diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml index ceae821155f..4a7f30c7c4b 100644 --- a/evergreen/evergreen.yml +++ b/evergreen/evergreen.yml @@ -227,6 +227,7 @@ functions: bootstrap-mongo-orchestration: - command: shell.exec + type: system params: script: | ${PREPARE_SHELL} @@ -299,21 +300,6 @@ functions: content_type: text/markdown display_name: ssdlc_compliance_report.md - ocsp-bootstrap-mongo-orchestration: - - command: shell.exec - params: - script: | - ${PREPARE_SHELL} - MONGODB_VERSION=${VERSION} \ - TOPOLOGY=${TOPOLOGY} \ - AUTH=${AUTH} \ - SSL=${SSL} \ - ORCHESTRATION_FILE=${ORCHESTRATION_FILE} \ - bash ${DRIVERS_TOOLS}/.evergreen/run-orchestration.sh - - command: expansions.update - params: - file: mo-expansion.yml - bootstrap-mongohoused: - command: shell.exec params: @@ -655,93 +641,15 @@ functions: evergreen/run-tests.sh echo "Skipping certificate removal..." - run-valid-ocsp-server-ca-responder: + run-ocsp-responder: - command: shell.exec + type: system params: - working_dir: mongo-csharp-driver - script: | - ${PREPARE_SHELL} - evergreen/prepare-ocsp.sh - - command: shell.exec - params: - background: true shell: "bash" - script: | - set -o xtrace - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - nohup python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \ - -p 8100 -v - - run-valid-ocsp-server-delegate-responder: - - command: shell.exec - params: working_dir: mongo-csharp-driver script: | ${PREPARE_SHELL} - evergreen/prepare-ocsp.sh - - command: shell.exec - params: - background: true - shell: "bash" - script: | - set -o xtrace - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - nohup python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \ - -p 8100 -v - - run-revoked-ocsp-server-ca-responder: - - command: shell.exec - params: - working_dir: mongo-csharp-driver - script: | - ${PREPARE_SHELL} - evergreen/prepare-ocsp.sh - - command: shell.exec - params: - background: true - shell: "bash" - script: | - set -o xtrace - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - nohup python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \ - -p 8100 \ - -v \ - --fault revoked - - run-revoked-ocsp-server-delegate-responder: - - command: shell.exec - params: - working_dir: mongo-csharp-driver - script: | - ${PREPARE_SHELL} - evergreen/prepare-ocsp.sh - - command: shell.exec - params: - background: true - shell: "bash" - script: | - set -o xtrace - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - nohup python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \ - -p 8100 \ - -v \ - --fault revoked + OCSP_ALGORITHM=${OCSP_ALGORITHM} SERVER_TYPE=${SERVER_TYPE} ${DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh run-mongodb-oidc-tests: - command: subprocess.exec @@ -1346,10 +1254,11 @@ tasks: - name: test-ocsp-rsa-valid-cert-server-staples-ca-responder tags: ["ocsp"] commands: - - func: run-valid-ocsp-server-ca-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "valid" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - func: run-ocsp-test @@ -1360,10 +1269,11 @@ tasks: - name: test-ocsp-rsa-invalid-cert-server-staples-ca-responder tags: ["ocsp"] commands: - - func: run-revoked-ocsp-server-ca-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "revoked" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - func: run-ocsp-test @@ -1374,10 +1284,11 @@ tasks: - name: test-ocsp-rsa-valid-cert-server-does-not-staple-ca-responder tags: ["ocsp"] commands: - - func: run-valid-ocsp-server-ca-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "valid" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - func: run-ocsp-test @@ -1388,10 +1299,11 @@ tasks: - name: test-ocsp-rsa-invalid-cert-server-does-not-staple-ca-responder tags: ["ocsp"] commands: - - func: run-revoked-ocsp-server-ca-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "revoked" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - func: run-ocsp-test @@ -1402,7 +1314,7 @@ tasks: - name: test-ocsp-rsa-soft-fail tags: ["ocsp"] commands: - - func: ocsp-bootstrap-mongo-orchestration + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - func: run-ocsp-test @@ -1413,10 +1325,11 @@ tasks: - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple-ca-responder tags: ["ocsp"] commands: - - func: run-revoked-ocsp-server-ca-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "revoked" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - func: run-ocsp-test @@ -1427,7 +1340,7 @@ tasks: - name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple tags: ["ocsp"] commands: - - func: ocsp-bootstrap-mongo-orchestration + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - func: run-ocsp-test @@ -1438,10 +1351,11 @@ tasks: - name: test-ocsp-rsa-valid-cert-server-staples-delegate-responder tags: ["ocsp"] commands: - - func: run-valid-ocsp-server-delegate-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "valid-delegate" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - func: run-ocsp-test @@ -1452,10 +1366,11 @@ tasks: - name: test-ocsp-rsa-invalid-cert-server-staples-delegate-responder tags: ["ocsp"] commands: - - func: run-revoked-ocsp-server-delegate-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "revoked-delegate" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - func: run-ocsp-test @@ -1466,10 +1381,11 @@ tasks: - name: test-ocsp-rsa-valid-cert-server-does-not-staple-delegate-responder tags: ["ocsp"] commands: - - func: run-valid-ocsp-server-delegate-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "valid-delegate" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - func: run-ocsp-test @@ -1480,10 +1396,11 @@ tasks: - name: test-ocsp-rsa-invalid-cert-server-does-not-staple-delegate-responder tags: ["ocsp"] commands: - - func: run-revoked-ocsp-server-delegate-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "revoked-delegate" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - func: run-ocsp-test @@ -1494,10 +1411,11 @@ tasks: - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple-delegate-responder tags: ["ocsp"] commands: - - func: run-revoked-ocsp-server-delegate-responder + - func: run-ocsp-responder vars: OCSP_ALGORITHM: "rsa" - - func: ocsp-bootstrap-mongo-orchestration + SERVER_TYPE: "revoked-delegate" + - func: bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - func: run-ocsp-test @@ -1543,170 +1461,6 @@ tasks: TEST_LAMBDA_DIRECTORY: ${PROJECT_DIRECTORY}/tests/FaasTests/LambdaTests AWS_REGION: us-east-1 - # ECDSA tests - # Disabled until https://jira.mongodb.org/browse/SPEC-1589 is resolved - # - name: test-ocsp-ecdsa-valid-cert-server-staples-ca-responder - # tags: ["ocsp"] - # commands: - # - func: run-valid-ocsp-server-ca-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "true" - - # - name: test-ocsp-ecdsa-invalid-cert-server-staples-ca-responder - # tags: ["ocsp"] - # commands: - # - func: run-revoked-ocsp-server-ca-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" - - # - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple-ca-responder - # tags: ["ocsp"] - # commands: - # - func: run-valid-ocsp-server-ca-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "true" - - # - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple-ca-responder - # tags: ["ocsp"] - # commands: - # - func: run-revoked-ocsp-server-ca-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" - - # - name: test-ocsp-ecdsa-soft-fail - # tags: ["ocsp"] - # commands: - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" # Spec mandates true but .NET on Windows hard fails in this case - - # - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple-ca-responder - # tags: ["ocsp"] - # commands: - # - func: run-revoked-ocsp-server-ca-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" - - # - name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple - # tags: ["ocsp"] - # commands: - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" - - # - name: test-ocsp-ecdsa-valid-cert-server-staples-delegate-responder - # tags: ["ocsp"] - # commands: - # - func: run-valid-ocsp-server-delegate-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "true" - - # - name: test-ocsp-ecdsa-invalid-cert-server-staples-delegate-responder - # tags: ["ocsp"] - # commands: - # - func: run-revoked-ocsp-server-delegate-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" - - # - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple-delegate-responder - # tags: ["ocsp"] - # commands: - # - func: run-valid-ocsp-server-delegate-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "true" - - # - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple-delegate-responder - # tags: ["ocsp"] - # commands: - # - func: run-revoked-ocsp-server-delegate-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" - - # - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple-delegate-responder - # tags: ["ocsp"] - # commands: - # - func: run-revoked-ocsp-server-delegate-responder - # vars: - # OCSP_ALGORITHM: "ecdsa" - # - func: ocsp-bootstrap-mongo-orchestration - # vars: - # ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - # - func: run-ocsp-test - # vars: - # OCSP_ALGORITHM: "ecdsa" - # OCSP_TLS_SHOULD_SUCCEED: "false" - - name: test-csfle-with-azure-kms commands: - command: shell.exec diff --git a/evergreen/prepare-ocsp.sh b/evergreen/prepare-ocsp.sh deleted file mode 100755 index 0c814b44890..00000000000 --- a/evergreen/prepare-ocsp.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -set -o xtrace # Write all commands first to stderr -set -o errexit # Exit the script with an error if any of the commands fail - -cd ${DRIVERS_TOOLS}/.evergreen/ocsp - -echo "Preparing Python env for OCSP tests" - -if [ "Windows_NT" = "$OS" ]; then # Magic variable in cygwin - /cygdrive/c/python/python38/python.exe -m venv ./venv - ./venv/Scripts/pip3 install -r ${DRIVERS_TOOLS}/.evergreen/ocsp/mock-ocsp-responder-requirements.txt -else - echo "$0 needs to be updated to run on non-Windows platforms" - # Need to ensure on Linux python is installed in the correct place and visible to the script. - # https://jira.mongodb.org/browse/CSHARP-3255 - # /opt/python/2.7/bin/python -m venv ./venv - # ./venv/Scripts/pip3 install -r ${DRIVERS_TOOLS}/.evergreen/ocsp/mock-ocsp-responder-requirements.txt -fi