diff --git a/.evergreen/config.yml b/.evergreen/config.yml index c12d4167b7..721de7cc61 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -450,8 +450,8 @@ functions: export LIBMONGOCRYPT_URL="${libmongocrypt_url}" export TEST_ENCRYPTION=1 fi - if [ -n "${test_csfle}" ]; then - export TEST_CSFLE=1 + if [ -n "${test_crypt_shared}" ]; then + export TEST_CRYPT_SHARED=1 fi if [ -n "${test_pyopenssl}" ]; then export TEST_PYOPENSSL=1 @@ -2163,15 +2163,14 @@ axes: variables: test_encryption: true batchtime: 10080 # 7 days - - id: "encryption_with_csfle" - display_name: "Encryption with CSFLE" - tags: ["encryption_tag", "csfle"] + - id: "encryption_crypt_shared" + display_name: "Encryption shared lib" + tags: ["encryption_tag"] variables: test_encryption: true - test_csfle: true + test_crypt_shared: true batchtime: 10080 # 7 days - # Run pyopenssl tests? - id: pyopenssl display_name: "PyOpenSSL" @@ -2306,7 +2305,7 @@ buildvariants: platform: "*" auth: "*" ssl: "*" - encryption: [ "encryption_with_csfle" ] + encryption: [ "encryption_crypt_shared" ] then: remove_tasks: - ".5.0" @@ -2400,7 +2399,7 @@ buildvariants: platform: "*" python-version: "*" auth-ssl: "*" - encryption: [ "encryption_with_csfle" ] + encryption: [ "encryption_crypt_shared" ] then: remove_tasks: - ".5.0" @@ -2509,7 +2508,7 @@ buildvariants: platform: "*" python-version-windows: "*" auth-ssl: "*" - encryption: [ "encryption_with_csfle" ] + encryption: [ "encryption_crypt_shared" ] then: remove_tasks: - ".5.0" diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 96f42fa517..5f5bda7dc1 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -11,7 +11,7 @@ set -o errexit # Exit the script with error if any of the commands fail # COVERAGE If non-empty, run the test suite with coverage. # TEST_ENCRYPTION If non-empty, install pymongocrypt. # LIBMONGOCRYPT_URL The URL to download libmongocrypt. -# TEST_CSFLE If non-empty, install CSFLE +# TEST_CRYPT_SHARED If non-empty, install crypt_shared lib. if [ -n "${SET_XTRACE_ON}" ]; then set -o xtrace @@ -28,9 +28,10 @@ COVERAGE=${COVERAGE:-} COMPRESSORS=${COMPRESSORS:-} MONGODB_API_VERSION=${MONGODB_API_VERSION:-} TEST_ENCRYPTION=${TEST_ENCRYPTION:-} -TEST_CSFLE=${TEST_CSFLE:-} +TEST_CRYPT_SHARED=${TEST_CRYPT_SHARED:-} LIBMONGOCRYPT_URL=${LIBMONGOCRYPT_URL:-} DATA_LAKE=${DATA_LAKE:-} +TEST_ARGS="" if [ -n "$COMPRESSORS" ]; then export COMPRESSORS=$COMPRESSORS @@ -148,23 +149,23 @@ if [ -n "$TEST_ENCRYPTION" ]; then # Get access to the AWS temporary credentials: # CSFLE_AWS_TEMP_ACCESS_KEY_ID, CSFLE_AWS_TEMP_SECRET_ACCESS_KEY, CSFLE_AWS_TEMP_SESSION_TOKEN . $DRIVERS_TOOLS/.evergreen/csfle/set-temp-creds.sh + + if [ -n "$TEST_CRYPT_SHARED" ]; then + echo "Testing CSFLE with crypt_shared lib" + $PYTHON $DRIVERS_TOOLS/.evergreen/mongodl.py --component crypt_shared \ + --version latest --out ../crypt_shared/ + export DYLD_FALLBACK_LIBRARY_PATH=../crypt_shared/lib/:$DYLD_FALLBACK_LIBRARY_PATH + export LD_LIBRARY_PATH=../crypt_shared/lib:$LD_LIBRARY_PATH + export PATH=../crypt_shared/bin:$PATH + fi + # Only run the encryption tests. + TEST_ARGS="-s test.test_encryption" fi -if [ -z "$DATA_LAKE" ]; then - TEST_ARGS="" -else +if [ -n "$DATA_LAKE" ]; then TEST_ARGS="-s test.test_data_lake" fi -if [ -z $TEST_CSFLE ]; then - echo "CSFLE not being tested" -else - $PYTHON $DRIVERS_TOOLS/.evergreen/mongodl.py --component csfle \ - --version latest --out ../csfle/ - export DYLD_FALLBACK_LIBRARY_PATH=../csfle/lib/:$DYLD_FALLBACK_LIBRARY_PATH - export LD_LIBRARY_PATH=../csfle/lib:$LD_LIBRARY_PATH - export PATH=../csfle/bin:$PATH - TEST_ARGS="-s test.test_encryption" -fi + # Don't download unittest-xml-reporting from pypi, which often fails. if $PYTHON -c "import xmlrunner"; then # The xunit output dir must be a Python style absolute path. diff --git a/pymongo/encryption.py b/pymongo/encryption.py index 1a29131890..40f7d20f23 100644 --- a/pymongo/encryption.py +++ b/pymongo/encryption.py @@ -300,8 +300,8 @@ def _get_internal_client(encrypter, mongo_client): MongoCryptOptions( opts._kms_providers, schema_map, - csfle_path=opts._csfle_path, - csfle_required=opts._csfle_required, + crypt_shared_lib_path=opts._crypt_shared_lib_path, + crypt_shared_lib_required=opts._crypt_shared_lib_required, bypass_encryption=opts._bypass_auto_encryption, ), ) diff --git a/pymongo/encryption_options.py b/pymongo/encryption_options.py index 0ce828ae4c..cdb77c9707 100644 --- a/pymongo/encryption_options.py +++ b/pymongo/encryption_options.py @@ -45,8 +45,8 @@ def __init__( mongocryptd_spawn_path: str = "mongocryptd", mongocryptd_spawn_args: Optional[List[str]] = None, kms_tls_options: Optional[Mapping[str, Any]] = None, - csfle_path: Optional[str] = None, - csfle_required: bool = False, + crypt_shared_lib_path: Optional[str] = None, + crypt_shared_lib_required: bool = False, ) -> None: """Options to configure automatic client-side field level encryption. @@ -142,12 +142,12 @@ def __init__( Or to supply a client certificate:: kms_tls_options={'kmip': {'tlsCertificateKeyFile': 'client.pem'}} - - `csfle_path` (optional): Override the path to load the CSFLE library. - - `csfle_required` (optional): If 'true', refuse to continue encryption without a CSFLE - library + - `crypt_shared_lib_path` (optional): Override the path to load the crypt_shared library. + - `crypt_shared_lib_required` (optional): If True, raise an error if libmongocrypt is + unable to load the crypt_shared library. .. versionchanged:: 4.2 - Added `csfle_path` and `csfle_required` parameters + Added `crypt_shared_lib_path` and `crypt_shared_lib_required` parameters .. versionchanged:: 4.0 Added the `kms_tls_options` parameter and the "kmip" KMS provider. @@ -160,8 +160,8 @@ def __init__( "install a compatible version with: " "python -m pip install 'pymongo[encryption]'" ) - self._csfle_path = csfle_path - self._csfle_required = csfle_required + self._crypt_shared_lib_path = crypt_shared_lib_path + self._crypt_shared_lib_required = crypt_shared_lib_required self._kms_providers = kms_providers self._key_vault_namespace = key_vault_namespace self._key_vault_client = key_vault_client diff --git a/test/test_encryption.py b/test/test_encryption.py index fc9d4eec3b..500c95af04 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -83,12 +83,12 @@ def get_client_opts(client): class TestAutoEncryptionOpts(PyMongoTestCase): @unittest.skipUnless(_HAVE_PYMONGOCRYPT, "pymongocrypt is not installed") - @unittest.skipUnless(os.environ.get("TEST_CSFLE"), "csfle is not installed") - def test_csfle(self): - # Test that we can pick up csfle automatically + @unittest.skipUnless(os.environ.get("TEST_CRYPT_SHARED"), "crypt_shared lib is not installed") + def test_crypt_shared(self): + # Test that we can pick up crypt_shared lib automatically client = MongoClient( auto_encryption_opts=AutoEncryptionOpts( - KMS_PROVIDERS, "keyvault.datakeys", csfle_required=True + KMS_PROVIDERS, "keyvault.datakeys", crypt_shared_lib_required=True ), connect=False, ) @@ -1762,8 +1762,9 @@ def test_case_8(self): # https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.rst#bypass-spawning-mongocryptd class TestBypassSpawningMongocryptdProse(EncryptionIntegrationTest): @unittest.skipIf( - os.environ.get("TEST_CSFLE"), - "this prose test does not work when CSFLE is on a system dynamic library search path.", + os.environ.get("TEST_CRYPT_SHARED"), + "this prose test does not work when crypt_shared is on a system dynamic " + "library search path.", ) def test_mongocryptd_bypass_spawn(self): # Lower the mongocryptd timeout to reduce the test run time.