[GODRIVER-2521] Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials Created: 11/Aug/22 Updated: 28/Oct/23 Resolved: 20/Apr/23 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | Client Side Encryption |
| Affects Version/s: | None |
| Fix Version/s: | 1.12.0 |
| Type: | Improvement | Priority: | Unknown |
| Reporter: | PM Bot | Assignee: | Qingyang Hu |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Quarter: | FY24Q1 | ||||||||||||||||
| Upstream Changes Summary: |
libmongocrypt 1.6.0 or higher is required. Binaries for 1.6.0 are available on the upload-all task. The spec changes introduce another method of obtaining KMS credentials automatically, much like with GCP and AWS:
The associated spec changes are specified here: https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce The initial implementation for the C driver is here: https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7 Mock server tests Mock server tests specified here: The mock server is available here: https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py Please see https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98 for a reference implementation of the mock server tests in C. Integration tests Integration tests are specified here: Scripts in the drivers-evergreen-tools .evergreen/csfle/azurekms directory may be used to create the temporary Azure Virtual Machine. Get credentials from DRIVERS-2411 Test Credentials. To test, add an Evergreen task group to do the following:
Add a task in the task group to do the following:
Please see https://github.com/mongodb/mongo-c-driver/pull/1124 and https://github.com/mongodb/mongo-c-driver/pull/1234/ for a reference implementation of the integration tests in C. It may be helpful to refer to driver tests for MONGODB-AWS ECS. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance). |
||||||||||||||||
| Documentation Changes: | Not Needed | ||||||||||||||||
| Documentation Changes Summary: | 1. What would you like to communicate to the user about this feature? |
||||||||||||||||
| Description |
|
This ticket was split from |
| Comments |
| Comment by Githook User [ 20/Apr/23 ] |
|
Author: {'name': 'Qingyang Hu', 'email': '103950869+qingyang-hu@users.noreply.github.com', 'username': 'qingyang-hu'}Message: |