Skip to content

chore(ci): enable tls testing on windows #2722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 29, 2021
Merged

chore(ci): enable tls testing on windows #2722

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
115 changes: 92 additions & 23 deletions .evergreen/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -802,17 +802,6 @@ tasks:
commands:
- func: install dependencies
- func: run ldap tests
- name: test-tls-support
tags:
- tls-support
commands:
- func: install dependencies
- func: bootstrap mongo-orchestration
vars:
SSL: ssl
VERSION: latest
TOPOLOGY: server
- func: run tls tests
- name: test-ocsp-valid-cert-server-staples
tags:
- ocsp
Expand Down Expand Up @@ -909,6 +898,28 @@ tasks:
- func: run-ocsp-test
vars:
OCSP_TLS_SHOULD_SUCCEED: 0
- name: test-tls-support-latest
tags:
- tls-support
commands:
- func: install dependencies
- func: bootstrap mongo-orchestration
vars:
VERSION: latest
SSL: ssl
TOPOLOGY: server
- func: run tls tests
- name: test-tls-support-4.2
tags:
- tls-support
commands:
- func: install dependencies
- func: bootstrap mongo-orchestration
vars:
VERSION: '4.2'
SSL: ssl
TOPOLOGY: server
- func: run tls tests
- name: test-latest-ocsp-valid-cert-server-staples
tags:
- ocsp
Expand Down Expand Up @@ -1188,14 +1199,15 @@ buildvariants:
- test-atlas-data-lake
- test-auth-kerberos
- test-auth-ldap
- test-tls-support
- test-ocsp-valid-cert-server-staples
- test-ocsp-invalid-cert-server-staples
- test-ocsp-valid-cert-server-does-not-staple
- test-ocsp-invalid-cert-server-does-not-staple
- test-ocsp-soft-fail
- test-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple
- test-ocsp-malicious-no-responder-mustStaple-server-does-not-staple
- test-tls-support-latest
- test-tls-support-4.2
- test-latest-ocsp-valid-cert-server-staples
- test-latest-ocsp-invalid-cert-server-staples
- test-latest-ocsp-valid-cert-server-does-not-staple
Expand All @@ -1221,19 +1233,73 @@ buildvariants:
run_on: rhel70-small
expansions:
NODE_LTS_NAME: dubnium
tasks: *ref_0
tasks: &ref_1
- test-latest-server
- test-latest-replica_set
- test-latest-sharded_cluster
- test-4.4-server
- test-4.4-replica_set
- test-4.4-sharded_cluster
- test-4.2-server
- test-4.2-replica_set
- test-4.2-sharded_cluster
- test-4.0-server
- test-4.0-replica_set
- test-4.0-sharded_cluster
- test-3.6-server
- test-3.6-replica_set
- test-3.6-sharded_cluster
- test-3.4-server
- test-3.4-replica_set
- test-3.4-sharded_cluster
- test-3.2-server
- test-3.2-replica_set
- test-3.2-sharded_cluster
- test-3.0-server
- test-3.0-replica_set
- test-3.0-sharded_cluster
- test-2.6-server
- test-2.6-replica_set
- test-2.6-sharded_cluster
- test-atlas-connectivity
- test-atlas-data-lake
- test-auth-kerberos
- test-auth-ldap
- test-ocsp-valid-cert-server-staples
- test-ocsp-invalid-cert-server-staples
- test-ocsp-valid-cert-server-does-not-staple
- test-ocsp-invalid-cert-server-does-not-staple
- test-ocsp-soft-fail
- test-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple
- test-ocsp-malicious-no-responder-mustStaple-server-does-not-staple
- test-tls-support-latest
- test-tls-support-4.2
- test-latest-ocsp-valid-cert-server-staples
- test-latest-ocsp-invalid-cert-server-staples
- test-latest-ocsp-valid-cert-server-does-not-staple
- test-latest-ocsp-invalid-cert-server-does-not-staple
- test-latest-ocsp-soft-fail
- test-latest-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple
- test-latest-ocsp-malicious-no-responder-mustStaple-server-does-not-staple
- test-4.4-ocsp-valid-cert-server-staples
- test-4.4-ocsp-invalid-cert-server-staples
- test-4.4-ocsp-valid-cert-server-does-not-staple
- test-4.4-ocsp-invalid-cert-server-does-not-staple
- test-4.4-ocsp-soft-fail
- test-4.4-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple
- test-4.4-ocsp-malicious-no-responder-mustStaple-server-does-not-staple
- name: rhel70-erbium
display_name: RHEL 7.0 Node Erbium
run_on: rhel70-small
expansions:
NODE_LTS_NAME: erbium
tasks: *ref_0
tasks: *ref_1
- name: ubuntu-14.04-dubnium
display_name: Ubuntu 14.04 Node Dubnium
run_on: ubuntu1404-large
expansions:
NODE_LTS_NAME: dubnium
tasks: &ref_1
tasks: &ref_2
- test-4.0-server
- test-4.0-replica_set
- test-4.0-sharded_cluster
Expand Down Expand Up @@ -1261,14 +1327,14 @@ buildvariants:
run_on: ubuntu1404-large
expansions:
NODE_LTS_NAME: erbium
tasks: *ref_1
tasks: *ref_2
- name: ubuntu-18.04-dubnium
display_name: Ubuntu 18.04 Node Dubnium
run_on: ubuntu1804-large
expansions:
NODE_LTS_NAME: dubnium
CLIENT_ENCRYPTION: true
tasks: &ref_2
tasks: &ref_3
- test-latest-server
- test-latest-replica_set
- test-latest-sharded_cluster
Expand All @@ -1294,14 +1360,15 @@ buildvariants:
- test-atlas-data-lake
- test-auth-kerberos
- test-auth-ldap
- test-tls-support
- test-ocsp-valid-cert-server-staples
- test-ocsp-invalid-cert-server-staples
- test-ocsp-valid-cert-server-does-not-staple
- test-ocsp-invalid-cert-server-does-not-staple
- test-ocsp-soft-fail
- test-ocsp-malicious-invalid-cert-mustStaple-server-does-not-staple
- test-ocsp-malicious-no-responder-mustStaple-server-does-not-staple
- test-tls-support-latest
- test-tls-support-4.2
- test-latest-ocsp-valid-cert-server-staples
- test-latest-ocsp-invalid-cert-server-staples
- test-latest-ocsp-valid-cert-server-does-not-staple
Expand All @@ -1322,14 +1389,14 @@ buildvariants:
expansions:
NODE_LTS_NAME: erbium
CLIENT_ENCRYPTION: true
tasks: *ref_2
tasks: *ref_3
- name: windows-64-vs2015-dubnium
display_name: Windows (VS2015) Node Dubnium
run_on: windows-64-vs2015-large
expansions:
NODE_LTS_NAME: dubnium
MSVS_VERSION: 2015
tasks: &ref_3
tasks: &ref_4
- test-4.2-server
- test-4.2-replica_set
- test-4.2-sharded_cluster
Expand All @@ -1351,27 +1418,29 @@ buildvariants:
- test-2.6-server
- test-2.6-replica_set
- test-2.6-sharded_cluster
- test-atlas-data-lake
- test-tls-support-4.2
- name: windows-64-vs2015-erbium
display_name: Windows (VS2015) Node Erbium
run_on: windows-64-vs2015-large
expansions:
NODE_LTS_NAME: erbium
MSVS_VERSION: 2015
tasks: *ref_3
tasks: *ref_4
- name: windows-64-vs2017-dubnium
display_name: Windows (VS2017) Node Dubnium
run_on: windows-64-vs2017-large
expansions:
NODE_LTS_NAME: dubnium
MSVS_VERSION: 2017
tasks: *ref_3
tasks: *ref_4
- name: windows-64-vs2017-erbium
display_name: Windows (VS2017) Node Erbium
run_on: windows-64-vs2017-large
expansions:
NODE_LTS_NAME: erbium
MSVS_VERSION: 2017
tasks: *ref_3
tasks: *ref_4
- name: lint
display_name: lint
run_on: rhel70
Expand Down
57 changes: 36 additions & 21 deletions .evergreen/generate_evergreen_tasks.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ const NODE_VERSIONS = ['dubnium', 'erbium'];
const TOPOLOGIES = ['server', 'replica_set', 'sharded_cluster'];
const AWS_AUTH_VERSIONS = ['latest', '4.4'];
const OCSP_VERSIONS = ['latest', '4.4'];
const TLS_VERSIONS = ['latest', '4.2']; // also test on 4.2 because 4.4+ currently skipped on windows

const OPERATING_SYSTEMS = [
{
Expand Down Expand Up @@ -59,6 +60,8 @@ const OPERATING_SYSTEMS = [
)
);

const WINDOWS_SKIP_TAGS = new Set(['atlas-connect', 'auth']);

const TASKS = [];
const SINGLETON_TASKS = [];

Expand Down Expand Up @@ -110,22 +113,6 @@ Array.prototype.push.apply(TASKS, [
tags: ['auth', 'ldap'],
commands: [{ func: 'install dependencies' }, { func: 'run ldap tests' }]
},
{
name: 'test-tls-support',
tags: ['tls-support'],
commands: [
{ func: 'install dependencies' },
{
func: 'bootstrap mongo-orchestration',
vars: {
SSL: 'ssl',
VERSION: 'latest',
TOPOLOGY: 'server'
}
},
{ func: 'run tls tests' }
]
},
{
name: 'test-ocsp-valid-cert-server-staples',
tags: ['ocsp'],
Expand Down Expand Up @@ -245,6 +232,25 @@ Array.prototype.push.apply(TASKS, [
}
]);

TLS_VERSIONS.forEach(VERSION => {
TASKS.push({
name: `test-tls-support-${VERSION}`,
tags: ['tls-support'],
commands: [
{ func: 'install dependencies' },
{
func: 'bootstrap mongo-orchestration',
vars: {
VERSION,
SSL: 'ssl',
TOPOLOGY: 'server'
}
},
{ func: 'run tls tests' }
]
});
});

OCSP_VERSIONS.forEach(VERSION => {
// manually added tasks
Array.prototype.push.apply(TASKS, [
Expand Down Expand Up @@ -401,18 +407,27 @@ const BUILD_VARIANTS = [];

const getTaskList = (() => {
const memo = {};
return function (mongoVersion, onlyBaseTasks = false) {
const key = mongoVersion + (onlyBaseTasks ? 'b' : '');
return function (mongoVersion, os) {
const key = mongoVersion + os;

if (memo[key]) {
return memo[key];
}
const taskList = onlyBaseTasks ? BASE_TASKS : BASE_TASKS.concat(TASKS);
const taskList = BASE_TASKS.concat(TASKS);
const ret = taskList
.filter(task => {
const tasksWithVars = task.commands.filter(task => !!task.vars);
if (task.name.match(/^aws/)) return false;

// skip unsupported tasks on windows
if (
os.match(/^windows/) &&
task.tags &&
task.tags.filter(tag => WINDOWS_SKIP_TAGS.has(tag)).length
) {
return false;
}

const tasksWithVars = task.commands.filter(task => !!task.vars);
if (!tasksWithVars.length) {
return true;
}
Expand Down Expand Up @@ -442,7 +457,7 @@ OPERATING_SYSTEMS.forEach(
msvsVersion
}) => {
const testedNodeVersions = NODE_VERSIONS.filter(version => nodeVersions.includes(version));
const tasks = getTaskList(mongoVersion, !!msvsVersion);
const tasks = getTaskList(mongoVersion, osName.split('-')[0]);

testedNodeVersions.forEach(NODE_LTS_NAME => {
const nodeLtsDisplayName = `Node ${NODE_LTS_NAME[0].toUpperCase()}${NODE_LTS_NAME.substr(1)}`;
Expand Down
9 changes: 8 additions & 1 deletion .evergreen/run-tls-tests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,14 @@ set -o errexit # Exit the script with error if any of the commands fail
export PROJECT_DIRECTORY="$(pwd)"
NODE_ARTIFACTS_PATH="${PROJECT_DIRECTORY}/node-artifacts"
export NVM_DIR="${NODE_ARTIFACTS_PATH}/nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
if [[ "$OS" == "Windows_NT" ]]; then
export NVM_HOME=`cygpath -m -a "$NVM_DIR"`
export NVM_SYMLINK=`cygpath -m -a "$NODE_ARTIFACTS_PATH/bin"`
export NVM_ARTIFACTS_PATH=`cygpath -m -a "$NODE_ARTIFACTS_PATH/bin"`
export PATH=`cygpath $NVM_SYMLINK`:`cygpath $NVM_HOME`:$PATH
else
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
fi
export SSL_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem"
export SSL_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem"

Expand Down
14 changes: 12 additions & 2 deletions test/manual/tls_support.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,20 @@ describe('TLS Support', function () {
const connectionString = process.env.MONGODB_URI;
const tlsCertificateKeyFile = process.env.SSL_KEY_FILE;
const tlsCAFile = process.env.SSL_CA_FILE;
const tlsSettings = { tls: true, tlsCertificateKeyFile, tlsCAFile };

it(
'should connect with tls',
makeConnectionTest(connectionString, { tls: true, tlsCertificateKeyFile, tlsCAFile })
'should connect with tls via client options',
makeConnectionTest(connectionString, tlsSettings)
);

it(
'should connect with tls via url options',
makeConnectionTest(
`${connectionString}?${Object.keys(tlsSettings)
.map(key => `${key}=${tlsSettings[key]}`)
.join('&')}`
)
);
});

Expand Down