mongodb/mongo-python-driver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PYTHON-3277 Rename csfle library to crypt_shared (#956)

Browse Source
This commit is contained in:
Shane Harvey 2022-06-01 16:48:08 -07:00 committed by GitHub
parent 62a6302181
commit cf08d46ff9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 43 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.evergreen/config.yml
View File

@ -450,8 +450,8 @@ functions:
export LIBMONGOCRYPT_URL="${libmongocrypt_url}"
export TEST_ENCRYPTION=1
fi
if [ -n "${test_csfle}" ]; then
export TEST_CSFLE=1
if [ -n "${test_crypt_shared}" ]; then
export TEST_CRYPT_SHARED=1
fi
if [ -n "${test_pyopenssl}" ]; then
export TEST_PYOPENSSL=1
@ -2163,15 +2163,14 @@ axes:
variables:
test_encryption: true
batchtime: 10080 # 7 days
- id: "encryption_with_csfle"
display_name: "Encryption with CSFLE"
tags: ["encryption_tag", "csfle"]
- id: "encryption_crypt_shared"
display_name: "Encryption shared lib"
tags: ["encryption_tag"]
variables:
test_encryption: true
test_csfle: true
test_crypt_shared: true
batchtime: 10080 # 7 days
# Run pyopenssl tests?
- id: pyopenssl
display_name: "PyOpenSSL"
@ -2306,7 +2305,7 @@ buildvariants:
platform: "*"
auth: "*"
ssl: "*"
encryption: [ "encryption_with_csfle" ]
encryption: [ "encryption_crypt_shared" ]
then:
remove_tasks:
- ".5.0"
@ -2400,7 +2399,7 @@ buildvariants:
platform: "*"
python-version: "*"
auth-ssl: "*"
encryption: [ "encryption_with_csfle" ]
encryption: [ "encryption_crypt_shared" ]
then:
remove_tasks:
- ".5.0"
@ -2509,7 +2508,7 @@ buildvariants:
platform: "*"
python-version-windows: "*"
auth-ssl: "*"
encryption: [ "encryption_with_csfle" ]
encryption: [ "encryption_crypt_shared" ]
then:
remove_tasks:
- ".5.0"

33
.evergreen/run-tests.sh
View File

@ -11,7 +11,7 @@ set -o errexit # Exit the script with error if any of the commands fail
# COVERAGE If non-empty, run the test suite with coverage.
# TEST_ENCRYPTION If non-empty, install pymongocrypt.
# LIBMONGOCRYPT_URL The URL to download libmongocrypt.
# TEST_CSFLE If non-empty, install CSFLE
# TEST_CRYPT_SHARED If non-empty, install crypt_shared lib.
if [ -n "${SET_XTRACE_ON}" ]; then
set -o xtrace
@ -28,9 +28,10 @@ COVERAGE=${COVERAGE:-}
COMPRESSORS=${COMPRESSORS:-}
MONGODB_API_VERSION=${MONGODB_API_VERSION:-}
TEST_ENCRYPTION=${TEST_ENCRYPTION:-}
TEST_CSFLE=${TEST_CSFLE:-}
TEST_CRYPT_SHARED=${TEST_CRYPT_SHARED:-}
LIBMONGOCRYPT_URL=${LIBMONGOCRYPT_URL:-}
DATA_LAKE=${DATA_LAKE:-}
TEST_ARGS=""
if [ -n "$COMPRESSORS" ]; then
export COMPRESSORS=$COMPRESSORS
@ -148,23 +149,23 @@ if [ -n "$TEST_ENCRYPTION" ]; then
# Get access to the AWS temporary credentials:
# CSFLE_AWS_TEMP_ACCESS_KEY_ID, CSFLE_AWS_TEMP_SECRET_ACCESS_KEY, CSFLE_AWS_TEMP_SESSION_TOKEN
. $DRIVERS_TOOLS/.evergreen/csfle/set-temp-creds.sh
fi
if [ -z "$DATA_LAKE" ]; then
TEST_ARGS=""
else
TEST_ARGS="-s test.test_data_lake"
fi
if [ -z $TEST_CSFLE ]; then
echo "CSFLE not being tested"
else
$PYTHON $DRIVERS_TOOLS/.evergreen/mongodl.py --component csfle \
--version latest --out ../csfle/
export DYLD_FALLBACK_LIBRARY_PATH=../csfle/lib/:$DYLD_FALLBACK_LIBRARY_PATH
export LD_LIBRARY_PATH=../csfle/lib:$LD_LIBRARY_PATH
export PATH=../csfle/bin:$PATH
if [ -n "$TEST_CRYPT_SHARED" ]; then
echo "Testing CSFLE with crypt_shared lib"
$PYTHON $DRIVERS_TOOLS/.evergreen/mongodl.py --component crypt_shared \
--version latest --out ../crypt_shared/
export DYLD_FALLBACK_LIBRARY_PATH=../crypt_shared/lib/:$DYLD_FALLBACK_LIBRARY_PATH
export LD_LIBRARY_PATH=../crypt_shared/lib:$LD_LIBRARY_PATH
export PATH=../crypt_shared/bin:$PATH
fi
# Only run the encryption tests.
TEST_ARGS="-s test.test_encryption"
fi
if [ -n "$DATA_LAKE" ]; then
TEST_ARGS="-s test.test_data_lake"
fi
# Don't download unittest-xml-reporting from pypi, which often fails.
if $PYTHON -c "import xmlrunner"; then
# The xunit output dir must be a Python style absolute path.

4
pymongo/encryption.py
View File

@ -300,8 +300,8 @@ class _Encrypter(object):
MongoCryptOptions(
opts._kms_providers,
schema_map,
csfle_path=opts._csfle_path,
csfle_required=opts._csfle_required,
crypt_shared_lib_path=opts._crypt_shared_lib_path,
crypt_shared_lib_required=opts._crypt_shared_lib_required,
bypass_encryption=opts._bypass_auto_encryption,
),
)

16
pymongo/encryption_options.py
View File

@ -45,8 +45,8 @@ class AutoEncryptionOpts(object):
mongocryptd_spawn_path: str = "mongocryptd",
mongocryptd_spawn_args: Optional[List[str]] = None,
kms_tls_options: Optional[Mapping[str, Any]] = None,
csfle_path: Optional[str] = None,
csfle_required: bool = False,
crypt_shared_lib_path: Optional[str] = None,
crypt_shared_lib_required: bool = False,
) -> None:
"""Options to configure automatic client-side field level encryption.
@ -142,12 +142,12 @@ class AutoEncryptionOpts(object):
Or to supply a client certificate::
kms_tls_options={'kmip': {'tlsCertificateKeyFile': 'client.pem'}}
- `csfle_path` (optional): Override the path to load the CSFLE library.
- `csfle_required` (optional): If 'true', refuse to continue encryption without a CSFLE
library
- `crypt_shared_lib_path` (optional): Override the path to load the crypt_shared library.
- `crypt_shared_lib_required` (optional): If True, raise an error if libmongocrypt is
unable to load the crypt_shared library.
.. versionchanged:: 4.2
Added `csfle_path` and `csfle_required` parameters
Added `crypt_shared_lib_path` and `crypt_shared_lib_required` parameters
.. versionchanged:: 4.0
Added the `kms_tls_options` parameter and the "kmip" KMS provider.
@ -160,8 +160,8 @@ class AutoEncryptionOpts(object):
"install a compatible version with: "
"python -m pip install 'pymongo[encryption]'"
)
self._csfle_path = csfle_path
self._csfle_required = csfle_required
self._crypt_shared_lib_path = crypt_shared_lib_path
self._crypt_shared_lib_required = crypt_shared_lib_required
self._kms_providers = kms_providers
self._key_vault_namespace = key_vault_namespace
self._key_vault_client = key_vault_client

13
test/test_encryption.py
View File

@ -83,12 +83,12 @@ KMS_PROVIDERS = {"local": {"key": b"\x00" * 96}}
class TestAutoEncryptionOpts(PyMongoTestCase):
@unittest.skipUnless(_HAVE_PYMONGOCRYPT, "pymongocrypt is not installed")
@unittest.skipUnless(os.environ.get("TEST_CSFLE"), "csfle is not installed")
def test_csfle(self):
# Test that we can pick up csfle automatically
@unittest.skipUnless(os.environ.get("TEST_CRYPT_SHARED"), "crypt_shared lib is not installed")
def test_crypt_shared(self):
# Test that we can pick up crypt_shared lib automatically
client = MongoClient(
auto_encryption_opts=AutoEncryptionOpts(
KMS_PROVIDERS, "keyvault.datakeys", csfle_required=True
KMS_PROVIDERS, "keyvault.datakeys", crypt_shared_lib_required=True
),
connect=False,
)
@ -1762,8 +1762,9 @@ class TestDeadlockProse(EncryptionIntegrationTest):
# https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.rst#bypass-spawning-mongocryptd
class TestBypassSpawningMongocryptdProse(EncryptionIntegrationTest):
@unittest.skipIf(
os.environ.get("TEST_CSFLE"),
"this prose test does not work when CSFLE is on a system dynamic library search path.",
os.environ.get("TEST_CRYPT_SHARED"),
"this prose test does not work when crypt_shared is on a system dynamic "
"library search path.",
)
def test_mongocryptd_bypass_spawn(self):
# Lower the mongocryptd timeout to reduce the test run time.