From a548f7a3d45f8827e88e8f2c060ffb1045e5883e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 10:25:27 -0500 Subject: [PATCH 1/4] PYTHON-5195 Convert OCSP tests to use new test scripts (#2190) Co-authored-by: Noah Stapp --- .evergreen/config.yml | 397 +---------- .evergreen/generated_configs/tasks.yml | 898 ++++++++++++++++--------- .evergreen/scripts/generate_config.py | 62 +- .evergreen/scripts/run-ocsp-test.sh | 12 - .evergreen/scripts/run_server.py | 19 +- .evergreen/scripts/setup_tests.py | 28 +- .evergreen/scripts/teardown_tests.py | 4 + CONTRIBUTING.md | 19 +- 8 files changed, 724 insertions(+), 715 deletions(-) delete mode 100755 .evergreen/scripts/run-ocsp-test.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 3f498ba3f..54931dcb4 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -201,7 +201,7 @@ functions: params: file: "src/xunit-results/TEST-*.xml" - "run-server": + "run server": - command: subprocess.exec params: binary: bash @@ -255,7 +255,8 @@ functions: params: include_expansions_in_env: [AUTH, SSL, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, COVERAGE, PYTHON_BINARY, LIBMONGOCRYPT_URL, MONGODB_URI, - DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG] + DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG, + ORCHESTRATION_FILE, OCSP_SERVER_TYPE] binary: bash working_dir: "src" args: [.evergreen/just.sh, setup-tests, "${TEST_NAME}", "${SUB_TEST_NAME}"] @@ -320,12 +321,6 @@ functions: - .evergreen/scripts/cleanup.sh "teardown system": - - command: subprocess.exec - params: - binary: bash - working_dir: "src" - args: - - ${DRIVERS_TOOLS}/.evergreen/ocsp/teardown.sh - command: subprocess.exec params: binary: bash @@ -357,26 +352,6 @@ functions: params: file: atlas-expansion.yml - "run-ocsp-test": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["OCSP_ALGORITHM", "OCSP_TLS_SHOULD_SUCCEED", "PYTHON_BINARY"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-ocsp-test.sh - - "run-ocsp-server": - - command: subprocess.exec - params: - background: true - binary: bash - include_expansions_in_env: [SERVER_TYPE, OCSP_ALGORITHM] - args: - - ${DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh - "teardown atlas": - command: subprocess.exec params: @@ -579,7 +554,7 @@ tasks: - name: "doctests" tags: ["doctests"] commands: - - func: "run-server" + - func: "run server" - func: "run doctests" - name: "test-serverless" @@ -592,13 +567,13 @@ tasks: - name: "test-enterprise-auth" tags: ["enterprise-auth"] commands: - - func: "run-server" + - func: "run server" - func: "assume ec2 role" - func: "run enterprise auth tests" - name: "test-search-index-helpers" commands: - - func: "run-server" + - func: "run server" vars: VERSION: "6.0" TOPOLOGY: "replica_set" @@ -610,7 +585,7 @@ tasks: - name: "mod-wsgi-standalone" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" vars: TOPOLOGY: "server" - func: "run mod_wsgi tests" @@ -618,7 +593,7 @@ tasks: - name: "mod-wsgi-replica-set" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" vars: TOPOLOGY: "replica_set" - func: "run mod_wsgi tests" @@ -626,7 +601,7 @@ tasks: - name: "mod-wsgi-embedded-mode-standalone" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" - func: "run mod_wsgi tests" vars: MOD_WSGI_EMBEDDED: "1" @@ -634,7 +609,7 @@ tasks: - name: "mod-wsgi-embedded-mode-replica-set" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" vars: TOPOLOGY: "replica_set" - func: "run mod_wsgi tests" @@ -649,7 +624,7 @@ tasks: - name: "free-threading" tags: ["free-threading"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "8.0" TOPOLOGY: "replica_set" @@ -684,350 +659,6 @@ tasks: env: TEST_LAMBDA_DIRECTORY: ${PROJECT_DIRECTORY}/test/lambda - - name: test-ocsp-rsa-valid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: "valid" - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-invalid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: "revoked" - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: valid - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-soft-fail - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-valid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-delegate-invalid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-valid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-invalid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-soft-fail - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-valid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - name: "oidc-auth-test" commands: - func: "run oidc auth test with test credentials" @@ -1095,7 +726,7 @@ tasks: - name: "perf-6.0-standalone" tags: ["perf"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "v6.0-perf" - func: "run perf tests" @@ -1105,7 +736,7 @@ tasks: - name: "perf-6.0-standalone-ssl" tags: ["perf"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "v6.0-perf" SSL: "ssl" @@ -1116,7 +747,7 @@ tasks: - name: "perf-8.0-standalone" tags: ["perf"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "8.0" - func: "run perf tests" diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 04e1451d4..02ee29e6e 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -2,7 +2,7 @@ tasks: # Aws tests - name: test-auth-aws-4.4-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -14,7 +14,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-4.4-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -26,7 +26,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-4.4-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -38,7 +38,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-4.4-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -50,7 +50,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-4.4-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -62,7 +62,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-4.4-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -74,7 +74,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-4.4-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -86,7 +86,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-4.4-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -99,7 +99,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-5.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -111,7 +111,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-5.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -123,7 +123,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-5.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -135,7 +135,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-5.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -147,7 +147,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-5.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -159,7 +159,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-5.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -171,7 +171,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-5.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -183,7 +183,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-5.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -196,7 +196,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-6.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -208,7 +208,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-6.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -220,7 +220,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-6.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -232,7 +232,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-6.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -244,7 +244,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-6.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -256,7 +256,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-6.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -268,7 +268,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-6.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -280,7 +280,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-6.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -293,7 +293,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-7.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -305,7 +305,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-7.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -317,7 +317,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-7.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -329,7 +329,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-7.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -341,7 +341,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-7.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -353,7 +353,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-7.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -365,7 +365,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-7.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -377,7 +377,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-7.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -390,7 +390,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-8.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -402,7 +402,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-8.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -414,7 +414,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-8.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -426,7 +426,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-8.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -438,7 +438,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-8.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -450,7 +450,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-8.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -462,7 +462,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-8.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -474,7 +474,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-8.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -487,7 +487,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-rapid-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -499,7 +499,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-rapid-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -511,7 +511,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-rapid-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -523,7 +523,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-rapid-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -535,7 +535,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-rapid-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -547,7 +547,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-rapid-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -559,7 +559,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-rapid-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -571,7 +571,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-rapid-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -584,7 +584,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-latest-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -596,7 +596,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-latest-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -608,7 +608,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-latest-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -620,7 +620,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-latest-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -632,7 +632,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-latest-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -644,7 +644,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-latest-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -656,7 +656,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-latest-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -668,7 +668,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-latest-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -689,7 +689,7 @@ tasks: SUB_TEST_NAME: gcp - name: test-gcpkms-fail commands: - - func: run-server + - func: run server - func: run tests vars: TEST_NAME: kms @@ -702,7 +702,7 @@ tasks: SUB_TEST_NAME: azure - name: test-azurekms-fail commands: - - func: run-server + - func: run server - func: run tests vars: TEST_NAME: kms @@ -711,7 +711,7 @@ tasks: # Load balancer tests - name: test-load-balancer-auth-ssl commands: - - func: run-server + - func: run server vars: TOPOLOGY: sharded_cluster AUTH: auth @@ -725,7 +725,7 @@ tasks: tags: [load-balancer, auth, ssl] - name: test-load-balancer-noauth-ssl commands: - - func: run-server + - func: run server vars: TOPOLOGY: sharded_cluster AUTH: noauth @@ -739,7 +739,7 @@ tasks: tags: [load-balancer, noauth, ssl] - name: test-load-balancer-noauth-nossl commands: - - func: run-server + - func: run server vars: TOPOLOGY: sharded_cluster AUTH: noauth @@ -752,10 +752,300 @@ tasks: TEST_NAME: load_balancer tags: [load-balancer, noauth, nossl] + # Ocsp tests + - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-soft-fail + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: no-responder + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-valid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-invalid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-delegate-valid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: no-responder + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-rsa-valid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-invalid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-soft-fail + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: no-responder + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-valid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-invalid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-delegate-valid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-delegate-invalid-cert-server-staples + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: no-responder + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + # Server tests - name: test-4.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -775,7 +1065,7 @@ tasks: - sync - name: test-4.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -795,7 +1085,7 @@ tasks: - async - name: test-4.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -814,7 +1104,7 @@ tasks: - sync_async - name: test-4.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -834,7 +1124,7 @@ tasks: - sync - name: test-4.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -854,7 +1144,7 @@ tasks: - async - name: test-4.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -873,7 +1163,7 @@ tasks: - sync_async - name: test-4.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -893,7 +1183,7 @@ tasks: - sync - name: test-4.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -913,7 +1203,7 @@ tasks: - async - name: test-4.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -932,7 +1222,7 @@ tasks: - sync_async - name: test-4.2-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -952,7 +1242,7 @@ tasks: - sync - name: test-4.2-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -972,7 +1262,7 @@ tasks: - async - name: test-4.2-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -991,7 +1281,7 @@ tasks: - sync_async - name: test-4.2-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1011,7 +1301,7 @@ tasks: - sync - name: test-4.2-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1031,7 +1321,7 @@ tasks: - async - name: test-4.2-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1050,7 +1340,7 @@ tasks: - sync_async - name: test-4.2-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1070,7 +1360,7 @@ tasks: - sync - name: test-4.2-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1090,7 +1380,7 @@ tasks: - async - name: test-4.2-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1109,7 +1399,7 @@ tasks: - sync_async - name: test-4.4-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1129,7 +1419,7 @@ tasks: - sync - name: test-4.4-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1149,7 +1439,7 @@ tasks: - async - name: test-4.4-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1168,7 +1458,7 @@ tasks: - sync_async - name: test-4.4-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1188,7 +1478,7 @@ tasks: - sync - name: test-4.4-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1208,7 +1498,7 @@ tasks: - async - name: test-4.4-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1227,7 +1517,7 @@ tasks: - sync_async - name: test-4.4-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1247,7 +1537,7 @@ tasks: - sync - name: test-4.4-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1267,7 +1557,7 @@ tasks: - async - name: test-4.4-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1286,7 +1576,7 @@ tasks: - sync_async - name: test-5.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1306,7 +1596,7 @@ tasks: - sync - name: test-5.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1326,7 +1616,7 @@ tasks: - async - name: test-5.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1345,7 +1635,7 @@ tasks: - sync_async - name: test-5.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1365,7 +1655,7 @@ tasks: - sync - name: test-5.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1385,7 +1675,7 @@ tasks: - async - name: test-5.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1404,7 +1694,7 @@ tasks: - sync_async - name: test-5.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1424,7 +1714,7 @@ tasks: - sync - name: test-5.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1444,7 +1734,7 @@ tasks: - async - name: test-5.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1463,7 +1753,7 @@ tasks: - sync_async - name: test-6.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1483,7 +1773,7 @@ tasks: - sync - name: test-6.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1503,7 +1793,7 @@ tasks: - async - name: test-6.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1522,7 +1812,7 @@ tasks: - sync_async - name: test-6.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1542,7 +1832,7 @@ tasks: - sync - name: test-6.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1562,7 +1852,7 @@ tasks: - async - name: test-6.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1581,7 +1871,7 @@ tasks: - sync_async - name: test-6.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1601,7 +1891,7 @@ tasks: - sync - name: test-6.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1621,7 +1911,7 @@ tasks: - async - name: test-6.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -1640,7 +1930,7 @@ tasks: - sync_async - name: test-7.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1660,7 +1950,7 @@ tasks: - sync - name: test-7.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1680,7 +1970,7 @@ tasks: - async - name: test-7.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1699,7 +1989,7 @@ tasks: - sync_async - name: test-7.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1719,7 +2009,7 @@ tasks: - sync - name: test-7.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1739,7 +2029,7 @@ tasks: - async - name: test-7.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1758,7 +2048,7 @@ tasks: - sync_async - name: test-7.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1778,7 +2068,7 @@ tasks: - sync - name: test-7.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1798,7 +2088,7 @@ tasks: - async - name: test-7.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -1817,7 +2107,7 @@ tasks: - sync_async - name: test-8.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1837,7 +2127,7 @@ tasks: - sync - name: test-8.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1857,7 +2147,7 @@ tasks: - async - name: test-8.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1876,7 +2166,7 @@ tasks: - sync_async - name: test-8.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1896,7 +2186,7 @@ tasks: - sync - name: test-8.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1916,7 +2206,7 @@ tasks: - async - name: test-8.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1935,7 +2225,7 @@ tasks: - sync_async - name: test-8.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1955,7 +2245,7 @@ tasks: - sync - name: test-8.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1975,7 +2265,7 @@ tasks: - async - name: test-8.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -1994,7 +2284,7 @@ tasks: - sync_async - name: test-rapid-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2014,7 +2304,7 @@ tasks: - sync - name: test-rapid-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2034,7 +2324,7 @@ tasks: - async - name: test-rapid-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2053,7 +2343,7 @@ tasks: - sync_async - name: test-rapid-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2073,7 +2363,7 @@ tasks: - sync - name: test-rapid-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2093,7 +2383,7 @@ tasks: - async - name: test-rapid-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2112,7 +2402,7 @@ tasks: - sync_async - name: test-rapid-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2132,7 +2422,7 @@ tasks: - sync - name: test-rapid-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2152,7 +2442,7 @@ tasks: - async - name: test-rapid-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2171,7 +2461,7 @@ tasks: - sync_async - name: test-latest-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2191,7 +2481,7 @@ tasks: - sync - name: test-latest-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2211,7 +2501,7 @@ tasks: - async - name: test-latest-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2230,7 +2520,7 @@ tasks: - sync_async - name: test-latest-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2250,7 +2540,7 @@ tasks: - sync - name: test-latest-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2270,7 +2560,7 @@ tasks: - async - name: test-latest-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2289,7 +2579,7 @@ tasks: - sync_async - name: test-latest-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2309,7 +2599,7 @@ tasks: - sync - name: test-latest-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2329,7 +2619,7 @@ tasks: - async - name: test-latest-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2348,7 +2638,7 @@ tasks: - sync_async - name: test-4.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2368,7 +2658,7 @@ tasks: - sync - name: test-4.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2388,7 +2678,7 @@ tasks: - async - name: test-4.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2407,7 +2697,7 @@ tasks: - sync_async - name: test-4.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2427,7 +2717,7 @@ tasks: - sync - name: test-4.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2447,7 +2737,7 @@ tasks: - async - name: test-4.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2466,7 +2756,7 @@ tasks: - sync_async - name: test-4.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2486,7 +2776,7 @@ tasks: - sync - name: test-4.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2506,7 +2796,7 @@ tasks: - async - name: test-4.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2525,7 +2815,7 @@ tasks: - sync_async - name: test-4.2-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2545,7 +2835,7 @@ tasks: - sync - name: test-4.2-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2565,7 +2855,7 @@ tasks: - async - name: test-4.2-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2584,7 +2874,7 @@ tasks: - sync_async - name: test-4.2-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2604,7 +2894,7 @@ tasks: - sync - name: test-4.2-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2624,7 +2914,7 @@ tasks: - async - name: test-4.2-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2643,7 +2933,7 @@ tasks: - sync_async - name: test-4.2-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2663,7 +2953,7 @@ tasks: - sync - name: test-4.2-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2683,7 +2973,7 @@ tasks: - async - name: test-4.2-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -2702,7 +2992,7 @@ tasks: - sync_async - name: test-4.4-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2722,7 +3012,7 @@ tasks: - sync - name: test-4.4-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2742,7 +3032,7 @@ tasks: - async - name: test-4.4-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2761,7 +3051,7 @@ tasks: - sync_async - name: test-4.4-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2781,7 +3071,7 @@ tasks: - sync - name: test-4.4-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2801,7 +3091,7 @@ tasks: - async - name: test-4.4-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2820,7 +3110,7 @@ tasks: - sync_async - name: test-4.4-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2840,7 +3130,7 @@ tasks: - sync - name: test-4.4-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2860,7 +3150,7 @@ tasks: - async - name: test-4.4-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -2879,7 +3169,7 @@ tasks: - sync_async - name: test-5.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -2899,7 +3189,7 @@ tasks: - sync - name: test-5.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -2919,7 +3209,7 @@ tasks: - async - name: test-5.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -2938,7 +3228,7 @@ tasks: - sync_async - name: test-5.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -2958,7 +3248,7 @@ tasks: - sync - name: test-5.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -2978,7 +3268,7 @@ tasks: - async - name: test-5.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -2997,7 +3287,7 @@ tasks: - sync_async - name: test-5.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3017,7 +3307,7 @@ tasks: - sync - name: test-5.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3037,7 +3327,7 @@ tasks: - async - name: test-5.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3056,7 +3346,7 @@ tasks: - sync_async - name: test-6.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3076,7 +3366,7 @@ tasks: - sync - name: test-6.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3096,7 +3386,7 @@ tasks: - async - name: test-6.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3115,7 +3405,7 @@ tasks: - sync_async - name: test-6.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3135,7 +3425,7 @@ tasks: - sync - name: test-6.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3155,7 +3445,7 @@ tasks: - async - name: test-6.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3174,7 +3464,7 @@ tasks: - sync_async - name: test-6.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3194,7 +3484,7 @@ tasks: - sync - name: test-6.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3214,7 +3504,7 @@ tasks: - async - name: test-6.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3233,7 +3523,7 @@ tasks: - sync_async - name: test-7.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3253,7 +3543,7 @@ tasks: - sync - name: test-7.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3273,7 +3563,7 @@ tasks: - async - name: test-7.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3292,7 +3582,7 @@ tasks: - sync_async - name: test-7.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3312,7 +3602,7 @@ tasks: - sync - name: test-7.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3332,7 +3622,7 @@ tasks: - async - name: test-7.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3351,7 +3641,7 @@ tasks: - sync_async - name: test-7.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3371,7 +3661,7 @@ tasks: - sync - name: test-7.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3391,7 +3681,7 @@ tasks: - async - name: test-7.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3410,7 +3700,7 @@ tasks: - sync_async - name: test-8.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3430,7 +3720,7 @@ tasks: - sync - name: test-8.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3450,7 +3740,7 @@ tasks: - async - name: test-8.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3469,7 +3759,7 @@ tasks: - sync_async - name: test-8.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3489,7 +3779,7 @@ tasks: - sync - name: test-8.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3509,7 +3799,7 @@ tasks: - async - name: test-8.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3528,7 +3818,7 @@ tasks: - sync_async - name: test-8.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3548,7 +3838,7 @@ tasks: - sync - name: test-8.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3568,7 +3858,7 @@ tasks: - async - name: test-8.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3587,7 +3877,7 @@ tasks: - sync_async - name: test-rapid-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3607,7 +3897,7 @@ tasks: - sync - name: test-rapid-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3627,7 +3917,7 @@ tasks: - async - name: test-rapid-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3646,7 +3936,7 @@ tasks: - sync_async - name: test-rapid-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3666,7 +3956,7 @@ tasks: - sync - name: test-rapid-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3686,7 +3976,7 @@ tasks: - async - name: test-rapid-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3705,7 +3995,7 @@ tasks: - sync_async - name: test-rapid-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3725,7 +4015,7 @@ tasks: - sync - name: test-rapid-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3745,7 +4035,7 @@ tasks: - async - name: test-rapid-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -3764,7 +4054,7 @@ tasks: - sync_async - name: test-latest-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3784,7 +4074,7 @@ tasks: - sync - name: test-latest-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3804,7 +4094,7 @@ tasks: - async - name: test-latest-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3823,7 +4113,7 @@ tasks: - sync_async - name: test-latest-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3843,7 +4133,7 @@ tasks: - sync - name: test-latest-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3863,7 +4153,7 @@ tasks: - async - name: test-latest-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3882,7 +4172,7 @@ tasks: - sync_async - name: test-latest-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3902,7 +4192,7 @@ tasks: - sync - name: test-latest-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3922,7 +4212,7 @@ tasks: - async - name: test-latest-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -3941,7 +4231,7 @@ tasks: - sync_async - name: test-4.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -3961,7 +4251,7 @@ tasks: - sync - name: test-4.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -3981,7 +4271,7 @@ tasks: - async - name: test-4.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4000,7 +4290,7 @@ tasks: - sync_async - name: test-4.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4020,7 +4310,7 @@ tasks: - sync - name: test-4.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4040,7 +4330,7 @@ tasks: - async - name: test-4.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4059,7 +4349,7 @@ tasks: - sync_async - name: test-4.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4079,7 +4369,7 @@ tasks: - sync - name: test-4.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4099,7 +4389,7 @@ tasks: - async - name: test-4.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4118,7 +4408,7 @@ tasks: - sync_async - name: test-4.2-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4138,7 +4428,7 @@ tasks: - sync - name: test-4.2-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4158,7 +4448,7 @@ tasks: - async - name: test-4.2-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4177,7 +4467,7 @@ tasks: - sync_async - name: test-4.2-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4197,7 +4487,7 @@ tasks: - sync - name: test-4.2-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4217,7 +4507,7 @@ tasks: - async - name: test-4.2-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4236,7 +4526,7 @@ tasks: - sync_async - name: test-4.2-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4256,7 +4546,7 @@ tasks: - sync - name: test-4.2-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4276,7 +4566,7 @@ tasks: - async - name: test-4.2-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4295,7 +4585,7 @@ tasks: - sync_async - name: test-4.4-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4315,7 +4605,7 @@ tasks: - sync - name: test-4.4-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4335,7 +4625,7 @@ tasks: - async - name: test-4.4-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4354,7 +4644,7 @@ tasks: - sync_async - name: test-4.4-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4374,7 +4664,7 @@ tasks: - sync - name: test-4.4-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4394,7 +4684,7 @@ tasks: - async - name: test-4.4-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4413,7 +4703,7 @@ tasks: - sync_async - name: test-4.4-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4433,7 +4723,7 @@ tasks: - sync - name: test-4.4-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4453,7 +4743,7 @@ tasks: - async - name: test-4.4-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4472,7 +4762,7 @@ tasks: - sync_async - name: test-5.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4492,7 +4782,7 @@ tasks: - sync - name: test-5.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4512,7 +4802,7 @@ tasks: - async - name: test-5.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4531,7 +4821,7 @@ tasks: - sync_async - name: test-5.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4551,7 +4841,7 @@ tasks: - sync - name: test-5.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4571,7 +4861,7 @@ tasks: - async - name: test-5.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4590,7 +4880,7 @@ tasks: - sync_async - name: test-5.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4610,7 +4900,7 @@ tasks: - sync - name: test-5.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4630,7 +4920,7 @@ tasks: - async - name: test-5.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -4649,7 +4939,7 @@ tasks: - sync_async - name: test-6.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4669,7 +4959,7 @@ tasks: - sync - name: test-6.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4689,7 +4979,7 @@ tasks: - async - name: test-6.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4708,7 +4998,7 @@ tasks: - sync_async - name: test-6.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4728,7 +5018,7 @@ tasks: - sync - name: test-6.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4748,7 +5038,7 @@ tasks: - async - name: test-6.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4767,7 +5057,7 @@ tasks: - sync_async - name: test-6.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4787,7 +5077,7 @@ tasks: - sync - name: test-6.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4807,7 +5097,7 @@ tasks: - async - name: test-6.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -4826,7 +5116,7 @@ tasks: - sync_async - name: test-7.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4846,7 +5136,7 @@ tasks: - sync - name: test-7.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4866,7 +5156,7 @@ tasks: - async - name: test-7.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4885,7 +5175,7 @@ tasks: - sync_async - name: test-7.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4905,7 +5195,7 @@ tasks: - sync - name: test-7.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4925,7 +5215,7 @@ tasks: - async - name: test-7.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4944,7 +5234,7 @@ tasks: - sync_async - name: test-7.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4964,7 +5254,7 @@ tasks: - sync - name: test-7.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -4984,7 +5274,7 @@ tasks: - async - name: test-7.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5003,7 +5293,7 @@ tasks: - sync_async - name: test-8.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5023,7 +5313,7 @@ tasks: - sync - name: test-8.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5043,7 +5333,7 @@ tasks: - async - name: test-8.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5062,7 +5352,7 @@ tasks: - sync_async - name: test-8.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5082,7 +5372,7 @@ tasks: - sync - name: test-8.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5102,7 +5392,7 @@ tasks: - async - name: test-8.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5121,7 +5411,7 @@ tasks: - sync_async - name: test-8.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5141,7 +5431,7 @@ tasks: - sync - name: test-8.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5161,7 +5451,7 @@ tasks: - async - name: test-8.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5180,7 +5470,7 @@ tasks: - sync_async - name: test-rapid-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5200,7 +5490,7 @@ tasks: - sync - name: test-rapid-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5220,7 +5510,7 @@ tasks: - async - name: test-rapid-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5239,7 +5529,7 @@ tasks: - sync_async - name: test-rapid-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5259,7 +5549,7 @@ tasks: - sync - name: test-rapid-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5279,7 +5569,7 @@ tasks: - async - name: test-rapid-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5298,7 +5588,7 @@ tasks: - sync_async - name: test-rapid-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5318,7 +5608,7 @@ tasks: - sync - name: test-rapid-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5338,7 +5628,7 @@ tasks: - async - name: test-rapid-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5357,7 +5647,7 @@ tasks: - sync_async - name: test-latest-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5377,7 +5667,7 @@ tasks: - sync - name: test-latest-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5397,7 +5687,7 @@ tasks: - async - name: test-latest-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5416,7 +5706,7 @@ tasks: - sync_async - name: test-latest-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5436,7 +5726,7 @@ tasks: - sync - name: test-latest-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5456,7 +5746,7 @@ tasks: - async - name: test-latest-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5475,7 +5765,7 @@ tasks: - sync_async - name: test-latest-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5495,7 +5785,7 @@ tasks: - sync - name: test-latest-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5515,7 +5805,7 @@ tasks: - async - name: test-latest-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 03b461989..505c6de06 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -801,7 +801,7 @@ def create_server_tasks(): AUTH=auth, SSL=ssl, ) - server_func = FunctionCall(func="run-server", vars=server_vars) + server_func = FunctionCall(func="run server", vars=server_vars) test_vars = dict(AUTH=auth, SSL=ssl, SYNC=sync) if sync == "sync": test_vars["TEST_NAME"] = "default_sync" @@ -820,7 +820,7 @@ def create_load_balancer_tasks(): server_vars = dict( TOPOLOGY="sharded_cluster", AUTH=auth, SSL=ssl, TEST_NAME="load_balancer" ) - server_func = FunctionCall(func="run-server", vars=server_vars) + server_func = FunctionCall(func="run server", vars=server_vars) test_vars = dict(AUTH=auth, SSL=ssl, TEST_NAME="load_balancer") test_func = FunctionCall(func="run tests", vars=test_vars) tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func])) @@ -839,7 +839,7 @@ def create_kms_tasks(): sub_test_name += "-fail" commands = [] if not success: - commands.append(FunctionCall(func="run-server")) + commands.append(FunctionCall(func="run server")) test_vars = dict(TEST_NAME="kms", SUB_TEST_NAME=sub_test_name) test_func = FunctionCall(func="run tests", vars=test_vars) commands.append(test_func) @@ -862,7 +862,7 @@ def create_aws_tasks(): base_name = f"test-auth-aws-{version}" base_tags = ["auth-aws"] server_vars = dict(AUTH_AWS="1", VERSION=version) - server_func = FunctionCall(func="run-server", vars=server_vars) + server_func = FunctionCall(func="run server", vars=server_vars) assume_func = FunctionCall(func="assume ec2 role") for test_type in aws_test_types: tags = [*base_tags, f"auth-aws-{test_type}"] @@ -884,6 +884,60 @@ def create_aws_tasks(): return tasks +def _create_ocsp_task(algo, variant, server_type, base_task_name): + file_name = f"{algo}-basic-tls-ocsp-{variant}.json" + + vars = dict(TEST_NAME="ocsp", ORCHESTRATION_FILE=file_name) + server_func = FunctionCall(func="run server", vars=vars) + + vars = dict(ORCHESTRATION_FILE=file_name, OCSP_SERVER_TYPE=server_type, TEST_NAME="ocsp") + test_func = FunctionCall(func="run tests", vars=vars) + + tags = ["ocsp", f"ocsp-{algo}"] + if "disableStapling" not in variant: + tags.append("ocsp-staple") + + task_name = f"test-ocsp-{algo}-{base_task_name}" + commands = [server_func, test_func] + return EvgTask(name=task_name, tags=tags, commands=commands) + + +def create_ocsp_tasks(): + tasks = [] + tests = [ + ("disableStapling", "valid", "valid-cert-server-does-not-staple"), + ("disableStapling", "revoked", "invalid-cert-server-does-not-staple"), + ("disableStapling", "valid-delegate", "delegate-valid-cert-server-does-not-staple"), + ("disableStapling", "revoked-delegate", "delegate-invalid-cert-server-does-not-staple"), + ("disableStapling", "no-responder", "soft-fail"), + ("mustStaple", "valid", "valid-cert-server-staples"), + ("mustStaple", "revoked", "invalid-cert-server-staples"), + ("mustStaple", "valid-delegate", "delegate-valid-cert-server-staples"), + ("mustStaple", "revoked-delegate", "delegate-invalid-cert-server-staples"), + ( + "mustStaple-disableStapling", + "revoked", + "malicious-invalid-cert-mustStaple-server-does-not-staple", + ), + ( + "mustStaple-disableStapling", + "revoked-delegate", + "delegate-malicious-invalid-cert-mustStaple-server-does-not-staple", + ), + ( + "mustStaple-disableStapling", + "no-responder", + "malicious-no-responder-mustStaple-server-does-not-staple", + ), + ] + for algo in ["ecdsa", "rsa"]: + for variant, server_type, base_task_name in tests: + task = _create_ocsp_task(algo, variant, server_type, base_task_name) + tasks.append(task) + + return tasks + + ################## # Generate Config ################## diff --git a/.evergreen/scripts/run-ocsp-test.sh b/.evergreen/scripts/run-ocsp-test.sh deleted file mode 100755 index 9c4886704..000000000 --- a/.evergreen/scripts/run-ocsp-test.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -eu - -pushd "${PROJECT_DIRECTORY}/.evergreen" -bash scripts/setup-dev-env.sh -CA_FILE="${DRIVERS_TOOLS}/.evergreen/ocsp/${OCSP_ALGORITHM}/ca.pem" \ - OCSP_TLS_SHOULD_SUCCEED="${OCSP_TLS_SHOULD_SUCCEED}" \ - bash scripts/setup-tests.sh ocsp -bash run-tests.sh -bash "${DRIVERS_TOOLS}"/.evergreen/ocsp/teardown.sh - -popd diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index 51fe8a67f..f6a45c23a 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -32,15 +32,26 @@ def start_server(): elif test_name == "load_balancer": set_env("LOAD_BALANCER") + elif test_name == "ocsp": + opts.ssl = True + if "ORCHESTRATION_FILE" not in os.environ: + found = False + for opt in extra_opts: + if opt.startswith("--orchestration-file"): + found = True + if not found: + raise ValueError("Please provide an orchestration file") + if not os.environ.get("TEST_CRYPT_SHARED"): set_env("SKIP_CRYPT_SHARED") if opts.ssl: extra_opts.append("--ssl") - certs = ROOT / "test/certificates" - set_env("TLS_CERT_KEY_FILE", certs / "client.pem") - set_env("TLS_PEM_KEY_FILE", certs / "server.pem") - set_env("TLS_CA_FILE", certs / "ca.pem") + if test_name != "ocsp": + certs = ROOT / "test/certificates" + set_env("TLS_CERT_KEY_FILE", certs / "client.pem") + set_env("TLS_PEM_KEY_FILE", certs / "server.pem") + set_env("TLS_CA_FILE", certs / "ca.pem") cmd = ["bash", f"{DRIVERS_TOOLS}/.evergreen/run-orchestration.sh", *extra_opts] run_command(cmd, cwd=DRIVERS_TOOLS) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 2fa5e69cb..b75a821c3 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -239,6 +239,30 @@ def handle_test_env() -> None: cmd = f'bash "{DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh" start' run_command(cmd) + if test_name == "ocsp": + if sub_test_name: + os.environ["OCSP_SERVER_TYPE"] = sub_test_name + for name in ["OCSP_SERVER_TYPE", "ORCHESTRATION_FILE"]: + if name not in os.environ: + raise ValueError(f"Please set {name}") + + server_type = os.environ["OCSP_SERVER_TYPE"] + orch_file = os.environ["ORCHESTRATION_FILE"] + ocsp_algo = orch_file.split("-")[0] + if server_type == "no-responder": + tls_should_succeed = "false" if "mustStaple-disableStapling" in orch_file else "true" + else: + tls_should_succeed = "true" if "valid" in server_type else "false" + + write_env("OCSP_TLS_SHOULD_SUCCEED", tls_should_succeed) + write_env("CA_FILE", f"{DRIVERS_TOOLS}/.evergreen/ocsp/{ocsp_algo}/ca.pem") + + if server_type != "no-responder": + env = os.environ.copy() + env["SERVER_TYPE"] = server_type + env["OCSP_ALGORITHM"] = ocsp_algo + run_command(f"bash {DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh", env=env) + if SSL != "nossl": if not DRIVERS_TOOLS: raise RuntimeError("Missing DRIVERS_TOOLS") @@ -302,10 +326,6 @@ def handle_test_env() -> None: setup_kms(sub_test_name) - if test_name == "ocsp": - write_env("CA_FILE", os.environ["CA_FILE"]) - write_env("OCSP_TLS_SHOULD_SUCCEED", os.environ["OCSP_TLS_SHOULD_SUCCEED"]) - if test_name == "auth_aws" and sub_test_name != "ecs-remote": auth_aws_dir = f"{DRIVERS_TOOLS}/.evergreen/auth_aws" if "AWS_ROLE_SESSION_NAME" in os.environ: diff --git a/.evergreen/scripts/teardown_tests.py b/.evergreen/scripts/teardown_tests.py index 824fc2c9b..fedbdc2fe 100644 --- a/.evergreen/scripts/teardown_tests.py +++ b/.evergreen/scripts/teardown_tests.py @@ -24,6 +24,10 @@ elif TEST_NAME == "kms" and SUB_TEST_NAME in ["azure", "gcp"]: teardown_kms(SUB_TEST_NAME) +# Tear down ocsp if applicable. +elif TEST_NAME == "ocsp": + run_command(f"bash {DRIVERS_TOOLS}/.evergreen/teardown.sh") + # Tear down auth_aws if applicable. # We do not run web-identity hosts on macos, because the hosts lack permissions, # so there is no reason to run the teardown, which would error with a 401. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b3423ed40..1d8783d9d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -218,12 +218,12 @@ the pages will re-render and the browser will automatically refresh. ### Usage - Run `just run-server` with optional args to set up the server. - All given flags will be passed to `run-orchestration.sh` in `DRIVERS_TOOLS`. + All given flags will be passed to `run-orchestration.sh` in `$DRIVERS_TOOLS`. - Run `just setup-tests` with optional args to set up the test environment, secrets, etc. - Run `just run-tests` to run the tests in an appropriate Python environment. - When done, run `just teardown-tests` to clean up and `just stop-server` to stop the server. -## Encryption tests +### Encryption tests - Run `just run-server` to start the server. - Run `just setup-tests encryption`. @@ -236,13 +236,13 @@ the pages will re-render and the browser will automatically refresh. - Set up the test with `just setup-tests load_balancer`. - Run the tests with `just run-tests`. -## AWS tests +### AWS tests - Run `just run-server auth_aws` to start the server. - Run `just setup-tests auth_aws ` to set up the AWS test. - Run the tests with `just run-tests`. -## KMS tests +### KMS tests For KMS tests that are run locally, and expected to fail, in this case using `azure`: @@ -255,6 +255,17 @@ For KMS tests that run remotely and are expected to pass, in this case using `gc - Run `just setup-tests kms gcp`. - Run `just run-tests`. +### OCSP tests + + - Export the orchestration file, e.g. `export ORCHESTRATION_FILE=rsa-basic-tls-ocsp-disableStapling.json`. + This corresponds to a config file in `$DRIVERS_TOOLS/.evergreen/orchestration/configs/servers`. + MongoDB servers on MacOS and Windows do not staple OCSP responses and only support RSA. + - Run `just run-server ocsp`. + - Run `just setup-tests ocsp ` (options are "valid", "revoked", "valid-delegate", "revoked-delegate"). + - Run `just run-tests` + + If you are running one of the `no-responder` tests, omit the `run-server` step. + ## Enable Debug Logs - Use `-o log_cli_level="DEBUG" -o log_cli=1` with `just test` or `pytest`. - Add `log_cli_level = "DEBUG` and `log_cli = 1` to the `tool.pytest.ini_options` section in `pyproject.toml` for Evergreen patches or to enable debug logs by default on your machine. From b66a5cb673499626e660102a984c5e1036717ab3 Mon Sep 17 00:00:00 2001 From: Casey Clements Date: Mon, 10 Mar 2025 15:45:32 -0400 Subject: [PATCH 2/4] PYTHON-5172 bugfix: Add __repr__ and __eq__ to bson.binary.BinaryVector (#2162) --- bson/binary.py | 12 ++++++++-- test/test_bson.py | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 2 deletions(-) diff --git a/bson/binary.py b/bson/binary.py index ee481fa1a..6698e55cc 100644 --- a/bson/binary.py +++ b/bson/binary.py @@ -14,7 +14,6 @@ from __future__ import annotations import struct -from dataclasses import dataclass from enum import Enum from typing import TYPE_CHECKING, Any, Optional, Sequence, Tuple, Type, Union, overload from uuid import UUID @@ -227,7 +226,6 @@ class BinaryVectorDtype(Enum): PACKED_BIT = b"\x10" -@dataclass class BinaryVector: """Vector of numbers along with metadata for binary interoperability. .. versionadded:: 4.10 @@ -247,6 +245,16 @@ class BinaryVector: self.dtype = dtype self.padding = padding + def __repr__(self) -> str: + return f"BinaryVector(dtype={self.dtype}, padding={self.padding}, data={self.data})" + + def __eq__(self, other: Any) -> bool: + if not isinstance(other, BinaryVector): + return False + return ( + self.dtype == other.dtype and self.padding == other.padding and self.data == other.data + ) + class Binary(bytes): """Representation of BSON binary data. diff --git a/test/test_bson.py b/test/test_bson.py index e704efe45..6f26856b0 100644 --- a/test/test_bson.py +++ b/test/test_bson.py @@ -809,6 +809,64 @@ class TestBSON(unittest.TestCase): dtype=BinaryVectorDtype.PACKED_BIT, ) # type: ignore[call-overload] + def assertRepr(self, obj): + new_obj = eval(repr(obj)) + self.assertEqual(type(new_obj), type(obj)) + self.assertEqual(repr(new_obj), repr(obj)) + + def test_binaryvector_repr(self): + """Tests of repr(BinaryVector)""" + + data = [1 / 127, -7 / 6] + one = BinaryVector(data, BinaryVectorDtype.FLOAT32) + self.assertEqual( + repr(one), f"BinaryVector(dtype=BinaryVectorDtype.FLOAT32, padding=0, data={data})" + ) + self.assertRepr(one) + + data = [127, 7] + two = BinaryVector(data, BinaryVectorDtype.INT8) + self.assertEqual( + repr(two), f"BinaryVector(dtype=BinaryVectorDtype.INT8, padding=0, data={data})" + ) + self.assertRepr(two) + + three = BinaryVector(data, BinaryVectorDtype.INT8, padding=0) + self.assertEqual( + repr(three), f"BinaryVector(dtype=BinaryVectorDtype.INT8, padding=0, data={data})" + ) + self.assertRepr(three) + + four = BinaryVector(data, BinaryVectorDtype.PACKED_BIT, padding=3) + self.assertEqual( + repr(four), f"BinaryVector(dtype=BinaryVectorDtype.PACKED_BIT, padding=3, data={data})" + ) + self.assertRepr(four) + + zero = BinaryVector([], BinaryVectorDtype.INT8) + self.assertEqual( + repr(zero), "BinaryVector(dtype=BinaryVectorDtype.INT8, padding=0, data=[])" + ) + self.assertRepr(zero) + + def test_binaryvector_equality(self): + """Tests of == __eq__""" + self.assertEqual( + BinaryVector([1.2, 1 - 1 / 3], BinaryVectorDtype.FLOAT32, 0), + BinaryVector([1.2, 1 - 1.0 / 3.0], BinaryVectorDtype.FLOAT32, 0), + ) + self.assertNotEqual( + BinaryVector([1.2, 1 - 1 / 3], BinaryVectorDtype.FLOAT32, 0), + BinaryVector([1.2, 6.0 / 9.0], BinaryVectorDtype.FLOAT32, 0), + ) + self.assertEqual( + BinaryVector([], BinaryVectorDtype.FLOAT32, 0), + BinaryVector([], BinaryVectorDtype.FLOAT32, 0), + ) + self.assertNotEqual( + BinaryVector([1], BinaryVectorDtype.INT8), BinaryVector([2], BinaryVectorDtype.INT8) + ) + def test_unicode_regex(self): """Tests we do not get a segfault for C extension on unicode RegExs. This had been happening. From 61d435408e05693fa57801738c3180fffb74508b Mon Sep 17 00:00:00 2001 From: Shane Harvey Date: Mon, 10 Mar 2025 14:19:16 -0700 Subject: [PATCH 3/4] PYTHON-5194 Test secondary with IPv6 literal in SDAM (#2189) --- .../rs/secondary_ipv6_literal.json | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 test/discovery_and_monitoring/rs/secondary_ipv6_literal.json diff --git a/test/discovery_and_monitoring/rs/secondary_ipv6_literal.json b/test/discovery_and_monitoring/rs/secondary_ipv6_literal.json new file mode 100644 index 000000000..c23d8dc4c --- /dev/null +++ b/test/discovery_and_monitoring/rs/secondary_ipv6_literal.json @@ -0,0 +1,38 @@ +{ + "description": "Secondary with IPv6 literal", + "uri": "mongodb://[::1]/?replicaSet=rs", + "phases": [ + { + "responses": [ + [ + "[::1]:27017", + { + "ok": 1, + "helloOk": true, + "isWritablePrimary": false, + "secondary": true, + "setName": "rs", + "me": "[::1]:27017", + "hosts": [ + "[::1]:27017" + ], + "minWireVersion": 0, + "maxWireVersion": 26 + } + ] + ], + "outcome": { + "servers": { + "[::1]:27017": { + "type": "RSSecondary", + "setName": "rs" + } + }, + "topologyType": "ReplicaSetNoPrimary", + "setName": "rs", + "logicalSessionTimeoutMinutes": null, + "compatible": true + } + } + ] +} From 7ef18af49b35335d8cf92746c8bcfde65e0d989f Mon Sep 17 00:00:00 2001 From: Shane Harvey Date: Mon, 10 Mar 2025 17:11:38 -0700 Subject: [PATCH 4/4] PYTHON-4580 Add key_expiration_ms option for DEK cache lifetime (#2186) --- doc/changelog.rst | 18 +- pymongo/asynchronous/encryption.py | 26 +- pymongo/encryption_options.py | 10 +- pymongo/synchronous/encryption.py | 26 +- test/asynchronous/unified_format.py | 3 +- test/asynchronous/utils_spec_runner.py | 5 + .../spec/legacy/fle2v2-Rangev2-Compact.json | 3 +- .../spec/legacy/keyCache.json | 270 ++++++++++++++++++ .../spec/legacy/timeoutMS.json | 4 +- .../spec/unified/keyCache.json | 198 +++++++++++++ test/unified_format.py | 3 +- test/utils_spec_runner.py | 5 + uv.lock | 2 +- 13 files changed, 549 insertions(+), 24 deletions(-) create mode 100644 test/client-side-encryption/spec/legacy/keyCache.json create mode 100644 test/client-side-encryption/spec/unified/keyCache.json diff --git a/doc/changelog.rst b/doc/changelog.rst index cf5d5e8ff..21e86953c 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -1,7 +1,23 @@ Changelog ========= -Changes in Version 4.11.2 (YYYY/MM/DD) +Changes in Version 4.12.0 (YYYY/MM/DD) +-------------------------------------- + +PyMongo 4.12 brings a number of changes including: + +- Support for configuring DEK cache lifetime via the ``key_expiration_ms`` argument to + :class:`~pymongo.encryption_options.AutoEncryptionOpts`. + +Issues Resolved +............... + +See the `PyMongo 4.12 release notes in JIRA`_ for the list of resolved issues +in this release. + +.. _PyMongo 4.12 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=41916 + +Changes in Version 4.11.2 (2025/03/05) -------------------------------------- Version 4.11.2 is a bug fix release. diff --git a/pymongo/asynchronous/encryption.py b/pymongo/asynchronous/encryption.py index 9d3ea6719..ef8d817b2 100644 --- a/pymongo/asynchronous/encryption.py +++ b/pymongo/asynchronous/encryption.py @@ -445,6 +445,7 @@ class _Encrypter: bypass_encryption=opts._bypass_auto_encryption, encrypted_fields_map=encrypted_fields_map, bypass_query_analysis=opts._bypass_query_analysis, + key_expiration_ms=opts._key_expiration_ms, ), ) self._closed = False @@ -547,11 +548,10 @@ class QueryType(str, enum.Enum): def _create_mongocrypt_options(**kwargs: Any) -> MongoCryptOptions: - opts = MongoCryptOptions(**kwargs) - # Opt into range V2 encryption. - if hasattr(opts, "enable_range_v2"): - opts.enable_range_v2 = True - return opts + # For compat with pymongocrypt <1.13, avoid setting the default key_expiration_ms. + if kwargs.get("key_expiration_ms") is None: + kwargs.pop("key_expiration_ms", None) + return MongoCryptOptions(**kwargs) class AsyncClientEncryption(Generic[_DocumentType]): @@ -564,6 +564,7 @@ class AsyncClientEncryption(Generic[_DocumentType]): key_vault_client: AsyncMongoClient[_DocumentTypeArg], codec_options: CodecOptions[_DocumentTypeArg], kms_tls_options: Optional[Mapping[str, Any]] = None, + key_expiration_ms: Optional[int] = None, ) -> None: """Explicit client-side field level encryption. @@ -630,7 +631,12 @@ class AsyncClientEncryption(Generic[_DocumentType]): Or to supply a client certificate:: kms_tls_options={'kmip': {'tlsCertificateKeyFile': 'client.pem'}} + :param key_expiration_ms: The cache expiration time for data encryption keys. + Defaults to ``None`` which defers to libmongocrypt's default which is currently 60000. + Set to 0 to disable key expiration. + .. versionchanged:: 4.12 + Added the `key_expiration_ms` parameter. .. versionchanged:: 4.0 Added the `kms_tls_options` parameter and the "kmip" KMS provider. @@ -666,14 +672,19 @@ class AsyncClientEncryption(Generic[_DocumentType]): key_vault_coll = key_vault_client[db][coll] opts = AutoEncryptionOpts( - kms_providers, key_vault_namespace, kms_tls_options=kms_tls_options + kms_providers, + key_vault_namespace, + kms_tls_options=kms_tls_options, + key_expiration_ms=key_expiration_ms, ) self._io_callbacks: Optional[_EncryptionIO] = _EncryptionIO( None, key_vault_coll, None, opts ) self._encryption = AsyncExplicitEncrypter( self._io_callbacks, - _create_mongocrypt_options(kms_providers=kms_providers, schema_map=None), + _create_mongocrypt_options( + kms_providers=kms_providers, schema_map=None, key_expiration_ms=key_expiration_ms + ), ) # Use the same key vault collection as the callback. assert self._io_callbacks.key_vault_coll is not None @@ -700,6 +711,7 @@ class AsyncClientEncryption(Generic[_DocumentType]): creation. :class:`~pymongo.errors.EncryptionError` will be raised if the collection already exists. + :param database: the database to create the collection :param name: the name of the collection to create :param encrypted_fields: Document that describes the encrypted fields for Queryable Encryption. The "keyId" may be set to ``None`` to auto-generate the data keys. For example: diff --git a/pymongo/encryption_options.py b/pymongo/encryption_options.py index 26dfbf5f0..a1c40dc7b 100644 --- a/pymongo/encryption_options.py +++ b/pymongo/encryption_options.py @@ -57,6 +57,7 @@ class AutoEncryptionOpts: crypt_shared_lib_required: bool = False, bypass_query_analysis: bool = False, encrypted_fields_map: Optional[Mapping[str, Any]] = None, + key_expiration_ms: Optional[int] = None, ) -> None: """Options to configure automatic client-side field level encryption. @@ -191,9 +192,14 @@ class AutoEncryptionOpts: ] } } + :param key_expiration_ms: The cache expiration time for data encryption keys. + Defaults to ``None`` which defers to libmongocrypt's default which is currently 60000. + Set to 0 to disable key expiration. + .. versionchanged:: 4.12 + Added the `key_expiration_ms` parameter. .. versionchanged:: 4.2 - Added `encrypted_fields_map` `crypt_shared_lib_path`, `crypt_shared_lib_required`, + Added the `encrypted_fields_map`, `crypt_shared_lib_path`, `crypt_shared_lib_required`, and `bypass_query_analysis` parameters. .. versionchanged:: 4.0 @@ -210,7 +216,6 @@ class AutoEncryptionOpts: if encrypted_fields_map: validate_is_mapping("encrypted_fields_map", encrypted_fields_map) self._encrypted_fields_map = encrypted_fields_map - self._bypass_query_analysis = bypass_query_analysis self._crypt_shared_lib_path = crypt_shared_lib_path self._crypt_shared_lib_required = crypt_shared_lib_required self._kms_providers = kms_providers @@ -233,6 +238,7 @@ class AutoEncryptionOpts: # Maps KMS provider name to a SSLContext. self._kms_ssl_contexts = _parse_kms_tls_options(kms_tls_options) self._bypass_query_analysis = bypass_query_analysis + self._key_expiration_ms = key_expiration_ms class RangeOpts: diff --git a/pymongo/synchronous/encryption.py b/pymongo/synchronous/encryption.py index 7cbac1c50..a97534ed4 100644 --- a/pymongo/synchronous/encryption.py +++ b/pymongo/synchronous/encryption.py @@ -442,6 +442,7 @@ class _Encrypter: bypass_encryption=opts._bypass_auto_encryption, encrypted_fields_map=encrypted_fields_map, bypass_query_analysis=opts._bypass_query_analysis, + key_expiration_ms=opts._key_expiration_ms, ), ) self._closed = False @@ -544,11 +545,10 @@ class QueryType(str, enum.Enum): def _create_mongocrypt_options(**kwargs: Any) -> MongoCryptOptions: - opts = MongoCryptOptions(**kwargs) - # Opt into range V2 encryption. - if hasattr(opts, "enable_range_v2"): - opts.enable_range_v2 = True - return opts + # For compat with pymongocrypt <1.13, avoid setting the default key_expiration_ms. + if kwargs.get("key_expiration_ms") is None: + kwargs.pop("key_expiration_ms", None) + return MongoCryptOptions(**kwargs) class ClientEncryption(Generic[_DocumentType]): @@ -561,6 +561,7 @@ class ClientEncryption(Generic[_DocumentType]): key_vault_client: MongoClient[_DocumentTypeArg], codec_options: CodecOptions[_DocumentTypeArg], kms_tls_options: Optional[Mapping[str, Any]] = None, + key_expiration_ms: Optional[int] = None, ) -> None: """Explicit client-side field level encryption. @@ -627,7 +628,12 @@ class ClientEncryption(Generic[_DocumentType]): Or to supply a client certificate:: kms_tls_options={'kmip': {'tlsCertificateKeyFile': 'client.pem'}} + :param key_expiration_ms: The cache expiration time for data encryption keys. + Defaults to ``None`` which defers to libmongocrypt's default which is currently 60000. + Set to 0 to disable key expiration. + .. versionchanged:: 4.12 + Added the `key_expiration_ms` parameter. .. versionchanged:: 4.0 Added the `kms_tls_options` parameter and the "kmip" KMS provider. @@ -659,14 +665,19 @@ class ClientEncryption(Generic[_DocumentType]): key_vault_coll = key_vault_client[db][coll] opts = AutoEncryptionOpts( - kms_providers, key_vault_namespace, kms_tls_options=kms_tls_options + kms_providers, + key_vault_namespace, + kms_tls_options=kms_tls_options, + key_expiration_ms=key_expiration_ms, ) self._io_callbacks: Optional[_EncryptionIO] = _EncryptionIO( None, key_vault_coll, None, opts ) self._encryption = ExplicitEncrypter( self._io_callbacks, - _create_mongocrypt_options(kms_providers=kms_providers, schema_map=None), + _create_mongocrypt_options( + kms_providers=kms_providers, schema_map=None, key_expiration_ms=key_expiration_ms + ), ) # Use the same key vault collection as the callback. assert self._io_callbacks.key_vault_coll is not None @@ -693,6 +704,7 @@ class ClientEncryption(Generic[_DocumentType]): creation. :class:`~pymongo.errors.EncryptionError` will be raised if the collection already exists. + :param database: the database to create the collection :param name: the name of the collection to create :param encrypted_fields: Document that describes the encrypted fields for Queryable Encryption. The "keyId" may be set to ``None`` to auto-generate the data keys. For example: diff --git a/test/asynchronous/unified_format.py b/test/asynchronous/unified_format.py index d4c3d40d2..ce0b9979e 100644 --- a/test/asynchronous/unified_format.py +++ b/test/asynchronous/unified_format.py @@ -378,6 +378,7 @@ class EntityMapUtil: opts["key_vault_client"], DEFAULT_CODEC_OPTIONS, opts.get("kms_tls_options", kms_tls_options), + opts.get("key_expiration_ms"), ) return elif entity_type == "thread": @@ -439,7 +440,7 @@ class UnifiedSpecTestMixinV1(AsyncIntegrationTest): a class attribute ``TEST_SPEC``. """ - SCHEMA_VERSION = Version.from_string("1.21") + SCHEMA_VERSION = Version.from_string("1.22") RUN_ON_LOAD_BALANCER = True RUN_ON_SERVERLESS = True TEST_SPEC: Any diff --git a/test/asynchronous/utils_spec_runner.py b/test/asynchronous/utils_spec_runner.py index 7530ba36a..f1c6deb69 100644 --- a/test/asynchronous/utils_spec_runner.py +++ b/test/asynchronous/utils_spec_runner.py @@ -18,6 +18,7 @@ from __future__ import annotations import asyncio import functools import os +import time import unittest from asyncio import iscoroutinefunction from collections import abc @@ -314,6 +315,10 @@ class AsyncSpecRunner(AsyncIntegrationTest): coll = self.client[database][collection] self.assertNotIn(index, [doc["name"] async for doc in await coll.list_indexes()]) + async def wait(self, ms): + """Run the "wait" test operation.""" + await asyncio.sleep(ms / 1000.0) + def assertErrorLabelsContain(self, exc, expected_labels): labels = [l for l in expected_labels if exc.has_error_label(l)] self.assertEqual(labels, expected_labels) diff --git a/test/client-side-encryption/spec/legacy/fle2v2-Rangev2-Compact.json b/test/client-side-encryption/spec/legacy/fle2v2-Rangev2-Compact.json index bba9f2553..59241927c 100644 --- a/test/client-side-encryption/spec/legacy/fle2v2-Rangev2-Compact.json +++ b/test/client-side-encryption/spec/legacy/fle2v2-Rangev2-Compact.json @@ -6,8 +6,7 @@ "replicaset", "sharded", "load-balanced" - ], - "serverless": "forbid" + ] } ], "database_name": "default", diff --git a/test/client-side-encryption/spec/legacy/keyCache.json b/test/client-side-encryption/spec/legacy/keyCache.json new file mode 100644 index 000000000..912ce8002 --- /dev/null +++ b/test/client-side-encryption/spec/legacy/keyCache.json @@ -0,0 +1,270 @@ +{ + "runOn": [ + { + "minServerVersion": "4.1.10" + } + ], + "database_name": "default", + "collection_name": "default", + "data": [], + "json_schema": { + "properties": { + "encrypted_w_altname": { + "encrypt": { + "keyId": "/altname", + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" + } + }, + "encrypted_string": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" + } + }, + "random": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" + } + }, + "encrypted_string_equivalent": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" + } + } + }, + "bsonType": "object" + }, + "key_vault_data": [ + { + "status": 1, + "_id": { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + }, + "masterKey": { + "provider": "aws", + "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", + "region": "us-east-1" + }, + "updateDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "keyMaterial": { + "$binary": { + "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO", + "subType": "00" + } + }, + "creationDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "keyAltNames": [ + "altname", + "another_altname" + ] + } + ], + "tests": [ + { + "description": "Insert with deterministic encryption, then find it", + "clientOptions": { + "autoEncryptOpts": { + "kmsProviders": { + "aws": {} + }, + "keyExpirationMS": 1 + } + }, + "operations": [ + { + "name": "insertOne", + "arguments": { + "document": { + "_id": 1, + "encrypted_string": "string0" + } + } + }, + { + "name": "wait", + "object": "testRunner", + "arguments": { + "ms": 50 + } + }, + { + "name": "find", + "arguments": { + "filter": { + "_id": 1 + } + }, + "result": [ + { + "_id": 1, + "encrypted_string": "string0" + } + ] + } + ], + "expectations": [ + { + "command_started_event": { + "command": { + "listCollections": 1, + "filter": { + "name": "default" + } + }, + "command_name": "listCollections" + } + }, + { + "command_started_event": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ] + } + }, + { + "keyAltNames": { + "$in": [] + } + } + ] + }, + "$db": "keyvault", + "readConcern": { + "level": "majority" + } + }, + "command_name": "find" + } + }, + { + "command_started_event": { + "command": { + "insert": "default", + "documents": [ + { + "_id": 1, + "encrypted_string": { + "$binary": { + "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", + "subType": "06" + } + } + } + ], + "ordered": true + }, + "command_name": "insert" + } + }, + { + "command_started_event": { + "command": { + "find": "default", + "filter": { + "_id": 1 + } + }, + "command_name": "find" + } + }, + { + "command_started_event": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ] + } + }, + { + "keyAltNames": { + "$in": [] + } + } + ] + }, + "$db": "keyvault", + "readConcern": { + "level": "majority" + } + }, + "command_name": "find" + } + } + ], + "outcome": { + "collection": { + "data": [ + { + "_id": 1, + "encrypted_string": { + "$binary": { + "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", + "subType": "06" + } + } + } + ] + } + } + } + ] +} diff --git a/test/client-side-encryption/spec/legacy/timeoutMS.json b/test/client-side-encryption/spec/legacy/timeoutMS.json index 841130622..b667767cf 100644 --- a/test/client-side-encryption/spec/legacy/timeoutMS.json +++ b/test/client-side-encryption/spec/legacy/timeoutMS.json @@ -110,7 +110,7 @@ "listCollections" ], "blockConnection": true, - "blockTimeMS": 600 + "blockTimeMS": 60 } }, "clientOptions": { @@ -119,7 +119,7 @@ "aws": {} } }, - "timeoutMS": 500 + "timeoutMS": 50 }, "operations": [ { diff --git a/test/client-side-encryption/spec/unified/keyCache.json b/test/client-side-encryption/spec/unified/keyCache.json new file mode 100644 index 000000000..a39701e28 --- /dev/null +++ b/test/client-side-encryption/spec/unified/keyCache.json @@ -0,0 +1,198 @@ +{ + "description": "keyCache-explicit", + "schemaVersion": "1.22", + "runOnRequirements": [ + { + "csfle": true + } + ], + "createEntities": [ + { + "client": { + "id": "client0", + "observeEvents": [ + "commandStartedEvent" + ] + } + }, + { + "clientEncryption": { + "id": "clientEncryption0", + "clientEncryptionOpts": { + "keyVaultClient": "client0", + "keyVaultNamespace": "keyvault.datakeys", + "kmsProviders": { + "local": { + "key": "OCTP9uKPPmvuqpHlqq83gPk4U6rUPxKVRRyVtrjFmVjdoa4Xzm1SzUbr7aIhNI42czkUBmrCtZKF31eaaJnxEBkqf0RFukA9Mo3NEHQWgAQ2cn9duOcRbaFUQo2z0/rB" + } + }, + "keyExpirationMS": 1 + } + } + }, + { + "database": { + "id": "database0", + "client": "client0", + "databaseName": "keyvault" + } + }, + { + "collection": { + "id": "collection0", + "database": "database0", + "collectionName": "datakeys" + } + } + ], + "initialData": [ + { + "databaseName": "keyvault", + "collectionName": "datakeys", + "documents": [ + { + "_id": { + "$binary": { + "base64": "a+YWzdygTAG62/cNUkqZiQ==", + "subType": "04" + } + }, + "keyAltNames": [], + "keyMaterial": { + "$binary": { + "base64": "iocBkhO3YBokiJ+FtxDTS71/qKXQ7tSWhWbcnFTXBcMjarsepvALeJ5li+SdUd9ePuatjidxAdMo7vh1V2ZESLMkQWdpPJ9PaJjA67gKQKbbbB4Ik5F2uKjULvrMBnFNVRMup4JNUwWFQJpqbfMveXnUVcD06+pUpAkml/f+DSXrV3e5rxciiNVtz03dAG8wJrsKsFXWj6vTjFhsfknyBA==", + "subType": "00" + } + }, + "creationDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "updateDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "status": { + "$numberInt": "0" + }, + "masterKey": { + "provider": "local" + } + } + ] + } + ], + "tests": [ + { + "description": "decrypt, wait, and decrypt again", + "operations": [ + { + "name": "decrypt", + "object": "clientEncryption0", + "arguments": { + "value": { + "$binary": { + "base64": "AWvmFs3coEwButv3DVJKmYkCJ6lUzRX9R28WNlw5uyndb+8gurA+p8q14s7GZ04K2ZvghieRlAr5UwZbow3PMq27u5EIhDDczwBFcbdP1amllw==", + "subType": "06" + } + } + }, + "expectResult": "foobar" + }, + { + "name": "wait", + "object": "testRunner", + "arguments": { + "ms": 50 + } + }, + { + "name": "decrypt", + "object": "clientEncryption0", + "arguments": { + "value": { + "$binary": { + "base64": "AWvmFs3coEwButv3DVJKmYkCJ6lUzRX9R28WNlw5uyndb+8gurA+p8q14s7GZ04K2ZvghieRlAr5UwZbow3PMq27u5EIhDDczwBFcbdP1amllw==", + "subType": "06" + } + } + }, + "expectResult": "foobar" + } + ], + "expectEvents": [ + { + "client": "client0", + "events": [ + { + "commandStartedEvent": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [ + { + "$binary": { + "base64": "a+YWzdygTAG62/cNUkqZiQ==", + "subType": "04" + } + } + ] + } + }, + { + "keyAltNames": { + "$in": [] + } + } + ] + }, + "$db": "keyvault", + "readConcern": { + "level": "majority" + } + } + } + }, + { + "commandStartedEvent": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [ + { + "$binary": { + "base64": "a+YWzdygTAG62/cNUkqZiQ==", + "subType": "04" + } + } + ] + } + }, + { + "keyAltNames": { + "$in": [] + } + } + ] + }, + "$db": "keyvault", + "readConcern": { + "level": "majority" + } + } + } + } + ] + } + ] + } + ] +} diff --git a/test/unified_format.py b/test/unified_format.py index 293fbd97c..682a6105f 100644 --- a/test/unified_format.py +++ b/test/unified_format.py @@ -377,6 +377,7 @@ class EntityMapUtil: opts["key_vault_client"], DEFAULT_CODEC_OPTIONS, opts.get("kms_tls_options", kms_tls_options), + opts.get("key_expiration_ms"), ) return elif entity_type == "thread": @@ -438,7 +439,7 @@ class UnifiedSpecTestMixinV1(IntegrationTest): a class attribute ``TEST_SPEC``. """ - SCHEMA_VERSION = Version.from_string("1.21") + SCHEMA_VERSION = Version.from_string("1.22") RUN_ON_LOAD_BALANCER = True RUN_ON_SERVERLESS = True TEST_SPEC: Any diff --git a/test/utils_spec_runner.py b/test/utils_spec_runner.py index ac4031e82..fe0ba6eb4 100644 --- a/test/utils_spec_runner.py +++ b/test/utils_spec_runner.py @@ -18,6 +18,7 @@ from __future__ import annotations import asyncio import functools import os +import time import unittest from asyncio import iscoroutinefunction from collections import abc @@ -314,6 +315,10 @@ class SpecRunner(IntegrationTest): coll = self.client[database][collection] self.assertNotIn(index, [doc["name"] for doc in coll.list_indexes()]) + def wait(self, ms): + """Run the "wait" test operation.""" + time.sleep(ms / 1000.0) + def assertErrorLabelsContain(self, exc, expected_labels): labels = [l for l in expected_labels if exc.has_error_label(l)] self.assertEqual(labels, expected_labels) diff --git a/uv.lock b/uv.lock index a2e951e76..8b5d592dc 100644 --- a/uv.lock +++ b/uv.lock @@ -1133,7 +1133,7 @@ wheels = [ [[package]] name = "pymongocrypt" version = "1.13.0.dev0" -source = { git = "https://github.com/mongodb/libmongocrypt?subdirectory=bindings%2Fpython&rev=master#90476d5db7737bab2ce1c198df5671a12dbaae1a" } +source = { git = "https://github.com/mongodb/libmongocrypt?subdirectory=bindings%2Fpython&rev=master#1e96c283162aa7789cf01f99f211e0ace8e6d49f" } dependencies = [ { name = "cffi" }, { name = "cryptography" },