From 4d54d224ba039cdf64a0c8f2b9212de7e65c63b6 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Fri, 2 Feb 2024 17:30:34 -0500 Subject: [PATCH 01/16] JAVA-5311 --- .evergreen/.evg.yml | 66 ++++++++++++------- .../run-csfle-tests-with-mongocryptd.sh | 26 ++++++-- .evergreen/run-tests.sh | 26 +++++--- 3 files changed, 78 insertions(+), 40 deletions(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index 5102ce130b0..a370461be42 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -227,24 +227,29 @@ functions: type: test params: working_dir: "src" + env: + AWS_ACCESS_KEY_ID: ${aws_access_key_id} + AWS_SECRET_ACCESS_KEY: ${aws_secret_access_key} + AWS_DEFAULT_REGION: us-east-1 + AWS_ACCESS_KEY_ID: ${aws_access_key_id} + AZURE_TENANT_ID: ${azure_tenant_id} + AZURE_CLIENT_ID: ${azure_client_id} + AZURE_CLIENT_SECRET: ${azure_client_secret} + GCP_EMAIL: ${gcp_email} + GCP_PRIVATE_KEY: ${gcp_private_key} + AZUREKMS_KEY_VAULT_ENDPOINT: ${testazurekms_keyvaultendpoint} + AZUREKMS_KEY_NAME: ${testazurekms_keyname} script: | ${PREPARE_SHELL} - export AWS_ACCESS_KEY_ID=${aws_access_key_id} - export AWS_SECRET_ACCESS_KEY=${aws_secret_access_key} - export AWS_DEFAULT_REGION=us-east-1 + . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh + AUTH="${AUTH}" SSL="${SSL}" MONGODB_URI="${MONGODB_URI}" SAFE_FOR_MULTI_MONGOS="${SAFE_FOR_MULTI_MONGOS}" TOPOLOGY="${TOPOLOGY}" \ - COMPRESSOR="${COMPRESSOR}" JAVA_VERSION="${JAVA_VERSION}" \ - AWS_ACCESS_KEY_ID=${aws_access_key_id} AWS_SECRET_ACCESS_KEY=${aws_secret_access_key} \ + COMPRESSOR="${COMPRESSOR}" JAVA_VERSION="${JAVA_VERSION}" REQUIRE_API_VERSION=${REQUIRE_API_VERSION} \ AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID \ AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY \ AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN \ - AZURE_TENANT_ID=${azure_tenant_id} AZURE_CLIENT_ID=${azure_client_id} AZURE_CLIENT_SECRET=${azure_client_secret} \ - GCP_EMAIL=${gcp_email} GCP_PRIVATE_KEY=${gcp_private_key} \ - AZUREKMS_KEY_VAULT_ENDPOINT=${testazurekms_keyvaultendpoint} \ - AZUREKMS_KEY_NAME=${testazurekms_keyname} \ - REQUIRE_API_VERSION=${REQUIRE_API_VERSION} \ - CRYPT_SHARED_LIB_PATH="${CRYPT_SHARED_LIB_PATH}" \ + CRYPT_SHARED_LIB_PATH=${CRYPT_SHARED_LIB_PATH} \ .evergreen/run-tests.sh "run load-balancer tests": @@ -795,22 +800,25 @@ functions: type: test params: working_dir: "src" + env: + AWS_ACCESS_KEY_ID: ${aws_access_key_id} + AWS_SECRET_ACCESS_KEY: ${aws_secret_access_key} + AWS_DEFAULT_REGION: us-east-1 + AZURE_TENANT_ID: ${azure_tenant_id} + AZURE_CLIENT_ID: ${azure_client_id} + AZURE_CLIENT_SECRET: ${azure_client_secret} + GCP_EMAIL: ${gcp_email} + GCP_PRIVATE_KEY: ${gcp_private_key} + AZUREKMS_KEY_VAULT_ENDPOINT: ${testazurekms_keyvaultendpoint} + AZUREKMS_KEY_NAME: ${testazurekms_keyname} script: | ${PREPARE_SHELL} - export AWS_ACCESS_KEY_ID=${aws_access_key_id} - export AWS_SECRET_ACCESS_KEY=${aws_secret_access_key} - export AWS_DEFAULT_REGION=us-east-1 . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh - MONGODB_URI="${MONGODB_URI}" \ - JAVA_VERSION="${JAVA_VERSION}" \ - AWS_ACCESS_KEY_ID=${aws_access_key_id} AWS_SECRET_ACCESS_KEY=${aws_secret_access_key} \ + + MONGODB_URI="${MONGODB_URI}" JAVA_VERSION="${JAVA_VERSION}" \ AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID \ AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY \ AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN \ - AZURE_TENANT_ID=${azure_tenant_id} AZURE_CLIENT_ID=${azure_client_id} AZURE_CLIENT_SECRET=${azure_client_secret} \ - GCP_EMAIL=${gcp_email} GCP_PRIVATE_KEY=${gcp_private_key} \ - AZUREKMS_KEY_VAULT_ENDPOINT=${testazurekms_keyvaultendpoint} \ - AZUREKMS_KEY_NAME=${testazurekms_keyname} \ .evergreen/run-csfle-tests-with-mongocryptd.sh "publish snapshot": @@ -818,18 +826,26 @@ functions: type: test params: working_dir: "src" + env: + NEXUS_USERNAME: ${nexus_username} + NEXUS_PASSWORD: ${nexus_password} + SIGNING_PASSWORD: ${signing_password} + SIGNING_KEY: ${gpg_ascii_armored} script: | - # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does) - RELEASE=false PROJECT_DIRECTORY=${PROJECT_DIRECTORY} NEXUS_USERNAME=${nexus_username} NEXUS_PASSWORD=${nexus_password} SIGNING_PASSWORD=${signing_password} SIGNING_KEY="${gpg_ascii_armored}" .evergreen/publish.sh + RELEASE=false PROJECT_DIRECTORY=${PROJECT_DIRECTORY} .evergreen/publish.sh "publish release": - command: shell.exec type: test params: working_dir: "src" + env: + NEXUS_USERNAME: ${nexus_username} + NEXUS_PASSWORD: ${nexus_password} + SIGNING_PASSWORD: ${signing_password} + SIGNING_KEY: ${gpg_ascii_armored} script: | - # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does) - RELEASE=true PROJECT_DIRECTORY=${PROJECT_DIRECTORY} NEXUS_USERNAME=${nexus_username} NEXUS_PASSWORD=${nexus_password} SIGNING_PASSWORD=${signing_password} SIGNING_KEY="${gpg_ascii_armored}" .evergreen/publish.sh + RELEASE=true PROJECT_DIRECTORY=${PROJECT_DIRECTORY} .evergreen/publish.sh "cleanup": - command: shell.exec diff --git a/.evergreen/run-csfle-tests-with-mongocryptd.sh b/.evergreen/run-csfle-tests-with-mongocryptd.sh index 95a23402e95..c1812569bd5 100755 --- a/.evergreen/run-csfle-tests-with-mongocryptd.sh +++ b/.evergreen/run-csfle-tests-with-mongocryptd.sh @@ -49,18 +49,30 @@ provision_ssl () { provision_ssl echo "Running tests with Java ${JAVA_VERSION}" + +# Append to gradle.properties so that they are not echoed below on the gradlew command line +cat <> ./gradle.properties +systemProp.org.mongodb.test.fle.on.demand.credential.test.failure.enabled=true +systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} +systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} +systemProp.org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} +systemProp.org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} +systemProp.org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} +systemProp.org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} +systemProp.org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} +systemProp.org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} +systemProp.org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} +systemProp.org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} +systemProp.org.mongodb.test.gcpEmail=${GCP_EMAIL} +systemProp.org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} +systemProp.org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} +EOF + ./gradlew -version # By not specifying the path to the `crypt_shared` via the `org.mongodb.test.crypt.shared.lib.path` Java system property, # we force the driver to start `mongocryptd` instead of loading and using `crypt_shared`. ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ - -Dorg.mongodb.test.fle.on.demand.credential.test.failure.enabled="true" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint="${AZUREKMS_KEY_VAULT_ENDPOINT}" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyName="${AZUREKMS_KEY_NAME}" \ - -Dorg.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} -Dorg.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} \ - -Dorg.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} -Dorg.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} -Dorg.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} \ - -Dorg.mongodb.test.azureTenantId=${AZURE_TENANT_ID} -Dorg.mongodb.test.azureClientId=${AZURE_CLIENT_ID} -Dorg.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} \ - -Dorg.mongodb.test.gcpEmail=${GCP_EMAIL} -Dorg.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} \ ${GRADLE_EXTRA_VARS} \ --stacktrace --info --continue \ driver-legacy:test \ diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index eb897ef68a5..d11f9f58f82 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -134,6 +134,24 @@ echo "Running $AUTH tests over $SSL for $TOPOLOGY and connecting to $MONGODB_URI echo "Running tests with Java ${JAVA_VERSION}" ./gradlew -version +# Append to gradle.properties so that they are not echoed below on the gradlew command line +cat <> ./gradle.properties +systemProp.org.mongodb.test.fle.on.demand.credential.test.failure.enabled=true +systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} +systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} +systemProp.org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} +systemProp.org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} +systemProp.org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} +systemProp.org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} +systemProp.org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} +systemProp.org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} +systemProp.org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} +systemProp.org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} +systemProp.org.mongodb.test.gcpEmail=${GCP_EMAIL} +systemProp.org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} +systemProp.org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} +EOF + if [ "$SLOW_TESTS_ONLY" == "true" ]; then ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ ${MULTI_MONGOS_URI_SYSTEM_PROPERTY} ${GRADLE_EXTRA_VARS} ${ASYNC_TYPE} \ @@ -141,15 +159,7 @@ if [ "$SLOW_TESTS_ONLY" == "true" ]; then --stacktrace --info testSlowOnly else ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ - -Dorg.mongodb.test.fle.on.demand.credential.test.failure.enabled="true" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint="${AZUREKMS_KEY_VAULT_ENDPOINT}" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyName="${AZUREKMS_KEY_NAME}" \ - -Dorg.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} -Dorg.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} \ - -Dorg.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} -Dorg.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} -Dorg.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} \ - -Dorg.mongodb.test.azureTenantId=${AZURE_TENANT_ID} -Dorg.mongodb.test.azureClientId=${AZURE_CLIENT_ID} -Dorg.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} \ - -Dorg.mongodb.test.gcpEmail=${GCP_EMAIL} -Dorg.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} \ ${MULTI_MONGOS_URI_SYSTEM_PROPERTY} ${API_VERSION} ${GRADLE_EXTRA_VARS} ${ASYNC_TYPE} \ - -Dorg.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} \ ${JAVA_SYSPROP_NETTY_SSL_PROVIDER} \ --stacktrace --info --continue test fi From 41bbe2ea1372ccacbf8cf623b4411a07610b6c1a Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Fri, 2 Feb 2024 18:42:24 -0500 Subject: [PATCH 02/16] Remove dup key --- .evergreen/.evg.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index a370461be42..d0feeac5389 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -231,7 +231,6 @@ functions: AWS_ACCESS_KEY_ID: ${aws_access_key_id} AWS_SECRET_ACCESS_KEY: ${aws_secret_access_key} AWS_DEFAULT_REGION: us-east-1 - AWS_ACCESS_KEY_ID: ${aws_access_key_id} AZURE_TENANT_ID: ${azure_tenant_id} AZURE_CLIENT_ID: ${azure_client_id} AZURE_CLIENT_SECRET: ${azure_client_secret} From 6144c5833d2bb0a7c2bedc47904bc56ee74a16ed Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Mon, 5 Feb 2024 13:16:36 -0500 Subject: [PATCH 03/16] DRY it up --- ...y-sensitive-properties-to-gradle-config.sh | 19 ++++++++++++++++++ .../run-csfle-tests-with-mongocryptd.sh | 18 +---------------- .evergreen/run-tests.sh | 20 ++----------------- 3 files changed, 22 insertions(+), 35 deletions(-) create mode 100755 .evergreen/append-security-sensitive-properties-to-gradle-config.sh diff --git a/.evergreen/append-security-sensitive-properties-to-gradle-config.sh b/.evergreen/append-security-sensitive-properties-to-gradle-config.sh new file mode 100755 index 00000000000..f2953497fa6 --- /dev/null +++ b/.evergreen/append-security-sensitive-properties-to-gradle-config.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Append to gradle.properties so that they are not echoed below on the gradlew command line +cat <> ./gradle.properties +systemProp.org.mongodb.test.fle.on.demand.credential.test.failure.enabled=true +systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} +systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} +systemProp.org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} +systemProp.org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} +systemProp.org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} +systemProp.org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} +systemProp.org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} +systemProp.org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} +systemProp.org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} +systemProp.org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} +systemProp.org.mongodb.test.gcpEmail=${GCP_EMAIL} +systemProp.org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} +systemProp.org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} +EOF diff --git a/.evergreen/run-csfle-tests-with-mongocryptd.sh b/.evergreen/run-csfle-tests-with-mongocryptd.sh index c1812569bd5..056e4a4955e 100755 --- a/.evergreen/run-csfle-tests-with-mongocryptd.sh +++ b/.evergreen/run-csfle-tests-with-mongocryptd.sh @@ -50,23 +50,7 @@ provision_ssl echo "Running tests with Java ${JAVA_VERSION}" -# Append to gradle.properties so that they are not echoed below on the gradlew command line -cat <> ./gradle.properties -systemProp.org.mongodb.test.fle.on.demand.credential.test.failure.enabled=true -systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} -systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} -systemProp.org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} -systemProp.org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} -systemProp.org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} -systemProp.org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} -systemProp.org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} -systemProp.org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} -systemProp.org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} -systemProp.org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} -systemProp.org.mongodb.test.gcpEmail=${GCP_EMAIL} -systemProp.org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} -systemProp.org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} -EOF +"${RELATIVE_DIR_PATH}/append-security-sensitive-properties-to-gradle-config.sh" ./gradlew -version diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index d11f9f58f82..3e161433255 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -131,27 +131,11 @@ fi echo "Running $AUTH tests over $SSL for $TOPOLOGY and connecting to $MONGODB_URI" +"${RELATIVE_DIR_PATH}/append-security-sensitive-properties-to-gradle-config.sh" + echo "Running tests with Java ${JAVA_VERSION}" ./gradlew -version -# Append to gradle.properties so that they are not echoed below on the gradlew command line -cat <> ./gradle.properties -systemProp.org.mongodb.test.fle.on.demand.credential.test.failure.enabled=true -systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} -systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} -systemProp.org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} -systemProp.org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} -systemProp.org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} -systemProp.org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} -systemProp.org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} -systemProp.org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} -systemProp.org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} -systemProp.org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} -systemProp.org.mongodb.test.gcpEmail=${GCP_EMAIL} -systemProp.org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} -systemProp.org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} -EOF - if [ "$SLOW_TESTS_ONLY" == "true" ]; then ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ ${MULTI_MONGOS_URI_SYSTEM_PROPERTY} ${GRADLE_EXTRA_VARS} ${ASYNC_TYPE} \ From a6be6f9e126617542f6c38268d43ad213e0e5127 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 08:01:53 -0500 Subject: [PATCH 04/16] Use env vars --- ...y-sensitive-properties-to-gradle-config.sh | 19 ------------ .../export-security-sensitive-properties.sh | 15 ++++++++++ .../run-csfle-tests-with-mongocryptd.sh | 3 +- .evergreen/run-tests.sh | 3 +- .../com/mongodb/ClusterFixture.java | 14 +++++++-- ...ryptionDataKeyAndDoubleEncryptionTest.java | 15 +++++----- .../ClientSideEncryptionCorpusTest.java | 17 ++++++----- ...actClientEncryptionCustomEndpointTest.java | 25 ++++++++-------- ...tEncryptionRewrapManyDataKeyProseTest.java | 15 +++++----- ...tClientSideEncryptionAutoDataKeysTest.java | 7 +++-- ...ptionAwsCredentialFromEnvironmentTest.java | 9 +++--- ...bstractClientSideEncryptionKmsTlsTest.java | 15 +++++----- ...SideEncryptionOnDemandCredentialsTest.java | 5 ++-- .../AbstractClientSideEncryptionTest.java | 29 ++++++++++--------- ...ryptionDataKeyAndDoubleEncryptionTest.java | 15 +++++----- .../ClientSideEncryptionCorpusTest.java | 17 ++++++----- .../UnifiedClientEncryptionHelper.java | 7 +++-- 17 files changed, 125 insertions(+), 105 deletions(-) delete mode 100755 .evergreen/append-security-sensitive-properties-to-gradle-config.sh create mode 100755 .evergreen/export-security-sensitive-properties.sh diff --git a/.evergreen/append-security-sensitive-properties-to-gradle-config.sh b/.evergreen/append-security-sensitive-properties-to-gradle-config.sh deleted file mode 100755 index f2953497fa6..00000000000 --- a/.evergreen/append-security-sensitive-properties-to-gradle-config.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Append to gradle.properties so that they are not echoed below on the gradlew command line -cat <> ./gradle.properties -systemProp.org.mongodb.test.fle.on.demand.credential.test.failure.enabled=true -systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} -systemProp.org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} -systemProp.org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} -systemProp.org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} -systemProp.org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} -systemProp.org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} -systemProp.org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} -systemProp.org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} -systemProp.org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} -systemProp.org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} -systemProp.org.mongodb.test.gcpEmail=${GCP_EMAIL} -systemProp.org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} -systemProp.org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} -EOF diff --git a/.evergreen/export-security-sensitive-properties.sh b/.evergreen/export-security-sensitive-properties.sh new file mode 100755 index 00000000000..44463268635 --- /dev/null +++ b/.evergreen/export-security-sensitive-properties.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +export org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} +export org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} +export org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} +export org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} +export org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} +export org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} +export org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} +export org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} +export org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} +export org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} +export org.mongodb.test.gcpEmail=${GCP_EMAIL} +export org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} +export org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} diff --git a/.evergreen/run-csfle-tests-with-mongocryptd.sh b/.evergreen/run-csfle-tests-with-mongocryptd.sh index 056e4a4955e..341195bd5e5 100755 --- a/.evergreen/run-csfle-tests-with-mongocryptd.sh +++ b/.evergreen/run-csfle-tests-with-mongocryptd.sh @@ -50,7 +50,7 @@ provision_ssl echo "Running tests with Java ${JAVA_VERSION}" -"${RELATIVE_DIR_PATH}/append-security-sensitive-properties-to-gradle-config.sh" +"${RELATIVE_DIR_PATH}/export-security-sensitive-properties.sh" ./gradlew -version @@ -58,6 +58,7 @@ echo "Running tests with Java ${JAVA_VERSION}" # we force the driver to start `mongocryptd` instead of loading and using `crypt_shared`. ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ ${GRADLE_EXTRA_VARS} \ + -Dorg.mongodb.test.fle.on.demand.credential.test.failure.enabled=true \ --stacktrace --info --continue \ driver-legacy:test \ --tests "*.Client*Encryption*" \ diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 3e161433255..cb0d10b2ee0 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -131,7 +131,7 @@ fi echo "Running $AUTH tests over $SSL for $TOPOLOGY and connecting to $MONGODB_URI" -"${RELATIVE_DIR_PATH}/append-security-sensitive-properties-to-gradle-config.sh" +"${RELATIVE_DIR_PATH}/export-security-sensitive-properties.sh" echo "Running tests with Java ${JAVA_VERSION}" ./gradlew -version @@ -145,5 +145,6 @@ else ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ ${MULTI_MONGOS_URI_SYSTEM_PROPERTY} ${API_VERSION} ${GRADLE_EXTRA_VARS} ${ASYNC_TYPE} \ ${JAVA_SYSPROP_NETTY_SSL_PROVIDER} \ + -Dorg.mongodb.test.fle.on.demand.credential.test.failure.enabled=true \ --stacktrace --info --continue test fi diff --git a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java index 09bc55a1215..9d5d10e2dce 100644 --- a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java +++ b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java @@ -201,7 +201,7 @@ public static boolean hasEncryptionTestsEnabled() { List requiredSystemProperties = asList("awsAccessKeyId", "awsSecretAccessKey", "azureTenantId", "azureClientId", "azureClientSecret", "gcpEmail", "gcpPrivateKey", "tmpAwsAccessKeyId", "tmpAwsSecretAccessKey", "tmpAwsSessionToken"); return requiredSystemProperties.stream() - .map(name -> System.getProperty("org.mongodb.test." + name, "")) + .map(name -> getEnv("org.mongodb.test." + name, "")) .filter(s -> !s.isEmpty()) .count() == requiredSystemProperties.size(); } @@ -228,6 +228,16 @@ public void run() { } } + public static String getEnv(final String name, final String defaultValue) { + String value = getEnv(name); + return value == null ? defaultValue : value; + } + + @Nullable + public static String getEnv(String name) { + return System.getenv(name); + } + public static boolean getOcspShouldSucceed() { return Integer.parseInt(System.getProperty(MONGODB_OCSP_SHOULD_SUCCEED)) == 1; } @@ -541,7 +551,7 @@ public static boolean isAuthenticated() { } public static boolean isClientSideEncryptionTest() { - return !System.getProperty("org.mongodb.test.awsAccessKeyId", "").isEmpty(); + return !getEnv("org.mongodb.test.awsAccessKeyId", "").isEmpty(); } public static boolean isAtlasSearchTest() { diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java index 113316614de..5708ca210ac 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java @@ -40,6 +40,7 @@ import java.util.HashMap; import java.util.Map; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.client.Fixture.getMongoClientSettingsBuilder; @@ -81,17 +82,17 @@ public void setUp() { // Step 2: Create encrypted client and client encryption Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java index 39240540f09..8bef4ec317c 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java @@ -48,6 +48,7 @@ import java.util.Map; import static com.mongodb.ClusterFixture.TIMEOUT_DURATION; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.reactivestreams.client.Fixture.getMongoClientBuilderFromConnectionString; @@ -109,20 +110,20 @@ public void setUp() throws IOException, URISyntaxException { // Step 4: Configure our objects Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); }}); put("kmip", new HashMap() {{ - put("endpoint", System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698")); + put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java index 005bdce2b4e..f262426d324 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java @@ -40,6 +40,7 @@ import java.util.List; import java.util.Map; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.client.Fixture.getMongoClientSettings; @@ -82,18 +83,18 @@ public void setUp() { Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ @@ -108,14 +109,14 @@ public void setUp() { Map> invalidKmsProviders = new HashMap>() {{ put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); put("identityPlatformEndpoint", "doesnotexist.invalid:443"); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); put("endpoint", "doesnotexist.invalid:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java index ae4c2393366..342032b307d 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java @@ -42,6 +42,7 @@ import java.util.Map; import java.util.Set; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.client.Fixture.getMongoClient; @@ -77,18 +78,18 @@ public abstract class AbstractClientEncryptionRewrapManyDataKeyProseTest { private static final Map> KMS_PROVIDERS = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java index ae9f0f313c5..5522c7d9334 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java @@ -46,6 +46,7 @@ import java.util.function.Supplier; import java.util.stream.Stream; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.isServerlessTest; import static com.mongodb.ClusterFixture.isStandalone; import static com.mongodb.ClusterFixture.serverVersionAtLeast; @@ -204,8 +205,8 @@ private enum KmsProvider { ), AWS("aws", kmsProviderProperties -> { - kmsProviderProperties.put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - kmsProviderProperties.put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + kmsProviderProperties.put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + kmsProviderProperties.put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }, createEncryptedCollectionParams -> createEncryptedCollectionParams.masterKey(BsonDocument.parse( "{" @@ -219,7 +220,7 @@ private enum KmsProvider { private final Supplier createEncryptedCollectionParamsSupplier; private static Set detect() { - String awsAccessKeyId = System.getProperty("org.mongodb.test.awsAccessKeyId"); + String awsAccessKeyId = getEnv("org.mongodb.test.awsAccessKeyId"); return awsAccessKeyId != null && !awsAccessKeyId.isEmpty() ? EnumSet.allOf(KmsProvider.class) : EnumSet.of(KmsProvider.LOCAL); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java index 308cb1f8959..c0331cbe286 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java @@ -39,6 +39,7 @@ import java.util.function.Supplier; import java.util.stream.Stream; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.isClientSideEncryptionTest; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.client.Fixture.getMongoClientSettingsBuilder; @@ -108,8 +109,8 @@ public void testGetCredentialsFromSupplier() { Map>> kmsProviderPropertySuppliers = new HashMap>>() {{ put("aws", () -> new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); }}; @@ -199,8 +200,8 @@ public void shouldIgnoreSupplierIfKmsProviderMapValueIsNotEmpty() { Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); }}; diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java index 932af13d173..708d04533eb 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java @@ -36,6 +36,7 @@ import java.util.HashMap; import java.util.Map; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.client.Fixture.getMongoClientSettings; @@ -156,18 +157,18 @@ public void testThatCustomSslContextIsUsed() { private HashMap> getKmsProviders() { return new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java index e0260bac12d..9306076f7d9 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java @@ -30,6 +30,7 @@ import java.util.HashMap; import java.util.Map; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.assertions.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -85,8 +86,8 @@ private DataKeyOptions getDataKeyOptions(final String kmsProvider) { return new DataKeyOptions().masterKey(BsonDocument.parse( "{projectId: \"devprod-drivers\", location: \"global\", keyRing: \"key-ring-csfle\", keyName: \"key-name-csfle\"}")); case "azure": - String keyVaultEndpoint = System.getProperty("org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint"); - String keyName = System.getProperty("org.mongodb.test.fle.on.demand.credential.test.azure.keyName"); + String keyVaultEndpoint = getEnv("org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint"); + String keyName = getEnv("org.mongodb.test.fle.on.demand.credential.test.azure.keyName"); return new DataKeyOptions().masterKey(new BsonDocument() .append("keyVaultEndpoint", new BsonString(keyVaultEndpoint)) .append("keyName", new BsonString(keyName))); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java index 9c14640cb4b..b06076ba1c4 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java @@ -51,6 +51,7 @@ import java.util.Map; import java.util.Optional; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.JsonTestServerVersionChecker.skipTest; import static com.mongodb.client.CommandMonitoringTestHelper.assertEventsEquality; @@ -221,29 +222,29 @@ public void setUp() { kmsProvidersMap.put(kmsProviderKey.startsWith("aws") ? "aws" : kmsProviderKey, kmsProviderMap); switch (kmsProviderKey) { case "aws": - kmsProviderMap.put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + kmsProviderMap.put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + kmsProviderMap.put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); break; case "awsTemporary": - kmsProviderMap.put("accessKeyId", System.getProperty("org.mongodb.test.tmpAwsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", System.getProperty("org.mongodb.test.tmpAwsSecretAccessKey")); - kmsProviderMap.put("sessionToken", System.getProperty("org.mongodb.test.tmpAwsSessionToken")); + kmsProviderMap.put("accessKeyId", getEnv("org.mongodb.test.tmpAwsAccessKeyId")); + kmsProviderMap.put("secretAccessKey", getEnv("org.mongodb.test.tmpAwsSecretAccessKey")); + kmsProviderMap.put("sessionToken", getEnv("org.mongodb.test.tmpAwsSessionToken")); break; case "awsTemporaryNoSessionToken": - kmsProviderMap.put("accessKeyId", System.getProperty("org.mongodb.test.tmpAwsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", System.getProperty("org.mongodb.test.tmpAwsSecretAccessKey")); + kmsProviderMap.put("accessKeyId", getEnv("org.mongodb.test.tmpAwsAccessKeyId")); + kmsProviderMap.put("secretAccessKey", getEnv("org.mongodb.test.tmpAwsSecretAccessKey")); break; case "azure": - kmsProviderMap.put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - kmsProviderMap.put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - kmsProviderMap.put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + kmsProviderMap.put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + kmsProviderMap.put("clientId", getEnv("org.mongodb.test.azureClientId")); + kmsProviderMap.put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); break; case "gcp": - kmsProviderMap.put("email", System.getProperty("org.mongodb.test.gcpEmail")); - kmsProviderMap.put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + kmsProviderMap.put("email", getEnv("org.mongodb.test.gcpEmail")); + kmsProviderMap.put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); break; case "kmip": - kmsProviderMap.put("endpoint", System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698")); + kmsProviderMap.put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); break; case "local": kmsProviderMap.put("key", kmsProviderOptions.getBinary("key").getData()); @@ -384,7 +385,7 @@ public static Collection data() throws URISyntaxException, IOException } static Optional cryptSharedLibPathSysPropValue() { - String value = System.getProperty("org.mongodb.test.crypt.shared.lib.path", ""); + String value = getEnv("org.mongodb.test.crypt.shared.lib.path", ""); return value.isEmpty() ? Optional.empty() : Optional.of(value); } } diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java b/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java index 58c932ba885..29aa3b12acf 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java @@ -39,6 +39,7 @@ import java.util.HashMap; import java.util.Map; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.client.Fixture.getMongoClientSettingsBuilder; @@ -81,17 +82,17 @@ public void setUp() { // Step 2: Create encrypted client and client encryption Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java index 17b68a87ccb..2724b853db2 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java @@ -45,6 +45,7 @@ import java.util.HashMap; import java.util.Map; +import static com.mongodb.ClusterFixture.getEnv; import static com.mongodb.ClusterFixture.hasEncryptionTestsEnabled; import static com.mongodb.ClusterFixture.serverVersionAtLeast; import static com.mongodb.client.Fixture.getMongoClientSettings; @@ -103,20 +104,20 @@ public void setUp() throws IOException, URISyntaxException { // Step 4: Configure our objects Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); + put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", System.getProperty("org.mongodb.test.azureTenantId")); - put("clientId", System.getProperty("org.mongodb.test.azureClientId")); - put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org.mongodb.test.azureTenantId")); + put("clientId", getEnv("org.mongodb.test.azureClientId")); + put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", System.getProperty("org.mongodb.test.gcpEmail")); - put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org.mongodb.test.gcpEmail")); + put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); }}); put("kmip", new HashMap() {{ - put("endpoint", System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698")); + put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java b/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java index 0ed5f2f1dda..0edb6d2a26a 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java +++ b/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java @@ -34,6 +34,7 @@ import java.util.Map; import java.util.function.Supplier; +import static com.mongodb.ClusterFixture.getEnv; import static java.lang.Math.toIntExact; public final class UnifiedClientEncryptionHelper { @@ -82,7 +83,7 @@ static Map> createKmsProvidersMap(final BsonDocument break; case "kmip": setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "endpoint", () -> - System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698")); + getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); break; case "local": setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "key", UnifiedClientEncryptionHelper::localKmsProviderKey); @@ -104,8 +105,8 @@ public static byte[] localKmsProviderKey() { private static void setKmsProviderProperty(final Map kmsProviderMap, final BsonDocument kmsProviderOptions, final String key, final String propertyName) { setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, key, () -> { - if (System.getProperties().containsKey(propertyName)) { - return System.getProperty(propertyName); + if (getEnv(propertyName) != null) { + return getEnv(propertyName); } throw new UnsupportedOperationException("Missing system property for: " + key); }); From 188ac4fce672858711abcf4b4a4d9451a08d638d Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 08:36:26 -0500 Subject: [PATCH 05/16] Use env vars take two --- .../export-security-sensitive-properties.sh | 28 ++++++++++--------- .../run-csfle-tests-with-mongocryptd.sh | 2 +- .../run-fle-on-demand-credential-test.sh | 14 ++++------ .../com/mongodb/ClusterFixture.java | 2 +- ...ryptionDataKeyAndDoubleEncryptionTest.java | 14 +++++----- ...cryptionBsonSizeLimitsSpecification.groovy | 2 +- .../ClientSideEncryptionCorpusTest.java | 14 +++++----- ...actClientEncryptionCustomEndpointTest.java | 24 ++++++++-------- ...tEncryptionRewrapManyDataKeyProseTest.java | 14 +++++----- ...tClientSideEncryptionAutoDataKeysTest.java | 6 ++-- ...ptionAwsCredentialFromEnvironmentTest.java | 8 +++--- ...bstractClientSideEncryptionKmsTlsTest.java | 14 +++++----- ...SideEncryptionOnDemandCredentialsTest.java | 6 ++-- .../AbstractClientSideEncryptionTest.java | 26 ++++++++--------- ...ryptionDataKeyAndDoubleEncryptionTest.java | 14 +++++----- .../ClientSideEncryptionCorpusTest.java | 14 +++++----- ...yptionExternalKeyVaultSpecification.groovy | 8 +++--- .../UnifiedClientEncryptionHelper.java | 24 ++++++++-------- 18 files changed, 117 insertions(+), 117 deletions(-) diff --git a/.evergreen/export-security-sensitive-properties.sh b/.evergreen/export-security-sensitive-properties.sh index 44463268635..76707e482b3 100755 --- a/.evergreen/export-security-sensitive-properties.sh +++ b/.evergreen/export-security-sensitive-properties.sh @@ -1,15 +1,17 @@ #!/bin/bash -export org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} -export org.mongodb.test.fle.on.demand.credential.test.azure.keyName=${AZUREKMS_KEY_NAME} -export org.mongodb.test.awsAccessKeyId=${AWS_ACCESS_KEY_ID} -export org.mongodb.test.awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} -export org.mongodb.test.tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} -export org.mongodb.test.tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} -export org.mongodb.test.tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} -export org.mongodb.test.azureTenantId=${AZURE_TENANT_ID} -export org.mongodb.test.azureClientId=${AZURE_CLIENT_ID} -export org.mongodb.test.azureClientSecret=${AZURE_CLIENT_SECRET} -export org.mongodb.test.gcpEmail=${GCP_EMAIL} -export org.mongodb.test.gcpPrivateKey=${GCP_PRIVATE_KEY} -export org.mongodb.test.crypt.shared.lib.path=${CRYPT_SHARED_LIB_PATH} +export org_mongodb_test_fle_on_demand_credential_test_azure_keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} +export org_mongodb_test_fle_on_demand_credential_test_azure_keyName=${AZUREKMS_KEY_NAME} +export org_mongodb_test_fle_on_demand_credential_provider="${PROVIDER}" +export org_mongodb_test_awsAccessKeyId=${AWS_ACCESS_KEY_ID} +export org_mongodb_test_awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} +export org_mongodb_test_tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} +export org_mongodb_test_tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} +export org_mongodb_test_tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} +export org_mongodb_test_azureTenantId=${AZURE_TENANT_ID} +export org_mongodb_test_azureClientId=${AZURE_CLIENT_ID} +export org_mongodb_test_azureClientSecret=${AZURE_CLIENT_SECRET} +export org_mongodb_test_gcpEmail=${GCP_EMAIL} +export org_mongodb_test_gcpPrivateKey=${GCP_PRIVATE_KEY} + +export org_mongodb_test_crypt_shared_lib_path=${CRYPT_SHARED_LIB_PATH} diff --git a/.evergreen/run-csfle-tests-with-mongocryptd.sh b/.evergreen/run-csfle-tests-with-mongocryptd.sh index 341195bd5e5..f649017a566 100755 --- a/.evergreen/run-csfle-tests-with-mongocryptd.sh +++ b/.evergreen/run-csfle-tests-with-mongocryptd.sh @@ -54,7 +54,7 @@ echo "Running tests with Java ${JAVA_VERSION}" ./gradlew -version -# By not specifying the path to the `crypt_shared` via the `org.mongodb.test.crypt.shared.lib.path` Java system property, +# By not specifying the path to the `crypt_shared` via the `org_mongodb_test_crypt_shared_lib_path` Java system property, # we force the driver to start `mongocryptd` instead of loading and using `crypt_shared`. ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ ${GRADLE_EXTRA_VARS} \ diff --git a/.evergreen/run-fle-on-demand-credential-test.sh b/.evergreen/run-fle-on-demand-credential-test.sh index d0132b6c1ac..5ab1afba670 100755 --- a/.evergreen/run-fle-on-demand-credential-test.sh +++ b/.evergreen/run-fle-on-demand-credential-test.sh @@ -20,20 +20,18 @@ if ! which java ; then sudo apt install openjdk-17-jdk -y fi +RELATIVE_DIR_PATH="$(dirname "${BASH_SOURCE:-$0}")" +"${RELATIVE_DIR_PATH}/export-security-sensitive-properties.sh" + + ./gradlew -Dorg.mongodb.test.uri="${MONGODB_URI}" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.success.enabled="true" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint="${AZUREKMS_KEY_VAULT_ENDPOINT}" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyName="${AZUREKMS_KEY_NAME}" \ - -Dorg.mongodb.test.fle.on.demand.credential.provider="${PROVIDER}" \ + -Dorg.mongodb.test.fle.on.demand.credential.test.success.enabled=true \ --stacktrace --debug --info driver-sync:test --tests ClientSideEncryptionOnDemandCredentialsTest first=$? echo $first ./gradlew -Dorg.mongodb.test.uri="${MONGODB_URI}" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.success.enabled="true" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint="${AZUREKMS_KEY_VAULT_ENDPOINT}" \ - -Dorg.mongodb.test.fle.on.demand.credential.test.azure.keyName="${AZUREKMS_KEY_NAME}" \ - -Dorg.mongodb.test.fle.on.demand.credential.provider="${PROVIDER}" \ + -Dorg.mongodb.test.fle.on.demand.credential.test.success.enabled=true \ --stacktrace --debug --info driver-reactive-streams:test --tests ClientSideEncryptionOnDemandCredentialsTest second=$? echo $second diff --git a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java index 9d5d10e2dce..c775736e2cf 100644 --- a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java +++ b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java @@ -551,7 +551,7 @@ public static boolean isAuthenticated() { } public static boolean isClientSideEncryptionTest() { - return !getEnv("org.mongodb.test.awsAccessKeyId", "").isEmpty(); + return !getEnv("org_mongodb_test_awsAccessKeyId", "").isEmpty(); } public static boolean isAtlasSearchTest() { diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java index 5708ca210ac..4b45f26f5c2 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java @@ -82,17 +82,17 @@ public void setUp() { // Step 2: Create encrypted client and client encryption Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy index 19a3b704524..63a644da7a0 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy @@ -53,7 +53,7 @@ class ClientSideEncryptionBsonSizeLimitsSpecification extends FunctionalSpecific def setup() { assumeTrue(serverVersionAtLeast(4, 2)) assumeTrue('Key vault tests disabled', - !System.getProperty('org.mongodb.test.awsAccessKeyId', '').isEmpty()) + !System.getProperty('org_mongodb_test_awsAccessKeyId', '').isEmpty()) drop(keyVaultNamespace) drop(autoEncryptingCollectionNamespace) diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java index 8bef4ec317c..b01fc7f59b8 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java @@ -110,17 +110,17 @@ public void setUp() throws IOException, URISyntaxException { // Step 4: Configure our objects Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); }}); put("kmip", new HashMap() {{ put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java index f262426d324..ccedde76aa8 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java @@ -83,18 +83,18 @@ public void setUp() { Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ @@ -109,14 +109,14 @@ public void setUp() { Map> invalidKmsProviders = new HashMap>() {{ put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); put("identityPlatformEndpoint", "doesnotexist.invalid:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); put("endpoint", "doesnotexist.invalid:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java index 342032b307d..43f94ac9531 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java @@ -78,18 +78,18 @@ public abstract class AbstractClientEncryptionRewrapManyDataKeyProseTest { private static final Map> KMS_PROVIDERS = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java index 5522c7d9334..27731c0a29d 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java @@ -205,8 +205,8 @@ private enum KmsProvider { ), AWS("aws", kmsProviderProperties -> { - kmsProviderProperties.put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - kmsProviderProperties.put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + kmsProviderProperties.put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + kmsProviderProperties.put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }, createEncryptedCollectionParams -> createEncryptedCollectionParams.masterKey(BsonDocument.parse( "{" @@ -220,7 +220,7 @@ private enum KmsProvider { private final Supplier createEncryptedCollectionParamsSupplier; private static Set detect() { - String awsAccessKeyId = getEnv("org.mongodb.test.awsAccessKeyId"); + String awsAccessKeyId = getEnv("org_mongodb_test_awsAccessKeyId"); return awsAccessKeyId != null && !awsAccessKeyId.isEmpty() ? EnumSet.allOf(KmsProvider.class) : EnumSet.of(KmsProvider.LOCAL); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java index c0331cbe286..a0bbfb20612 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java @@ -109,8 +109,8 @@ public void testGetCredentialsFromSupplier() { Map>> kmsProviderPropertySuppliers = new HashMap>>() {{ put("aws", () -> new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); }}; @@ -200,8 +200,8 @@ public void shouldIgnoreSupplierIfKmsProviderMapValueIsNotEmpty() { Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); }}; diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java index 708d04533eb..0d5de1b9de1 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java @@ -157,18 +157,18 @@ public void testThatCustomSslContextIsUsed() { private HashMap> getKmsProviders() { return new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java index 9306076f7d9..96bb9d25626 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java @@ -41,7 +41,7 @@ public abstract class AbstractClientSideEncryptionOnDemandCredentialsTest { @Test @EnabledIfSystemProperty(named = "org.mongodb.test.fle.on.demand.credential.test.success.enabled", matches = "true") public void testSuccess() { - String kmsProvider = System.getProperty("org.mongodb.test.fle.on.demand.credential.provider"); + String kmsProvider = getEnv("org_mongodb_test_fle_on_demand_credential_provider"); try (ClientEncryption clientEncryption = initClientEncryption(kmsProvider)) { clientEncryption.createDataKey(kmsProvider, getDataKeyOptions(kmsProvider)); } @@ -86,8 +86,8 @@ private DataKeyOptions getDataKeyOptions(final String kmsProvider) { return new DataKeyOptions().masterKey(BsonDocument.parse( "{projectId: \"devprod-drivers\", location: \"global\", keyRing: \"key-ring-csfle\", keyName: \"key-name-csfle\"}")); case "azure": - String keyVaultEndpoint = getEnv("org.mongodb.test.fle.on.demand.credential.test.azure.keyVaultEndpoint"); - String keyName = getEnv("org.mongodb.test.fle.on.demand.credential.test.azure.keyName"); + String keyVaultEndpoint = getEnv("org_mongodb_test_fle_on_demand_credential_test_azure_keyVaultEndpoint"); + String keyName = getEnv("org_mongodb_test_fle_on_demand_credential_test_azure_keyName"); return new DataKeyOptions().masterKey(new BsonDocument() .append("keyVaultEndpoint", new BsonString(keyVaultEndpoint)) .append("keyName", new BsonString(keyName))); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java index b06076ba1c4..80150f8166e 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java @@ -222,26 +222,26 @@ public void setUp() { kmsProvidersMap.put(kmsProviderKey.startsWith("aws") ? "aws" : kmsProviderKey, kmsProviderMap); switch (kmsProviderKey) { case "aws": - kmsProviderMap.put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + kmsProviderMap.put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + kmsProviderMap.put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); break; case "awsTemporary": - kmsProviderMap.put("accessKeyId", getEnv("org.mongodb.test.tmpAwsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", getEnv("org.mongodb.test.tmpAwsSecretAccessKey")); - kmsProviderMap.put("sessionToken", getEnv("org.mongodb.test.tmpAwsSessionToken")); + kmsProviderMap.put("accessKeyId", getEnv("org_mongodb_test_tmpAwsAccessKeyId")); + kmsProviderMap.put("secretAccessKey", getEnv("org_mongodb_test_tmpAwsSecretAccessKey")); + kmsProviderMap.put("sessionToken", getEnv("org_mongodb_test_tmpAwsSessionToken")); break; case "awsTemporaryNoSessionToken": - kmsProviderMap.put("accessKeyId", getEnv("org.mongodb.test.tmpAwsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", getEnv("org.mongodb.test.tmpAwsSecretAccessKey")); + kmsProviderMap.put("accessKeyId", getEnv("org_mongodb_test_tmpAwsAccessKeyId")); + kmsProviderMap.put("secretAccessKey", getEnv("org_mongodb_test_tmpAwsSecretAccessKey")); break; case "azure": - kmsProviderMap.put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - kmsProviderMap.put("clientId", getEnv("org.mongodb.test.azureClientId")); - kmsProviderMap.put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + kmsProviderMap.put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + kmsProviderMap.put("clientId", getEnv("org_mongodb_test_azureClientId")); + kmsProviderMap.put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); break; case "gcp": - kmsProviderMap.put("email", getEnv("org.mongodb.test.gcpEmail")); - kmsProviderMap.put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + kmsProviderMap.put("email", getEnv("org_mongodb_test_gcpEmail")); + kmsProviderMap.put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); break; case "kmip": kmsProviderMap.put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); @@ -385,7 +385,7 @@ public static Collection data() throws URISyntaxException, IOException } static Optional cryptSharedLibPathSysPropValue() { - String value = getEnv("org.mongodb.test.crypt.shared.lib.path", ""); + String value = getEnv("org_mongodb_test_crypt_shared_lib_path", ""); return value.isEmpty() ? Optional.empty() : Optional.of(value); } } diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java b/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java index 29aa3b12acf..9f496dc637f 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java @@ -82,17 +82,17 @@ public void setUp() { // Step 2: Create encrypted client and client encryption Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java index 2724b853db2..e8ddb634148 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java @@ -104,17 +104,17 @@ public void setUp() throws IOException, URISyntaxException { // Step 4: Configure our objects Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org.mongodb.test.awsAccessKeyId")); - put("secretAccessKey", getEnv("org.mongodb.test.awsSecretAccessKey")); + put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); + put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org.mongodb.test.azureTenantId")); - put("clientId", getEnv("org.mongodb.test.azureClientId")); - put("clientSecret", getEnv("org.mongodb.test.azureClientSecret")); + put("tenantId", getEnv("org_mongodb_test_azureTenantId")); + put("clientId", getEnv("org_mongodb_test_azureClientId")); + put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org.mongodb.test.gcpEmail")); - put("privateKey", getEnv("org.mongodb.test.gcpPrivateKey")); + put("email", getEnv("org_mongodb_test_gcpEmail")); + put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); }}); put("kmip", new HashMap() {{ put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy index da7086dc91e..c51f97ae4c1 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy @@ -59,16 +59,16 @@ class ClientSideEncryptionExternalKeyVaultSpecification extends FunctionalSpecif def setup() { assumeTrue(serverVersionAtLeast(4, 2)) assumeTrue('Key vault tests disabled', - System.getProperty('org.mongodb.test.awsAccessKeyId') != null - && !System.getProperty('org.mongodb.test.awsAccessKeyId').isEmpty()) + System.getProperty('org_mongodb_test_awsAccessKeyId') != null + && !System.getProperty('org_mongodb_test_awsAccessKeyId').isEmpty()) dataKeyCollection.drop() dataCollection.drop() def providerProperties = ['local': ['key': Base64.getDecoder().decode('Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN' + '3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk')], - 'aws' : ['accessKeyId' : System.getProperty('org.mongodb.test.awsAccessKeyId'), - 'secretAccessKey': System.getProperty('org.mongodb.test.awsSecretAccessKey')] + 'aws' : ['accessKeyId' : System.getProperty('org_mongodb_test_awsAccessKeyId'), + 'secretAccessKey': System.getProperty('org_mongodb_test_awsSecretAccessKey')] ] autoEncryptingClient = MongoClients.create(getMongoClientSettingsBuilder() diff --git a/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java b/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java index 0edb6d2a26a..b33f561068b 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java +++ b/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java @@ -60,26 +60,26 @@ static Map> createKmsProvidersMap(final BsonDocument Map kmsProviderMap = new HashMap<>(); switch (kmsProviderKey) { case "aws": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org.mongodb.test.awsAccessKeyId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org.mongodb.test.awsSecretAccessKey"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org_mongodb_test_awsAccessKeyId"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org_mongodb_test_awsSecretAccessKey"); break; case "awsTemporary": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org.mongodb.test.tmpAwsAccessKeyId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org.mongodb.test.tmpAwsSecretAccessKey"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "sessionToken", "org.mongodb.test.tmpAwsSessionToken"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org_mongodb_test_tmpAwsAccessKeyId"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org_mongodb_test_tmpAwsSecretAccessKey"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "sessionToken", "org_mongodb_test_tmpAwsSessionToken"); break; case "awsTemporaryNoSessionToken": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org.mongodb.test.tmpAwsAccessKeyId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org.mongodb.test.tmpAwsSecretAccessKey"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org_mongodb_test_tmpAwsAccessKeyId"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org_mongodb_test_tmpAwsSecretAccessKey"); break; case "azure": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "tenantId", "org.mongodb.test.azureTenantId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientId", "org.mongodb.test.azureClientId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientSecret", "org.mongodb.test.azureClientSecret"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "tenantId", "org_mongodb_test_azureTenantId"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientId", "org_mongodb_test_azureClientId"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientSecret", "org_mongodb_test_azureClientSecret"); break; case "gcp": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "email", "org.mongodb.test.gcpEmail"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "privateKey", "org.mongodb.test.gcpPrivateKey"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "email", "org_mongodb_test_gcpEmail"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "privateKey", "org_mongodb_test_gcpPrivateKey"); break; case "kmip": setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "endpoint", () -> From 9694a3c9f5dbf869d9e7b53449dba190b5230617 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 08:57:41 -0500 Subject: [PATCH 06/16] Use env vars take two --- .evergreen/.evg.yml | 26 ++++++++++++------- .../export-security-sensitive-properties.sh | 17 ------------ .../run-csfle-tests-with-mongocryptd.sh | 4 +-- .../run-fle-on-demand-credential-test.sh | 4 --- .evergreen/run-tests.sh | 2 -- .../com/mongodb/ClusterFixture.java | 2 +- ...ryptionDataKeyAndDoubleEncryptionTest.java | 14 +++++----- ...cryptionBsonSizeLimitsSpecification.groovy | 2 +- .../ClientSideEncryptionCorpusTest.java | 14 +++++----- ...actClientEncryptionCustomEndpointTest.java | 24 ++++++++--------- ...tEncryptionRewrapManyDataKeyProseTest.java | 14 +++++----- ...tClientSideEncryptionAutoDataKeysTest.java | 6 ++--- ...ptionAwsCredentialFromEnvironmentTest.java | 8 +++--- ...bstractClientSideEncryptionKmsTlsTest.java | 14 +++++----- ...SideEncryptionOnDemandCredentialsTest.java | 6 ++--- .../AbstractClientSideEncryptionTest.java | 26 +++++++++---------- ...ryptionDataKeyAndDoubleEncryptionTest.java | 14 +++++----- .../ClientSideEncryptionCorpusTest.java | 14 +++++----- ...yptionExternalKeyVaultSpecification.groovy | 8 +++--- .../UnifiedClientEncryptionHelper.java | 24 ++++++++--------- 20 files changed, 113 insertions(+), 130 deletions(-) delete mode 100755 .evergreen/export-security-sensitive-properties.sh diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index d0feeac5389..0aea79e15b9 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -1599,13 +1599,16 @@ tasks: params: working_dir: "src" shell: "bash" + env: + GCPKMS_GCLOUD: ${GCPKMS_GCLOUD} + GCPKMS_PROJECT: ${GCPKMS_PROJECT} + GCPKMS_ZONE: ${GCPKMS_ZONE} + GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME} + GCPKMS_CMD: "MONGODB_URI=mongodb://localhost:27017" + PROVIDER: gcp script: | ${PREPARE_SHELL} - export GCPKMS_GCLOUD=${GCPKMS_GCLOUD} - export GCPKMS_PROJECT=${GCPKMS_PROJECT} - export GCPKMS_ZONE=${GCPKMS_ZONE} - export GCPKMS_INSTANCENAME=${GCPKMS_INSTANCENAME} - GCPKMS_CMD="MONGODB_URI=mongodb://localhost:27017 PROVIDER=gcp ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh + ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh - name: testazurekms-task commands: @@ -1631,12 +1634,17 @@ tasks: params: working_dir: "src" shell: "bash" + env: + AZUREKMS_RESOURCEGROUP: ${testazurekms_resourcegroup} + AZUREKMS_VMNAME: ${AZUREKMS_VMNAME} + AZUREKMS_PRIVATEKEYPATH: /tmp/testazurekms_privatekey + AZUREKMS_CMD: "MONGODB_URI=mongodb://localhost:27017" + AZUREKMS_KEY_VAULT_ENDPOINT: ${testazurekms_keyvaultendpoint} + AZUREKMS_KEY_NAME: ${testazurekms_keyname} + PROVIDER: azure script: | ${PREPARE_SHELL} - export AZUREKMS_RESOURCEGROUP=${testazurekms_resourcegroup} - export AZUREKMS_VMNAME=${AZUREKMS_VMNAME} - export AZUREKMS_PRIVATEKEYPATH=/tmp/testazurekms_privatekey - AZUREKMS_CMD="MONGODB_URI=mongodb://localhost:27017 PROVIDER=azure AZUREKMS_KEY_VAULT_ENDPOINT=${testazurekms_keyvaultendpoint} AZUREKMS_KEY_NAME=${testazurekms_keyname} ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh + ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh - name: test-socks5 tags: [] commands: diff --git a/.evergreen/export-security-sensitive-properties.sh b/.evergreen/export-security-sensitive-properties.sh deleted file mode 100755 index 76707e482b3..00000000000 --- a/.evergreen/export-security-sensitive-properties.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -export org_mongodb_test_fle_on_demand_credential_test_azure_keyVaultEndpoint=${AZUREKMS_KEY_VAULT_ENDPOINT} -export org_mongodb_test_fle_on_demand_credential_test_azure_keyName=${AZUREKMS_KEY_NAME} -export org_mongodb_test_fle_on_demand_credential_provider="${PROVIDER}" -export org_mongodb_test_awsAccessKeyId=${AWS_ACCESS_KEY_ID} -export org_mongodb_test_awsSecretAccessKey=${AWS_SECRET_ACCESS_KEY} -export org_mongodb_test_tmpAwsAccessKeyId=${AWS_TEMP_ACCESS_KEY_ID} -export org_mongodb_test_tmpAwsSecretAccessKey=${AWS_TEMP_SECRET_ACCESS_KEY} -export org_mongodb_test_tmpAwsSessionToken=${AWS_TEMP_SESSION_TOKEN} -export org_mongodb_test_azureTenantId=${AZURE_TENANT_ID} -export org_mongodb_test_azureClientId=${AZURE_CLIENT_ID} -export org_mongodb_test_azureClientSecret=${AZURE_CLIENT_SECRET} -export org_mongodb_test_gcpEmail=${GCP_EMAIL} -export org_mongodb_test_gcpPrivateKey=${GCP_PRIVATE_KEY} - -export org_mongodb_test_crypt_shared_lib_path=${CRYPT_SHARED_LIB_PATH} diff --git a/.evergreen/run-csfle-tests-with-mongocryptd.sh b/.evergreen/run-csfle-tests-with-mongocryptd.sh index f649017a566..7927ec5eb85 100755 --- a/.evergreen/run-csfle-tests-with-mongocryptd.sh +++ b/.evergreen/run-csfle-tests-with-mongocryptd.sh @@ -50,11 +50,9 @@ provision_ssl echo "Running tests with Java ${JAVA_VERSION}" -"${RELATIVE_DIR_PATH}/export-security-sensitive-properties.sh" - ./gradlew -version -# By not specifying the path to the `crypt_shared` via the `org_mongodb_test_crypt_shared_lib_path` Java system property, +# By not specifying the path to the `crypt_shared` via the `CRYPT_SHARED_LIB_PATH` Java system property, # we force the driver to start `mongocryptd` instead of loading and using `crypt_shared`. ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ ${GRADLE_EXTRA_VARS} \ diff --git a/.evergreen/run-fle-on-demand-credential-test.sh b/.evergreen/run-fle-on-demand-credential-test.sh index 5ab1afba670..e5c86b6dc33 100755 --- a/.evergreen/run-fle-on-demand-credential-test.sh +++ b/.evergreen/run-fle-on-demand-credential-test.sh @@ -20,10 +20,6 @@ if ! which java ; then sudo apt install openjdk-17-jdk -y fi -RELATIVE_DIR_PATH="$(dirname "${BASH_SOURCE:-$0}")" -"${RELATIVE_DIR_PATH}/export-security-sensitive-properties.sh" - - ./gradlew -Dorg.mongodb.test.uri="${MONGODB_URI}" \ -Dorg.mongodb.test.fle.on.demand.credential.test.success.enabled=true \ --stacktrace --debug --info driver-sync:test --tests ClientSideEncryptionOnDemandCredentialsTest diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index cb0d10b2ee0..06a31098177 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -131,8 +131,6 @@ fi echo "Running $AUTH tests over $SSL for $TOPOLOGY and connecting to $MONGODB_URI" -"${RELATIVE_DIR_PATH}/export-security-sensitive-properties.sh" - echo "Running tests with Java ${JAVA_VERSION}" ./gradlew -version diff --git a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java index c775736e2cf..d10d75825bd 100644 --- a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java +++ b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java @@ -551,7 +551,7 @@ public static boolean isAuthenticated() { } public static boolean isClientSideEncryptionTest() { - return !getEnv("org_mongodb_test_awsAccessKeyId", "").isEmpty(); + return !getEnv("AWS_ACCESS_KEY_ID", "").isEmpty(); } public static boolean isAtlasSearchTest() { diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java index 4b45f26f5c2..2e212fb25c6 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java @@ -82,17 +82,17 @@ public void setUp() { // Step 2: Create encrypted client and client encryption Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy index 63a644da7a0..c044e8e1f56 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionBsonSizeLimitsSpecification.groovy @@ -53,7 +53,7 @@ class ClientSideEncryptionBsonSizeLimitsSpecification extends FunctionalSpecific def setup() { assumeTrue(serverVersionAtLeast(4, 2)) assumeTrue('Key vault tests disabled', - !System.getProperty('org_mongodb_test_awsAccessKeyId', '').isEmpty()) + !System.getProperty('AWS_ACCESS_KEY_ID', '').isEmpty()) drop(keyVaultNamespace) drop(autoEncryptingCollectionNamespace) diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java index b01fc7f59b8..9a44252b938 100644 --- a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/ClientSideEncryptionCorpusTest.java @@ -110,17 +110,17 @@ public void setUp() throws IOException, URISyntaxException { // Step 4: Configure our objects Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); }}); put("kmip", new HashMap() {{ put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java index ccedde76aa8..9826c592190 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionCustomEndpointTest.java @@ -83,18 +83,18 @@ public void setUp() { Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ @@ -109,14 +109,14 @@ public void setUp() { Map> invalidKmsProviders = new HashMap>() {{ put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); put("identityPlatformEndpoint", "doesnotexist.invalid:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); put("endpoint", "doesnotexist.invalid:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java index 43f94ac9531..5d95580399e 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientEncryptionRewrapManyDataKeyProseTest.java @@ -78,18 +78,18 @@ public abstract class AbstractClientEncryptionRewrapManyDataKeyProseTest { private static final Map> KMS_PROVIDERS = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java index 27731c0a29d..8e71e712284 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAutoDataKeysTest.java @@ -205,8 +205,8 @@ private enum KmsProvider { ), AWS("aws", kmsProviderProperties -> { - kmsProviderProperties.put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - kmsProviderProperties.put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + kmsProviderProperties.put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + kmsProviderProperties.put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }, createEncryptedCollectionParams -> createEncryptedCollectionParams.masterKey(BsonDocument.parse( "{" @@ -220,7 +220,7 @@ private enum KmsProvider { private final Supplier createEncryptedCollectionParamsSupplier; private static Set detect() { - String awsAccessKeyId = getEnv("org_mongodb_test_awsAccessKeyId"); + String awsAccessKeyId = getEnv("AWS_ACCESS_KEY_ID"); return awsAccessKeyId != null && !awsAccessKeyId.isEmpty() ? EnumSet.allOf(KmsProvider.class) : EnumSet.of(KmsProvider.LOCAL); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java index a0bbfb20612..51a80e7739d 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java @@ -109,8 +109,8 @@ public void testGetCredentialsFromSupplier() { Map>> kmsProviderPropertySuppliers = new HashMap>>() {{ put("aws", () -> new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); }}; @@ -200,8 +200,8 @@ public void shouldIgnoreSupplierIfKmsProviderMapValueIsNotEmpty() { Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); }}; diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java index 0d5de1b9de1..da400a206c2 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionKmsTlsTest.java @@ -157,18 +157,18 @@ public void testThatCustomSslContextIsUsed() { private HashMap> getKmsProviders() { return new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); put("identityPlatformEndpoint", "login.microsoftonline.com:443"); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); put("endpoint", "oauth2.googleapis.com:443"); }}); put("kmip", new HashMap() {{ diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java index 96bb9d25626..1eaaa3accae 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionOnDemandCredentialsTest.java @@ -41,7 +41,7 @@ public abstract class AbstractClientSideEncryptionOnDemandCredentialsTest { @Test @EnabledIfSystemProperty(named = "org.mongodb.test.fle.on.demand.credential.test.success.enabled", matches = "true") public void testSuccess() { - String kmsProvider = getEnv("org_mongodb_test_fle_on_demand_credential_provider"); + String kmsProvider = getEnv("PROVIDER"); try (ClientEncryption clientEncryption = initClientEncryption(kmsProvider)) { clientEncryption.createDataKey(kmsProvider, getDataKeyOptions(kmsProvider)); } @@ -86,8 +86,8 @@ private DataKeyOptions getDataKeyOptions(final String kmsProvider) { return new DataKeyOptions().masterKey(BsonDocument.parse( "{projectId: \"devprod-drivers\", location: \"global\", keyRing: \"key-ring-csfle\", keyName: \"key-name-csfle\"}")); case "azure": - String keyVaultEndpoint = getEnv("org_mongodb_test_fle_on_demand_credential_test_azure_keyVaultEndpoint"); - String keyName = getEnv("org_mongodb_test_fle_on_demand_credential_test_azure_keyName"); + String keyVaultEndpoint = getEnv("AZUREKMS_KEY_VAULT_ENDPOINT"); + String keyName = getEnv("AZUREKMS_KEY_NAME"); return new DataKeyOptions().masterKey(new BsonDocument() .append("keyVaultEndpoint", new BsonString(keyVaultEndpoint)) .append("keyName", new BsonString(keyName))); diff --git a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java index 80150f8166e..64f9568e4ed 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/AbstractClientSideEncryptionTest.java @@ -222,26 +222,26 @@ public void setUp() { kmsProvidersMap.put(kmsProviderKey.startsWith("aws") ? "aws" : kmsProviderKey, kmsProviderMap); switch (kmsProviderKey) { case "aws": - kmsProviderMap.put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + kmsProviderMap.put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + kmsProviderMap.put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); break; case "awsTemporary": - kmsProviderMap.put("accessKeyId", getEnv("org_mongodb_test_tmpAwsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", getEnv("org_mongodb_test_tmpAwsSecretAccessKey")); - kmsProviderMap.put("sessionToken", getEnv("org_mongodb_test_tmpAwsSessionToken")); + kmsProviderMap.put("accessKeyId", getEnv("AWS_TEMP_ACCESS_KEY_ID")); + kmsProviderMap.put("secretAccessKey", getEnv("AWS_TEMP_SECRET_ACCESS_KEY")); + kmsProviderMap.put("sessionToken", getEnv("AWS_TEMP_SESSION_TOKEN")); break; case "awsTemporaryNoSessionToken": - kmsProviderMap.put("accessKeyId", getEnv("org_mongodb_test_tmpAwsAccessKeyId")); - kmsProviderMap.put("secretAccessKey", getEnv("org_mongodb_test_tmpAwsSecretAccessKey")); + kmsProviderMap.put("accessKeyId", getEnv("AWS_TEMP_ACCESS_KEY_ID")); + kmsProviderMap.put("secretAccessKey", getEnv("AWS_TEMP_SECRET_ACCESS_KEY")); break; case "azure": - kmsProviderMap.put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - kmsProviderMap.put("clientId", getEnv("org_mongodb_test_azureClientId")); - kmsProviderMap.put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + kmsProviderMap.put("tenantId", getEnv("AZURE_TENANT_ID")); + kmsProviderMap.put("clientId", getEnv("AZURE_CLIENT_ID")); + kmsProviderMap.put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); break; case "gcp": - kmsProviderMap.put("email", getEnv("org_mongodb_test_gcpEmail")); - kmsProviderMap.put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + kmsProviderMap.put("email", getEnv("GCP_EMAIL")); + kmsProviderMap.put("privateKey", getEnv("GCP_PRIVATE_KEY")); break; case "kmip": kmsProviderMap.put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); @@ -385,7 +385,7 @@ public static Collection data() throws URISyntaxException, IOException } static Optional cryptSharedLibPathSysPropValue() { - String value = getEnv("org_mongodb_test_crypt_shared_lib_path", ""); + String value = getEnv("CRYPT_SHARED_LIB_PATH", ""); return value.isEmpty() ? Optional.empty() : Optional.of(value); } } diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java b/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java index 9f496dc637f..e4d81a9b0d8 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientEncryptionDataKeyAndDoubleEncryptionTest.java @@ -82,17 +82,17 @@ public void setUp() { // Step 2: Create encrypted client and client encryption Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); }}); put("local", new HashMap() {{ put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java index e8ddb634148..4570540c7e1 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionCorpusTest.java @@ -104,17 +104,17 @@ public void setUp() throws IOException, URISyntaxException { // Step 4: Configure our objects Map> kmsProviders = new HashMap>() {{ put("aws", new HashMap() {{ - put("accessKeyId", getEnv("org_mongodb_test_awsAccessKeyId")); - put("secretAccessKey", getEnv("org_mongodb_test_awsSecretAccessKey")); + put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID")); + put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY")); }}); put("azure", new HashMap() {{ - put("tenantId", getEnv("org_mongodb_test_azureTenantId")); - put("clientId", getEnv("org_mongodb_test_azureClientId")); - put("clientSecret", getEnv("org_mongodb_test_azureClientSecret")); + put("tenantId", getEnv("AZURE_TENANT_ID")); + put("clientId", getEnv("AZURE_CLIENT_ID")); + put("clientSecret", getEnv("AZURE_CLIENT_SECRET")); }}); put("gcp", new HashMap() {{ - put("email", getEnv("org_mongodb_test_gcpEmail")); - put("privateKey", getEnv("org_mongodb_test_gcpPrivateKey")); + put("email", getEnv("GCP_EMAIL")); + put("privateKey", getEnv("GCP_PRIVATE_KEY")); }}); put("kmip", new HashMap() {{ put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698")); diff --git a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy index c51f97ae4c1..3f59638e562 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy +++ b/driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionExternalKeyVaultSpecification.groovy @@ -59,16 +59,16 @@ class ClientSideEncryptionExternalKeyVaultSpecification extends FunctionalSpecif def setup() { assumeTrue(serverVersionAtLeast(4, 2)) assumeTrue('Key vault tests disabled', - System.getProperty('org_mongodb_test_awsAccessKeyId') != null - && !System.getProperty('org_mongodb_test_awsAccessKeyId').isEmpty()) + System.getProperty('AWS_ACCESS_KEY_ID') != null + && !System.getProperty('AWS_ACCESS_KEY_ID').isEmpty()) dataKeyCollection.drop() dataCollection.drop() def providerProperties = ['local': ['key': Base64.getDecoder().decode('Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN' + '3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk')], - 'aws' : ['accessKeyId' : System.getProperty('org_mongodb_test_awsAccessKeyId'), - 'secretAccessKey': System.getProperty('org_mongodb_test_awsSecretAccessKey')] + 'aws' : ['accessKeyId' : System.getProperty('AWS_ACCESS_KEY_ID'), + 'secretAccessKey': System.getProperty('AWS_SECRET_ACCESS_KEY')] ] autoEncryptingClient = MongoClients.create(getMongoClientSettingsBuilder() diff --git a/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java b/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java index b33f561068b..d7ac0450844 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java +++ b/driver-sync/src/test/functional/com/mongodb/client/unified/UnifiedClientEncryptionHelper.java @@ -60,26 +60,26 @@ static Map> createKmsProvidersMap(final BsonDocument Map kmsProviderMap = new HashMap<>(); switch (kmsProviderKey) { case "aws": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org_mongodb_test_awsAccessKeyId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org_mongodb_test_awsSecretAccessKey"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "AWS_ACCESS_KEY_ID"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "AWS_SECRET_ACCESS_KEY"); break; case "awsTemporary": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org_mongodb_test_tmpAwsAccessKeyId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org_mongodb_test_tmpAwsSecretAccessKey"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "sessionToken", "org_mongodb_test_tmpAwsSessionToken"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "AWS_TEMP_ACCESS_KEY_ID"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "AWS_TEMP_SECRET_ACCESS_KEY"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "sessionToken", "AWS_TEMP_SESSION_TOKEN"); break; case "awsTemporaryNoSessionToken": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "org_mongodb_test_tmpAwsAccessKeyId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "org_mongodb_test_tmpAwsSecretAccessKey"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "accessKeyId", "AWS_TEMP_ACCESS_KEY_ID"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "secretAccessKey", "AWS_TEMP_SECRET_ACCESS_KEY"); break; case "azure": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "tenantId", "org_mongodb_test_azureTenantId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientId", "org_mongodb_test_azureClientId"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientSecret", "org_mongodb_test_azureClientSecret"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "tenantId", "AZURE_TENANT_ID"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientId", "AZURE_CLIENT_ID"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "clientSecret", "AZURE_CLIENT_SECRET"); break; case "gcp": - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "email", "org_mongodb_test_gcpEmail"); - setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "privateKey", "org_mongodb_test_gcpPrivateKey"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "email", "GCP_EMAIL"); + setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "privateKey", "GCP_PRIVATE_KEY"); break; case "kmip": setKmsProviderProperty(kmsProviderMap, kmsProviderOptions, "endpoint", () -> From 6a27fe4da94db7f5743eaf3184b8619c426a9685 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 09:20:12 -0500 Subject: [PATCH 07/16] Fix quotes --- .evergreen/.evg.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index 0aea79e15b9..f2d6516fddd 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -1608,7 +1608,7 @@ tasks: PROVIDER: gcp script: | ${PREPARE_SHELL} - ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh + "./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh - name: testazurekms-task commands: @@ -1637,14 +1637,14 @@ tasks: env: AZUREKMS_RESOURCEGROUP: ${testazurekms_resourcegroup} AZUREKMS_VMNAME: ${AZUREKMS_VMNAME} - AZUREKMS_PRIVATEKEYPATH: /tmp/testazurekms_privatekey + AZUREKMS_PRIVATEKEYPATH: "/tmp/testazurekms_privatekey" AZUREKMS_CMD: "MONGODB_URI=mongodb://localhost:27017" AZUREKMS_KEY_VAULT_ENDPOINT: ${testazurekms_keyvaultendpoint} AZUREKMS_KEY_NAME: ${testazurekms_keyname} PROVIDER: azure script: | ${PREPARE_SHELL} - ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh + "./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh - name: test-socks5 tags: [] commands: From 2da5967a7afdaac817563047ae5497de9bcd8736 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 09:32:30 -0500 Subject: [PATCH 08/16] Try again --- .evergreen/.evg.yml | 26 +++++++------------ .../run-fle-on-demand-credential-test.sh | 2 ++ 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index f2d6516fddd..d0feeac5389 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -1599,16 +1599,13 @@ tasks: params: working_dir: "src" shell: "bash" - env: - GCPKMS_GCLOUD: ${GCPKMS_GCLOUD} - GCPKMS_PROJECT: ${GCPKMS_PROJECT} - GCPKMS_ZONE: ${GCPKMS_ZONE} - GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME} - GCPKMS_CMD: "MONGODB_URI=mongodb://localhost:27017" - PROVIDER: gcp script: | ${PREPARE_SHELL} - "./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh + export GCPKMS_GCLOUD=${GCPKMS_GCLOUD} + export GCPKMS_PROJECT=${GCPKMS_PROJECT} + export GCPKMS_ZONE=${GCPKMS_ZONE} + export GCPKMS_INSTANCENAME=${GCPKMS_INSTANCENAME} + GCPKMS_CMD="MONGODB_URI=mongodb://localhost:27017 PROVIDER=gcp ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh - name: testazurekms-task commands: @@ -1634,17 +1631,12 @@ tasks: params: working_dir: "src" shell: "bash" - env: - AZUREKMS_RESOURCEGROUP: ${testazurekms_resourcegroup} - AZUREKMS_VMNAME: ${AZUREKMS_VMNAME} - AZUREKMS_PRIVATEKEYPATH: "/tmp/testazurekms_privatekey" - AZUREKMS_CMD: "MONGODB_URI=mongodb://localhost:27017" - AZUREKMS_KEY_VAULT_ENDPOINT: ${testazurekms_keyvaultendpoint} - AZUREKMS_KEY_NAME: ${testazurekms_keyname} - PROVIDER: azure script: | ${PREPARE_SHELL} - "./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh + export AZUREKMS_RESOURCEGROUP=${testazurekms_resourcegroup} + export AZUREKMS_VMNAME=${AZUREKMS_VMNAME} + export AZUREKMS_PRIVATEKEYPATH=/tmp/testazurekms_privatekey + AZUREKMS_CMD="MONGODB_URI=mongodb://localhost:27017 PROVIDER=azure AZUREKMS_KEY_VAULT_ENDPOINT=${testazurekms_keyvaultendpoint} AZUREKMS_KEY_NAME=${testazurekms_keyname} ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh - name: test-socks5 tags: [] commands: diff --git a/.evergreen/run-fle-on-demand-credential-test.sh b/.evergreen/run-fle-on-demand-credential-test.sh index e5c86b6dc33..df70ef67cb7 100755 --- a/.evergreen/run-fle-on-demand-credential-test.sh +++ b/.evergreen/run-fle-on-demand-credential-test.sh @@ -20,6 +20,8 @@ if ! which java ; then sudo apt install openjdk-17-jdk -y fi +export PROVIDER=${PROVIDER} + ./gradlew -Dorg.mongodb.test.uri="${MONGODB_URI}" \ -Dorg.mongodb.test.fle.on.demand.credential.test.success.enabled=true \ --stacktrace --debug --info driver-sync:test --tests ClientSideEncryptionOnDemandCredentialsTest From c8aef7e01be4fe2b829a165a896efab627bd4dec Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 10:10:28 -0500 Subject: [PATCH 09/16] Try again --- .evergreen/.evg.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index d0feeac5389..985966d44c1 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -810,14 +810,14 @@ functions: GCP_PRIVATE_KEY: ${gcp_private_key} AZUREKMS_KEY_VAULT_ENDPOINT: ${testazurekms_keyvaultendpoint} AZUREKMS_KEY_NAME: ${testazurekms_keyname} + AWS_TEMP_ACCESS_KEY_ID: ${CSFLE_AWS_TEMP_ACCESS_KEY_ID} + AWS_TEMP_SECRET_ACCESS_KEY: ${CSFLE_AWS_TEMP_SECRET_ACCESS_KEY} + AWS_TEMP_SESSION_TOKEN: ${CSFLE_AWS_TEMP_SESSION_TOKEN} script: | ${PREPARE_SHELL} . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh MONGODB_URI="${MONGODB_URI}" JAVA_VERSION="${JAVA_VERSION}" \ - AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID \ - AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY \ - AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN \ .evergreen/run-csfle-tests-with-mongocryptd.sh "publish snapshot": From 9360a4e3f5cdd89d967ffae6a519336ead9306da Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 11:46:07 -0500 Subject: [PATCH 10/16] Try again --- .evergreen/.evg.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index 985966d44c1..dae2538a181 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -788,11 +788,13 @@ functions: type: test params: working_dir: "src" + env: + AWS_ACCESS_KEY_ID: ${aws_access_key_id} + AWS_SECRET_ACCESS_KEY: ${aws_secret_access_key} script: | ${PREPARE_SHELL} set +o xtrace - MONGODB_URI="${MONGODB_URI}" AWS_ACCESS_KEY_ID=${aws_access_key_id} AWS_SECRET_ACCESS_KEY=${aws_secret_access_key} \ - .evergreen/run-csfle-aws-from-environment.sh + MONGODB_URI="${MONGODB_URI}" .evergreen/run-csfle-aws-from-environment.sh "run csfle tests with mongocryptd": - command: shell.exec @@ -810,15 +812,16 @@ functions: GCP_PRIVATE_KEY: ${gcp_private_key} AZUREKMS_KEY_VAULT_ENDPOINT: ${testazurekms_keyvaultendpoint} AZUREKMS_KEY_NAME: ${testazurekms_keyname} - AWS_TEMP_ACCESS_KEY_ID: ${CSFLE_AWS_TEMP_ACCESS_KEY_ID} - AWS_TEMP_SECRET_ACCESS_KEY: ${CSFLE_AWS_TEMP_SECRET_ACCESS_KEY} - AWS_TEMP_SESSION_TOKEN: ${CSFLE_AWS_TEMP_SESSION_TOKEN} script: | ${PREPARE_SHELL} . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh - MONGODB_URI="${MONGODB_URI}" JAVA_VERSION="${JAVA_VERSION}" \ - .evergreen/run-csfle-tests-with-mongocryptd.sh + # These will be echoed: is that ok? + export AWS_TEMP_ACCESS_KEY_ID=${CSFLE_AWS_TEMP_ACCESS_KEY_ID} + export AWS_TEMP_SECRET_ACCESS_KEY=${CSFLE_AWS_TEMP_SECRET_ACCESS_KEY} + export WS_TEMP_SESSION_TOKEN=${CSFLE_AWS_TEMP_SESSION_TOKEN} + + MONGODB_URI="${MONGODB_URI}" JAVA_VERSION="${JAVA_VERSION}" .evergreen/run-csfle-tests-with-mongocryptd.sh "publish snapshot": - command: shell.exec From da1e17dac664975a4ca6040221e0f3633d477bc0 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 11:47:30 -0500 Subject: [PATCH 11/16] Try again --- .evergreen/.evg.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index dae2538a181..2249ab2124c 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -819,7 +819,7 @@ functions: # These will be echoed: is that ok? export AWS_TEMP_ACCESS_KEY_ID=${CSFLE_AWS_TEMP_ACCESS_KEY_ID} export AWS_TEMP_SECRET_ACCESS_KEY=${CSFLE_AWS_TEMP_SECRET_ACCESS_KEY} - export WS_TEMP_SESSION_TOKEN=${CSFLE_AWS_TEMP_SESSION_TOKEN} + export AWS_TEMP_SESSION_TOKEN=${CSFLE_AWS_TEMP_SESSION_TOKEN} MONGODB_URI="${MONGODB_URI}" JAVA_VERSION="${JAVA_VERSION}" .evergreen/run-csfle-tests-with-mongocryptd.sh From 9dad4852b9d224f7600d18ec85f7eaca330c1364 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 11:56:57 -0500 Subject: [PATCH 12/16] Try again --- .evergreen/.evg.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index 2249ab2124c..4eeb2be1328 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -243,12 +243,14 @@ functions: . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh + # these will be echoed. is that ok? + export AWS_TEMP_ACCESS_KEY_ID=${CSFLE_AWS_TEMP_ACCESS_KEY_ID} + export AWS_TEMP_SECRET_ACCESS_KEY=${CSFLE_AWS_TEMP_SECRET_ACCESS_KEY} + export AWS_TEMP_SESSION_TOKEN=${CSFLE_AWS_TEMP_SESSION_TOKEN} + export CRYPT_SHARED_LIB_PATH=${CRYPT_SHARED_LIB_PATH} + AUTH="${AUTH}" SSL="${SSL}" MONGODB_URI="${MONGODB_URI}" SAFE_FOR_MULTI_MONGOS="${SAFE_FOR_MULTI_MONGOS}" TOPOLOGY="${TOPOLOGY}" \ COMPRESSOR="${COMPRESSOR}" JAVA_VERSION="${JAVA_VERSION}" REQUIRE_API_VERSION=${REQUIRE_API_VERSION} \ - AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID \ - AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY \ - AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN \ - CRYPT_SHARED_LIB_PATH=${CRYPT_SHARED_LIB_PATH} \ .evergreen/run-tests.sh "run load-balancer tests": From 6ac6e8d55d8b4c20bf52ff9ced6c89282bc9f369 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Tue, 6 Feb 2024 12:09:46 -0500 Subject: [PATCH 13/16] expansions ftw --- .evergreen/.evg.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index 4eeb2be1328..fe35d4c9357 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -244,9 +244,9 @@ functions: . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh # these will be echoed. is that ok? - export AWS_TEMP_ACCESS_KEY_ID=${CSFLE_AWS_TEMP_ACCESS_KEY_ID} - export AWS_TEMP_SECRET_ACCESS_KEY=${CSFLE_AWS_TEMP_SECRET_ACCESS_KEY} - export AWS_TEMP_SESSION_TOKEN=${CSFLE_AWS_TEMP_SESSION_TOKEN} + export AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID + export AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY + export AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN export CRYPT_SHARED_LIB_PATH=${CRYPT_SHARED_LIB_PATH} AUTH="${AUTH}" SSL="${SSL}" MONGODB_URI="${MONGODB_URI}" SAFE_FOR_MULTI_MONGOS="${SAFE_FOR_MULTI_MONGOS}" TOPOLOGY="${TOPOLOGY}" \ @@ -819,9 +819,9 @@ functions: . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh # These will be echoed: is that ok? - export AWS_TEMP_ACCESS_KEY_ID=${CSFLE_AWS_TEMP_ACCESS_KEY_ID} - export AWS_TEMP_SECRET_ACCESS_KEY=${CSFLE_AWS_TEMP_SECRET_ACCESS_KEY} - export AWS_TEMP_SESSION_TOKEN=${CSFLE_AWS_TEMP_SESSION_TOKEN} + export AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID + export AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY + export AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN MONGODB_URI="${MONGODB_URI}" JAVA_VERSION="${JAVA_VERSION}" .evergreen/run-csfle-tests-with-mongocryptd.sh From 7fe788d1bd4e9f616c47dd5920f33a9e568e7a66 Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Wed, 21 Feb 2024 19:10:04 -0500 Subject: [PATCH 14/16] Checkstyle --- driver-core/src/test/functional/com/mongodb/ClusterFixture.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java index d10d75825bd..fe76ef68668 100644 --- a/driver-core/src/test/functional/com/mongodb/ClusterFixture.java +++ b/driver-core/src/test/functional/com/mongodb/ClusterFixture.java @@ -234,7 +234,7 @@ public static String getEnv(final String name, final String defaultValue) { } @Nullable - public static String getEnv(String name) { + public static String getEnv(final String name) { return System.getenv(name); } From f6d5e8919a1bd087a2ed01e271e1a191e53944fe Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Wed, 21 Feb 2024 19:13:46 -0500 Subject: [PATCH 15/16] remove comment --- .evergreen/.evg.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index fe35d4c9357..d4e02960a2f 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -243,7 +243,6 @@ functions: . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh - # these will be echoed. is that ok? export AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID export AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY export AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN From 592dc8181ddccebb6cd1957001ff5fef4d7d5b4c Mon Sep 17 00:00:00 2001 From: Jeff Yemin Date: Wed, 21 Feb 2024 19:19:50 -0500 Subject: [PATCH 16/16] remove comment --- .evergreen/.evg.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index d4e02960a2f..989df45d44b 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -817,7 +817,6 @@ functions: ${PREPARE_SHELL} . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh - # These will be echoed: is that ok? export AWS_TEMP_ACCESS_KEY_ID=$CSFLE_AWS_TEMP_ACCESS_KEY_ID export AWS_TEMP_SECRET_ACCESS_KEY=$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY export AWS_TEMP_SESSION_TOKEN=$CSFLE_AWS_TEMP_SESSION_TOKEN