<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:02:45 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-4706] Support the Azure VM-assigned managed identity for automatic KMS credentials</title>
                <link>https://jira.mongodb.org/browse/JAVA-4706</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;This ticket was split from &lt;tt&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt;&lt;/tt&gt;, please see that ticket for a detailed description. &lt;/p&gt;</description>
                <environment></environment>
        <key id="2111900">JAVA-4706</key>
            <summary>Support the Azure VM-assigned managed identity for automatic KMS credentials</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jeff.yemin@mongodb.com">Jeffrey Yemin</assignee>
                                    <reporter username="dbeng-pm-bot">PM Bot</reporter>
                        <labels>
                    </labels>
                <created>Thu, 11 Aug 2022 19:08:58 +0000</created>
                <updated>Sat, 28 Oct 2023 11:20:37 +0000</updated>
                            <resolved>Mon, 7 Nov 2022 16:27:32 +0000</resolved>
                                                    <fixVersion>4.8.0</fixVersion>
                                    <component>Client Side Encryption</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="4964588" author="xgen-internal-githook" created="Tue, 8 Nov 2022 19:31:00 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jeff Yemin&apos;, &apos;email&apos;: &apos;jeff.yemin@mongodb.com&apos;, &apos;username&apos;: &apos;jyemin&apos;}
&lt;p&gt;Message: Fix CI for Netty and Slow tests&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-4706&quot; title=&quot;Support the Azure VM-assigned managed identity for automatic KMS credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-4706&quot;&gt;&lt;del&gt;JAVA-4706&lt;/del&gt;&lt;/a&gt;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/commit/64593e51c012f422cca4db817bd06438fd288aea&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/commit/64593e51c012f422cca4db817bd06438fd288aea&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4959776" author="xgen-internal-githook" created="Mon, 7 Nov 2022 16:27:21 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jeff Yemin&apos;, &apos;email&apos;: &apos;jeff.yemin@mongodb.com&apos;, &apos;username&apos;: &apos;jyemin&apos;}
&lt;p&gt;Message: Cache Azure credential obtained from environment (#1038)&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-4706&quot; title=&quot;Support the Azure VM-assigned managed identity for automatic KMS credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-4706&quot;&gt;&lt;del&gt;JAVA-4706&lt;/del&gt;&lt;/a&gt;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/commit/b5b395cd18fb91804471d7b946ce09b339c9f94c&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/commit/b5b395cd18fb91804471d7b946ce09b339c9f94c&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4956479" author="xgen-internal-githook" created="Fri, 4 Nov 2022 21:00:54 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jeff Yemin&apos;, &apos;email&apos;: &apos;jeff.yemin@mongodb.com&apos;, &apos;username&apos;: &apos;jyemin&apos;}
&lt;p&gt;Message: Support the Azure VM-assigned managed identity for automatic KMS credentials (#1035)&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-4706&quot; title=&quot;Support the Azure VM-assigned managed identity for automatic KMS credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-4706&quot;&gt;&lt;del&gt;JAVA-4706&lt;/del&gt;&lt;/a&gt;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/commit/1ef1b5ef860aa0aad521e204fd61f56c020545a9&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/commit/1ef1b5ef860aa0aad521e204fd61f56c020545a9&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                                                <inwardlinks description="split from">
                                        <issuelink>
            <issuekey id="2111178">DRIVERS-2411</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10257" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Documentation Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10250"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_21553" key="com.atlassian.jira.plugin.system.customfieldtypes:labels">
                        <customfieldname>Quarter</customfieldname>
                        <customfieldvalues>
                                        <label>FY23Q3</label>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr3mmh:0400000942rcj9</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_21457" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Upstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt;:&lt;br/&gt;
&lt;b&gt;Implementation&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;libmongocrypt 1.6.0 or higher is required. Binaries for 1.6.0 are available on the &lt;a href=&quot;https://spruce.mongodb.com/task/libmongocrypt_release_publish_snapshot_upload_all_12c5118944295599097d5a70a11bb32a1b079282_22_09_07_13_03_29/files?execution=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;upload-all task&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The spec changes introduce another method of obtaining KMS credentials automatically, much like with GCP and AWS:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;When &lt;tt&gt;kmsProviders&lt;/tt&gt; contains an empty &lt;tt&gt;azure&lt;/tt&gt; property, it indicates a request for automatic Azure credentials.&lt;/li&gt;
	&lt;li&gt;To obtain credentials, issue an HTTP request to the Azure Instance Metadata Service (IMDS).&lt;/li&gt;
	&lt;li&gt;IMDS will issue an &lt;tt&gt;accessToken&lt;/tt&gt; that can be used to query the Azure Key Vault (if the instance has sufficient permissions).&lt;/li&gt;
	&lt;li&gt;Additionally, this version of auto-KMS credentials institutes a token caching requirement.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;The associated spec changes are specified here: &lt;a href=&quot;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The initial implementation for the C driver is here: &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Mock server tests&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Mock server tests specified here:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The mock server is available here: &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98&lt;/a&gt; for a reference implementation of the mock server tests in C.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Integration tests&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Integration tests are specified here:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Scripts in the drivers-evergreen-tools &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/tree/master/.evergreen/csfle/azurekms&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;.evergreen/csfle/azurekms directory&lt;/a&gt; may be used to create the temporary Azure Virtual Machine. Get credentials from &lt;a href=&quot;https://docs.google.com/document/d/1vVN_OdUQpMsxVIoUmYk5u6lWxfRgy-vHCbafr8GXXjo/edit&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;DRIVERS-2411 Test Credentials&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;To test, add an Evergreen task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Create an Azure VM instance in a &lt;tt&gt;setup_group&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Destroy the Azure VM instance in a &lt;tt&gt;teardown_group&lt;/tt&gt;. Using a &lt;tt&gt;teardown_group&lt;/tt&gt; will destroy the instance if the task fails.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Add a task in the task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Build and copy files to the remote Azure VM.&lt;/li&gt;
	&lt;li&gt;Install necessary dependencies on the remote Azure VM instance.&lt;/li&gt;
	&lt;li&gt;Run the test remotely.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/1124&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/1124&lt;/a&gt; and &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/1234/files&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/1234/&lt;/a&gt;&#160;for a reference implementation of the integration tests in C.&lt;/p&gt;

&lt;p&gt;It may be helpful to refer to driver tests for &lt;a href=&quot;https://github.com/mongodb/specifications/blob/847d9ba741201f9c9d1305831a9c60e8ab2a1544/source/auth/tests/mongodb-aws.rst#3ecs-instance&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MONGODB-AWS ECS&lt;/a&gt;. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance).&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>