Test and document "accessToken" form of KMS providers

XMLWordPrintableJSON

    • Needed
    • Hide

      Summary of necessary driver changes

      Commits for syncing spec/prose tests

      Context for other referenced/linked tickets

      • DRIVERS-3433 tracks migrating away from legacy test scripts. The legacy test scripts are not updated to generate access tokens.
      Show
      Summary of necessary driver changes Update the unified test runner to support schema 1.28. This schema version adds a new form to the "azure" and "gcp" KMS providers: azure: { accessToken: { $$placeholder: 1 } } gcp: { accessToken: { $$placeholder: 1 } } Access tokens are generated by drivers-evergreen-tools scripts  as CSFLE_GCP_ACCESS_TOKEN and CSFLE_AZURE_ACCESS_TOKEN . Legacy scripts are not updated. Drivers may need to migrate first. Add spec tests from https://github.com/mongodb/specifications/commit/c3c82b62971f618e16e52ce04f9e13bb28f3ccd4 . Document the accessToken form of the GCP and Azure KMS providers. Commits for syncing spec/prose tests https://github.com/mongodb-labs/drivers-evergreen-tools/pull/751  adds access token generation to test scripts. https://github.com/mongodb/specifications/pull/1914 adds the new spec tests. https://github.com/mongodb/mongo-c-driver/pull/2253 is the C driver implementation. Context for other referenced/linked tickets DRIVERS-3433 tracks migrating away from legacy test scripts. The legacy test scripts are not updated to generate access tokens.
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-6270 Fixed 2.3.0
      CXX-3436 Backlog
      CSHARP-5932 Backlog
      GODRIVER-3839 Backlog
      JAVA-6136 Backlog
      NODE-7475 Backlog
      PYTHON-5759 Backlog
      PHPLIB-1811 Needs Triage
      RUBY-3791 Backlog
      RUST-2381 Backlog
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } #scriptField td.willNotDo { background-color: #FF0000; /* Red color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-6270 Fixed 2.3.0 CXX-3436 Backlog CSHARP-5932 Backlog GODRIVER-3839 Backlog JAVA-6136 Backlog NODE-7475 Backlog PYTHON-5759 Backlog PHPLIB-1811 Needs Triage RUBY-3791 Backlog RUST-2381 Backlog

      Summary

      Test and document "accessToken" form of KMS providers.

      Background

      The specification describes two forms of the "azure" and "gcp" KMS providers options:

      type AzureKMSOptions = AzureKMSCredentials | AzureAccessToken;

interface AzureKMSCredentials {
   tenantId: string;
   clientId: string;
   clientSecret: string;
   identityPlatformEndpoint?: string; // Defaults to login.microsoftonline.com
};

interface AzureAccessToken {
   accessToken: string;
};

type GCPKMSOptions = GCPKMSCredentials | GCPKMSAccessToken

interface GCPKMSCredentials {
   email: string;
   privateKey: byte[] | string; // May be passed as a base64 encoded string.
   endpoint?: string; // Defaults to oauth2.googleapis.com
};

interface GCPKMSAccessToken {
   accessToken: string;
}

      Some driver docs do not include the "accessToken" form: C, Java, PyMongo. There are no spec/prose tests for the form either.

      Motivation

      Caused confusion in HELP-60485 and HELP-83540.

      Is this issue urgent?

      No?

            Assignee:
            Kevin Albertson
            Reporter:
            Kevin Albertson
            Kevin Albertson Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: