Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-5014

Test Failure - TestKmsTLSOptions.test_01_aws with Python 3.13

XMLWordPrintableJSON

    • Type: Icon: Build Failure Build Failure
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 4.11
    • Affects Version/s: None
    • Component/s: None
    • None
    • Python Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      TestKmsTLSOptions.test_01_aws and related tests have been failing since PYTHON-2560:

       [2024/12/09 09:18:59.742]     def test_01_aws(self):
 [2024/12/09 09:18:59.742]         key = {
 [2024/12/09 09:18:59.742]             "region": "us-east-1",
 [2024/12/09 09:18:59.742]             "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
 [2024/12/09 09:18:59.742]             "endpoint": "127.0.0.1:9002",
 [2024/12/09 09:18:59.742]         }
 [2024/12/09 09:18:59.742]         with self.assertRaisesRegex(EncryptionError, self.cert_error):
 [2024/12/09 09:18:59.742]             self.client_encryption_no_client_cert.create_data_key("aws", key)
 [2024/12/09 09:18:59.742]         # "parse error" here means that the TLS handshake succeeded.
 [2024/12/09 09:18:59.742]         with self.assertRaisesRegex(EncryptionError, "parse error"):
 [2024/12/09 09:18:59.742]             self.client_encryption_with_tls.create_data_key("aws", key)
 [2024/12/09 09:18:59.742]         # Some examples:
 [2024/12/09 09:18:59.742]         # certificate verify failed: certificate has expired (_ssl.c:1129)
 [2024/12/09 09:18:59.742]         # amazon1-2018 Python 3.6: certificate verify failed (_ssl.c:852)
 [2024/12/09 09:18:59.742]         key["endpoint"] = "127.0.0.1:9000"
 [2024/12/09 09:18:59.742]         with self.assertRaisesRegex(EncryptionError, "expired|certificate verify failed"):
 [2024/12/09 09:18:59.742]             self.client_encryption_expired.create_data_key("aws", key)
 [2024/12/09 09:18:59.742]         # Some examples:
 [2024/12/09 09:18:59.742]         # certificate verify failed: IP address mismatch, certificate is not valid for '127.0.0.1'. (_ssl.c:1129)"
 [2024/12/09 09:18:59.742]         # hostname '127.0.0.1' doesn't match 'wronghost.com'
 [2024/12/09 09:18:59.742]         # 127.0.0.1:9001: ('Certificate does not contain any `subjectAltName`s.',)
 [2024/12/09 09:18:59.742]         key["endpoint"] = "127.0.0.1:9001"
 [2024/12/09 09:18:59.742] >       with self.assertRaisesRegex(
 [2024/12/09 09:18:59.742]             EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
 [2024/12/09 09:18:59.742]         ):
 [2024/12/09 09:18:59.742] E       AssertionError: "IP address mismatch|wronghost|IPAddressMismatch|Certificate" does not match "KMS request failed after 3 retries due to a network error, last attempt failed with: 127.0.0.1:9001: SSL handshake failed: 127.0.0.1:9001: timed out (configured timeouts: socketTimeoutMS: 20000.0ms, connectTimeoutMS: 20000.0ms)"
 [2024/12/09 09:18:59.742] test/test_encryption.py:2152: AssertionError

      https://spruce.mongodb.com/task/mongo_python_driver_encryption_pyopenssl_rhel8_python3.13_test_4.4_replica_set_noauth_ssl_sync_async_ff2f95987f945fed483dcf802082ac3a173eb905_24_12_04_00_16_47/tests?execution=0&sortBy=STATUS&sortDir=ASC

      The same tests pass on Python 3.9.

      Steve suggested looking into the recent drivers-evergreen-tools ssl.wrap_socket changes.

            Assignee:
            steve.silvester@mongodb.com Steve Silvester
            Reporter:
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: