Skip to content

Commit d421549

Browse files
CSHARP-4386: Test mongocryptd is not spawned when shared library is loaded. (mongodb#965)
1 parent 4aec9ee commit d421549

File tree

4 files changed

+63
-28
lines changed

4 files changed

+63
-28
lines changed

evergreen/evergreen.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2063,22 +2063,22 @@ buildvariants:
20632063
- name: test-gssapi-netstandard21
20642064

20652065
- matrix_name: "csfle-with-mocked-kms-tests-windows"
2066-
matrix_spec: { os: "windows-64", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
2066+
matrix_spec: { os: "windows-64", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["replicaset"] }
20672067
display_name: "CSFLE Mocked KMS ${version} ${os}"
20682068
tasks:
20692069
- name: test-csfle-with-mocked-kms-tls-net472
20702070
- name: test-csfle-with-mocked-kms-tls-netstandard20
20712071
- name: test-csfle-with-mocked-kms-tls-netstandard21
20722072

20732073
- matrix_name: "csfle-with-mocked-kms-tests-linux"
2074-
matrix_spec: { os: "ubuntu-1804", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
2074+
matrix_spec: { os: "ubuntu-1804", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["replicaset"] }
20752075
display_name: "CSFLE Mocked KMS ${version} ${os}"
20762076
tasks:
20772077
- name: test-csfle-with-mocked-kms-tls-netstandard20
20782078
- name: test-csfle-with-mocked-kms-tls-netstandard21
20792079

20802080
- matrix_name: "csfle-with-mocked-kms-tests-macOS"
2081-
matrix_spec: { os: [ "macos-1100", "macos-1100-arm64" ], ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
2081+
matrix_spec: { os: [ "macos-1100", "macos-1100-arm64" ], ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["replicaset"] }
20822082
display_name: "CSFLE Mocked KMS ${version} ${os}"
20832083
tasks:
20842084
- name: test-csfle-with-mocked-kms-tls-netstandard21

src/MongoDB.Driver/Encryption/AutoEncryptionOptions.cs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ public AutoEncryptionOptions(
7777
_tlsOptions = tlsOptions.WithDefault(new Dictionary<string, SslSettings>());
7878
_encryptedFieldsMap = encryptedFieldsMap.WithDefault(null);
7979

80-
EncryptionExtraOptionsValidator.EnsureThatExtraOptionsAreValid(_extraOptions);
80+
EncryptionExtraOptionsHelper.EnsureThatExtraOptionsAreValid(_extraOptions);
8181
KmsProvidersHelper.EnsureKmsProvidersAreValid(_kmsProviders);
8282
KmsProvidersHelper.EnsureKmsProvidersTlsSettingsAreValid(_tlsOptions);
8383
EncryptedCollectionHelper.EnsureCollectionsValid(_schemaMap, _encryptedFieldsMap);
@@ -273,10 +273,10 @@ public override string ToString()
273273
internal CryptClientSettings ToCryptClientSettings() =>
274274
new CryptClientSettings(
275275
_bypassQueryAnalysis,
276-
ExtraOptions.GetValueOrDefault<string, string, object>("cryptSharedLibPath"),
276+
EncryptionExtraOptionsHelper.ExtractCryptSharedLibPath(ExtraOptions),
277277
cryptSharedLibSearchPath: _bypassAutoEncryption ? null : "$SYSTEM",
278278
_encryptedFieldsMap,
279-
ExtraOptions.GetValueOrDefault<bool?, string, object>("cryptSharedLibRequired"),
279+
EncryptionExtraOptionsHelper.ExtractCryptSharedLibRequired(ExtraOptions),
280280
_kmsProviders,
281281
_schemaMap);
282282

src/MongoDB.Driver/Encryption/MongocryptdFactory.cs

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,13 @@
2020
using System.IO;
2121
using System.Linq;
2222
using System.Reflection;
23+
using MongoDB.Driver.Core;
2324
using MongoDB.Driver.Core.Misc;
2425

2526
namespace MongoDB.Driver.Encryption
2627
{
27-
internal static class EncryptionExtraOptionsValidator
28+
internal static class EncryptionExtraOptionsHelper
2829
{
29-
#region static
3030
private static readonly Dictionary<string, Type[]> __supportedExtraOptions = new Dictionary<string, Type[]>
3131
{
3232
{ "cryptSharedLibPath", new [] { typeof(string) } },
@@ -36,7 +36,6 @@ internal static class EncryptionExtraOptionsValidator
3636
{ "mongocryptdSpawnPath", new [] { typeof(string) } },
3737
{ "mongocryptdSpawnArgs", new [] { typeof(string), typeof(IEnumerable<string>) } }
3838
};
39-
#endregion
4039

4140
public static void EnsureThatExtraOptionsAreValid(IReadOnlyDictionary<string, object> extraOptions)
4241
{
@@ -63,6 +62,13 @@ public static void EnsureThatExtraOptionsAreValid(IReadOnlyDictionary<string, ob
6362
}
6463
}
6564
}
65+
66+
public static string ExtractCryptSharedLibPath(IReadOnlyDictionary<string, object> dict) =>
67+
dict.GetValueOrDefault<string, string, object>("cryptSharedLibPath");
68+
69+
public static bool? ExtractCryptSharedLibRequired(IReadOnlyDictionary<string, object> dict) =>
70+
dict.GetValueOrDefault<bool?, string, object>("cryptSharedLibRequired");
71+
6672
}
6773

6874
internal class MongocryptdFactory

tests/MongoDB.Driver.Tests/Specifications/client-side-encryption/prose-tests/ClientEncryptionProseTests.cs

Lines changed: 48 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
using System;
1717
using System.Collections.Generic;
1818
using System.Collections.ObjectModel;
19+
using System.IO;
1920
using System.Linq;
2021
using System.Net;
2122
using System.Net.Http;
@@ -339,36 +340,28 @@ public void BypassSpawningMongocryptdViaMongocryptdBypassSpawnTest(
339340
kmsProviderFilter: "local",
340341
extraOptions: extraOptions))
341342
{
342-
var datakeys = GetCollection(client, __keyVaultCollectionNamespace);
343-
var externalKey = JsonFileReader.Instance.Documents["external.external-key.json"];
344-
Insert(datakeys, async, externalKey);
345-
346343
var coll = GetCollection(clientEncrypted, __collCollectionNamespace);
347344
var exception = Record.Exception(() => Insert(coll, async, new BsonDocument("encrypted", "test")));
348345

349346
AssertInnerEncryptionException<TimeoutException>(exception, "A timeout occurred after 10000ms selecting a server");
350347
}
351348
}
352349

350+
public enum BypassSpawningMongocryptd
351+
{
352+
BypassAutoEncryption,
353+
BypassQueryAnalysis,
354+
SharedLibrary
355+
}
356+
353357
[SkippableTheory]
354358
[ParameterAttributeData]
355359
public void BypassSpawningMongocryptdTest(
356-
[Values(false, true)] bool bypassAutoEncryption, // true - BypassAutoEncryption, false - BypassQueryAnalysis
360+
[Values(BypassSpawningMongocryptd.BypassQueryAnalysis, BypassSpawningMongocryptd.BypassAutoEncryption, BypassSpawningMongocryptd.SharedLibrary)] BypassSpawningMongocryptd bypassSpawning,
357361
[Values(false, true)] bool async)
358362
{
359-
RequireServer.Check().Supports(Feature.ClientSideEncryption);
360-
RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: false);
361-
362-
var extraOptions = new Dictionary<string, object>
363-
{
364-
{ "mongocryptdSpawnArgs", new [] { "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021" } },
365-
};
366-
using (var mongocryptdClient = new DisposableMongoClient(new MongoClient("mongodb://localhost:27021/?serverSelectionTimeoutMS=10000"), CreateLogger<DisposableMongoClient>()))
367-
using (var clientEncrypted = ConfigureClientEncrypted(
368-
kmsProviderFilter: "local",
369-
bypassAutoEncryption: bypassAutoEncryption, // bypass options are mutually exclusive for this test
370-
bypassQueryAnalysis: !bypassAutoEncryption,
371-
extraOptions: extraOptions))
363+
using (var clientEncrypted = EnsureEnvironmentAndConfigureTestClientEncrypted())
364+
using (var mongocryptdClient = new DisposableMongoClient(new MongoClient("mongodb://localhost:27021/?serverSelectionTimeoutMS=1000"), CreateLogger<DisposableMongoClient>()))
372365
{
373366
var coll = GetCollection(clientEncrypted, __collCollectionNamespace);
374367
Insert(coll, async, new BsonDocument("unencrypted", "test"));
@@ -378,7 +371,43 @@ public void BypassSpawningMongocryptdTest(
378371
var exception = Record.Exception(() => adminDatabase.RunCommand<BsonDocument>(legacyHelloCommand));
379372

380373
exception.Should().BeOfType<TimeoutException>();
381-
exception.Message.Should().Contain("A timeout occurred after 10000ms selecting a server");
374+
exception.Message.Should().Contain("A timeout occurred after 1000ms selecting a server").And.Contain("localhost:27021");
375+
}
376+
377+
DisposableMongoClient EnsureEnvironmentAndConfigureTestClientEncrypted()
378+
{
379+
var extraOptions = new Dictionary<string, object>
380+
{
381+
{ "mongocryptdSpawnArgs", new [] { "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021" } },
382+
};
383+
var kmsProvider = "local";
384+
switch (bypassSpawning)
385+
{
386+
case BypassSpawningMongocryptd.BypassAutoEncryption:
387+
RequireServer.Check().Supports(Feature.ClientSideEncryption);
388+
RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: false);
389+
return ConfigureClientEncrypted(kmsProviderFilter: kmsProvider, bypassAutoEncryption: true, extraOptions: extraOptions);
390+
case BypassSpawningMongocryptd.BypassQueryAnalysis:
391+
RequireServer.Check().Supports(Feature.ClientSideEncryption);
392+
RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: false);
393+
return ConfigureClientEncrypted(kmsProviderFilter: kmsProvider, bypassQueryAnalysis: true, extraOptions: extraOptions);
394+
case BypassSpawningMongocryptd.SharedLibrary:
395+
{
396+
RequireServer.Check().Supports(Feature.Csfle2).ClusterTypes(ClusterType.ReplicaSet, ClusterType.Sharded, ClusterType.LoadBalanced);
397+
RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: true, allowEmpty: false);
398+
var clientEncryptedSchema = new BsonDocument("db.coll", JsonFileReader.Instance.Documents["external.external-schema.json"]);
399+
var cryptSharedPath = CoreTestConfiguration.GetCryptSharedLibPath();
400+
Ensure.That(File.Exists(cryptSharedPath), $"Shared library path {cryptSharedPath} is not valid.");
401+
var effectiveExtraOptions = new Dictionary<string, object>(extraOptions)
402+
{
403+
{ "mongocryptdURI", "mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000" },
404+
{ "cryptSharedLibPath", cryptSharedPath },
405+
{ "cryptSharedLibRequired", true }
406+
};
407+
return ConfigureClientEncrypted(kmsProviderFilter: kmsProvider, schemaMap: clientEncryptedSchema, extraOptions: effectiveExtraOptions);
408+
}
409+
default: throw new Exception($"Invalid bypass mongocryptd {bypassSpawning} option.");
410+
}
382411
}
383412
}
384413

0 commit comments

Comments
 (0)