CDRIVER-4272: Add options and code to load the csfle dynamic library #968
Conversation
vector-of-bool
force-pushed
the
adopt-csfle
branch
from
5f9d09a to
a334c4e
Compare
…processes if possible
…ions. This is discovered because the mongocryptd spawner will cause the atexit() code to run from the csfle library loaded in the process.
…-encryption Refer: [DRIVERS-2287]
|
@kevinAlbs I've found that I need to add an option for a test to completely disable |
| @@ -123,6 +123,9 @@ | |||
| "autoEncryptOpts": { | |||
| "kmsProviders": { | |||
| "aws": {} | |||
| }, | |||
| "extra": { | |||
| "__csfleDisabled": true | |||
There was a problem hiding this comment.
Confirming, has the spec test this test file corresponds to been updated in the spec repo? If not, this test might not belong under the json directory.
There was a problem hiding this comment.
True. This is somewhat experimenting on how to "disable" csfle for testing. We don't want to publish an "official" way to disable csfle, but this spec test also changed behavior depending on whether csfle is present. It's a catch-22.
There was a problem hiding this comment.
I think it is fine to include the field in spec tests so long as it is clearly documented as for testing purposes only. However, if the specification repo will not be updated to match proposed test file contents, I would like the __csfleDisabled test to be moved out of the json directory and tested as a prose test instead.
There was a problem hiding this comment.
This test failing may be a bug in csfle. csfle and mongocryptd should have the same output(slack thread for reference).
| @@ -123,6 +123,9 @@ | |||
| "autoEncryptOpts": { | |||
| "kmsProviders": { | |||
| "aws": {} | |||
| }, | |||
| "extra": { | |||
| "__csfleDisabled": true | |||
There was a problem hiding this comment.
I think it is fine to include the field in spec tests so long as it is clearly documented as for testing purposes only. However, if the specification repo will not be updated to match proposed test file contents, I would like the __csfleDisabled test to be moved out of the json directory and tested as a prose test instead.
| @@ -123,6 +123,9 @@ | |||
| "autoEncryptOpts": { | |||
| "kmsProviders": { | |||
| "aws": {} | |||
| }, | |||
| "extra": { | |||
| "__csfleDisabled": true | |||
There was a problem hiding this comment.
This test failing may be a bug in csfle. csfle and mongocryptd should have the same output(slack thread for reference).
| "]", | ||
| "mongocryptdURI", | ||
| "mongodb://localhost:27021/?serverSelectionTimeoutMS=1000", | ||
| "__csfleDisabled", |
There was a problem hiding this comment.
All drivers will need a solution to skip this prose test when running with csfle. I prefer not adding a hidden option to the API. I think it adds small risk that users rely on it.
I suggest only run this test if the test runner expects to use csfle. That could be passed through an environment variable. There is precedence: (e.g. MONGOC_TEST_IS_SERVERLESS, MONGOC_TEST_LOADBALANCED.
This is an initial basic implementation of the
csfleoptions from the new CSE spec changes to support the dynamic library. This also adds mlib as a support library, which now requires some C99 support.TODO: A a testing scenario that injects the
csflelibrary. Ensure tests do not load acsflefrom the system, only from the isolated test copy or relies on mongocrypd.