Merge remote-tracking branch 'origin/master' into CLOUDP-235200

mongodb · Mar 19, 2024 · 28544f3 · 28544f3
2 parents 9c410e3 + 7f98a1f
commit 28544f3
Show file tree

Hide file tree

Showing 16 changed files with 34 additions and 603 deletions.
diff --git a/build/ci/evergreen.yml b/build/ci/evergreen.yml
@@ -1178,7 +1178,7 @@ buildvariants:
   - name: e2e_required
     display_name: "E2E Tests Required"
     run_on:
-      - rhel8.9-small
+      - rhel80-small
     expansions:
       <<: *go_linux_version
     tasks:

diff --git a/build/ci/release.yml b/build/ci/release.yml
@@ -264,10 +264,11 @@ tasks:
           local_files_include_filter:
             - src/github.com/mongodb/mongodb-atlas-cli/bin/*.exe
             - src/github.com/mongodb/mongodb-atlas-cli/dist/*.msi
-          remote_file: ${project}/dist/${revision}_${created_at}/
+          remote_file: ${project}/dist/${revision}_${created_at}/unsigned_
           bucket: mongodb-mongocli-build
           permissions: public-read
           content_type: ${content_type|application/octet-stream}
+          display_name: unsigned
   - name: package_goreleaser
     tags: ["packaging"]
     depends_on:

diff --git a/build/package/download-win-binaries.sh b/build/package/download-win-binaries.sh
@@ -28,10 +28,13 @@ fi
 PACKAGE_NAME="mongodb-atlas-cli_${VERSION_NAME}_windows_x86_64.msi"
 BINARY_NAME="atlas.exe"
 
+PACKAGE_URL=https://${BUCKET}.s3.amazonaws.com/${project}/dist/${revision}_${created_at}/unsigned_${PACKAGE_NAME}
+BINARY_URL=https://${BUCKET}.s3.amazonaws.com/${project}/dist/${revision}_${created_at}/unsigned_${BINARY_NAME}
+
 pushd bin
 
-echo "downloading https://${BUCKET}.s3.amazonaws.com/${project}/dist/${revision}_${created_at}/${PACKAGE_NAME} into $PWD"
-curl "https://${BUCKET}.s3.amazonaws.com/${project}/dist/${revision}_${created_at}/${PACKAGE_NAME}" --output "${PACKAGE_NAME}"
+echo "downloading $PACKAGE_URL into $PWD/$PACKAGE_NAME"
+curl "$PACKAGE_URL" --output "${PACKAGE_NAME}"
 
-echo "downloading https://${BUCKET}.s3.amazonaws.com/${project}/dist/${revision}_${created_at}/${BINARY_NAME} into $PWD"
-curl "https://${BUCKET}.s3.amazonaws.com/${project}/dist/${revision}_${created_at}/${BINARY_NAME}" --output "${BINARY_NAME}"
+echo "downloading $BINARY_URL into $PWD/$BINARY_NAME"
+curl "$BINARY_URL" --output "${BINARY_NAME}"
diff --git a/build/package/windows_notarize.sh b/build/package/windows_notarize.sh
@@ -16,7 +16,7 @@
 
 set -Eeou pipefail
 
-EXE_FILE="dist/windows_windows_amd64_v1/bin/atlas.exe"
+EXE_FILE="bin/atlas.exe"
 MSI_FILE="bin/mongodb-atlas-cli_${VERSION}_windows_x86_64.msi"
 
 if [[ -f "$EXE_FILE" && -f "$MSI_FILE" ]]; then

diff --git a/internal/cli/atlas/logs/logs.go b/internal/cli/atlas/logs/logs.go
@@ -29,11 +29,9 @@ func Builder() *cobra.Command {
 		Short:   "Download host logs for your project.",
 	}
 
-	keyProvidersCmd := decryption.KeyProvidersBuilder()
-	keyProvidersCmd.Hidden = true
 	cmd.AddCommand(
 		DownloadBuilder(),
-		keyProvidersCmd,
+		decryption.KeyProvidersBuilder(),
 		DecryptBuilder(),
 	)
 

diff --git a/internal/cli/decryption/key_providers.go b/internal/cli/decryption/key_providers.go
@@ -24,6 +24,7 @@ func KeyProvidersBuilder() *cobra.Command {
 		Use:     "keyProviders",
 		Aliases: cli.GenerateAliases("keyProviders", "keys"),
 		Short:   "Manage your key collections.",
+		Hidden:  true,
 	}
 
 	cmd.AddCommand(KeyProvidersListBuilder())

diff --git a/internal/cli/decryption/list_key_provider_test.go b/internal/cli/decryption/list_key_provider_test.go
@@ -17,12 +17,10 @@
 package decryption
 
 import (
-	"bytes"
 	"testing"
 
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/test"
-	"github.com/spf13/afero"
 )
 
 func TestListKeyProviderBuilder(t *testing.T) {
@@ -36,29 +34,3 @@ func TestListKeyProviderBuilder(t *testing.T) {
 		},
 	)
 }
-
-func TestKeyProviderListOpts_Run(t *testing.T) {
-	fileJSON := []byte(`{"ts":{"$date":{"$numberLong":"1644232049921"}},"version":"0.0","compressionMode":"zstd","keyStoreIdentifier":{"provider":"local","filename":"localKey"},"encryptedKey":{"$binary":{"base64":"+yjPCaKKE1M8fZmPGzGHkyfHYxaw34okpavsHzpd8iPVx2+JjOhXwXw5E2FdI5Rcb5JgmcPUFRPISh/7Si1R/g==","subType":"0"}},"MAC":"qE9fUsGK0EuRrrCRAQAAAAAAAAAAAAAA","auditRecordType":"header"}
-{"ts":{"$date":{"$numberLong":"1644232049922"}},"log":"1Lu4o8XVMM/Rg7GKAQAAAAEAAAAAAAAA/8tXQ36mEd90OaAOzCOSti7N5a2jr0B9ek48/uvyteG/zUJHyM16Hs3wMEhDqTQGBwGhWSHEqXh0/5Jbz6tXsYHhDTMr1BOsn1zaavZScx/CkO5+Hd8Vx+zeFPREtQTe1y+JngXSIroezeyV0/zF4YC4vpug+OZtrEQLNEgwT2bjaqUyaKDbmzCNetd2Ff/eFfMFzinbzKVgXAC7T4YmDuowqXommEXLIBiYh2u4VagwJKZRw5OGZjnvqwyVpSPgGqLxGKUoFigh3NgC6EuGi17VIs5BLRZOIw7+OfbPgQQiKzjCxCk="}
-{"ts":{"$date":{"$numberLong":"1644232049921"}},"version":"0.0","compressionMode":"zstd","keyStoreIdentifier":{"provider":"kmip","uid":"uniqueKeyID","kmipServerName":["kmipServerName"],"kmipPort":{"$numberInt":"8081"},"keyWrapMethod":"get"},"encryptedKey":{"$binary":{"base64":"+yjPCaKKE1M8fZmPGzGHkyfHYxaw34okpavsHzpd8iPVx2+JjOhXwXw5E2FdI5Rcb5JgmcPUFRPISh/7Si1R/g==","subType":"0"}},"MAC":"qE9fUsGK0EuRrrCRAQAAAAAAAAAAAAAA","auditRecordType":"header"}
-{"ts":{"$date":{"$numberLong":"1644232049922"}},"log":"1Lu4o8XVMM/Rg7GKAQAAAAEAAAAAAAAA/8tXQ36mEd90OaAOzCOSti7N5a2jr0B9ek48/uvyteG/zUJHyM16Hs3wMEhDqTQGBwGhWSHEqXh0/5Jbz6tXsYHhDTMr1BOsn1zaavZScx/CkO5+Hd8Vx+zeFPREtQTe1y+JngXSIroezeyV0/zF4YC4vpug+OZtrEQLNEgwT2bjaqUyaKDbmzCNetd2Ff/eFfMFzinbzKVgXAC7T4YmDuowqXommEXLIBiYh2u4VagwJKZRw5OGZjnvqwyVpSPgGqLxGKUoFigh3NgC6EuGi17VIs5BLRZOIw7+OfbPgQQiKzjCxCk="}`)
-
-	listOpts := &KeyProviderListOpts{
-		file: "test",
-		fs:   afero.NewMemMapFs(),
-	}
-	bufOut := new(bytes.Buffer)
-	_ = listOpts.InitOutput(bufOut, listTmpl)()
-	_ = afero.WriteFile(listOpts.fs, "test", fileJSON, 0600)
-
-	if err := listOpts.Run(); err != nil {
-		t.Fatalf("Run() unexpected error: %v", err)
-	}
-
-	expected := `local: Filename = localKey
-kmip: Unique Key ID = "uniqueKeyID" KMIP Server Name = "[kmipServerName]" KMIP Port = "8081" Key Wrap Method = "get"
-`
-	if bufOut.String() != expected {
-		t.Fatalf("Run() expected: %s got: %v", expected, bufOut.String())
-	}
-}
diff --git a/internal/decryption/audit_log_line_scanner.go b/internal/decryption/audit_log_line_scanner.go
@@ -56,12 +56,12 @@ func peekFirstByte(reader io.ReadSeeker) (byte, error) {
 	return b[0], nil
 }
 
-func readAuditLogFile(reader io.ReadSeeker) (AuditLogFormat, auditLogScanner, error) {
+func readAuditLogFile(reader io.ReadSeeker) (auditLogScanner, error) {
 	auditLogFormat := BSON
 
 	b, err := peekFirstByte(reader)
 	if err != nil {
-		return auditLogFormat, nil, err
+		return nil, err
 	}
 
 	if b == '{' {
@@ -75,7 +75,7 @@ func readAuditLogFile(reader io.ReadSeeker) (AuditLogFormat, auditLogScanner, er
 	case JSON:
 		scanner = newJSONScanner(reader)
 	}
-	return auditLogFormat, scanner, err
+	return scanner, err
 }
 
 type auditLogScanner interface {

diff --git a/internal/decryption/audit_log_line_scanner_test.go b/internal/decryption/audit_log_line_scanner_test.go
diff --git a/internal/decryption/decryption.go b/internal/decryption/decryption.go
@@ -79,7 +79,7 @@ func WithAzureOpts(tenantID, clientID, secret string) func(d *Decryption) {
 // the credentials provided by the user and the AES-GCM algorithm.
 // The decrypted audit log records are saved in the out stream.
 func (d *Decryption) Decrypt(logReader io.ReadSeeker, out io.Writer) error {
-	_, logLineScanner, err := readAuditLogFile(logReader)
+	logLineScanner, err := readAuditLogFile(logReader)
 	if err != nil {
 		return err
 	}

diff --git a/internal/decryption/encrypted_audit_log.go b/internal/decryption/encrypted_audit_log.go
@@ -32,13 +32,6 @@ type AuditRecordType string
 
 type AuditLogLineKeyStoreIdentifier struct {
 	Provider *keyproviders.KeyStoreProvider `json:"provider,omitempty"`
-	// localKey
-	Filename string `json:"filename,omitempty"`
-	// kmip
-	UID            string                         `json:"uniqueKeyID,omitempty"`
-	KMIPServerName []string                       `json:"kmipServerName,omitempty"`
-	KMIPPort       int                            `json:"kmipPort,omitempty"`
-	KeyWrapMethod  keyproviders.KMIPKeyWrapMethod `json:"keyWrapMethod,omitempty"`
 	// aws
 	Key      string `json:"key,omitempty"`
 	Region   string `json:"region,omitempty"`
@@ -76,29 +69,6 @@ func (logLine *AuditLogLine) KeyProvider(opts KeyProviderOpts) (keyproviders.Key
 	}
 
 	switch *logLine.KeyStoreIdentifier.Provider {
-	case keyproviders.LocalKey:
-		if opts.Local == nil {
-			return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)
-		}
-		return &keyproviders.LocalKeyIdentifier{
-			HeaderFilename: logLine.KeyStoreIdentifier.Filename,
-			Filename:       opts.Local.KeyFileName,
-		}, nil
-	case keyproviders.KMIP:
-		if opts.KMIP == nil {
-			return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)
-		}
-		return &keyproviders.KMIPKeyIdentifier{
-			UniqueKeyID:               logLine.KeyStoreIdentifier.UID,
-			ServerNames:               logLine.KeyStoreIdentifier.KMIPServerName,
-			ServerPort:                logLine.KeyStoreIdentifier.KMIPPort,
-			KeyWrapMethod:             logLine.KeyStoreIdentifier.KeyWrapMethod,
-			ServerCAFileName:          opts.KMIP.ServerCAFileName,
-			ClientCertificateFileName: opts.KMIP.ClientCertificateFileName,
-			ClientCertificatePassword: opts.KMIP.ClientCertificatePassword,
-			Username:                  opts.KMIP.Username,
-			Password:                  opts.KMIP.Password,
-		}, nil
 	case keyproviders.AWS:
 		if opts.AWS == nil {
 			return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)