DRIVERS-2585 Use AWS Secrets Manager for CSFLE #390
Conversation
…ols into kmip-server-scripts
.evergreen/csfle/README.md
Outdated
| $DRIVERS_TOOLS/.evergreen/csfle/stop_servers.sh | ||
| ``` | ||
|
|
||
| It is recommended that you start the servers in the background, and then use the `await_servers.sh` script. |
There was a problem hiding this comment.
What does await_servers.sh do? The instructions above suggest that I run setup_secrets.sh and then start_servers.sh, do I run start_servers.sh in the background?
There was a problem hiding this comment.
In the Python driver, we can start it in the foreground because it is part of the same task. In the Go example, which is probably more common, the servers are started in a separate task, and await_servers.sh is used to wait for them before running the test scripts.
There was a problem hiding this comment.
I clarified in the readme.
.evergreen/csfle/README.md
Outdated
|
|
||
| ## Legacy Usage | ||
|
|
||
| The legacy usage involved putting the required secrets in EVG Project config, and using several steps: |
There was a problem hiding this comment.
using -> used for tense consistency.
.evergreen/csfle/README.md
Outdated
| $DRIVERS_TOOLS/.evergreen/csfle/stop_servers.sh | ||
| ``` | ||
|
|
||
| If you are starting your CSFLE servers in a separate task, it is recommended that you setup secrets |
There was a problem hiding this comment.
I'd call out that "task" refers to an Evergreen task here for clarity.
.evergreen/csfle/kms_kmip_client.py
Outdated
| @@ -60,4 +60,4 @@ def main(): | |||
|
|
|||
|
|
|||
| if __name__ == "__main__": | |||
| main() | |||
| main() | |||
There was a problem hiding this comment.
Add back newline? If using VS Code, the "Insert Final Newline" setting can add the newline automatically.
.evergreen/csfle/start_servers.sh
Outdated
| sleep 1 | ||
|
|
||
| echo "Starting HTTP Server 1..." | ||
| python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/expired.pem --port 8000 > http1.log 2>&1 & |
There was a problem hiding this comment.
Suggest using ports to match the spec test readme: 9000, 9001, and 9002: https://github.com/mongodb/specifications/blob/cea087babea68571fa4068ace6b2d326c3a0a22d/source/client-side-encryption/tests/README.rst#L1385
Co-authored-by: Kevin Albertson <[email protected]>
Co-authored-by: Kevin Albertson <[email protected]>
Co-authored-by: Kevin Albertson <[email protected]>
Co-authored-by: Kevin Albertson <[email protected]>
Co-authored-by: Kevin Albertson <[email protected]>
Co-authored-by: Kevin Albertson <[email protected]>
| @@ -0,0 +1,12 @@ | |||
| #!/usr/bin/env bash | |||
There was a problem hiding this comment.
Unlike other executable files in this folder, this one doesn't have the executable bit set.
.evergreen/csfle/README.md
Outdated
| $DRIVERS_TOOLS/.evergreen/csfle/stop_servers.sh | ||
| ``` | ||
|
|
||
| If you are starting your CSFLE servers in a separate Evergreen task, it is recommended that you setup secrets |
There was a problem hiding this comment.
| If you are starting your CSFLE servers in a separate Evergreen task, it is recommended that you setup secrets | |
| If you are starting your CSFLE servers in a separate Evergreen command, it is recommended that you setup secrets |
And replace other "task" with "command" in this paragraph.
I expect the start-csfle-servers cannot be started in a separate Evergreen task from the test task. An Evergreen task may be scheduled on a different host from other tasks.
There was a problem hiding this comment.
Ah, I think "function" is the correct word.
Co-authored-by: Kevin Albertson <[email protected]>
|
@alcaeus good to go? |
Tested with mongodb/mongo-go-driver#1520 and mongodb/mongo-python-driver#1477.