<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:47:44 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CSHARP-4266] Add support for GCP attached service accounts when using GCP KMS</title>
                <link>https://jira.mongodb.org/browse/CSHARP-4266</link>
                <project id="10041" key="CSHARP">C# Driver</project>
                    <description>&lt;p&gt;This ticket was split from &lt;tt&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt;&lt;/tt&gt;, please see that ticket for a detailed description. &lt;/p&gt;</description>
                <environment></environment>
        <key id="2098080">CSHARP-4266</key>
            <summary>Add support for GCP attached service accounts when using GCP KMS</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="dmitry.lukyanov@mongodb.com">Dmitry Lukyanov</assignee>
                                    <reporter username="dbeng-pm-bot">PM Bot</reporter>
                        <labels>
                    </labels>
                <created>Mon, 25 Jul 2022 12:17:08 +0000</created>
                <updated>Sat, 28 Oct 2023 11:47:08 +0000</updated>
                            <resolved>Fri, 9 Sep 2022 23:12:25 +0000</resolved>
                                                    <fixVersion>2.18.0</fixVersion>
                                    <component>Client Side Encryption</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="4816029" author="xgen-internal-githook" created="Fri, 9 Sep 2022 23:11:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;DmitryLukyanov&apos;, &apos;email&apos;: &apos;dmitry.lukyanov@mongodb.com&apos;, &apos;username&apos;: &apos;DmitryLukyanov&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CSHARP-4266&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CSHARP-4266&quot;&gt;&lt;del&gt;CSHARP-4266&lt;/del&gt;&lt;/a&gt;: Add support for GCP attached service accounts when using GCP KMS.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-csharp-driver/commit/62829f7a18d625b4110cd26376cdebec6118b6de&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-csharp-driver/commit/62829f7a18d625b4110cd26376cdebec6118b6de&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                                                <inwardlinks description="split from">
                                        <issuelink>
            <issuekey id="1845855">DRIVERS-2377</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_21553" key="com.atlassian.jira.plugin.system.customfieldtypes:labels">
                        <customfieldname>Quarter</customfieldname>
                        <customfieldvalues>
                                        <label>FY23Q2</label>
            <label>FY23Q3</label>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr48xi:oar</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_21457" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Upstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt;:&lt;br/&gt;
&lt;b&gt;Summary of required changes&lt;/b&gt;&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Upgrade dependency on libmongocrypt to 1.6.0 or higher. Binaries for 1.6.0 are available on the &lt;a href=&quot;https://spruce.mongodb.com/task/libmongocrypt_release_publish_snapshot_upload_all_12c5118944295599097d5a70a11bb32a1b079282_22_09_07_13_03_29/files?execution=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;upload-all task&lt;/a&gt;.&lt;/li&gt;
	&lt;li&gt;Call &lt;tt&gt;mongocrypt_setopt_use_need_kms_credentials_state&lt;/tt&gt; to opt in to handling the new &lt;tt&gt;MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS&lt;/tt&gt; state.&lt;/li&gt;
	&lt;li&gt;Handle the new &lt;tt&gt;MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS&lt;/tt&gt; state. If the originally configured KMS providers have an empty &lt;tt&gt;gcp: {&lt;/tt&gt;}, attempt to obtain GCP credentials by sending an HTTP request described in the specification. Pass the new credentials back with &lt;tt&gt;mongocrypt_ctx_provide_kms_providers&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Add an integration test with a Google Compute Engine (GCE) instance. Get credentials from &lt;a href=&quot;https://docs.google.com/document/d/1s_-dgpwnyaC-KngclA_rAYYwJfT488MpKs1BZ7zjjGU/edit?usp=sharing&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;DRIVERS-2377 test credentials&lt;/a&gt;.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&lt;b&gt;Additional background&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/specifications/commit/847d9ba741201f9c9d1305831a9c60e8ab2a1544&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/847d9ba741201f9c9d1305831a9c60e8ab2a1544&lt;/a&gt; for the specification change.&lt;/p&gt;

&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237&lt;/a&gt; for a reference implementation in Go.&lt;/p&gt;

&lt;p&gt;Consider using the &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/0e75b9ee5ac3952df51f782ff33de137933e89ed/.evergreen/csfle/gcpkms/mock_server.py&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mock server&lt;/a&gt; for local development to test the HTTP request to the Metadata Server.&lt;/p&gt;

&lt;p&gt;GCP access token is not cached. See &lt;a href=&quot;https://docs.google.com/document/d/1RTDp5QMg_ayYnR_T7S9SriE19doNALwqIHNxlWerFeE/edit#heading=h.z9wdvrobyao9&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;the scope&lt;/a&gt; for rationale.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Integration test&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Drivers are expected to run an integration test with a temporary Google Compute Engine instance. Scripts in the drivers-evergreen-tools &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/tree/master/.evergreen/csfle/gcpkms&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;.evergreen/csfle/gcpkms directory&lt;/a&gt; may be used.&lt;/p&gt;

&lt;p&gt;To test, add an Evergreen task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Create a GCE instance in a &lt;tt&gt;setup_group&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Destroy the GCE instance in a &lt;tt&gt;teardown_group&lt;/tt&gt;. Using a &lt;tt&gt;teardown_group&lt;/tt&gt; will destroy the instance if the task fails.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Add a task in the task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Build and copy files to the remote GCE instance.&lt;/li&gt;
	&lt;li&gt;Install necessary dependencies on the remote GCE instance.&lt;/li&gt;
	&lt;li&gt;Run the test remotely.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237#diff-2bc841e86ce96b7b422ae203fd8315d0b2a461956cecbe0e096420656fc3fb12R2248&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237#diff-2bc841e86ce96b7b422ae203fd8315d0b2a461956cecbe0e096420656fc3fb12R2248&lt;/a&gt; for a reference implementation of the integration test in Go.&lt;/p&gt;

&lt;p&gt;It may be helpful to refer to driver tests for &lt;a href=&quot;https://github.com/mongodb/specifications/blob/847d9ba741201f9c9d1305831a9c60e8ab2a1544/source/auth/tests/mongodb-aws.rst#3ecs-instance&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MONGODB-AWS ECS&lt;/a&gt;. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance).&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>