[CXX-2565] Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials Created: 11/Aug/22 Updated: 27/Oct/23 Resolved: 29/Mar/23 |
|
| Status: | Closed |
| Project: | C++ Driver |
| Component/s: | Client Side Encryption |
| Affects Version/s: | None |
| Fix Version/s: | 3.8.0 |
| Type: | Improvement | Priority: | Unknown |
| Reporter: | PM Bot | Assignee: | Colby Pike |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Quarter: | FY24Q1 | ||||||||||||||||
| Upstream Changes Summary: |
libmongocrypt 1.6.0 or higher is required. Binaries for 1.6.0 are available on the upload-all task. The spec changes introduce another method of obtaining KMS credentials automatically, much like with GCP and AWS:
The associated spec changes are specified here: https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce The initial implementation for the C driver is here: https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7 Mock server tests Mock server tests specified here: The mock server is available here: https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py Please see https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98 for a reference implementation of the mock server tests in C. Integration tests Integration tests are specified here: Scripts in the drivers-evergreen-tools .evergreen/csfle/azurekms directory may be used to create the temporary Azure Virtual Machine. Get credentials from DRIVERS-2411 Test Credentials. To test, add an Evergreen task group to do the following:
Add a task in the task group to do the following:
Please see https://github.com/mongodb/mongo-c-driver/pull/1124 and https://github.com/mongodb/mongo-c-driver/pull/1234/ for a reference implementation of the integration tests in C. It may be helpful to refer to driver tests for MONGODB-AWS ECS. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance). |
||||||||||||||||
| Description |
|
This ticket was split from |
| Comments |
| Comment by Kevin Albertson [ 05/Jun/23 ] |
|
This work is done in the C driver as part of |