<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:25:25 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2377] Add support for GCP attached service accounts when using GCP KMS</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2377</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;p&gt;We have a customer on GCP, who is trying to use GCP KMS for the CMK and we require a service account key, where an&#160;&lt;tt&gt;email&lt;/tt&gt;&#160;and&#160;&lt;tt&gt;privateKey&lt;/tt&gt;&#160;is provided for the service account, in order to use the GCP KMS API. They are using an&#160;&lt;a href=&quot;https://cloud.google.com/iam/docs/impersonating-service-accounts#binding-to-resources&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;attached&lt;/a&gt;&#160;service account according to&#160;&lt;a href=&quot;https://cloud.google.com/blog/products/identity-security/how-to-authenticate-service-accounts-to-help-keep-applications-secure&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;GCP best practices&lt;/a&gt;&#160;which says &quot;&lt;b&gt;&lt;em&gt;Use attached service accounts when possible&lt;/em&gt;&lt;/b&gt;&lt;em&gt;. For applications deployed on Google Cloud that need to use a service account, attach the service account to the underlying compute resource. By attaching a service account, you enable the application to obtain tokens for the service account and to use these tokens to access Google Cloud APIs and resources&lt;/em&gt;.&quot; and it also says &quot;&lt;b&gt;&lt;em&gt;Use service account keys only if there is no viable alternative&lt;/em&gt;&lt;/b&gt;&quot;. Google even displays the warning &quot;&lt;em&gt;Service account keys could pose a security risk if compromised&lt;/em&gt;&quot; when creating a key for a service account.&#160;&lt;/p&gt;

&lt;p&gt;The customer is requesting that we follow GCP best practices and when using an &quot;attached&quot; service account, that we skip/bypass the email&#160;and&#160;privateKey that is used for authentication and just access the GCP KMS API directly.&lt;/p&gt;

&lt;p&gt;For reference &lt;a href=&quot;https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts#use-attached-service-accounts&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts#use-attached-service-accounts&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The customer is running on CloudRun and sometimes Compute Engine on GCP so use attached service accounts. Their service accounts do not have user accessible keys on them.&lt;/p&gt;

&lt;p&gt;The customer is using the MongoDB C#/.NET driver on Linux.&lt;/p&gt;

&lt;p&gt;&#160;During local development they use an environment variable GOOGLE_APPLICATION_CREDENTIALS that if you point it to a local service account file (purely for development purposes) that means the Google libraries behave exactly the same as when deployed in a attached service account environment.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1845855">DRIVERS-2377</key>
            <summary>Add support for GCP attached service accounts when using GCP KMS</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="william.chow@mongodb.com">William Chow</reporter>
                        <labels>
                            <label>MDBW23</label>
                            <label>size-medium</label>
                    </labels>
                <created>Mon, 9 Aug 2021 15:10:52 +0000</created>
                <updated>Fri, 14 Jul 2023 19:26:24 +0000</updated>
                            <resolved>Fri, 14 Jul 2023 19:26:24 +0000</resolved>
                                                        <component>Client Side Encryption</component>
                                        <votes>2</votes>
                                    <watches>15</watches>
                                                                                                                <comments>
                            <comment id="5241223" author="xgen-internal-githook" created="Wed, 1 Mar 2023 18:33:23 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; run apt-get update in setup-gce-instance.sh (#273)&lt;/p&gt;

&lt;p&gt;run apt-get update in setup-gce-instance.sh&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/0063d62bf3b1c0b827734c2d1236bba04d282a3b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/0063d62bf3b1c0b827734c2d1236bba04d282a3b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5201953" author="xgen-internal-githook" created="Wed, 15 Feb 2023 20:31:22 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; Define expansions for GCP earlier (#267)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;define expansions for GCP earlier&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;Add 7200s expiration to SSH keys for GCP instances&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/9eff0be763b12b4417ca035dd18eb5170c9e4336&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/9eff0be763b12b4417ca035dd18eb5170c9e4336&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="5135808" author="xgen-internal-githook" created="Tue, 24 Jan 2023 13:51:25 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; add GCPKMS_DISKSIZE option with default 20GB (#261)&lt;/p&gt;

&lt;p&gt;add GCPKMS_DISKSIZE option with default 20GB&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/b2c31c12d677a4f4ce506844d7b786db5c6bfeed&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/b2c31c12d677a4f4ce506844d7b786db5c6bfeed&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5029865" author="dbeng-pm-bot" created="Mon, 5 Dec 2022 15:28:38 +0000"  >&lt;p&gt;Moved to Needs Triage because a linked PM issue PM-3084 was moved to Ready for Work.&lt;/p&gt;</comment>
                            <comment id="5023432" author="xgen-internal-githook" created="Thu, 1 Dec 2022 20:00:43 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; remove SSH keys on task completion (#251)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;add ConnectTimeout=10&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;create VM with enable-oslogin&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;This enables deleting the SSH keys after the task completes&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/c3bfc4c0150f7421c417b042b016d10bdf855fa5&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/c3bfc4c0150f7421c417b042b016d10bdf855fa5&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4791479" author="xgen-internal-githook" created="Wed, 31 Aug 2022 12:30:33 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; remove GCE_METADATA_HOST check (#1290)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/eaec2671df55ba9d627e74bfc3f19a54ea6ac236&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/eaec2671df55ba9d627e74bfc3f19a54ea6ac236&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4740357" author="xgen-internal-githook" created="Wed, 10 Aug 2022 12:28:38 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; Specify a non-root ssh user (#225)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;capture output of last failed ssh attempt&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;specify username &quot;gcpkms&quot;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/9352023916b3492ccbdbf072fcdc27e3c7207be4&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/9352023916b3492ccbdbf072fcdc27e3c7207be4&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="4732883" author="xgen-internal-githook" created="Sat, 6 Aug 2022 15:05:15 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; Support GCP attached service accounts when using GCP KMS (#1278)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/847d9ba741201f9c9d1305831a9c60e8ab2a1544&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/847d9ba741201f9c9d1305831a9c60e8ab2a1544&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4726668" author="xgen-internal-githook" created="Wed, 3 Aug 2022 20:25:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt; Add scripts for GCP KMS tests (#216)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/0e75b9ee5ac3952df51f782ff33de137933e89ed&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/0e75b9ee5ac3952df51f782ff33de137933e89ed&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4267624" author="JIRAUSER1269908" created="Sun, 26 Dec 2021 23:20:15 +0000"  >&lt;p&gt;Hey Mongo Team,&lt;/p&gt;

&lt;p&gt;As a Mongo DB Atlas customer, we would like to cast our vote for this as well. We are running in cloud run in a Node JS environment.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;David&#160;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="2096467">MONGOCRYPT-461</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="2020239">GODRIVER-2375</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                            <outwardlinks description="split to">
                                        <issuelink>
            <issuekey id="2098082">JAVA-4685</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098078">CDRIVER-4435</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098080">CSHARP-4266</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098079">CXX-2551</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098081">GODRIVER-2501</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098084">MOTOR-999</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098083">NODE-4462</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098086">PHPLIB-917</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098085">PYTHON-3367</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098087">RUBY-3062</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2098088">RUST-1417</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                            <outwardlinks description="causes">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2042718">GODRIVER-2415</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2026870">DRIVERS-2280</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                            <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5006R00001lRlL0QAK]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;b&gt;Summary of required changes&lt;/b&gt;&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Upgrade dependency on libmongocrypt to 1.6.0 or higher. Binaries for 1.6.0 are available on the &lt;a href=&quot;https://spruce.mongodb.com/task/libmongocrypt_release_publish_snapshot_upload_all_12c5118944295599097d5a70a11bb32a1b079282_22_09_07_13_03_29/files?execution=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;upload-all task&lt;/a&gt;.&lt;/li&gt;
	&lt;li&gt;Call &lt;tt&gt;mongocrypt_setopt_use_need_kms_credentials_state&lt;/tt&gt; to opt in to handling the new &lt;tt&gt;MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS&lt;/tt&gt; state.&lt;/li&gt;
	&lt;li&gt;Handle the new &lt;tt&gt;MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS&lt;/tt&gt; state. If the originally configured KMS providers have an empty &lt;tt&gt;gcp: {&lt;/tt&gt;}, attempt to obtain GCP credentials by sending an HTTP request described in the specification. Pass the new credentials back with &lt;tt&gt;mongocrypt_ctx_provide_kms_providers&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Add an integration test with a Google Compute Engine (GCE) instance. Get credentials from &lt;a href=&quot;https://docs.google.com/document/d/1s_-dgpwnyaC-KngclA_rAYYwJfT488MpKs1BZ7zjjGU/edit?usp=sharing&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;DRIVERS-2377 test credentials&lt;/a&gt;.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&lt;b&gt;Additional background&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/specifications/commit/847d9ba741201f9c9d1305831a9c60e8ab2a1544&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/847d9ba741201f9c9d1305831a9c60e8ab2a1544&lt;/a&gt; for the specification change.&lt;/p&gt;

&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237&lt;/a&gt; for a reference implementation in Go.&lt;/p&gt;

&lt;p&gt;Consider using the &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/0e75b9ee5ac3952df51f782ff33de137933e89ed/.evergreen/csfle/gcpkms/mock_server.py&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mock server&lt;/a&gt; for local development to test the HTTP request to the Metadata Server.&lt;/p&gt;

&lt;p&gt;GCP access token is not cached. See &lt;a href=&quot;https://docs.google.com/document/d/1RTDp5QMg_ayYnR_T7S9SriE19doNALwqIHNxlWerFeE/edit#heading=h.z9wdvrobyao9&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;the scope&lt;/a&gt; for rationale.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Integration test&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Drivers are expected to run an integration test with a temporary Google Compute Engine instance. Scripts in the drivers-evergreen-tools &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/tree/master/.evergreen/csfle/gcpkms&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;.evergreen/csfle/gcpkms directory&lt;/a&gt; may be used.&lt;/p&gt;

&lt;p&gt;To test, add an Evergreen task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Create a GCE instance in a &lt;tt&gt;setup_group&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Destroy the GCE instance in a &lt;tt&gt;teardown_group&lt;/tt&gt;. Using a &lt;tt&gt;teardown_group&lt;/tt&gt; will destroy the instance if the task fails.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Add a task in the task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Build and copy files to the remote GCE instance.&lt;/li&gt;
	&lt;li&gt;Install necessary dependencies on the remote GCE instance.&lt;/li&gt;
	&lt;li&gt;Run the test remotely.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237#diff-2bc841e86ce96b7b422ae203fd8315d0b2a461956cecbe0e096420656fc3fb12R2248&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/91b240c6aab86680ed5e78746a5a5edcd408c237#diff-2bc841e86ce96b7b422ae203fd8315d0b2a461956cecbe0e096420656fc3fb12R2248&lt;/a&gt; for a reference implementation of the integration test in Go.&lt;/p&gt;

&lt;p&gt;It may be helpful to refer to driver tests for &lt;a href=&quot;https://github.com/mongodb/specifications/blob/847d9ba741201f9c9d1305831a9c60e8ab2a1544/source/auth/tests/mongodb-aws.rst#3ecs-instance&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MONGODB-AWS ECS&lt;/a&gt;. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance).&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_23952" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Driver Compliance</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<style type='text/css'>
         #scriptField, #scriptField *{
                border: 1px solid black;
            }

            #scriptField{
                border-collapse: collapse;
            }

            #scriptField td {
                text-align: center; /* Center-align text in table cells */
            }

            #scriptField td.key {
                text-align: left; /* Left-align text in the Key column */
            }

            #scriptField a {
                text-decoration: none; /* Remove underlines from links */
                border: none; /* Remove border from links */
            }
            
            /* Add green background color to cells with FixVersion */
            #scriptField td.hasFixVersion {
                background-color: #00FF00; /* Green color code */
            }

            /* Center-align the first row headers */
            #scriptField th {
                text-align: center;
            }
        </style>
<table id='scriptField'>
  <tr>
    <th>Key</th>
    <th>Status/Resolution</th>
    <th>FixVersion</th>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CDRIVER-4435'>CDRIVER-4435</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.24.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CXX-2551'>CXX-2551</a>
    </td>
    <td>Works as Designed</td>
    <td class='hasFixVersion'>3.8.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CSHARP-4266'>CSHARP-4266</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.18.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/GODRIVER-2501'>GODRIVER-2501</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.11.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/JAVA-4685'>JAVA-4685</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>4.8.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/NODE-4462'>NODE-4462</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>5.1.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/MOTOR-999'>MOTOR-999</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PYTHON-3367'>PYTHON-3367</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>pymongocrypt-1.4, 4.3.3</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PHPLIB-917'>PHPLIB-917</a>
    </td>
    <td>Done</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUBY-3062'>RUBY-3062</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.19.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUST-1417'>RUST-1417</a>
    </td>
    <td>Done</td>
    <td class='hasFixVersion'>2.6.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/SWIFT-1608'>SWIFT-1608</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
</table>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_21553" key="com.atlassian.jira.plugin.system.customfieldtypes:labels">
                        <customfieldname>Quarter</customfieldname>
                        <customfieldvalues>
                                        <label>FY23Q2</label>
            <label>FY23Q3</label>
            <label>FY24Q1</label>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr1o2o:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>