From f2fe21cca8f594fe27fa255c1587e31f0f8e23f0 Mon Sep 17 00:00:00 2001 From: Iris Ho Date: Mon, 30 Mar 2026 11:34:19 -0700 Subject: [PATCH] add patch for PYTHON-5759 --- .evergreen/spec-patch/PYTHON-5759.patch | 460 ++++++++++++++++++ ...s-kmsProviders-azure-accessToken-type.json | 31 -- ...pts-kmsProviders-gcp-accessToken-type.json | 31 -- 3 files changed, 460 insertions(+), 62 deletions(-) create mode 100644 .evergreen/spec-patch/PYTHON-5759.patch delete mode 100644 test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-azure-accessToken-type.json delete mode 100644 test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-gcp-accessToken-type.json diff --git a/.evergreen/spec-patch/PYTHON-5759.patch b/.evergreen/spec-patch/PYTHON-5759.patch new file mode 100644 index 000000000..3b19ed065 --- /dev/null +++ b/.evergreen/spec-patch/PYTHON-5759.patch @@ -0,0 +1,460 @@ +diff --git a/test/client-side-encryption/spec/unified/accessToken-azure.json b/test/client-side-encryption/spec/unified/accessToken-azure.json +new file mode 100644 +index 00000000..510d8795 +--- /dev/null ++++ b/test/client-side-encryption/spec/unified/accessToken-azure.json +@@ -0,0 +1,186 @@ ++{ ++ "description": "accessToken-azure", ++ "schemaVersion": "1.28", ++ "runOnRequirements": [ ++ { ++ "minServerVersion": "4.1.10", ++ "csfle": { ++ "minLibmongocryptVersion": "1.6.0" ++ } ++ } ++ ], ++ "createEntities": [ ++ { ++ "client": { ++ "id": "client", ++ "autoEncryptOpts": { ++ "keyVaultNamespace": "keyvault.datakeys", ++ "kmsProviders": { ++ "azure": { ++ "accessToken": { ++ "$$placeholder": 1 ++ } ++ } ++ } ++ } ++ } ++ }, ++ { ++ "database": { ++ "id": "db", ++ "client": "client", ++ "databaseName": "db" ++ } ++ }, ++ { ++ "collection": { ++ "id": "coll", ++ "database": "db", ++ "collectionName": "coll" ++ } ++ }, ++ { ++ "clientEncryption": { ++ "id": "clientEncryption", ++ "clientEncryptionOpts": { ++ "keyVaultClient": "client", ++ "keyVaultNamespace": "keyvault.datakeys", ++ "kmsProviders": { ++ "azure": { ++ "accessToken": { ++ "$$placeholder": 1 ++ } ++ } ++ } ++ } ++ } ++ } ++ ], ++ "initialData": [ ++ { ++ "databaseName": "db", ++ "collectionName": "coll", ++ "documents": [], ++ "createOptions": { ++ "validator": { ++ "$jsonSchema": { ++ "properties": { ++ "secret": { ++ "encrypt": { ++ "keyId": [ ++ { ++ "$binary": { ++ "base64": "AZURE+AAAAAAAAAAAAAAAA==", ++ "subType": "04" ++ } ++ } ++ ], ++ "bsonType": "string", ++ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" ++ } ++ } ++ }, ++ "bsonType": "object" ++ } ++ } ++ } ++ }, ++ { ++ "databaseName": "keyvault", ++ "collectionName": "datakeys", ++ "documents": [ ++ { ++ "_id": { ++ "$binary": { ++ "base64": "AZURE+AAAAAAAAAAAAAAAA==", ++ "subType": "04" ++ } ++ }, ++ "keyAltNames": [ ++ "my-key" ++ ], ++ "keyMaterial": { ++ "$binary": { ++ "base64": "n+HWZ0ZSVOYA3cvQgP7inN4JSXfOH85IngmeQxRpQHjCCcqT3IFqEWNlrsVHiz3AELimHhX4HKqOLWMUeSIT6emUDDoQX9BAv8DR1+E1w4nGs/NyEneac78EYFkK3JysrFDOgl2ypCCTKAypkn9CkAx1if4cfgQE93LW4kczcyHdGiH36CIxrCDGv1UzAvERN5Qa47DVwsM6a+hWsF2AAAJVnF0wYLLJU07TuRHdMrrphPWXZsFgyV+lRqJ7DDpReKNO8nMPLV/mHqHBHGPGQiRdb9NoJo8CvokGz4+KE8oLwzKf6V24dtwZmRkrsDV4iOhvROAzz+Euo1ypSkL3mw==", ++ "subType": "00" ++ } ++ }, ++ "creationDate": { ++ "$date": { ++ "$numberLong": "1552949630483" ++ } ++ }, ++ "updateDate": { ++ "$date": { ++ "$numberLong": "1552949630483" ++ } ++ }, ++ "status": { ++ "$numberInt": "0" ++ }, ++ "masterKey": { ++ "provider": "azure", ++ "keyVaultEndpoint": "key-vault-csfle.vault.azure.net", ++ "keyName": "key-name-csfle" ++ } ++ } ++ ] ++ } ++ ], ++ "tests": [ ++ { ++ "description": "Auto encrypt using access token Azure credentials", ++ "operations": [ ++ { ++ "name": "insertOne", ++ "arguments": { ++ "document": { ++ "_id": 1, ++ "secret": "string0" ++ } ++ }, ++ "object": "coll" ++ } ++ ], ++ "outcome": [ ++ { ++ "documents": [ ++ { ++ "_id": 1, ++ "secret": { ++ "$binary": { ++ "base64": "AQGVERPgAAAAAAAAAAAAAAAC5DbBSwPwfSlBrDtRuglvNvCXD1KzDuCKY2P+4bRFtHDjpTOE2XuytPAUaAbXf1orsPq59PVZmsbTZbt2CB8qaQ==", ++ "subType": "06" ++ } ++ } ++ } ++ ], ++ "collectionName": "coll", ++ "databaseName": "db" ++ } ++ ] ++ }, ++ { ++ "description": "Explicit encrypt using access token Azure credentials", ++ "operations": [ ++ { ++ "name": "encrypt", ++ "object": "clientEncryption", ++ "arguments": { ++ "value": "string0", ++ "opts": { ++ "keyAltName": "my-key", ++ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" ++ } ++ }, ++ "expectResult": { ++ "$binary": { ++ "base64": "AQGVERPgAAAAAAAAAAAAAAAC5DbBSwPwfSlBrDtRuglvNvCXD1KzDuCKY2P+4bRFtHDjpTOE2XuytPAUaAbXf1orsPq59PVZmsbTZbt2CB8qaQ==", ++ "subType": "06" ++ } ++ } ++ } ++ ] ++ } ++ ] ++} +diff --git a/test/client-side-encryption/spec/unified/accessToken-gcp.json b/test/client-side-encryption/spec/unified/accessToken-gcp.json +new file mode 100644 +index 00000000..f5cf8914 +--- /dev/null ++++ b/test/client-side-encryption/spec/unified/accessToken-gcp.json +@@ -0,0 +1,188 @@ ++{ ++ "description": "accessToken-gcp", ++ "schemaVersion": "1.28", ++ "runOnRequirements": [ ++ { ++ "minServerVersion": "4.1.10", ++ "csfle": { ++ "minLibmongocryptVersion": "1.6.0" ++ } ++ } ++ ], ++ "createEntities": [ ++ { ++ "client": { ++ "id": "client", ++ "autoEncryptOpts": { ++ "keyVaultNamespace": "keyvault.datakeys", ++ "kmsProviders": { ++ "gcp": { ++ "accessToken": { ++ "$$placeholder": 1 ++ } ++ } ++ } ++ } ++ } ++ }, ++ { ++ "database": { ++ "id": "db", ++ "client": "client", ++ "databaseName": "db" ++ } ++ }, ++ { ++ "collection": { ++ "id": "coll", ++ "database": "db", ++ "collectionName": "coll" ++ } ++ }, ++ { ++ "clientEncryption": { ++ "id": "clientEncryption", ++ "clientEncryptionOpts": { ++ "keyVaultClient": "client", ++ "keyVaultNamespace": "keyvault.datakeys", ++ "kmsProviders": { ++ "gcp": { ++ "accessToken": { ++ "$$placeholder": 1 ++ } ++ } ++ } ++ } ++ } ++ } ++ ], ++ "initialData": [ ++ { ++ "databaseName": "db", ++ "collectionName": "coll", ++ "documents": [], ++ "createOptions": { ++ "validator": { ++ "$jsonSchema": { ++ "properties": { ++ "secret": { ++ "encrypt": { ++ "keyId": [ ++ { ++ "$binary": { ++ "base64": "GCP+AAAAAAAAAAAAAAAAAA==", ++ "subType": "04" ++ } ++ } ++ ], ++ "bsonType": "string", ++ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" ++ } ++ } ++ }, ++ "bsonType": "object" ++ } ++ } ++ } ++ }, ++ { ++ "databaseName": "keyvault", ++ "collectionName": "datakeys", ++ "documents": [ ++ { ++ "_id": { ++ "$binary": { ++ "base64": "GCP+AAAAAAAAAAAAAAAAAA==", ++ "subType": "04" ++ } ++ }, ++ "keyAltNames": [ ++ "my-key" ++ ], ++ "keyMaterial": { ++ "$binary": { ++ "base64": "CiQAIgLj0WyktnB4dfYHo5SLZ41K4ASQrjJUaSzl5vvVH0G12G0SiQEAjlV8XPlbnHDEDFbdTO4QIe8ER2/172U1ouLazG0ysDtFFIlSvWX5ZnZUrRMmp/R2aJkzLXEt/zf8Mn4Lfm+itnjgo5R9K4pmPNvvPKNZX5C16lrPT+aA+rd+zXFSmlMg3i5jnxvTdLHhg3G7Q/Uv1ZIJskKt95bzLoe0tUVzRWMYXLIEcohnQg==", ++ "subType": "00" ++ } ++ }, ++ "creationDate": { ++ "$date": { ++ "$numberLong": "1552949630483" ++ } ++ }, ++ "updateDate": { ++ "$date": { ++ "$numberLong": "1552949630483" ++ } ++ }, ++ "status": { ++ "$numberInt": "0" ++ }, ++ "masterKey": { ++ "provider": "gcp", ++ "projectId": "devprod-drivers", ++ "location": "global", ++ "keyRing": "key-ring-csfle", ++ "keyName": "key-name-csfle" ++ } ++ } ++ ] ++ } ++ ], ++ "tests": [ ++ { ++ "description": "Auto encrypt using access token GCP credentials", ++ "operations": [ ++ { ++ "name": "insertOne", ++ "arguments": { ++ "document": { ++ "_id": 1, ++ "secret": "string0" ++ } ++ }, ++ "object": "coll" ++ } ++ ], ++ "outcome": [ ++ { ++ "documents": [ ++ { ++ "_id": 1, ++ "secret": { ++ "$binary": { ++ "base64": "ARgj/gAAAAAAAAAAAAAAAAACwFd+Y5Ojw45GUXNvbcIpN9YkRdoHDHkR4kssdn0tIMKlDQOLFkWFY9X07IRlXsxPD8DcTiKnl6XINK28vhcGlg==", ++ "subType": "06" ++ } ++ } ++ } ++ ], ++ "collectionName": "coll", ++ "databaseName": "db" ++ } ++ ] ++ }, ++ { ++ "description": "Explicit encrypt using access token GCP credentials", ++ "operations": [ ++ { ++ "name": "encrypt", ++ "object": "clientEncryption", ++ "arguments": { ++ "value": "string0", ++ "opts": { ++ "keyAltName": "my-key", ++ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" ++ } ++ }, ++ "expectResult": { ++ "$binary": { ++ "base64": "ARgj/gAAAAAAAAAAAAAAAAACwFd+Y5Ojw45GUXNvbcIpN9YkRdoHDHkR4kssdn0tIMKlDQOLFkWFY9X07IRlXsxPD8DcTiKnl6XINK28vhcGlg==", ++ "subType": "06" ++ } ++ } ++ } ++ ] ++ } ++ ] ++} +diff --git a/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-azure-accessToken-type.json b/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-azure-accessToken-type.json +new file mode 100644 +index 00000000..8fe5c150 +--- /dev/null ++++ b/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-azure-accessToken-type.json +@@ -0,0 +1,31 @@ ++{ ++ "description": "clientEncryptionOpts-kmsProviders-azure-accessToken-type", ++ "schemaVersion": "1.28", ++ "createEntities": [ ++ { ++ "client": { ++ "id": "client0" ++ } ++ }, ++ { ++ "clientEncryption": { ++ "id": "clientEncryption0", ++ "clientEncryptionOpts": { ++ "keyVaultClient": "client0", ++ "keyVaultNamespace": "keyvault.datakeys", ++ "kmsProviders": { ++ "azure": { ++ "accessToken": 0 ++ } ++ } ++ } ++ } ++ } ++ ], ++ "tests": [ ++ { ++ "description": "", ++ "operations": [] ++ } ++ ] ++} +diff --git a/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-gcp-accessToken-type.json b/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-gcp-accessToken-type.json +new file mode 100644 +index 00000000..2284e26c +--- /dev/null ++++ b/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-gcp-accessToken-type.json +@@ -0,0 +1,31 @@ ++{ ++ "description": "clientEncryptionOpts-kmsProviders-gcp-accessToken-type", ++ "schemaVersion": "1.28", ++ "createEntities": [ ++ { ++ "client": { ++ "id": "client0" ++ } ++ }, ++ { ++ "clientEncryption": { ++ "id": "clientEncryption0", ++ "clientEncryptionOpts": { ++ "keyVaultClient": "client0", ++ "keyVaultNamespace": "keyvault.datakeys", ++ "kmsProviders": { ++ "gcp": { ++ "accessToken": 0 ++ } ++ } ++ } ++ } ++ } ++ ], ++ "tests": [ ++ { ++ "description": "", ++ "operations": [] ++ } ++ ] ++} diff --git a/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-azure-accessToken-type.json b/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-azure-accessToken-type.json deleted file mode 100644 index 8fe5c150a..000000000 --- a/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-azure-accessToken-type.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "description": "clientEncryptionOpts-kmsProviders-azure-accessToken-type", - "schemaVersion": "1.28", - "createEntities": [ - { - "client": { - "id": "client0" - } - }, - { - "clientEncryption": { - "id": "clientEncryption0", - "clientEncryptionOpts": { - "keyVaultClient": "client0", - "keyVaultNamespace": "keyvault.datakeys", - "kmsProviders": { - "azure": { - "accessToken": 0 - } - } - } - } - } - ], - "tests": [ - { - "description": "", - "operations": [] - } - ] -} diff --git a/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-gcp-accessToken-type.json b/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-gcp-accessToken-type.json deleted file mode 100644 index 2284e26cb..000000000 --- a/test/unified-test-format/invalid/clientEncryptionOpts-kmsProviders-gcp-accessToken-type.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "description": "clientEncryptionOpts-kmsProviders-gcp-accessToken-type", - "schemaVersion": "1.28", - "createEntities": [ - { - "client": { - "id": "client0" - } - }, - { - "clientEncryption": { - "id": "clientEncryption0", - "clientEncryptionOpts": { - "keyVaultClient": "client0", - "keyVaultNamespace": "keyvault.datakeys", - "kmsProviders": { - "gcp": { - "accessToken": 0 - } - } - } - } - } - ], - "tests": [ - { - "description": "", - "operations": [] - } - ] -}