mongodb/mongo-python-driver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PYTHON-5566 & PYTHON-3132 Add minimum version checks for remaining test variants (#2650)

Browse Source
This commit is contained in:
Steven Silvester 2025-12-19 13:14:52 -06:00 committed by GitHub
parent b1ea391842
commit c930c69776
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 1689 additions and 1155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

554
.evergreen/generated_configs/tasks.yml
View File

File diff suppressed because it is too large Load Diff

2
.evergreen/generated_configs/variants.yml
View File

@ -177,7 +177,6 @@ buildvariants:
- name: encryption-rhel8
tasks:
- name: .test-non-standard
- name: .test-min-deps
display_name: Encryption RHEL8
run_on:
- rhel87-small
@ -208,7 +207,6 @@ buildvariants:
- name: encryption-crypt_shared-rhel8
tasks:
- name: .test-non-standard
- name: .test-min-deps
display_name: Encryption crypt_shared RHEL8
run_on:
- rhel87-small

42
.evergreen/scripts/generate_config.py
View File

@ -128,7 +128,7 @@ def create_encryption_variants() -> list[BuildVariant]:
):
expansions = get_encryption_expansions(encryption)
display_name = get_variant_name(encryption, host, **expansions)
tasks = [".test-non-standard", ".test-min-deps"]
tasks = [".test-non-standard"]
if host != "rhel8":
tasks = [".test-non-standard !.pypy"]
variant = create_variant(
@ -581,6 +581,8 @@ def create_server_version_tasks():
seen.add(combo)
tags.append("pr")
expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology)
if python == ALL_PYTHONS[0]:
expansions["TEST_MIN_DEPS"] = "1"
if "t" in python:
tags.append("free-threaded")
if python not in PYPYS and "t" not in python:
@ -646,6 +648,8 @@ def create_test_non_standard_tasks():
if pr:
tags.append("pr")
expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology, VERSION=version)
if python == ALL_PYTHONS[0]:
expansions["TEST_MIN_DEPS"] = "1"
name = get_task_name("test-non-standard", python=python, **expansions)
server_func = FunctionCall(func="run server", vars=expansions)
test_vars = expansions.copy()
@ -686,6 +690,8 @@ def create_test_standard_auth_tasks():
if pr:
tags.append("pr")
expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology, VERSION=version)
if python == ALL_PYTHONS[0]:
expansions["TEST_MIN_DEPS"] = "1"
name = get_task_name("test-standard-auth", python=python, **expansions)
server_func = FunctionCall(func="run server", vars=expansions)
test_vars = expansions.copy()
@ -695,22 +701,6 @@ def create_test_standard_auth_tasks():
return tasks
def create_min_deps_tasks():
"""For variants that support testing with minimum dependencies."""
tasks = []
for topology in TOPOLOGIES:
auth, ssl = get_standard_auth_ssl(topology)
tags = ["test-min-deps", f"{topology}-{auth}-{ssl}"]
expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology)
server_func = FunctionCall(func="run server", vars=expansions)
test_vars = expansions.copy()
test_vars["TEST_MIN_DEPS"] = "1"
name = get_task_name("test-min-deps", python=CPYTHONS[0], sync="sync", **test_vars)
test_func = FunctionCall(func="run tests", vars=test_vars)
tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func]))
return tasks
def create_standard_tasks():
"""For variants that do not set a TEST_NAME."""
tasks = []
@ -738,6 +728,8 @@ def create_standard_tasks():
if pr:
tags.append("pr")
expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology, VERSION=version)
if python == ALL_PYTHONS[0]:
expansions["TEST_MIN_DEPS"] = "1"
name = get_task_name("test-standard", python=python, sync=sync, **expansions)
server_func = FunctionCall(func="run server", vars=expansions)
test_vars = expansions.copy()
@ -755,9 +747,11 @@ def create_no_orchestration_tasks():
"test-no-orchestration",
f"python-{python}",
]
name = get_task_name("test-no-orchestration", python=python)
assume_func = FunctionCall(func="assume ec2 role")
test_vars = dict(TOOLCHAIN_VERSION=python)
if python == ALL_PYTHONS[0]:
test_vars["TEST_MIN_DEPS"] = "1"
name = get_task_name("test-no-orchestration", **test_vars)
test_func = FunctionCall(func="run tests", vars=test_vars)
commands = [assume_func, test_func]
tasks.append(EvgTask(name=name, tags=tags, commands=commands))
@ -805,8 +799,10 @@ def create_aws_tasks():
tags = [*base_tags, f"auth-aws-{test_type}"]
if "t" in python:
tags.append("free-threaded")
name = get_task_name(f"{base_name}-{test_type}", python=python)
test_vars = dict(TEST_NAME="auth_aws", SUB_TEST_NAME=test_type, TOOLCHAIN_VERSION=python)
if python == ALL_PYTHONS[0] and test_type != "ecs":
test_vars["TEST_MIN_DEPS"] = "1"
name = get_task_name(f"{base_name}-{test_type}", **test_vars)
test_func = FunctionCall(func="run tests", vars=test_vars)
funcs = [server_func, assume_func, test_func]
tasks.append(EvgTask(name=name, tags=tags, commands=funcs))
@ -885,6 +881,8 @@ def _create_ocsp_tasks(algo, variant, server_type, base_task_name):
TOOLCHAIN_VERSION=python,
VERSION=version,
)
if python == ALL_PYTHONS[0]:
vars["TEST_MIN_DEPS"] = "1"
test_func = FunctionCall(func="run tests", vars=vars)
tags = ["ocsp", f"ocsp-{algo}", version]
@ -893,11 +891,7 @@ def _create_ocsp_tasks(algo, variant, server_type, base_task_name):
if algo == "valid-cert-server-staples" and version == "latest":
tags.append("pr")
task_name = get_task_name(
f"test-ocsp-{algo}-{base_task_name}",
python=python,
version=version,
)
task_name = get_task_name(f"test-ocsp-{algo}-{base_task_name}", **vars)
tasks.append(EvgTask(name=task_name, tags=tags, commands=[test_func]))
return tasks

4
.evergreen/scripts/generate_config_utils.py
View File

@ -43,7 +43,7 @@ DISPLAY_LOOKUP = dict(
sync={"sync": "Sync", "async": "Async"},
coverage={"1": "cov"},
no_ext={"1": "No C"},
test_min_deps={True: "Min Deps"},
test_min_deps={"1": "Min Deps"},
)
HOSTS = dict()
@ -172,7 +172,7 @@ def get_common_name(base: str, sep: str, **kwargs) -> str:
display_name = f"{display_name}{sep}{version}"
for key, value in kwargs.items():
name = value
if key.lower() == "python":
if key.lower() in ["python", "toolchain_version"]:
if not value.startswith("pypy"):
name = f"Python{value}"
else:

14
pymongo/ocsp_support.py
View File

@ -45,7 +45,6 @@ from cryptography.x509 import ExtendedKeyUsage as _ExtendedKeyUsage
from cryptography.x509 import ExtensionNotFound as _ExtensionNotFound
from cryptography.x509 import TLSFeature as _TLSFeature
from cryptography.x509 import TLSFeatureType as _TLSFeatureType
from cryptography.x509 import load_pem_x509_certificate as _load_pem_x509_certificate
from cryptography.x509.ocsp import OCSPCertStatus as _OCSPCertStatus
from cryptography.x509.ocsp import OCSPRequestBuilder as _OCSPRequestBuilder
from cryptography.x509.ocsp import OCSPResponseStatus as _OCSPResponseStatus
@ -102,19 +101,6 @@ _CERT_REGEX = _re.compile(
)
def _load_trusted_ca_certs(cafile: str) -> list[Certificate]:
"""Parse the tlsCAFile into a list of certificates."""
with open(cafile, "rb") as f:
data = f.read()
# Load all the certs in the file.
trusted_ca_certs = []
backend = _default_backend()
for cert_data in _re.findall(_CERT_REGEX, data):
trusted_ca_certs.append(_load_pem_x509_certificate(cert_data, backend))
return trusted_ca_certs
def _get_issuer_cert(
cert: Certificate, chain: Iterable[Certificate], trusted_ca_certs: Optional[list[Certificate]]
) -> Optional[Certificate]:

6
pymongo/pyopenssl_context.py
View File

@ -35,7 +35,7 @@ from OpenSSL import crypto as _crypto
from pymongo.errors import ConfigurationError as _ConfigurationError
from pymongo.errors import _CertificateError # type:ignore[attr-defined]
from pymongo.ocsp_cache import _OCSPCache
from pymongo.ocsp_support import _load_trusted_ca_certs, _ocsp_callback
from pymongo.ocsp_support import _ocsp_callback
from pymongo.socket_checker import SocketChecker as _SocketChecker
from pymongo.socket_checker import _errno_from_exception
from pymongo.write_concern import validate_boolean
@ -322,10 +322,6 @@ class SSLContext:
ssl.CERT_NONE.
"""
self._ctx.load_verify_locations(cafile, capath)
# Manually load the CA certs when get_verified_chain is not available (pyopenssl<20).
if not hasattr(_SSL.Connection, "get_verified_chain"):
assert cafile is not None
self._callback_data.trusted_ca_certs = _load_trusted_ca_certs(cafile)
def _load_certifi(self) -> None:
"""Attempt to load CA certs from certifi."""

12
pyproject.toml
View File

@ -48,11 +48,11 @@ Tracker = "https://jira.mongodb.org/projects/PYTHON/issues"
[dependency-groups]
dev = []
pip = ["pip"]
gevent = ["gevent>=20.6.0"]
pip = ["pip>=20.2"]
gevent = ["gevent>=21.12"]
coverage = [
"pytest-cov",
"coverage>=5,<=7.10.6"
"pytest-cov>=4.0.0",
"coverage[toml]>=5,<=7.10.6"
]
mockupdb = [
"mockupdb@git+https://github.com/mongodb-labs/mongo-mockup-db@master"
@ -61,8 +61,8 @@ perf = ["simplejson>=3.17.0"]
typing = [
"mypy==1.19.1",
"pyright==1.1.407",
"typing_extensions",
"pip"
"typing_extensions>=3.7.4.2",
"pip>=20.2"
]
# Used to call hatch_build.py

2
requirements/gssapi.txt
View File

@ -1,2 +1,2 @@
pykerberos;os.name!='nt'
pykerberos>=1.2.4;os.name!='nt'
winkerberos>=0.5.0;os.name=='nt'

9
requirements/ocsp.txt
View File

@ -4,9 +4,10 @@
# service_identity 18.1.0 introduced support for IP addr matching.
# Fallback to certifi on Windows if we can't load CA certs from the system
# store and just use certifi on macOS.
# pyopenssl, cryptography, and service_identity must be set in tandem.
# https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.set_default_verify_paths
certifi>=2023.7.22;os.name=='nt' or sys_platform=='darwin'
pyopenssl>=17.2.0
requests<3.0.0
cryptography>=2.5
service_identity>=18.1.0
pyopenssl>=23.2.0
requests>=2.23.0,<3.0
cryptography>=42.0.0
service_identity>=23.1.0

2
requirements/snappy.txt
View File

@ -1 +1 @@
python-snappy
python-snappy>=0.6.0

2197
uv.lock generated
View File

File diff suppressed because it is too large Load Diff