Run with_mongot_extension suites in extensions signature secure mode

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 9.0.0-rc1
    • Affects Version/s: None
    • Component/s: None
    • None
    • Query Integration
    • Fully Compatible
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Overview

      Phase 2 of SERVER-129943. That ticket restored the with_mongot_extension_ / concurrency_with_mongot_extension{} suites running the with_mongot corpus against the real mongot-extension, but with extension signature verification _disabled (via --disableFeatureFlags=featureFlagExtensionsApiSignatureValidation on the tasks), because a default test build only trusts the test signing key and therefore rejects the production-signed extension.

      This ticket turns signature verification on for these suites so the production signature path is actually exercised.

      Work

      • Add a dedicated Evergreen build variant that compiles the server in extensions signature "secure" mode (--extensions_signature_verification_secure=True, which embeds the production mongot-extension signing key) and runs only the with_mongot_extension tasks. Isolation is required: a secure-mode server rejects the test-key-signed in-tree test extensions, so these tasks cannot share a variant with suites that load test extensions (e.g. extensions_, mongot_e2e_). The suites already load only the real extension in anticipation of this.
      • Re-enable featureFlagExtensionsApiSignatureValidation for these suites (remove it from the tasks' --disableFeatureFlags) on the secure-mode variant.
      • Consider a guardrail so the suite/build coupling can't be misconfigured (e.g. expose secure mode via a queryable server field and have the resmoke fixture assert it at setup; discussed with the Extensions API team).

        Context

      Secure-mode key selection lives in src/mongo/db/extension/host/signature_validator.cpp (compile-time MONGO_CONFIG_EXT_SIG_SECURE). Discussed with Santiago Roche and Joe (Extensions API) – the two-phase plan (land suites with validation off, then a secure-mode variant) came out of that conversation.

            Assignee:
            Will Buerger
            Reporter:
            Will Buerger
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: