[CDRIVER-4454] Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials Created: 11/Aug/22 Updated: 28/Oct/23 Resolved: 18/Oct/22 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | Client Side Encryption |
| Affects Version/s: | None |
| Fix Version/s: | 1.24.0 |
| Type: | Improvement | Priority: | Unknown |
| Reporter: | PM Bot | Assignee: | Colby Pike |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Quarter: | FY23Q3 | ||||||||||||||||||||
| Upstream Changes Summary: |
libmongocrypt 1.6.0 or higher is required. Binaries for 1.6.0 are available on the upload-all task. The spec changes introduce another method of obtaining KMS credentials automatically, much like with GCP and AWS:
The associated spec changes are specified here: https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce The initial implementation for the C driver is here: https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7 Mock server tests Mock server tests specified here: The mock server is available here: https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py Please see https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98 for a reference implementation of the mock server tests in C. Integration tests Integration tests are specified here: Scripts in the drivers-evergreen-tools .evergreen/csfle/azurekms directory may be used to create the temporary Azure Virtual Machine. Get credentials from DRIVERS-2411 Test Credentials. To test, add an Evergreen task group to do the following:
Add a task in the task group to do the following:
Please see https://github.com/mongodb/mongo-c-driver/pull/1124 and https://github.com/mongodb/mongo-c-driver/pull/1234/ for a reference implementation of the integration tests in C. It may be helpful to refer to driver tests for MONGODB-AWS ECS. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance). |
||||||||||||||||||||
| Description |
|
This ticket was split from |
| Comments |
| Comment by Githook User [ 01/Dec/22 ] |
|
Author: {'name': 'Jeremy Mikola', 'email': 'jmikola@gmail.com', 'username': 'jmikola'}Message: This include was inconsistent with all others in libmongoc. The path is necessary for compilation in Visual Studio when "src/libmongoc/src/libmongoc/src" is used as an include path. This was originally introduced in mongodb/mongo-c-driver@686bff81f565f93db83d99902ce1c3a6f89922c7 |
| Comment by Githook User [ 30/Nov/22 ] |
|
Author: {'name': 'Jeremy Mikola', 'email': 'jmikola@gmail.com', 'username': 'jmikola'}Message: This include was inconsistent with all others in libmongoc. The path is necessary for compilation in Visual Studio when "src/libmongoc/src/libmongoc/src" is used as an include path. This was originally introduced in mongodb/mongo-c-driver@686bff81f565f93db83d99902ce1c3a6f89922c7 |
| Comment by Githook User [ 30/Nov/22 ] |
|
Author: {'name': 'Jeremy Mikola', 'email': 'jmikola@gmail.com', 'username': 'jmikola'}Message: This include was inconsistent with all others in libmongoc. The path is necessary for compilation in Visual Studio when "src/libmongoc/src/libmongoc/src" is used as an include path. This was originally introduced in mongodb/mongo-c-driver@686bff81f565f93db83d99902ce1c3a6f89922c7 for |
| Comment by Githook User [ 03/Nov/22 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: |
| Comment by Githook User [ 18/Oct/22 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message:
|
| Comment by Githook User [ 16/Sep/22 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: |
| Comment by Githook User [ 14/Sep/22 ] |
|
Author: {'name': 'vector-of-bool', 'email': 'vectorofbool@gmail.com', 'username': 'vector-of-bool'}Message:
|
| Comment by Githook User [ 10/Sep/22 ] |
|
Author: {'name': 'vector-of-bool', 'email': 'vectorofbool@gmail.com', 'username': 'vector-of-bool'}Message:
|
| Comment by Githook User [ 09/Sep/22 ] |
|
Author: {'name': 'vector-of-bool', 'email': 'vectorofbool@gmail.com', 'username': 'vector-of-bool'}Message:
|