[DRIVERS-2465] Test crypt_shared with older server versions Created: 06/Oct/22  Updated: 14/Jul/23  Resolved: 14/Jul/23

Status: Closed
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Task Priority: Unknown
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Initiative
Issue split
split to CDRIVER-4495 Test crypt_shared with older server v... Closed
split to CSHARP-4355 Test crypt_shared with older server v... Closed
split to CXX-2596 Test crypt_shared with older server v... Closed
split to GODRIVER-2580 Test crypt_shared with older server v... Closed
split to JAVA-4763 Test crypt_shared with older server v... Closed
split to MOTOR-1046 Test crypt_shared with older server v... Closed
split to NODE-4698 Test crypt_shared with older server v... Closed
split to PHPLIB-1008 Test crypt_shared with older server v... Closed
split to PYTHON-3466 Test crypt_shared with older server v... Closed
split to RUBY-3154 Test crypt_shared with older server v... Closed
split to RUST-1503 Test crypt_shared with older server v... Closed
Problem/Incident
Related
related to DRIVERS-1950 FLE 1.0 Shared Library Closed
Driver Changes: Needed
Quarter: FY23Q4, FY24Q1
Downstream Changes Summary:

See https://github.com/mongodb/specifications/commit/d90583f467cb406928c1e86eee7a258ae50b235e for updated test requirements for CSFLE. The following is a summary of the changes:

  • Drivers MUST run all tests with mongocryptd on at least one platform for all
    tested server versions (4.2+).
  • Drivers MUST run all tests with crypt_shared_ on at least one platform for all
    tested server versions (4.2+). For server versions < 6.0, drivers MUST test with the
    latest major release of crypt_shared_ (currently 6.0). Using the latest major release of
    crypt_shared_ is supported with older server versions.

As of https://github.com/mongodb-labs/drivers-evergreen-tools/commit/1d7119eeb531e7fab60423e803a94f4a2f61ec0f, download-mongodb.sh downloads the latest major version of crypt_shared if the server version is less than 6.0.

There may be no required driver changes if these requirements are already tested. The Go driver did not require changes. The Go driver tests with mongocryptd on separate variants. The other variants test with crypt_shared and include tests back to server versions 4.2.

Drivers may manually verify the version of crypt_shared that is downloaded from the output of run-orchestration.sh where the URL is printed.

Driver Compliance:
Key Status/Resolution FixVersion
CDRIVER-4495 Fixed 1.24.0
CXX-2596 Done 3.8.0
CSHARP-4355 Fixed 2.19.0
GODRIVER-2580 Works as Designed
JAVA-4763 Fixed 4.10.0
NODE-4698 Fixed 5.6.0
MOTOR-1046 Duplicate
PYTHON-3466 Done
PHPLIB-1008 Fixed 1.17.0
RUBY-3154 Fixed 2.19.0
RUST-1503 Fixed 2.5.0
SWIFT-1652 Won't Do

 Description   

Summary

Test In-Use Encryption (IUE) with the latest stable release of the crypt_shared library and older supported MongoDB server versions. IUE was introduced in MongoDB 4.2.

Motivation

Drivers only test the crypt_shared library with the same version of the server per DRIVERS-2355. MongoDB does not document support for using crypt_shared an older server version. Functionally, new versions of crypt_shared are expected to work with older server versions. Testing will validate that expectation and enable documenting support of new crypt_shared with old server versions.

mongocryptd is planned to be deprecated as part of PM-3039.

Who is the affected end user?

Users of IUE (aka Client-Side Encryption + Queryable Encryption).

How does this affect the end user?

Using the separate mongocryptd process may be a deployment barrier. This may enable users to use IUE in more environments.

Is this issue urgent?

No.

Is this ticket only for tests?

Yes.



 Comments   
Comment by Githook User [ 19/Dec/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: DRIVERS-2465 Download latest Major release of `crypt_shared` (#247)

  • request latest major release of crypt_shared if it is not available in the same server version

Drivers tests with mongocryptd can ignore the crypt_shared download. Drivers tests with crypt_shared will either test matching version or latest major release.

Comment by Githook User [ 19/Dec/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: DRIVERS-2465 Test crypt_shared with older server versions (#1351)

  • do not require new server versions test with 6.0 crypt_shared
Generated at Thu Feb 08 08:25:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.