mongodb/mongo-python-driver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PYTHON-5195 Convert OCSP tests to use new test scripts (#2190)

Browse Source 
Co-authored-by: Noah Stapp <noah@noahstapp.com>
This commit is contained in:
Steven Silvester 2025-03-10 10:25:27 -05:00 committed by GitHub
parent 38127f458b
commit a548f7a3d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 724 additions and 715 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

397
.evergreen/config.yml
View File

@ -201,7 +201,7 @@ functions:
params:
file: "src/xunit-results/TEST-*.xml"
"run-server":
"run server":
- command: subprocess.exec
params:
binary: bash
@ -255,7 +255,8 @@ functions:
params:
include_expansions_in_env: [AUTH, SSL, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,
AWS_SESSION_TOKEN, COVERAGE, PYTHON_BINARY, LIBMONGOCRYPT_URL, MONGODB_URI,
DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG]
DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG,
ORCHESTRATION_FILE, OCSP_SERVER_TYPE]
binary: bash
working_dir: "src"
args: [.evergreen/just.sh, setup-tests, "${TEST_NAME}", "${SUB_TEST_NAME}"]
@ -320,12 +321,6 @@ functions:
- .evergreen/scripts/cleanup.sh
"teardown system":
- command: subprocess.exec
params:
binary: bash
working_dir: "src"
args:
- ${DRIVERS_TOOLS}/.evergreen/ocsp/teardown.sh
- command: subprocess.exec
params:
binary: bash
@ -357,26 +352,6 @@ functions:
params:
file: atlas-expansion.yml
"run-ocsp-test":
- command: subprocess.exec
type: test
params:
include_expansions_in_env: ["OCSP_ALGORITHM", "OCSP_TLS_SHOULD_SUCCEED", "PYTHON_BINARY"]
binary: bash
working_dir: "src"
args:
- .evergreen/scripts/run-with-env.sh
- .evergreen/scripts/run-ocsp-test.sh
"run-ocsp-server":
- command: subprocess.exec
params:
background: true
binary: bash
include_expansions_in_env: [SERVER_TYPE, OCSP_ALGORITHM]
args:
- ${DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh
"teardown atlas":
- command: subprocess.exec
params:
@ -579,7 +554,7 @@ tasks:
- name: "doctests"
tags: ["doctests"]
commands:
- func: "run-server"
- func: "run server"
- func: "run doctests"
- name: "test-serverless"
@ -592,13 +567,13 @@ tasks:
- name: "test-enterprise-auth"
tags: ["enterprise-auth"]
commands:
- func: "run-server"
- func: "run server"
- func: "assume ec2 role"
- func: "run enterprise auth tests"
- name: "test-search-index-helpers"
commands:
- func: "run-server"
- func: "run server"
vars:
VERSION: "6.0"
TOPOLOGY: "replica_set"
@ -610,7 +585,7 @@ tasks:
- name: "mod-wsgi-standalone"
tags: ["mod_wsgi"]
commands:
- func: "run-server"
- func: "run server"
vars:
TOPOLOGY: "server"
- func: "run mod_wsgi tests"
@ -618,7 +593,7 @@ tasks:
- name: "mod-wsgi-replica-set"
tags: ["mod_wsgi"]
commands:
- func: "run-server"
- func: "run server"
vars:
TOPOLOGY: "replica_set"
- func: "run mod_wsgi tests"
@ -626,7 +601,7 @@ tasks:
- name: "mod-wsgi-embedded-mode-standalone"
tags: ["mod_wsgi"]
commands:
- func: "run-server"
- func: "run server"
- func: "run mod_wsgi tests"
vars:
MOD_WSGI_EMBEDDED: "1"
@ -634,7 +609,7 @@ tasks:
- name: "mod-wsgi-embedded-mode-replica-set"
tags: ["mod_wsgi"]
commands:
- func: "run-server"
- func: "run server"
vars:
TOPOLOGY: "replica_set"
- func: "run mod_wsgi tests"
@ -649,7 +624,7 @@ tasks:
- name: "free-threading"
tags: ["free-threading"]
commands:
- func: "run-server"
- func: "run server"
vars:
VERSION: "8.0"
TOPOLOGY: "replica_set"
@ -684,350 +659,6 @@ tasks:
env:
TEST_LAMBDA_DIRECTORY: ${PROJECT_DIRECTORY}/test/lambda
- name: test-ocsp-rsa-valid-cert-server-staples
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: "valid"
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-rsa-invalid-cert-server-staples
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: "revoked"
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-rsa-valid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: valid
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-rsa-invalid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: revoked
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-rsa-soft-fail
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: revoked
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-rsa-delegate-valid-cert-server-staples
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: valid-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-rsa-delegate-invalid-cert-server-staples
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: revoked-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: valid-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: revoked-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple
tags: ["ocsp", "ocsp-rsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "rsa"
SERVER_TYPE: revoked-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "rsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-ecdsa-valid-cert-server-staples
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: valid
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-ecdsa-invalid-cert-server-staples
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: revoked
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-ecdsa-valid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: valid
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: revoked
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-ecdsa-soft-fail
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: revoked
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-ecdsa-delegate-valid-cert-server-staples
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: valid-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: revoked-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: valid-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "true"
- name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: revoked-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple
tags: ["ocsp", "ocsp-ecdsa"]
commands:
- func: run-ocsp-server
vars:
OCSP_ALGORITHM: "ecdsa"
SERVER_TYPE: valid-delegate
- func: "run-server"
vars:
ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json"
- func: run-ocsp-test
vars:
OCSP_ALGORITHM: "ecdsa"
OCSP_TLS_SHOULD_SUCCEED: "false"
- name: "oidc-auth-test"
commands:
- func: "run oidc auth test with test credentials"
@ -1095,7 +726,7 @@ tasks:
- name: "perf-6.0-standalone"
tags: ["perf"]
commands:
- func: "run-server"
- func: "run server"
vars:
VERSION: "v6.0-perf"
- func: "run perf tests"
@ -1105,7 +736,7 @@ tasks:
- name: "perf-6.0-standalone-ssl"
tags: ["perf"]
commands:
- func: "run-server"
- func: "run server"
vars:
VERSION: "v6.0-perf"
SSL: "ssl"
@ -1116,7 +747,7 @@ tasks:
- name: "perf-8.0-standalone"
tags: ["perf"]
commands:
- func: "run-server"
- func: "run server"
vars:
VERSION: "8.0"
- func: "run perf tests"

898
.evergreen/generated_configs/tasks.yml
View File

File diff suppressed because it is too large Load Diff

62
.evergreen/scripts/generate_config.py
View File

@ -801,7 +801,7 @@ def create_server_tasks():
AUTH=auth,
SSL=ssl,
)
server_func = FunctionCall(func="run-server", vars=server_vars)
server_func = FunctionCall(func="run server", vars=server_vars)
test_vars = dict(AUTH=auth, SSL=ssl, SYNC=sync)
if sync == "sync":
test_vars["TEST_NAME"] = "default_sync"
@ -820,7 +820,7 @@ def create_load_balancer_tasks():
server_vars = dict(
TOPOLOGY="sharded_cluster", AUTH=auth, SSL=ssl, TEST_NAME="load_balancer"
)
server_func = FunctionCall(func="run-server", vars=server_vars)
server_func = FunctionCall(func="run server", vars=server_vars)
test_vars = dict(AUTH=auth, SSL=ssl, TEST_NAME="load_balancer")
test_func = FunctionCall(func="run tests", vars=test_vars)
tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func]))
@ -839,7 +839,7 @@ def create_kms_tasks():
sub_test_name += "-fail"
commands = []
if not success:
commands.append(FunctionCall(func="run-server"))
commands.append(FunctionCall(func="run server"))
test_vars = dict(TEST_NAME="kms", SUB_TEST_NAME=sub_test_name)
test_func = FunctionCall(func="run tests", vars=test_vars)
commands.append(test_func)
@ -862,7 +862,7 @@ def create_aws_tasks():
base_name = f"test-auth-aws-{version}"
base_tags = ["auth-aws"]
server_vars = dict(AUTH_AWS="1", VERSION=version)
server_func = FunctionCall(func="run-server", vars=server_vars)
server_func = FunctionCall(func="run server", vars=server_vars)
assume_func = FunctionCall(func="assume ec2 role")
for test_type in aws_test_types:
tags = [*base_tags, f"auth-aws-{test_type}"]
@ -884,6 +884,60 @@ def create_aws_tasks():
return tasks
def _create_ocsp_task(algo, variant, server_type, base_task_name):
file_name = f"{algo}-basic-tls-ocsp-{variant}.json"
vars = dict(TEST_NAME="ocsp", ORCHESTRATION_FILE=file_name)
server_func = FunctionCall(func="run server", vars=vars)
vars = dict(ORCHESTRATION_FILE=file_name, OCSP_SERVER_TYPE=server_type, TEST_NAME="ocsp")
test_func = FunctionCall(func="run tests", vars=vars)
tags = ["ocsp", f"ocsp-{algo}"]
if "disableStapling" not in variant:
tags.append("ocsp-staple")
task_name = f"test-ocsp-{algo}-{base_task_name}"
commands = [server_func, test_func]
return EvgTask(name=task_name, tags=tags, commands=commands)
def create_ocsp_tasks():
tasks = []
tests = [
("disableStapling", "valid", "valid-cert-server-does-not-staple"),
("disableStapling", "revoked", "invalid-cert-server-does-not-staple"),
("disableStapling", "valid-delegate", "delegate-valid-cert-server-does-not-staple"),
("disableStapling", "revoked-delegate", "delegate-invalid-cert-server-does-not-staple"),
("disableStapling", "no-responder", "soft-fail"),
("mustStaple", "valid", "valid-cert-server-staples"),
("mustStaple", "revoked", "invalid-cert-server-staples"),
("mustStaple", "valid-delegate", "delegate-valid-cert-server-staples"),
("mustStaple", "revoked-delegate", "delegate-invalid-cert-server-staples"),
(
"mustStaple-disableStapling",
"revoked",
"malicious-invalid-cert-mustStaple-server-does-not-staple",
),
(
"mustStaple-disableStapling",
"revoked-delegate",
"delegate-malicious-invalid-cert-mustStaple-server-does-not-staple",
),
(
"mustStaple-disableStapling",
"no-responder",
"malicious-no-responder-mustStaple-server-does-not-staple",
),
]
for algo in ["ecdsa", "rsa"]:
for variant, server_type, base_task_name in tests:
task = _create_ocsp_task(algo, variant, server_type, base_task_name)
tasks.append(task)
return tasks
##################
# Generate Config
##################

12
.evergreen/scripts/run-ocsp-test.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
set -eu
pushd "${PROJECT_DIRECTORY}/.evergreen"
bash scripts/setup-dev-env.sh
CA_FILE="${DRIVERS_TOOLS}/.evergreen/ocsp/${OCSP_ALGORITHM}/ca.pem" \
OCSP_TLS_SHOULD_SUCCEED="${OCSP_TLS_SHOULD_SUCCEED}" \
bash scripts/setup-tests.sh ocsp
bash run-tests.sh
bash "${DRIVERS_TOOLS}"/.evergreen/ocsp/teardown.sh
popd

19
.evergreen/scripts/run_server.py
View File

@ -32,15 +32,26 @@ def start_server():
elif test_name == "load_balancer":
set_env("LOAD_BALANCER")
elif test_name == "ocsp":
opts.ssl = True
if "ORCHESTRATION_FILE" not in os.environ:
found = False
for opt in extra_opts:
if opt.startswith("--orchestration-file"):
found = True
if not found:
raise ValueError("Please provide an orchestration file")
if not os.environ.get("TEST_CRYPT_SHARED"):
set_env("SKIP_CRYPT_SHARED")
if opts.ssl:
extra_opts.append("--ssl")
certs = ROOT / "test/certificates"
set_env("TLS_CERT_KEY_FILE", certs / "client.pem")
set_env("TLS_PEM_KEY_FILE", certs / "server.pem")
set_env("TLS_CA_FILE", certs / "ca.pem")
if test_name != "ocsp":
certs = ROOT / "test/certificates"
set_env("TLS_CERT_KEY_FILE", certs / "client.pem")
set_env("TLS_PEM_KEY_FILE", certs / "server.pem")
set_env("TLS_CA_FILE", certs / "ca.pem")
cmd = ["bash", f"{DRIVERS_TOOLS}/.evergreen/run-orchestration.sh", *extra_opts]
run_command(cmd, cwd=DRIVERS_TOOLS)

28
.evergreen/scripts/setup_tests.py
View File

@ -239,6 +239,30 @@ def handle_test_env() -> None:
cmd = f'bash "{DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh" start'
run_command(cmd)
if test_name == "ocsp":
if sub_test_name:
os.environ["OCSP_SERVER_TYPE"] = sub_test_name
for name in ["OCSP_SERVER_TYPE", "ORCHESTRATION_FILE"]:
if name not in os.environ:
raise ValueError(f"Please set {name}")
server_type = os.environ["OCSP_SERVER_TYPE"]
orch_file = os.environ["ORCHESTRATION_FILE"]
ocsp_algo = orch_file.split("-")[0]
if server_type == "no-responder":
tls_should_succeed = "false" if "mustStaple-disableStapling" in orch_file else "true"
else:
tls_should_succeed = "true" if "valid" in server_type else "false"
write_env("OCSP_TLS_SHOULD_SUCCEED", tls_should_succeed)
write_env("CA_FILE", f"{DRIVERS_TOOLS}/.evergreen/ocsp/{ocsp_algo}/ca.pem")
if server_type != "no-responder":
env = os.environ.copy()
env["SERVER_TYPE"] = server_type
env["OCSP_ALGORITHM"] = ocsp_algo
run_command(f"bash {DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh", env=env)
if SSL != "nossl":
if not DRIVERS_TOOLS:
raise RuntimeError("Missing DRIVERS_TOOLS")
@ -302,10 +326,6 @@ def handle_test_env() -> None:
setup_kms(sub_test_name)
if test_name == "ocsp":
write_env("CA_FILE", os.environ["CA_FILE"])
write_env("OCSP_TLS_SHOULD_SUCCEED", os.environ["OCSP_TLS_SHOULD_SUCCEED"])
if test_name == "auth_aws" and sub_test_name != "ecs-remote":
auth_aws_dir = f"{DRIVERS_TOOLS}/.evergreen/auth_aws"
if "AWS_ROLE_SESSION_NAME" in os.environ:

4
.evergreen/scripts/teardown_tests.py
View File

@ -24,6 +24,10 @@ elif TEST_NAME == "kms" and SUB_TEST_NAME in ["azure", "gcp"]:
teardown_kms(SUB_TEST_NAME)
# Tear down ocsp if applicable.
elif TEST_NAME == "ocsp":
run_command(f"bash {DRIVERS_TOOLS}/.evergreen/teardown.sh")
# Tear down auth_aws if applicable.
# We do not run web-identity hosts on macos, because the hosts lack permissions,
# so there is no reason to run the teardown, which would error with a 401.

19
CONTRIBUTING.md
View File

@ -218,12 +218,12 @@ the pages will re-render and the browser will automatically refresh.
### Usage
- Run `just run-server` with optional args to set up the server.
All given flags will be passed to `run-orchestration.sh` in `DRIVERS_TOOLS`.
All given flags will be passed to `run-orchestration.sh` in `$DRIVERS_TOOLS`.
- Run `just setup-tests` with optional args to set up the test environment, secrets, etc.
- Run `just run-tests` to run the tests in an appropriate Python environment.
- When done, run `just teardown-tests` to clean up and `just stop-server` to stop the server.
## Encryption tests
### Encryption tests
- Run `just run-server` to start the server.
- Run `just setup-tests encryption`.
@ -236,13 +236,13 @@ the pages will re-render and the browser will automatically refresh.
- Set up the test with `just setup-tests load_balancer`.
- Run the tests with `just run-tests`.
## AWS tests
### AWS tests
- Run `just run-server auth_aws` to start the server.
- Run `just setup-tests auth_aws <aws-test-type>` to set up the AWS test.
- Run the tests with `just run-tests`.
## KMS tests
### KMS tests
For KMS tests that are run locally, and expected to fail, in this case using `azure`:
@ -255,6 +255,17 @@ For KMS tests that run remotely and are expected to pass, in this case using `gc
- Run `just setup-tests kms gcp`.
- Run `just run-tests`.
### OCSP tests
- Export the orchestration file, e.g. `export ORCHESTRATION_FILE=rsa-basic-tls-ocsp-disableStapling.json`.
This corresponds to a config file in `$DRIVERS_TOOLS/.evergreen/orchestration/configs/servers`.
MongoDB servers on MacOS and Windows do not staple OCSP responses and only support RSA.
- Run `just run-server ocsp`.
- Run `just setup-tests ocsp <sub test>` (options are "valid", "revoked", "valid-delegate", "revoked-delegate").
- Run `just run-tests`
If you are running one of the `no-responder` tests, omit the `run-server` step.
## Enable Debug Logs
- Use `-o log_cli_level="DEBUG" -o log_cli=1` with `just test` or `pytest`.
- Add `log_cli_level = "DEBUG` and `log_cli = 1` to the `tool.pytest.ini_options` section in `pyproject.toml` for Evergreen patches or to enable debug logs by default on your machine.