Skip to content

Commit c3c82b6

Browse files
kevinAlbskevinAlbs
authored
DRIVERS-2924 test accessToken form of KMS providers (#1914)
1 parent 290ee48 commit c3c82b6

11 files changed

Lines changed: 2031 additions & 27 deletions

source/client-side-encryption/tests/unified/accessToken-azure.json

Lines changed: 186 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

source/client-side-encryption/tests/unified/accessToken-azure.yml

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
description: accessToken-azure
2+
schemaVersion: "1.28" # For accessToken
3+
runOnRequirements:
4+
- minServerVersion: "4.1.10"
5+
csfle:
6+
minLibmongocryptVersion: "1.6.0" # MONGOCRYPT-473.
7+
createEntities:
8+
- client:
9+
id: &client "client"
10+
autoEncryptOpts:
11+
keyVaultNamespace: keyvault.datakeys
12+
kmsProviders:
13+
azure: { accessToken: { $$placeholder: 1 } } # Use csfle/setup-secrets.sh from drivers-evergreen-tools to obtain token.
14+
- database:
15+
id: &db "db"
16+
client: *client
17+
databaseName: *db
18+
- collection:
19+
id: &coll "coll"
20+
database: *db
21+
collectionName: *coll
22+
- clientEncryption:
23+
id: &clientEncryption clientEncryption
24+
clientEncryptionOpts:
25+
keyVaultClient: *client
26+
keyVaultNamespace: keyvault.datakeys
27+
kmsProviders:
28+
azure: { accessToken: { $$placeholder: 1 } } # Use csfle/setup-secrets.sh from drivers-evergreen-tools to obtain token.
29+
initialData:
30+
- databaseName: *db
31+
collectionName: *coll
32+
documents: []
33+
createOptions:
34+
validator:
35+
$jsonSchema: {
36+
"properties":
37+
{
38+
"secret":
39+
{
40+
"encrypt":
41+
{
42+
"keyId": ["$binary": { "base64": "AZURE+AAAAAAAAAAAAAAAA==", "subType": "04" }],
43+
"bsonType": "string",
44+
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
45+
},
46+
},
47+
},
48+
"bsonType": "object"
49+
}
50+
- databaseName: keyvault
51+
collectionName: datakeys
52+
documents:
53+
- {
54+
"_id": { "$binary": { "base64": "AZURE+AAAAAAAAAAAAAAAA==", "subType": "04" } },
55+
"keyAltNames": ["my-key"],
56+
"keyMaterial":
57+
{
58+
"$binary":
59+
{
60+
"base64": "n+HWZ0ZSVOYA3cvQgP7inN4JSXfOH85IngmeQxRpQHjCCcqT3IFqEWNlrsVHiz3AELimHhX4HKqOLWMUeSIT6emUDDoQX9BAv8DR1+E1w4nGs/NyEneac78EYFkK3JysrFDOgl2ypCCTKAypkn9CkAx1if4cfgQE93LW4kczcyHdGiH36CIxrCDGv1UzAvERN5Qa47DVwsM6a+hWsF2AAAJVnF0wYLLJU07TuRHdMrrphPWXZsFgyV+lRqJ7DDpReKNO8nMPLV/mHqHBHGPGQiRdb9NoJo8CvokGz4+KE8oLwzKf6V24dtwZmRkrsDV4iOhvROAzz+Euo1ypSkL3mw==",
61+
"subType": "00",
62+
},
63+
},
64+
"creationDate": { "$date": { "$numberLong": "1552949630483" } },
65+
"updateDate": { "$date": { "$numberLong": "1552949630483" } },
66+
"status": { "$numberInt": "0" },
67+
"masterKey": { "provider": "azure", "keyVaultEndpoint": "key-vault-csfle.vault.azure.net", "keyName": "key-name-csfle" }
68+
}
69+
tests:
70+
- description: "Auto encrypt using access token Azure credentials"
71+
operations:
72+
- name: insertOne
73+
arguments:
74+
document: { _id: 1, secret: "string0" }
75+
object: *coll
76+
outcome:
77+
- documents:
78+
- {
79+
_id: 1,
80+
secret:
81+
{
82+
"$binary":
83+
{
84+
"base64": "AQGVERPgAAAAAAAAAAAAAAAC5DbBSwPwfSlBrDtRuglvNvCXD1KzDuCKY2P+4bRFtHDjpTOE2XuytPAUaAbXf1orsPq59PVZmsbTZbt2CB8qaQ==",
85+
"subType": "06",
86+
},
87+
},
88+
}
89+
collectionName: *coll
90+
databaseName: *db
91+
- description: "Explicit encrypt using access token Azure credentials"
92+
operations:
93+
- name: encrypt
94+
object: *clientEncryption
95+
arguments:
96+
value: "string0"
97+
opts:
98+
keyAltName: "my-key"
99+
algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
100+
expectResult:
101+
{
102+
"$binary":
103+
{
104+
"base64": "AQGVERPgAAAAAAAAAAAAAAAC5DbBSwPwfSlBrDtRuglvNvCXD1KzDuCKY2P+4bRFtHDjpTOE2XuytPAUaAbXf1orsPq59PVZmsbTZbt2CB8qaQ==",
105+
"subType": "06",
106+
}
107+
}

0 commit comments

Comments
 (0)