPTION}" ]; then
cat <<EOT > prepare_client_encryption.sh
export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION}
export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}"
export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}'
EOT
fi
- command: shell.exec
Expand Down Expand Up @@ -239,7 +238,7 @@ functions:
MONGODB_URI='${plain_auth_mongodb_uri}' NODE_LTS_NAME='${NODE_LTS_NAME}' \
bash ${PROJECT_DIRECTORY}/.evergreen/run-ldap-tests.sh

"run tls tests":
"run tls tests":
- command: shell.exec
type: test
params:
Expand Down
2 changes: 1 addition & 1 deletion .evergreen/run-tests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ if [[ -z "${CLIENT_ENCRYPTION}" ]]; then
unset AWS_ACCESS_KEY_ID;
unset AWS_SECRET_ACCESS_KEY;
else
npm install mongodb-client-encryption
npm install mongodb-client-encryption@1.1.1-beta.0
fi

MONGODB_UNIFIED_TOPOLOGY=${UNIFIED} MONGODB_URI=${MONGODB_URI} npm run ${TEST_NPM_SCRIPT}
48 changes: 33 additions & 15 deletions test/functional/client_side_encryption/corpus.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,21 @@ describe('Client Side Encryption Corpus', function() {
return EJSON.parse(fs.readFileSync(path.resolve(corpusDir, filename), { strict: true }));
}

const CSFLE_KMS_PROVIDERS = process.env.CSFLE_KMS_PROVIDERS;
const kmsProviders = CSFLE_KMS_PROVIDERS ? EJSON.parse(CSFLE_KMS_PROVIDERS) : {};
kmsProviders.local = {
key: Buffer.from(
'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk',
'base64'
)
};

// TODO: build this into EJSON
// TODO: make a custom chai assertion for this
function toComparableExtendedJSON(value) {
return JSON.parse(EJSON.stringify({ value }, { strict: true }));
}

const localKey = Buffer.from(
'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk',
'base64'
);

// Filters out tests that have to do with dbPointer
// TODO: fix dbpointer and get rid of this.
function filterImportedObject(object) {
Expand All @@ -53,6 +57,8 @@ describe('Client Side Encryption Corpus', function() {
const corpusSchema = loadCorpusData('corpus-schema.json');
const corpusKeyLocal = loadCorpusData('corpus-key-local.json');
const corpusKeyAws = loadCorpusData('corpus-key-aws.json');
const corpusKeyAzure = loadCorpusData('corpus-key-azure.json');
const corpusKeyGcp = loadCorpusData('corpus-key-gcp.json');
const corpusAll = filterImportedObject(loadCorpusData('corpus.json'));
const corpusEncryptedExpectedAll = filterImportedObject(loadCorpusData('corpus-encrypted.json'));

Expand All @@ -69,13 +75,23 @@ describe('Client Side Encryption Corpus', function() {
]);
const identifierMap = new Map([
['local', corpusKeyLocal._id],
['aws', corpusKeyAws._id]
['aws', corpusKeyAws._id],
['azure', corpusKeyAzure._id],
['gcp', corpusKeyGcp._id]
]);
const keyAltNameMap = new Map([
['local', 'local'],
['aws', 'aws']
['aws', 'aws'],
['azure', 'azure'],
['gcp', 'gcp']
]);
const copyOverValues = new Set([
'_id',
'altname_aws',
'altname_local',
'altname_azure',
'altname_gcp'
]);
const copyOverValues = new Set(['_id', 'altname_aws', 'altname_local']);

let client;

Expand All @@ -102,7 +118,7 @@ describe('Client Side Encryption Corpus', function() {
break;
}
default: {
throw new Error('how did you get here?');
throw new Error('Unexpected algorithm: ' + expected.algo);
}
}

Expand All @@ -122,7 +138,7 @@ describe('Client Side Encryption Corpus', function() {
} else if (expected.allowed === false) {
expect(actualJSON).to.deep.equal(expectedJSON);
} else {
throw new Error('how did you get here?');
throw new Error('Unexpected value for allowed: ' + expected.allowed);
}
}

Expand All @@ -142,7 +158,9 @@ describe('Client Side Encryption Corpus', function() {
.then(() => keyDb.dropCollection(keyVaultCollName))
.catch(() => {})
.then(() => keyDb.collection(keyVaultCollName))
.then(keyColl => keyColl.insertMany([corpusKeyLocal, corpusKeyAws]));
.then(keyColl =>
keyColl.insertMany([corpusKeyLocal, corpusKeyAws, corpusKeyAzure, corpusKeyGcp])
);
});
});

Expand Down Expand Up @@ -185,7 +203,7 @@ describe('Client Side Encryption Corpus', function() {
// Configure both objects with ``keyVaultNamespace`` set to ``keyvault.datakeys``.
const autoEncryption = {
keyVaultNamespace,
kmsProviders: this.configuration.kmsProviders(null, localKey)
kmsProviders
};
if (useClientSideSchema) {
autoEncryption.schemaMap = {
Expand All @@ -204,7 +222,7 @@ describe('Client Side Encryption Corpus', function() {
return clientEncrypted.connect().then(() => {
clientEncryption = new mongodbClientEncryption.ClientEncryption(client, {
keyVaultNamespace,
kmsProviders: this.configuration.kmsProviders(null, localKey)
kmsProviders
});
});
});
Expand Down Expand Up @@ -269,7 +287,7 @@ describe('Client Side Encryption Corpus', function() {
} else if (field.identifier === 'altname') {
encryptOptions.keyAltName = keyAltNameMap.get(field.kms);
} else {
throw new Error('wtf how did u get here?');
throw new Error('Unexpected identifier: ' + field.identifier);
}

return Promise.resolve()
Expand All @@ -294,7 +312,7 @@ describe('Client Side Encryption Corpus', function() {
);
}

throw new Error('how did u get here?');
throw new Error('Unexpected method: ' + field.method);
});
})
.then(() => {
Expand Down
Loading