<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:47:48 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CSHARP-4294] Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials</title>
                <link>https://jira.mongodb.org/browse/CSHARP-4294</link>
                <project id="10041" key="CSHARP">C# Driver</project>
                    <description>&lt;p&gt;This ticket was split from &lt;tt&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt;&lt;/tt&gt;, please see that ticket for a detailed description. &lt;/p&gt;</description>
                <environment></environment>
        <key id="2111898">CSHARP-4294</key>
            <summary>Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="dmitry.lukyanov@mongodb.com">Dmitry Lukyanov</assignee>
                                    <reporter username="dbeng-pm-bot">PM Bot</reporter>
                        <labels>
                    </labels>
                <created>Thu, 11 Aug 2022 19:08:55 +0000</created>
                <updated>Sat, 28 Oct 2023 11:47:06 +0000</updated>
                            <resolved>Mon, 17 Oct 2022 23:51:50 +0000</resolved>
                                                    <fixVersion>2.19.0</fixVersion>
                                    <component>Client Side Encryption</component>
                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="4908634" author="xgen-internal-githook" created="Mon, 17 Oct 2022 23:51:15 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Dmitry Lukyanov&apos;, &apos;email&apos;: &apos;dmitry.lukyanov@mongodb.com&apos;, &apos;username&apos;: &apos;DmitryLukyanov&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CSHARP-4294&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CSHARP-4294&quot;&gt;&lt;del&gt;CSHARP-4294&lt;/del&gt;&lt;/a&gt;: Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials. (#898)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-csharp-driver/commit/75df889021601f4c171c3b84e9556b880ec0a5da&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-csharp-driver/commit/75df889021601f4c171c3b84e9556b880ec0a5da&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                                                <inwardlinks description="split from">
                                        <issuelink>
            <issuekey id="2111178">DRIVERS-2411</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_21553" key="com.atlassian.jira.plugin.system.customfieldtypes:labels">
                        <customfieldname>Quarter</customfieldname>
                        <customfieldvalues>
                                        <label>FY23Q3</label>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr48xi:oav</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_21457" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Upstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt;:&lt;br/&gt;
&lt;b&gt;Implementation&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;libmongocrypt 1.6.0 or higher is required. Binaries for 1.6.0 are available on the &lt;a href=&quot;https://spruce.mongodb.com/task/libmongocrypt_release_publish_snapshot_upload_all_12c5118944295599097d5a70a11bb32a1b079282_22_09_07_13_03_29/files?execution=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;upload-all task&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The spec changes introduce another method of obtaining KMS credentials automatically, much like with GCP and AWS:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;When &lt;tt&gt;kmsProviders&lt;/tt&gt; contains an empty &lt;tt&gt;azure&lt;/tt&gt; property, it indicates a request for automatic Azure credentials.&lt;/li&gt;
	&lt;li&gt;To obtain credentials, issue an HTTP request to the Azure Instance Metadata Service (IMDS).&lt;/li&gt;
	&lt;li&gt;IMDS will issue an &lt;tt&gt;accessToken&lt;/tt&gt; that can be used to query the Azure Key Vault (if the instance has sufficient permissions).&lt;/li&gt;
	&lt;li&gt;Additionally, this version of auto-KMS credentials institutes a token caching requirement.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;The associated spec changes are specified here: &lt;a href=&quot;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The initial implementation for the C driver is here: &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Mock server tests&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Mock server tests specified here:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The mock server is available here: &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98&lt;/a&gt; for a reference implementation of the mock server tests in C.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Integration tests&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Integration tests are specified here:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Scripts in the drivers-evergreen-tools &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/tree/master/.evergreen/csfle/azurekms&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;.evergreen/csfle/azurekms directory&lt;/a&gt; may be used to create the temporary Azure Virtual Machine. Get credentials from &lt;a href=&quot;https://docs.google.com/document/d/1vVN_OdUQpMsxVIoUmYk5u6lWxfRgy-vHCbafr8GXXjo/edit&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;DRIVERS-2411 Test Credentials&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;To test, add an Evergreen task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Create an Azure VM instance in a &lt;tt&gt;setup_group&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Destroy the Azure VM instance in a &lt;tt&gt;teardown_group&lt;/tt&gt;. Using a &lt;tt&gt;teardown_group&lt;/tt&gt; will destroy the instance if the task fails.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Add a task in the task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Build and copy files to the remote Azure VM.&lt;/li&gt;
	&lt;li&gt;Install necessary dependencies on the remote Azure VM instance.&lt;/li&gt;
	&lt;li&gt;Run the test remotely.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/1124&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/1124&lt;/a&gt; and &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/1234/files&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/1234/&lt;/a&gt;&#160;for a reference implementation of the integration tests in C.&lt;/p&gt;

&lt;p&gt;It may be helpful to refer to driver tests for &lt;a href=&quot;https://github.com/mongodb/specifications/blob/847d9ba741201f9c9d1305831a9c60e8ab2a1544/source/auth/tests/mongodb-aws.rst#3ecs-instance&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MONGODB-AWS ECS&lt;/a&gt;. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance).&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>