mongodb/mongo-python-driver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PYTHON-5333 Update encryption and pyopenssl variants (#2328)

Browse Source
This commit is contained in:
Steven Silvester 2025-05-02 10:35:34 -05:00 committed by GitHub
parent 0ec57781d1
commit 000391c440
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 99 additions and 5157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4781
.evergreen/generated_configs/tasks.yml
View File

File diff suppressed because it is too large Load Diff

287
.evergreen/generated_configs/variants.yml
View File

@ -154,7 +154,7 @@ buildvariants:
# Disable test commands tests
- name: disable-test-commands-rhel8-python3.9
tasks:
- name: .latest .sync_async
- name: .test-standard .server-latest
display_name: Disable test commands RHEL8 Python3.9
run_on:
- rhel87-small
@ -175,248 +175,79 @@ buildvariants:
TEST_NAME: doctest
# Encryption tests
- name: encryption-rhel8-python3.9
- name: encryption-rhel8
tasks:
- name: .sharded_cluster .auth .ssl .sync_async
- name: .replica_set .noauth .ssl .sync_async
- name: .standalone .noauth .nossl .sync_async
display_name: Encryption RHEL8 Python3.9
- name: .test-non-standard
display_name: Encryption RHEL8
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: encryption
PYTHON_BINARY: /opt/python/3.9/bin/python3
tags: [encryption_tag]
- name: encryption-rhel8-python3.13
- name: encryption-macos
tasks:
- name: .sharded_cluster .auth .ssl .sync_async
- name: .replica_set .noauth .ssl .sync_async
- name: .standalone .noauth .nossl .sync_async
display_name: Encryption RHEL8 Python3.13
- name: .test-non-standard !.pypy
display_name: Encryption macOS
run_on:
- rhel87-small
- macos-14
batchtime: 10080
expansions:
TEST_NAME: encryption
PYTHON_BINARY: /opt/python/3.13/bin/python3
tags: [encryption_tag]
- name: encryption-rhel8-pypy3.10
- name: encryption-win64
tasks:
- name: .sharded_cluster .auth .ssl .sync_async
- name: .replica_set .noauth .ssl .sync_async
- name: .standalone .noauth .nossl .sync_async
display_name: Encryption RHEL8 PyPy3.10
- name: .test-non-standard !.pypy
display_name: Encryption Win64
run_on:
- rhel87-small
- windows-64-vsMulti-small
batchtime: 10080
expansions:
TEST_NAME: encryption
PYTHON_BINARY: /opt/python/pypy3.10/bin/python3
tags: [encryption_tag]
- name: encryption-crypt_shared-rhel8-python3.9
- name: encryption-crypt_shared-rhel8
tasks:
- name: .sharded_cluster .auth .ssl .sync_async
- name: .replica_set .noauth .ssl .sync_async
- name: .standalone .noauth .nossl .sync_async
display_name: Encryption crypt_shared RHEL8 Python3.9
- name: .test-non-standard
display_name: Encryption crypt_shared RHEL8
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: /opt/python/3.9/bin/python3
tags: [encryption_tag]
- name: encryption-crypt_shared-rhel8-python3.13
- name: encryption-crypt_shared-macos
tasks:
- name: .sharded_cluster .auth .ssl .sync_async
- name: .replica_set .noauth .ssl .sync_async
- name: .standalone .noauth .nossl .sync_async
display_name: Encryption crypt_shared RHEL8 Python3.13
- name: .test-non-standard !.pypy
display_name: Encryption crypt_shared macOS
run_on:
- rhel87-small
- macos-14
batchtime: 10080
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: /opt/python/3.13/bin/python3
tags: [encryption_tag]
- name: encryption-crypt_shared-rhel8-pypy3.10
- name: encryption-crypt_shared-win64
tasks:
- name: .sharded_cluster .auth .ssl .sync_async
- name: .replica_set .noauth .ssl .sync_async
- name: .standalone .noauth .nossl .sync_async
display_name: Encryption crypt_shared RHEL8 PyPy3.10
- name: .test-non-standard !.pypy
display_name: Encryption crypt_shared Win64
run_on:
- rhel87-small
- windows-64-vsMulti-small
batchtime: 10080
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: /opt/python/pypy3.10/bin/python3
tags: [encryption_tag]
- name: encryption-pyopenssl-rhel8-python3.9
- name: encryption-pyopenssl-rhel8
tasks:
- name: .sharded_cluster .auth .ssl .sync
- name: .replica_set .noauth .ssl .sync
- name: .standalone .noauth .nossl .sync
display_name: Encryption PyOpenSSL RHEL8 Python3.9
- name: .test-non-standard
display_name: Encryption PyOpenSSL RHEL8
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: encryption
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /opt/python/3.9/bin/python3
tags: [encryption_tag]
- name: encryption-pyopenssl-rhel8-python3.13
tasks:
- name: .sharded_cluster .auth .ssl .sync
- name: .replica_set .noauth .ssl .sync
- name: .standalone .noauth .nossl .sync
display_name: Encryption PyOpenSSL RHEL8 Python3.13
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: encryption
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /opt/python/3.13/bin/python3
tags: [encryption_tag]
- name: encryption-pyopenssl-rhel8-pypy3.10
tasks:
- name: .sharded_cluster .auth .ssl .sync
- name: .replica_set .noauth .ssl .sync
- name: .standalone .noauth .nossl .sync
display_name: Encryption PyOpenSSL RHEL8 PyPy3.10
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: encryption
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /opt/python/pypy3.10/bin/python3
tags: [encryption_tag]
- name: encryption-rhel8-python3.10
tasks:
- name: .sharded_cluster .auth .ssl .sync_async
display_name: Encryption RHEL8 Python3.10
run_on:
- rhel87-small
expansions:
TEST_NAME: encryption
PYTHON_BINARY: /opt/python/3.10/bin/python3
- name: encryption-crypt_shared-rhel8-python3.11
tasks:
- name: .replica_set .noauth .ssl .sync_async
display_name: Encryption crypt_shared RHEL8 Python3.11
run_on:
- rhel87-small
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: /opt/python/3.11/bin/python3
- name: encryption-rhel8-python3.12
tasks:
- name: .standalone .noauth .nossl .sync_async
display_name: Encryption RHEL8 Python3.12
run_on:
- rhel87-small
expansions:
TEST_NAME: encryption
PYTHON_BINARY: /opt/python/3.12/bin/python3
- name: encryption-macos-python3.9
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption macOS Python3.9
run_on:
- macos-14
batchtime: 10080
expansions:
TEST_NAME: encryption
PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.9/bin/python3
tags: [encryption_tag]
- name: encryption-macos-python3.13
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption macOS Python3.13
run_on:
- macos-14
batchtime: 10080
expansions:
TEST_NAME: encryption
PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.13/bin/python3
tags: [encryption_tag]
- name: encryption-crypt_shared-macos-python3.9
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption crypt_shared macOS Python3.9
run_on:
- macos-14
batchtime: 10080
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.9/bin/python3
tags: [encryption_tag]
- name: encryption-crypt_shared-macos-python3.13
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption crypt_shared macOS Python3.13
run_on:
- macos-14
batchtime: 10080
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.13/bin/python3
tags: [encryption_tag]
- name: encryption-win64-python3.9
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption Win64 Python3.9
run_on:
- windows-64-vsMulti-small
batchtime: 10080
expansions:
TEST_NAME: encryption
PYTHON_BINARY: C:/python/Python39/python.exe
tags: [encryption_tag]
- name: encryption-win64-python3.13
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption Win64 Python3.13
run_on:
- windows-64-vsMulti-small
batchtime: 10080
expansions:
TEST_NAME: encryption
PYTHON_BINARY: C:/python/Python313/python.exe
tags: [encryption_tag]
- name: encryption-crypt_shared-win64-python3.9
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption crypt_shared Win64 Python3.9
run_on:
- windows-64-vsMulti-small
batchtime: 10080
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: C:/python/Python39/python.exe
tags: [encryption_tag]
- name: encryption-crypt_shared-win64-python3.13
tasks:
- name: .latest .replica_set .sync_async
display_name: Encryption crypt_shared Win64 Python3.13
run_on:
- windows-64-vsMulti-small
batchtime: 10080
expansions:
TEST_NAME: encryption
TEST_CRYPT_SHARED: "true"
PYTHON_BINARY: C:/python/Python313/python.exe
tags: [encryption_tag]
# Enterprise auth tests
@ -617,78 +448,36 @@ buildvariants:
batchtime: 10080
# Pyopenssl tests
- name: pyopenssl-macos-python3.9
- name: pyopenssl-rhel8
tasks:
- name: .replica_set .noauth .nossl .sync
- name: .7.0 .noauth .nossl .sync
display_name: PyOpenSSL macOS Python3.9
run_on:
- macos-14
batchtime: 10080
expansions:
TEST_NAME: default
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.9/bin/python3
- name: pyopenssl-rhel8-python3.10
tasks:
- name: .replica_set .auth .ssl .sync_async
- name: .7.0 .auth .ssl .sync_async
display_name: PyOpenSSL RHEL8 Python3.10
- name: .test-standard .sync
- name: .test-standard .async .replica_set-noauth-ssl
display_name: PyOpenSSL RHEL8
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: default
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /opt/python/3.10/bin/python3
- name: pyopenssl-rhel8-python3.11
- name: pyopenssl-macos
tasks:
- name: .replica_set .auth .ssl .sync
- name: .7.0 .auth .ssl .sync
display_name: PyOpenSSL RHEL8 Python3.11
- name: .test-standard !.pypy .sync
- name: .test-standard !.pypy .async .replica_set-noauth-ssl
display_name: PyOpenSSL macOS
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: default
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /opt/python/3.11/bin/python3
- name: pyopenssl-rhel8-python3.12
- name: pyopenssl-win64
tasks:
- name: .replica_set .auth .ssl .sync
- name: .7.0 .auth .ssl .sync
display_name: PyOpenSSL RHEL8 Python3.12
- name: .test-standard !.pypy .sync
- name: .test-standard !.pypy .async .replica_set-noauth-ssl
display_name: PyOpenSSL Win64
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: default
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /opt/python/3.12/bin/python3
- name: pyopenssl-win64-python3.13
tasks:
- name: .replica_set .auth .ssl .sync_async
- name: .7.0 .auth .ssl .sync_async
display_name: PyOpenSSL Win64 Python3.13
run_on:
- windows-64-vsMulti-small
batchtime: 10080
expansions:
TEST_NAME: default
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: C:/python/Python313/python.exe
- name: pyopenssl-rhel8-pypy3.10
tasks:
- name: .replica_set .auth .ssl .sync
- name: .7.0 .auth .ssl .sync
display_name: PyOpenSSL RHEL8 PyPy3.10
run_on:
- rhel87-small
batchtime: 10080
expansions:
TEST_NAME: default
SUB_TEST_NAME: pyopenssl
PYTHON_BINARY: /opt/python/pypy3.10/bin/python3
# Search index tests
- name: search-index-helpers-rhel8-python3.9

161
.evergreen/scripts/generate_config.py
View File

@ -7,7 +7,6 @@ from itertools import product
from generate_config_utils import (
ALL_PYTHONS,
ALL_VERSIONS,
AUTH_SSLS,
BATCHTIME_WEEK,
C_EXTS,
CPYTHONS,
@ -16,7 +15,6 @@ from generate_config_utils import (
MIN_MAX_PYTHON,
OTHER_HOSTS,
PYPYS,
SUB_TASKS,
SYNCS,
TOPOLOGIES,
create_variant,
@ -136,69 +134,39 @@ def create_encryption_variants() -> list[BuildVariant]:
expansions["SUB_TEST_NAME"] = "pyopenssl"
return expansions
# Test encryption on all hosts.
for encryption, host in product(
["Encryption", "Encryption crypt_shared"], ["rhel8", "macos", "win64"]
):
expansions = get_encryption_expansions(encryption)
display_name = get_variant_name(encryption, host, **expansions)
tasks = [".test-non-standard"]
if host != "rhel8":
tasks = [".test-non-standard !.pypy"]
variant = create_variant(
tasks,
display_name,
host=host,
expansions=expansions,
batchtime=batchtime,
tags=tags,
)
variants.append(variant)
# Test PyOpenSSL on linux.
host = DEFAULT_HOST
# Test against all server versions for the three main python versions.
encryptions = ["Encryption", "Encryption crypt_shared"]
for encryption, python in product(encryptions, [*MIN_MAX_PYTHON, PYPYS[-1]]):
expansions = get_encryption_expansions(encryption)
display_name = get_variant_name(encryption, host, python=python, **expansions)
variant = create_variant(
[f"{t} .sync_async" for t in SUB_TASKS],
display_name,
python=python,
host=host,
expansions=expansions,
batchtime=batchtime,
tags=tags,
)
variants.append(variant)
# Test PyOpenSSL against on all server versions for all python versions.
for encryption, python in product(["Encryption PyOpenSSL"], [*MIN_MAX_PYTHON, PYPYS[-1]]):
expansions = get_encryption_expansions(encryption)
display_name = get_variant_name(encryption, host, python=python, **expansions)
variant = create_variant(
[f"{t} .sync" for t in SUB_TASKS],
display_name,
python=python,
host=host,
expansions=expansions,
batchtime=batchtime,
tags=tags,
)
variants.append(variant)
# Test the rest of the pythons on linux for all server versions.
for encryption, python, task in zip_cycle(encryptions, CPYTHONS[1:-1] + PYPYS[:-1], SUB_TASKS):
expansions = get_encryption_expansions(encryption)
display_name = get_variant_name(encryption, host, python=python, **expansions)
variant = create_variant(
[f"{task} .sync_async"],
display_name,
python=python,
host=host,
expansions=expansions,
)
variants.append(variant)
# Test on macos and linux on one server version and topology for min and max python.
encryptions = ["Encryption", "Encryption crypt_shared"]
task_names = [".latest .replica_set .sync_async"]
for host_name, encryption, python in product(["macos", "win64"], encryptions, MIN_MAX_PYTHON):
host = HOSTS[host_name]
expansions = get_encryption_expansions(encryption)
display_name = get_variant_name(encryption, host, python=python, **expansions)
variant = create_variant(
task_names,
display_name,
python=python,
host=host,
expansions=expansions,
batchtime=batchtime,
tags=tags,
)
variants.append(variant)
encryption = "Encryption PyOpenSSL"
expansions = get_encryption_expansions(encryption)
display_name = get_variant_name(encryption, host, **expansions)
variant = create_variant(
[".test-non-standard"],
display_name,
host=host,
expansions=expansions,
batchtime=batchtime,
tags=tags,
)
variants.append(variant)
return variants
@ -258,41 +226,22 @@ def create_enterprise_auth_variants():
def create_pyopenssl_variants():
base_name = "PyOpenSSL"
batchtime = BATCHTIME_WEEK
expansions = dict(TEST_NAME="default", SUB_TEST_NAME="pyopenssl")
expansions = dict(SUB_TEST_NAME="pyopenssl")
variants = []
for python in ALL_PYTHONS:
# Only test "noauth" with min python.
auth = "noauth" if python == CPYTHONS[0] else "auth"
ssl = "nossl" if auth == "noauth" else "ssl"
if python == CPYTHONS[0]:
host = HOSTS["macos"]
elif python == CPYTHONS[-1]:
host = HOSTS["win64"]
else:
host = DEFAULT_HOST
display_name = get_variant_name(base_name, host, python=python)
# only need to run some on async
if python in (CPYTHONS[1], CPYTHONS[-1]):
variant = create_variant(
[f".replica_set .{auth} .{ssl} .sync_async", f".7.0 .{auth} .{ssl} .sync_async"],
for host in ["rhel8", "macos", "win64"]:
display_name = get_variant_name(base_name, host)
base_task = ".test-standard" if host == "rhel8" else ".test-standard !.pypy"
# We only need to run a subset on async.
tasks = [f"{base_task} .sync", f"{base_task} .async .replica_set-noauth-ssl"]
variants.append(
create_variant(
tasks,
display_name,
python=python,
host=host,
expansions=expansions,
batchtime=batchtime,
)
else:
variant = create_variant(
[f".replica_set .{auth} .{ssl} .sync", f".7.0 .{auth} .{ssl} .sync"],
display_name,
python=python,
host=host,
expansions=expansions,
batchtime=batchtime,
)
variants.append(variant)
)
return variants
@ -398,7 +347,7 @@ def create_disable_test_commands_variants():
expansions = dict(AUTH="auth", SSL="ssl", DISABLE_TEST_COMMANDS="1")
python = CPYTHONS[0]
display_name = get_variant_name("Disable test commands", host, python=python)
tasks = [".latest .sync_async"]
tasks = [".test-standard .server-latest"]
return [create_variant(tasks, display_name, host=host, python=python, expansions=expansions)]
@ -706,30 +655,6 @@ def create_standard_tasks():
return tasks
def create_server_tasks():
tasks = []
for topo, version, (auth, ssl), sync in product(
TOPOLOGIES, ALL_VERSIONS, AUTH_SSLS, [*SYNCS, "sync_async"]
):
name = f"test-{version}-{topo}-{auth}-{ssl}-{sync}".lower()
tags = [version, topo, auth, ssl, sync]
server_vars = dict(
VERSION=version,
TOPOLOGY=topo if topo != "standalone" else "server",
AUTH=auth,
SSL=ssl,
)
server_func = FunctionCall(func="run server", vars=server_vars)
test_vars = dict(AUTH=auth, SSL=ssl, SYNC=sync)
if sync == "sync":
test_vars["TEST_NAME"] = "default_sync"
elif sync == "async":
test_vars["TEST_NAME"] = "default_async"
test_func = FunctionCall(func="run tests", vars=test_vars)
tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func]))
return tasks
def create_no_orchestration_tasks():
tasks = []
for python in [*MIN_MAX_PYTHON, PYPYS[-1]]:

16
.evergreen/scripts/generate_config_utils.py
View File

@ -30,12 +30,6 @@ BATCHTIME_WEEK = 10080
AUTH_SSLS = [("auth", "ssl"), ("noauth", "ssl"), ("noauth", "nossl")]
TOPOLOGIES = ["standalone", "replica_set", "sharded_cluster"]
C_EXTS = ["without_ext", "with_ext"]
# By default test each of the topologies with a subset of auth/ssl.
SUB_TASKS = [
".sharded_cluster .auth .ssl",
".replica_set .noauth .ssl",
".standalone .noauth .nossl",
]
SYNCS = ["sync", "async"]
DISPLAY_LOOKUP = dict(
ssl=dict(ssl="SSL", nossl="NoSSL"),
@ -95,13 +89,15 @@ def create_variant_generic(
tasks: list[str | EvgTaskRef],
display_name: str,
*,
host: Host | None = None,
host: Host | str | None = None,
default_run_on="rhel87-small",
expansions: dict | None = None,
**kwargs: Any,
) -> BuildVariant:
"""Create a build variant for the given inputs."""
task_refs = []
if isinstance(host, str):
host = HOSTS[host]
for t in tasks:
if isinstance(t, EvgTaskRef):
task_refs.append(t)
@ -134,7 +130,7 @@ def create_variant(
display_name: str,
*,
version: str | None = None,
host: Host | None = None,
host: Host | str | None = None,
python: str | None = None,
expansions: dict | None = None,
**kwargs: Any,
@ -214,9 +210,11 @@ def get_common_name(base: str, sep: str, **kwargs) -> str:
return display_name
def get_variant_name(base: str, host: Host | None = None, **kwargs) -> str:
def get_variant_name(base: str, host: str | Host | None = None, **kwargs) -> str:
"""Get the display name of a variant."""
display_name = base
if isinstance(host, str):
host = HOSTS[host]
if host is not None:
display_name += f" {host.display_name}"
return get_common_name(display_name, " ", **kwargs)

11
CONTRIBUTING.md
View File

@ -231,6 +231,17 @@ the pages will re-render and the browser will automatically refresh.
- Run `just setup-tests encryption`.
- Run the tests with `just run-tests`.
To test with `encryption` and `PyOpenSSL`, use `just setup-tests encryption pyopenssl`.
### PyOpenSSL tests
- Run `just run-server` to start the server.
- Run `just setup-tests default_sync pyopenssl`.
- Run the tests with `just run-tests`.
Note: `PyOpenSSL` is not used in async tests, but you can use `just setup-tests default_async pyopenssl`
to verify that PyMongo falls back to the standard library `OpenSSL`.
### Load balancer tests
- Install `haproxy` (available as `brew install haproxy` on macOS).