Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-350

Add integration tests with CSFLE CLI to Evergreen

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed

      Background & Motivation
      MONGOCRYPT-268 introduced a test utility csfle. It requires an additional dependency of libmongoc. It does not build by default in Evergreen since libmongoc is not built as part of tests. It allows running the main functions of CSFLE from a command line utility against live services, similar to a driver.

      I use csfle during development to validate changes in libmongocrypt. Here is an example of a test with the KMIP provider:

      set -o errexit
export KMIP_CLIENT_CERTIFICATE="/Users/kevin.albertson/code/drivers-evergreen-tools/.evergreen/x509gen/client.pem"
export KMIP_CA_CERTIFICATE="/Users/kevin.albertson/code/drivers-evergreen-tools/.evergreen/x509gen/ca.pem"

DATAKEY=$(./cmake-build/csfle create_datakey --kms_provider kmip --tls_ca_file $KMIP_CA_CERTIFICATE --tls_certificate_key_file $KMIP_CLIENT_CERTIFICATE)
echo "DATAKEY=$DATAKEY"
KEYID=$(echo $DATAKEY | jq -r  '._id."$binary".base64')
echo "KEYID=$KEYID"
ENCRYPTION_RESULT=$(./cmake-build/csfle explicit_encrypt --value '{"v": "test"}' --algorithm "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" --key_id "$KEYID" --tls_ca_file $KMIP_CA_CERTIFICATE --tls_certificate_key_file $KMIP_CLIENT_CERTIFICATE)
echo "ENCRYPTION_RESULT=$ENCRYPTION_RESULT"
DECRYPTION_RESULT=$(./cmake-build/csfle explicit_decrypt --value "$ENCRYPTION_RESULT" --tls_ca_file $KMIP_CA_CERTIFICATE --tls_certificate_key_file $KMIP_CLIENT_CERTIFICATE)
echo "DECRYPTION_RESULT=$DECRYPTION_RESULT"

      Using csfle to test libmongocrypt gives confidence in changes without updating bindings in downstream drivers.

      Scope

      • Build csfle as part of the Evergreen build tasks
      • Run a test with each KMIP provider (aws, azure, gcp, local, kmip) using the csfle utility to test each of the five functions (create_datakey, auto_encrypt, auto_decrypt, explicit_encrypt, explicit_decrypt)

            Assignee:
            Unassigned Unassigned
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: