RUBY-1824 Run "Local TLS" tests in Evergreen (#1370)

p-mongo · p · commit c771ba13ec58 · 2019-06-12T19:05:26.000-04:00
diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml
@@ -347,6 +347,16 @@ functions:
           ${PREPARE_SHELL}
           MONGODB_URI="${MONGODB_URI}" .evergreen/run-tests.sh
 
+  "run local tls tests":
+    - command: shell.exec
+      type: test
+      params:
+        shell: bash
+        working_dir: "src"
+        script: |
+          ${PREPARE_SHELL}
+          MONGODB_URI="${MONGODB_URI}" .evergreen/run-local-tls-tests.sh
+
   "run enterprise auth tests":
     - command: shell.exec
       type: test
@@ -370,7 +380,7 @@ functions:
 
             ENTERPRISE_AUTH_TESTS=1 IP_ADDR=$IP_ADDR SASL_HOST=${sasl_host} SASL_PORT=${sasl_port} SASL_USER=${sasl_user} SASL_PASS=${sasl_pass} SASL_DB=${sasl_db} PRINCIPAL=${principal} KERBEROS_DB=${kerberos_db} KEYTAB_BASE64=${keytab_base64} PROJECT_DIRECTORY=${PROJECT_DIRECTORY} RVM_RUBY="${RVM_RUBY}" ${PROJECT_DIRECTORY}/.evergreen/run-enterprise-auth-tests.sh
 
-  "cleanup":
+  "cleanup mo":
     - command: shell.exec
       params:
         script: |
@@ -383,8 +393,20 @@ functions:
             . venv/Scripts/activate
           fi
           mongo-orchestration stop
-          cd -
-          rm -rf $DRIVERS_TOOLS || true
+
+  "cleanup mo if running":
+    - command: shell.exec
+      params:
+        script: |
+          ${PREPARE_SHELL}
+          cd "$MONGO_ORCHESTRATION_HOME"
+          # source the mongo-orchestration virtualenv if it exists
+          if [ -f venv/bin/activate ]; then
+            . venv/bin/activate
+          elif [ -f venv/Scripts/activate ]; then
+            . venv/Scripts/activate
+          fi
+          mongo-orchestration stop || true
 
   "fix absolute paths":
     - command: shell.exec
@@ -422,13 +444,13 @@ functions:
           echo '{"results": [{ "status": "FAIL", "test_file": "Build", "log_raw": "No test-results.json found was created"  } ]}' > ${PROJECT_DIRECTORY}/test-results.json
 
   "install dependencies":
-    type: test
-    params:
-      working_dir: "src"
-      script: |
-        ${PREPARE_SHELL}
-        file="${PROJECT_DIRECTORY}/.evergreen/install-dependencies.sh"
-        [ -f ${file} ] && sh ${file} || echo "${file} not available, skipping"
+    - command: shell.exec
+      params:
+        working_dir: "src"
+        script: |
+          ${PREPARE_SHELL}
+          file="${PROJECT_DIRECTORY}/.evergreen/install-dependencies.sh"
+          [ -f $file ] && sh $file || echo "$file not available, skipping"
 
 pre:
   - func: "fetch source"
@@ -445,7 +467,7 @@ post:
   - func: "upload mo artifacts"
   #- func: "upload test results"
   - func: "upload test results to s3"
-  - func: "cleanup"
+  - func: "cleanup mo if running"
 
 tasks:
 
@@ -464,6 +486,10 @@ tasks:
       commands:
         - func: "bootstrap mongo-orchestration"
         - func: "run tests"
+        #- func: "cleanup mo"
+    - name: "local-tls-tests"
+      commands:
+        - func: "run local tls tests"
     - name: "enterprise-auth-tests"
       commands:
         - func: "run enterprise auth tests"
@@ -825,6 +851,19 @@ buildvariants:
   tasks:
     - name: "test"
 
+-
+  matrix_name: "local-tls"
+  matrix_spec:
+    # No JRuby due to https://jira.mongodb.org/browse/RUBY-1830
+    ruby: ["ruby-2.6", "ruby-1.9"]
+    mongodb-version: '4.0'
+    topology: standalone
+  display_name: "Local TLS ${ruby}"
+  run_on:
+    - ubuntu1404-test
+  tasks:
+    - name: "local-tls-tests"
+
 -
   matrix_name: "enterprise-auth-tests-ubuntu"
   matrix_spec:
diff --git a/.evergreen/functions.sh b/.evergreen/functions.sh
@@ -151,3 +151,22 @@ kill_jruby() {
     for pid in $(ps -ef | grep "jruby" | grep -v grep | awk '{print $2}'); do kill -9 $pid; done
   fi
 }
+
+prepare_server() {
+  arch=$1
+  version=$2
+  
+  url=http://downloads.10gen.com/linux/mongodb-linux-x86_64-enterprise-$arch-$version.tgz
+  mongodb_dir="$MONGO_ORCHESTRATION_HOME"/mdb
+  mkdir -p "$mongodb_dir"
+  curl $url |tar xz -C "$mongodb_dir" -f -
+  BINDIR="$mongodb_dir"/`basename $url |sed -e s/.tgz//`/bin
+  export PATH="$BINDIR":$PATH
+}
+
+install_mlaunch() {
+  pythonpath="$MONGO_ORCHESTRATION_HOME"/python
+  pip install -t "$pythonpath" 'mtools[mlaunch]'
+  export PATH="$pythonpath/bin":$PATH
+  export PYTHONPATH="$pythonpath"
+}
diff --git a/.evergreen/install-dependencies.sh b/.evergreen/install-dependencies.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -o xtrace   # Write all commands first to stderr
+set -o errexit  # Exit the script with error if any of the commands fail
+
+# Inspiration:
+# https://github.com/mongodb/mongo-python-driver/blob/3.8.0/.evergreen/install-dependencies.sh#L5-L9
+
+# Copy our test certificates over driver-evergreen-tools
+cp ${PROJECT_DIRECTORY}/spec/support/certificates/client.crt \
+  ${DRIVERS_TOOLS}/.evergreen/x509gen/client-public.pem
+cp ${PROJECT_DIRECTORY}/spec/support/certificates/client.key \
+  ${DRIVERS_TOOLS}/.evergreen/x509gen/client-private.pem
+cp ${PROJECT_DIRECTORY}/spec/support/certificates/ca.crt \
+  ${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem
+cp ${PROJECT_DIRECTORY}/spec/support/certificates/server-second-level-bundle.pem \
+  ${DRIVERS_TOOLS}/.evergreen/x509gen/server.pem
+
+# Replace MongoOrchestration's client certificate.
+cp ${PROJECT_DIRECTORY}/spec/support/certificates/client.pem \
+  ${MONGO_ORCHESTRATION_HOME}/lib/client.pem
diff --git a/.evergreen/run-local-tls-tests.sh b/.evergreen/run-local-tls-tests.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+set -o xtrace   # Write all commands first to stderr
+set -o errexit  # Exit the script with error if any of the commands fail
+
+# Supported/used environment variables:
+#       AUTH                    Set to enable authentication. Values are: "auth" / "noauth" (default)
+#       SSL                     Set to enable SSL. Values are "ssl" / "nossl" (default)
+#       MONGODB_URI             Set the suggested connection MONGODB_URI (including credentials and topology info)
+#       TOPOLOGY                Allows you to modify variables and the MONGODB_URI based on test topology
+#                               Supported values: "server", "replica_set", "sharded_cluster"
+#       RVM_RUBY                Define the Ruby version to test with, using its RVM identifier.
+#                               For example: "ruby-2.3" or "jruby-9.1"
+#       DRIVER_TOOLS            Path to driver tools.
+
+. `dirname "$0"`/functions.sh
+
+set_fcv
+set_env_vars
+
+setup_ruby
+
+install_deps
+
+arch=ubuntu1404
+version=4.0.9
+prepare_server $arch $version
+
+install_mlaunch
+
+# Launching mongod under $MONGO_ORCHESTRATION_HOME
+# makes its long available through log collecting machinery
+
+export dbdir="$MONGO_ORCHESTRATION_HOME"/db
+mkdir -p "$dbdir"
+mlaunch --dir "$dbdir" --binarypath "$BINDIR" --single \
+  --sslMode requireSSL \
+  --sslPEMKeyFile spec/support/certificates/server-second-level-bundle.pem \
+  --sslCAFile spec/support/certificates/ca.crt \
+  --sslClientCertificate spec/support/certificates/client.pem
+
+echo "Running specs"
+export MONGODB_URI="mongodb://localhost:27017/?tls=true&serverSelectionTimeoutMS=30000&"\
+"tlsCAFile=spec/support/certificates/ca.crt&"\
+"tlsCertificateKeyFile=spec/support/certificates/client-second-level-bundle.pem"
+bundle exec rake spec:prepare
+
+export MONGODB_URI="mongodb://localhost:27017/?tls=true&"\
+"tlsCAFile=spec/support/certificates/ca.crt&"\
+"tlsCertificateKeyFile=spec/support/certificates/client-second-level-bundle.pem"
+bundle exec rspec spec/mongo/socket*
+test_status=$?
+echo "TEST STATUS"
+echo ${test_status}
+
+kill_jruby
+
+mlaunch stop --dir "$dbdir"
+
+exit ${test_status}
diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
@@ -18,11 +18,11 @@ set -o errexit  # Exit the script with error if any of the commands fail
 set_fcv
 set_env_vars
 
-export DRIVER_TOOLS_CLIENT_CERT_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/client-public.pem"
-export DRIVER_TOOLS_CLIENT_KEY_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/client-private.pem"
-export DRIVER_TOOLS_CLIENT_CERT_KEY_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
-export DRIVER_TOOLS_CA_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-export DRIVER_TOOLS_CLIENT_KEY_ENCRYPTED_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/password_protected.pem"
+#export DRIVER_TOOLS_CLIENT_CERT_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/client-public.pem"
+#export DRIVER_TOOLS_CLIENT_KEY_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/client-private.pem"
+#export DRIVER_TOOLS_CLIENT_CERT_KEY_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+#export DRIVER_TOOLS_CA_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+#export DRIVER_TOOLS_CLIENT_KEY_ENCRYPTED_PEM="${DRIVERS_TOOLS}/.evergreen/x509gen/password_protected.pem"
 
 setup_ruby
 
diff --git a/spec/integration/ssl_uri_options_spec.rb b/spec/integration/ssl_uri_options_spec.rb
@@ -1,10 +1,11 @@
 require 'spec_helper'
 
 describe 'SSL connections with URI options' do
-  # SpecConfig currently creates clients exclusively through non-URI options. Because we don't
-  # currently have a way to create what the URI would look like for a given client, it's simpler
-  # just to test the that TLS works when configured from a URI on a standalone server without auth
-  # required, since that allows us to build the URI more easily.
+  # SpecConfig currently creates clients exclusively through non-URI options.
+  # Because we don't currently have a way to create what the URI would look
+  # like for a given client, it's simpler just to test the that TLS works when
+  # configured from a URI on a standalone server without auth required, since
+  # that allows us to build the URI more easily.
   require_no_auth
   require_topology :single
   require_ssl
@@ -14,7 +15,7 @@
   end
 
   let(:uri) do
-    "mongodb://#{hosts}/?tls=true&tlsInsecure=true&tlsCertificateKeyFile=#{SpecConfig.instance.client_cert_key_pem}"
+    "mongodb://#{hosts}/?tls=true&tlsInsecure=true&tlsCertificateKeyFile=#{SpecConfig.instance.client_pem_path}"
   end
 
   it 'successfully connects and runs an operation' do
diff --git a/spec/lite_spec_helper.rb b/spec/lite_spec_helper.rb
@@ -18,22 +18,6 @@
 CHANGE_STREAMS_TESTS = Dir.glob("#{CURRENT_PATH}/spec_tests/data/change_streams/*.yml")
 CMAP_TESTS = Dir.glob("#{CURRENT_PATH}/spec_tests/data/cmap/*.yml")
 
-if ENV['DRIVERS_TOOLS']
-  CLIENT_CERT_PEM = ENV['DRIVER_TOOLS_CLIENT_CERT_PEM']
-  CLIENT_KEY_PEM = ENV['DRIVER_TOOLS_CLIENT_KEY_PEM']
-  CA_PEM = ENV['DRIVER_TOOLS_CA_PEM']
-  CLIENT_KEY_ENCRYPTED_PEM = ENV['DRIVER_TOOLS_CLIENT_KEY_ENCRYPTED_PEM']
-else
-  SSL_CERTS_DIR = "#{CURRENT_PATH}/support/certificates"
-  CLIENT_PEM = "#{SSL_CERTS_DIR}/client.pem"
-  CA_PEM = "#{SSL_CERTS_DIR}/ca.crt"
-  CRL_PEM = "#{SSL_CERTS_DIR}/crl.pem"
-  CLIENT_KEY_PEM = "#{SSL_CERTS_DIR}/client.key"
-  CLIENT_CERT_PEM = "#{SSL_CERTS_DIR}/client.crt"
-  CLIENT_KEY_ENCRYPTED_PEM = "#{SSL_CERTS_DIR}/client-encrypted.key"
-  CLIENT_KEY_PASSPHRASE = "passphrase"
-end
-
 require 'mongo'
 
 unless ENV['CI']
diff --git a/spec/mongo/client_construction_spec.rb b/spec/mongo/client_construction_spec.rb
@@ -318,23 +318,23 @@
 
         let(:options) do
           {
-              :ssl => true,
-              :ssl_ca_cert => CA_PEM,
-              :ssl_ca_cert_string => 'ca cert string',
-              :ssl_ca_cert_object => 'ca cert object',
-              :ssl_cert => CLIENT_CERT_PEM,
-              :ssl_cert_string => 'cert string',
-              :ssl_cert_object => 'cert object',
-              :ssl_key => CLIENT_KEY_PEM,
-              :ssl_key_string => 'key string',
-              :ssl_key_object => 'key object',
-              :ssl_key_pass_phrase => 'passphrase',
-              :ssl_verify => true
+            :ssl => true,
+            :ssl_ca_cert => SpecConfig.instance.ca_cert_path,
+            :ssl_ca_cert_string => 'ca cert string',
+            :ssl_ca_cert_object => 'ca cert object',
+            :ssl_cert => SpecConfig.instance.client_cert_path,
+            :ssl_cert_string => 'cert string',
+            :ssl_cert_object => 'cert object',
+            :ssl_key => SpecConfig.instance.client_key_path,
+            :ssl_key_string => 'key string',
+            :ssl_key_object => 'key object',
+            :ssl_key_pass_phrase => 'passphrase',
+            :ssl_verify => true
           }
         end
 
         let(:client) do
-          new_local_client_nmio(['127.0.0.1:27017'], SpecConfig.instance.test_options.merge(options))
+          new_local_client_nmio(['127.0.0.1:27017'], options)
         end
 
         it 'sets the ssl option' do
diff --git a/spec/mongo/socket/ssl_spec.rb b/spec/mongo/socket/ssl_spec.rb
diff --git a/spec/support/constraints.rb b/spec/support/constraints.rb
diff --git a/spec/support/spec_config.rb b/spec/support/spec_config.rb
