From a0a937c435fdcc267675f2fda150b4814c979512 Mon Sep 17 00:00:00 2001 From: Kevin Albertson Date: Mon, 28 Apr 2025 15:05:56 -0400 Subject: [PATCH 1/3] use "kmip" with bad port in CSE prose test 7 case 4 Intended to fix observed timeout connecting to AWS with an incorrect port. Connecting to `localhost:12345` is intended to fail immediately. --- source/client-side-encryption/tests/README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/source/client-side-encryption/tests/README.md b/source/client-side-encryption/tests/README.md index 41865e91fa..64ae85ce88 100644 --- a/source/client-side-encryption/tests/README.md +++ b/source/client-side-encryption/tests/README.md @@ -866,13 +866,12 @@ The method of passing TLS options for KMIP TLS connections is driver dependent. Expect this to succeed. Use the returned UUID of the key to explicitly encrypt and decrypt the string "test" to validate it works. -4. Call `client_encryption.createDataKey()` with "aws" as the provider and the following masterKey: +4. Call `client_encryption.createDataKey()` with "kmip" as the provider and the following masterKey: ```javascript { - region: "us-east-1", - key: "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", - endpoint: "kms.us-east-1.amazonaws.com:12345" + "keyId": "1", + "endpoint": "localhost:12345" } ``` From 05d7c28049d4738ef1a1886eea858db0a29525d0 Mon Sep 17 00:00:00 2001 From: Kevin Albertson Date: Mon, 28 Apr 2025 15:07:06 -0400 Subject: [PATCH 2/3] use `.invalid` instead of `.local` for custom endpoint tests Intended to fix observed timeouts. `.invalid` is expected to fail to resolve immediately. --- source/client-side-encryption/tests/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/client-side-encryption/tests/README.md b/source/client-side-encryption/tests/README.md index 64ae85ce88..b646c0dd19 100644 --- a/source/client-side-encryption/tests/README.md +++ b/source/client-side-encryption/tests/README.md @@ -811,7 +811,7 @@ Configure with KMS providers as follows: "endpoint": "doesnotexist.invalid:443" }, "kmip": { - "endpoint": "doesnotexist.local:5698" + "endpoint": "doesnotexist.invalid:5698" } } ``` @@ -960,7 +960,7 @@ The method of passing TLS options for KMIP TLS connections is driver dependent. validate it works. Call `client_encryption_invalid.createDataKey()` with the same masterKey. Expect this to fail with a network - exception indicating failure to resolve "doesnotexist.local". + exception indicating failure to resolve "doesnotexist.invalid". 11. Call `client_encryption.createDataKey()` with "kmip" as the provider and the following masterKey: @@ -979,11 +979,11 @@ The method of passing TLS options for KMIP TLS connections is driver dependent. ```javascript { "keyId": "1", - "endpoint": "doesnotexist.local:5698" + "endpoint": "doesnotexist.invalid:5698" } ``` - Expect this to fail with a network exception indicating failure to resolve "doesnotexist.local". + Expect this to fail with a network exception indicating failure to resolve "doesnotexist.invalid". ### 8. Bypass Spawning mongocryptd From bbf4f0a8889126cf4de6b3582907d0a0877585e6 Mon Sep 17 00:00:00 2001 From: Kevin Albertson Date: Mon, 28 Apr 2025 15:08:00 -0400 Subject: [PATCH 3/3] use `.invalid` in TLS options tests Not necessary to change since the URIs are not expected to be used. An error is expected earlier when connecting to the oauth endpoint. But the URIs are updated for consistency. --- source/client-side-encryption/tests/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/client-side-encryption/tests/README.md b/source/client-side-encryption/tests/README.md index b646c0dd19..67f8748f65 100644 --- a/source/client-side-encryption/tests/README.md +++ b/source/client-side-encryption/tests/README.md @@ -1745,7 +1745,7 @@ Expect an error indicating TLS handshake failed due to an invalid hostname. Call `client_encryption_no_client_cert.createDataKey()` with "azure" as the provider and the following masterKey: ```javascript -{ 'keyVaultEndpoint': 'doesnotexist.local', 'keyName': 'foo' } +{ 'keyVaultEndpoint': 'doesnotexist.invalid', 'keyName': 'foo' } ``` Expect an error indicating TLS handshake failed. @@ -1857,7 +1857,7 @@ Call `client_encryption_with_names.createDataKey()` with "azure:no_client_cert" masterKey: ```javascript -{ 'keyVaultEndpoint': 'doesnotexist.local', 'keyName': 'foo' } +{ 'keyVaultEndpoint': 'doesnotexist.invalid', 'keyName': 'foo' } ``` Expect an error indicating TLS handshake failed.