CXX-2410 Add support for KMIP KMS provider (#894)

* Add support for setting TLS options for client encryption * Add support for setting TLS options for auto encryption * Make mongocxx::client_encryption moveable * Add KMIP provider and TLS options to basic CSE test helpers * Add test case sections to Prose Test 7 - Custom Endpoint Test * Update Prose Test 2 - Data Key and Double Encryption with KMIP * Update Prose Test 6 - Corpus Test with KMIP * Update Prose Test 7 - Custom Endpoint Test with KMIP * Add CSE Prose Test 11 - KMS TLS Options Tests * Add CAFile and tlsCertificateKeyFile env vars to Evergreen * Add !mayfail to KMS TLS Options Tests due to CDRIVER-4181 * Update client_encryption::create_data_key docs to include supported KMS providers * Update options::data_key docs to include KMIP * Add new MONGOCXX_TEST_* env vars to should_run_client_side_encryption_test * Add KMIP support for legacy runner in autoEncryptionOpts * Sync legacy CSE spec tests with 61b81891 * CXX-2155 Sync legacy CSE spec tests with 947be4cf * CXX-2410 Sync legacy CSE spec tests with 5964c134 * CXX-2488 Sync legacy CSE spec tests with 6a7158d5 * CXX-2487 Sync legacy CSE spec tests with 02b4275d * Divide CSE legacy test runner into sections by file and test description * Improve error message on unexpected exception
mongodb · Sep 7, 2022 · 50478fa · 50478fa
1 parent f1f3f50
commit 50478fa
Show file tree

Hide file tree

Showing 47 changed files with 7,397 additions and 709 deletions.
diff --git a/.mci.yml b/.mci.yml
@@ -406,29 +406,38 @@ functions:
 
                   export MONGODB_API_VERSION="${MONGODB_API_VERSION}"
 
+                  pushd ../../
+                  cd drivers-evergreen-tools
+                  export DRIVERS_TOOLS=$(pwd)
+                  if [ "Windows_NT" == "$OS" ]; then
+                      export DRIVERS_TOOLS=$(cygpath -m $DRIVERS_TOOLS)
+                  fi
+                  popd
+
                   if [ "$(uname -m)" == "ppc64le" ]; then
                       echo "Skipping CSFLE test setup (CDRIVER-4246/CXX-2423)"
                   else
                       # export environment variables for encryption tests
                       set +o errexit
+
+                      if [ "Windows_NT" == "$OS"]; then
+                          export MONGOCXX_TEST_CSFLE_TLS_CA_FILE=$DRIVERS_TOOLS\.evergreen\x509gen\ca.pem
+                          export MONGOCXX_TEST_CSFLE_TLS_CERTIFICATE_KEY_FILE=$DRIVERS_TOOLS\.evergreen\x509gen\client.pem
+                      else
+                          export MONGOCXX_TEST_CSFLE_TLS_CA_FILE=$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem
+                          export MONGOCXX_TEST_CSFLE_TLS_CERTIFICATE_KEY_FILE=$DRIVERS_TOOLS/.evergreen/x509gen/client.pem
+                      fi
+
                       export MONGOCXX_TEST_AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}"
                       export MONGOCXX_TEST_AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}"
                       export MONGOCXX_TEST_AZURE_TENANT_ID="${cse_azure_tenant_id}"
                       export MONGOCXX_TEST_AZURE_CLIENT_ID="${cse_azure_client_id}"
                       export MONGOCXX_TEST_AZURE_CLIENT_SECRET="${cse_azure_client_secret}"
                       export MONGOCXX_TEST_GCP_EMAIL="${cse_gcp_email}"
                       export MONGOCXX_TEST_GCP_PRIVATEKEY="${cse_gcp_privatekey}"
-   
-                      set -o errexit
-                  fi
 
-                  pushd ../../
-                  cd drivers-evergreen-tools
-                  export DRIVERS_TOOLS=$(pwd)
-                  if [ "Windows_NT" == "$OS" ]; then
-                      export DRIVERS_TOOLS=$(cygpath -m $DRIVERS_TOOLS)
+                      set -o errexit
                   fi
-                  popd
 
                   if [ "$(uname -m)" == "ppc64le" ]; then
                       echo "Skipping CSFLE test setup (CDRIVER-4246/CXX-2423)"

diff --git a/data/client_side_encryption/aggregate.json b/data/client_side_encryption/aggregate.json
@@ -150,18 +150,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
@@ -273,18 +261,6 @@
             "command_name": "aggregate"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {

diff --git a/data/client_side_encryption/azureKMS.json b/data/client_side_encryption/azureKMS.json
@@ -64,6 +64,20 @@
           "bsonType": "string",
           "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
         }
+      },
+      "encrypted_string_kmip": {
+        "encrypt": {
+          "keyId": [
+            {
+              "$binary": {
+                "base64": "dBHpr8aITfeBQ15grpbLpQ==",
+                "subType": "04"
+              }
+            }
+          ],
+          "bsonType": "string",
+          "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+        }
       }
     },
     "bsonType": "object"
@@ -139,18 +153,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {