-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Unknown
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Not Needed
Background & Motivation
MONGOCRYPT-268 introduced a test utility csfle. It requires an additional dependency of libmongoc. It does not build by default in Evergreen since libmongoc is not built as part of tests. It allows running the main functions of CSFLE from a command line utility against live services, similar to a driver.
I use csfle during development to validate changes in libmongocrypt. Here is an example of a test with the KMIP provider:
set -o errexit export KMIP_CLIENT_CERTIFICATE="/Users/kevin.albertson/code/drivers-evergreen-tools/.evergreen/x509gen/client.pem" export KMIP_CA_CERTIFICATE="/Users/kevin.albertson/code/drivers-evergreen-tools/.evergreen/x509gen/ca.pem" DATAKEY=$(./cmake-build/csfle create_datakey --kms_provider kmip --tls_ca_file $KMIP_CA_CERTIFICATE --tls_certificate_key_file $KMIP_CLIENT_CERTIFICATE) echo "DATAKEY=$DATAKEY" KEYID=$(echo $DATAKEY | jq -r '._id."$binary".base64') echo "KEYID=$KEYID" ENCRYPTION_RESULT=$(./cmake-build/csfle explicit_encrypt --value '{"v": "test"}' --algorithm "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" --key_id "$KEYID" --tls_ca_file $KMIP_CA_CERTIFICATE --tls_certificate_key_file $KMIP_CLIENT_CERTIFICATE) echo "ENCRYPTION_RESULT=$ENCRYPTION_RESULT" DECRYPTION_RESULT=$(./cmake-build/csfle explicit_decrypt --value "$ENCRYPTION_RESULT" --tls_ca_file $KMIP_CA_CERTIFICATE --tls_certificate_key_file $KMIP_CLIENT_CERTIFICATE) echo "DECRYPTION_RESULT=$DECRYPTION_RESULT"
Using csfle to test libmongocrypt gives confidence in changes without updating bindings in downstream drivers.
Scope
- Build csfle as part of the Evergreen build tasks
- Run a test with each KMIP provider (aws, azure, gcp, local, kmip) using the csfle utility to test each of the five functions (create_datakey, auto_encrypt, auto_decrypt, explicit_encrypt, explicit_decrypt)
- is related to
-
MONGOCRYPT-268 Add a CLI for testing and development
- Closed
- related to
-
MONGOCRYPT-465 Investigate running driver integration tests with libmongocrypt changes
- Backlog