diff --git a/.evergreen/config.yml b/.evergreen/config.yml index b69707402..6825aac10 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -457,6 +457,9 @@ functions: rm -f ./fle_creds.sh export LIBMONGOCRYPT_URL="${libmongocrypt_url}" export TEST_ENCRYPTION=1 + if [ -n "${test_encryption_pyopenssl}" ]; then + export TEST_ENCRYPTION_PYOPENSSL=1 + fi fi if [ -n "${test_crypt_shared}" ]; then export TEST_CRYPT_SHARED=1 @@ -2507,6 +2510,13 @@ axes: variables: test_encryption: true batchtime: 10080 # 7 days + - id: "encryption_pyopenssl" + display_name: "Encryption PyOpenSSL" + tags: ["encryption_tag"] + variables: + test_encryption: true + test_encryption_pyopenssl: true + batchtime: 10080 # 7 days # The path to crypt_shared is stored in the $CRYPT_SHARED_LIB_PATH expansion. - id: "encryption_crypt_shared" display_name: "Encryption shared lib" @@ -2637,14 +2647,22 @@ buildvariants: ssl: "nossl" encryption: "*" display_name: "${encryption} ${platform} ${auth} ${ssl}" - tasks: &encryption-server-versions - - ".rapid" - - ".latest" - - ".6.0" - - ".5.0" - - ".4.4" - - ".4.2" - - ".4.0" + tasks: "test-latest-replica_set" + rules: + - if: + encryption: ["encryption", "encryption_crypt_shared"] + platform: macos-1100 + auth: "auth" + ssl: "nossl" + then: + add_tasks: &encryption-server-versions + - ".rapid" + - ".latest" + - ".6.0" + - ".5.0" + - ".4.4" + - ".4.2" + - ".4.0" # Test one server version with zSeries, POWER8, and ARM. - matrix_name: "test-different-cpu-architectures" @@ -2726,8 +2744,15 @@ buildvariants: # coverage: "*" encryption: "*" display_name: "${encryption} ${python-version} ${platform} ${auth-ssl}" - tasks: *encryption-server-versions - + tasks: "test-latest-replica_set" + rules: + - if: + encryption: ["encryption", "encryption_crypt_shared"] + platform: ubuntu-18.04 + auth-ssl: noauth-nossl + python-version: "*" + then: + add_tasks: *encryption-server-versions - matrix_name: "tests-python-version-ubuntu18-without-c-extensions" matrix_spec: @@ -2837,7 +2862,15 @@ buildvariants: auth-ssl: "*" encryption: "*" display_name: "${encryption} ${platform} ${python-version-windows} ${auth-ssl}" - tasks: *encryption-server-versions + tasks: "test-latest-replica_set" + rules: + - if: + encryption: ["encryption", "encryption_crypt_shared"] + platform: windows-64-vsMulti-small + python-version-windows: "*" + auth-ssl: "*" + then: + add_tasks: *encryption-server-versions # Storage engine tests on Ubuntu 18.04 (x86_64) with Python 3.7. - matrix_name: "tests-storage-engines" diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 3a15163b6..556d60f07 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -151,8 +151,11 @@ fi if [ -n "$TEST_ENCRYPTION" ]; then # Need aws dependency for On-Demand KMS Credentials. - # Need OSCP dependency to verify OCSP TSL args. - python -m pip install '.[aws,ocsp]' + if [ -n "$TEST_ENCRYPTION_PYOPENSSL" ]; then + python -m pip install '.[aws,ocsp]' + else + python -m pip install '.[aws]' + fi # Get access to the AWS temporary credentials: # CSFLE_AWS_TEMP_ACCESS_KEY_ID, CSFLE_AWS_TEMP_SECRET_ACCESS_KEY, CSFLE_AWS_TEMP_SESSION_TOKEN diff --git a/test/test_encryption.py b/test/test_encryption.py index b7d588e74..6cdc8da3b 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -2159,8 +2159,11 @@ class TestKmsTLSOptions(EncryptionIntegrationTest): encryption = ClientEncryption( providers, "keyvault.datakeys", self.client, OPTS, kms_tls_options=options ) - self.assertFalse(encryption._io_callbacks.opts._kms_ssl_contexts["aws"].check_ocsp_endpoint) - encryption.close() + self.addCleanup(encryption.close) + ctx = encryption._io_callbacks.opts._kms_ssl_contexts["aws"] + if not hasattr(ctx, "check_ocsp_endpoint"): + raise self.skipTest("OCSP not enabled") # type:ignore + self.assertFalse(ctx.check_ocsp_endpoint) # https://github.com/mongodb/specifications/blob/50e26fe/source/client-side-encryption/tests/README.rst#unique-index-on-keyaltnames