PYTHON-4601 Address Azure KMS and GCP KMS setup failures (#1766)

.evergreen/config.yml

@@ -2126,7 +2126,8 @@ tasks:
             script: |
               ${PREPARE_SHELL}
               export PYTHON_BINARY=/opt/mongodbtoolchain/v4/bin/python3
-              export LIBMONGOCRYPT_URL=https://s3.amazonaws.com/${bucket_name}/libmongocrypt/debian10/master/latest/libmongocrypt.tar.gz
+              export LIBMONGOCRYPT_URL=https://s3.amazonaws.com/mciuploads/libmongocrypt/debian11/master/latest/libmongocrypt.tar.gz
+              SKIP_SERVERS=1 bash ./.evergreen/setup-encryption.sh
               SUCCESS=false TEST_FLE_GCP_AUTO=1 ./.evergreen/hatch.sh test:test-eg
 
     - name: testazurekms-task
@@ -3144,7 +3145,7 @@ buildvariants:
 - name: testgcpkms-variant
   display_name: "GCP KMS"
   run_on:
-    - debian10-small
+    - debian11-small
   tasks:
     - name: testgcpkms_task_group
       batchtime: 20160 # Use a batchtime of 14 days as suggested by the CSFLE test README

.evergreen/run-azurekms-fail-test.sh

@@ -1,10 +1,12 @@
 #!/bin/bash
 set -o errexit  # Exit the script with error if any of the commands fail
-
+HERE=$(dirname ${BASH_SOURCE:-$0})
 . $DRIVERS_TOOLS/.evergreen/csfle/azurekms/setup-secrets.sh
+export LIBMONGOCRYPT_URL=https://s3.amazonaws.com/mciuploads/libmongocrypt/debian11/master/latest/libmongocrypt.tar.gz
+SKIP_SERVERS=1 bash $HERE/setup-encryption.sh
 PYTHON_BINARY=/opt/mongodbtoolchain/v4/bin/python3 \
     KEY_NAME="${AZUREKMS_KEYNAME}" \
     KEY_VAULT_ENDPOINT="${AZUREKMS_KEYVAULTENDPOINT}" \
-    LIBMONGOCRYPT_URL=https://s3.amazonaws.com/mciuploads/libmongocrypt/debian10/master/latest/libmongocrypt.tar.gz \
     SUCCESS=false TEST_FLE_AZURE_AUTO=1 \
-    ./.evergreen/hatch.sh test:test-eg
+    $HERE/hatch.sh test:test-eg
+bash $HERE/teardown-encryption.sh

.evergreen/run-azurekms-test.sh

@@ -1,11 +1,13 @@
 #!/bin/bash
 set -o errexit  # Exit the script with error if any of the commands fail
-
+HERE=$(dirname ${BASH_SOURCE:-$0})
 source ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/secrets-export.sh
 echo "Copying files ... begin"
 export AZUREKMS_RESOURCEGROUP=${AZUREKMS_RESOURCEGROUP}
 export AZUREKMS_VMNAME=${AZUREKMS_VMNAME}
 export AZUREKMS_PRIVATEKEYPATH=/tmp/testazurekms_privatekey
+export LIBMONGOCRYPT_URL=https://s3.amazonaws.com/mciuploads/libmongocrypt/debian11/master/latest/libmongocrypt.tar.gz
+SKIP_SERVERS=1 bash $HERE/setup-encryption.sh
 tar czf /tmp/mongo-python-driver.tgz .
 # shellcheck disable=SC2088
 AZUREKMS_SRC="/tmp/mongo-python-driver.tgz" AZUREKMS_DST="~/" \
@@ -16,6 +18,7 @@ AZUREKMS_CMD="tar xf mongo-python-driver.tgz" \
     $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh
 echo "Untarring file ... end"
 echo "Running test ... begin"
-AZUREKMS_CMD="KEY_NAME=\"$AZUREKMS_KEYNAME\" KEY_VAULT_ENDPOINT=\"$AZUREKMS_KEYVAULTENDPOINT\" LIBMONGOCRYPT_URL=https://s3.amazonaws.com/mciuploads/libmongocrypt/debian10/master/latest/libmongocrypt.tar.gz SUCCESS=true TEST_FLE_AZURE_AUTO=1 ./.evergreen/hatch.sh test:test-eg" \
+AZUREKMS_CMD="KEY_NAME=\"$AZUREKMS_KEYNAME\" KEY_VAULT_ENDPOINT=\"$AZUREKMS_KEYVAULTENDPOINT\" SUCCESS=true TEST_FLE_AZURE_AUTO=1 ./.evergreen/hatch.sh test:test-eg" \
     $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh
 echo "Running test ... end"
+bash $HERE/teardown-encryption.sh

.evergreen/run-gcpkms-test.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 set -o errexit  # Exit the script with error if any of the commands fail
+HERE=$(dirname ${BASH_SOURCE:-$0})
 
 source ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/secrets-export.sh
 echo "Copying files ... begin"
@@ -7,6 +8,8 @@ export GCPKMS_GCLOUD=${GCPKMS_GCLOUD}
 export GCPKMS_PROJECT=${GCPKMS_PROJECT}
 export GCPKMS_ZONE=${GCPKMS_ZONE}
 export GCPKMS_INSTANCENAME=${GCPKMS_INSTANCENAME}
+export LIBMONGOCRYPT_URL=https://s3.amazonaws.com/mciuploads/libmongocrypt/debian11/master/latest/libmongocrypt.tar.gz
+SKIP_SERVERS=1 bash $HERE/setup-encryption.sh
 tar czf /tmp/mongo-python-driver.tgz .
 GCPKMS_SRC=/tmp/mongo-python-driver.tgz GCPKMS_DST=$GCPKMS_INSTANCENAME: $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/copy-file.sh
 echo "Copying files ... end"
@@ -14,5 +17,6 @@ echo "Untarring file ... begin"
 GCPKMS_CMD="tar xf mongo-python-driver.tgz" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh
 echo "Untarring file ... end"
 echo "Running test ... begin"
-GCPKMS_CMD="SUCCESS=true TEST_FLE_GCP_AUTO=1 LIBMONGOCRYPT_URL=https://s3.amazonaws.com/mciuploads/libmongocrypt/debian10/master/latest/libmongocrypt.tar.gz ./.evergreen/hatch.sh test:test-eg" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh
+GCPKMS_CMD="SUCCESS=true TEST_FLE_GCP_AUTO=1 ./.evergreen/hatch.sh test:test-eg" $DRIVERS_TOOLS/.evergreen/csfle/gcpkms/run-command.sh
 echo "Running test ... end"
+bash $HERE/teardown-encryption.sh

.evergreen/run-tests.sh

@@ -121,14 +121,14 @@ if [ -n "$TEST_PYOPENSSL" ]; then
 fi
 
 if [ -n "$TEST_ENCRYPTION" ] || [ -n "$TEST_FLE_AZURE_AUTO" ] || [ -n "$TEST_FLE_GCP_AUTO" ]; then
+    # Check for libmongocrypt checkout.
+    if [ ! -d "libmongocrypt" ]; then
+        echo "Run encryption setup first!"
+        exit 1
+    fi
 
     python -m pip install '.[encryption]'
 
-    # Setup encryption if necessary.
-    if [ ! -d "libmongocrypt" ]; then
-        bash ./.evergreen/setup-encryption.sh
-    fi
-
     # Use the nocrypto build to avoid dependency issues with older windows/python versions.
     BASE=$(pwd)/libmongocrypt/nocrypto
     if [ -f "${BASE}/lib/libmongocrypt.so" ]; then

.evergreen/setup-encryption.sh

@@ -4,6 +4,7 @@ set -o xtrace
 
 if [ -z "${DRIVERS_TOOLS}" ]; then
     echo "Missing environment variable DRIVERS_TOOLS"
+    exit 1
 fi
 
 TARGET=""
@@ -50,5 +51,7 @@ tar xzf libmongocrypt.tar.gz -C ./libmongocrypt
 ls -la libmongocrypt
 ls -la libmongocrypt/nocrypto
 
-bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup-secrets.sh
-bash ${DRIVERS_TOOLS}/.evergreen/csfle/start-servers.sh
+if [ -z "${SKIP_SERVERS:-}" ]; then
+    bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup-secrets.sh
+    bash ${DRIVERS_TOOLS}/.evergreen/csfle/start-servers.sh
+fi