summaryrefslogtreecommitdiff
path: root/jstests/client_encrypt/fle_azure_faults.js
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/client_encrypt/fle_azure_faults.js')
-rw-r--r--jstests/client_encrypt/fle_azure_faults.js175
1 files changed, 0 insertions, 175 deletions
diff --git a/jstests/client_encrypt/fle_azure_faults.js b/jstests/client_encrypt/fle_azure_faults.js
deleted file mode 100644
index dfcf121844a..00000000000
--- a/jstests/client_encrypt/fle_azure_faults.js
+++ /dev/null
@@ -1,175 +0,0 @@
-/**
- * Verify the Azure KMS implementation can handle a buggy KMS.
- */
-
-load("jstests/client_encrypt/lib/mock_kms.js");
-load('jstests/ssl/libs/ssl_helpers.js');
-
-(function() {
-"use strict";
-
-const x509_options = {
- sslMode: "requireSSL",
- sslPEMKeyFile: SERVER_CERT,
- sslCAFile: CA_CERT
-};
-
-const mockKey = {
- keyName: "my_key",
- keyVaultEndpoint: "https://localhost:80",
-};
-
-const randomAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Random";
-
-const conn = MongoRunner.runMongod(x509_options);
-const test = conn.getDB("test");
-const collection = test.coll;
-
-function runKMS(mock_kms, func) {
- mock_kms.start();
-
- const azureKMS = {
- tenantId: "my_tentant",
- clientId: "access@mongodb.com",
- clientSecret: "secret",
- identityPlatformEndpoint: mock_kms.getURL(),
- };
-
- const clientSideFLEOptions = {
- kmsProviders: {
- azure: azureKMS,
- },
- keyVaultNamespace: "test.coll",
- schemaMap: {},
- };
-
- const shell = Mongo(conn.host, clientSideFLEOptions);
- const cleanCacheShell = Mongo(conn.host, clientSideFLEOptions);
-
- collection.drop();
-
- func(shell, cleanCacheShell);
-
- mock_kms.stop();
-}
-
-// OAuth faults must be tested first so a cached token cannot be used
-function testBadOAuthRequestResult() {
- const mock_kms = new MockKMSServerAzure(FAULT_OAUTH, false);
-
- runKMS(mock_kms, (shell) => {
- const keyVault = shell.getKeyVault();
-
- const error = assert.throws(() => keyVault.createKey("azure", mockKey, ["mongoKey"]));
- assert.eq(
- error,
- "Error: code 9: FailedToParse: Expecting '{': offset:0 of:Internal Error of some sort.");
- });
-}
-
-testBadOAuthRequestResult();
-
-function testBadOAuthRequestError() {
- const mock_kms = new MockKMSServerAzure(FAULT_OAUTH_CORRECT_FORMAT, false);
-
- runKMS(mock_kms, (shell) => {
- const keyVault = shell.getKeyVault();
-
- const error = assert.throws(() => keyVault.createKey("azure", mockKey, ["mongoKey"]));
- assert.commandFailedWithCode(error, [ErrorCodes.OperationFailed]);
- assert.eq(
- error,
- "Error: Failed to make oauth request: Azure OAuth Error : FAULT_OAUTH_CORRECT_FORMAT");
- });
-}
-
-testBadOAuthRequestError();
-
-function testBadEncryptResult() {
- const mock_kms = new MockKMSServerAzure(FAULT_ENCRYPT, false);
-
- runKMS(mock_kms, (shell) => {
- const keyVault = shell.getKeyVault();
- mockKey.keyVaultEndpoint = mock_kms.getEndpoint();
-
- assert.throws(() => keyVault.createKey("azure", mockKey, ["mongoKey"]));
- assert.eq(keyVault.getKeys("mongoKey").toArray().length, 0);
- });
-}
-
-testBadEncryptResult();
-
-function testBadEncryptError() {
- const mock_kms = new MockKMSServerAzure(FAULT_ENCRYPT_CORRECT_FORMAT, false);
-
- runKMS(mock_kms, (shell) => {
- const keyVault = shell.getKeyVault();
- mockKey.keyVaultEndpoint = mock_kms.getEndpoint();
-
- let error = assert.throws(() => keyVault.createKey("azure", mockKey, ["mongoKey"]));
- assert.commandFailedWithCode(error, [5265103]);
- });
-}
-
-testBadEncryptError();
-
-function testBadDecryptResult() {
- const mock_kms = new MockKMSServerAzure(FAULT_DECRYPT, false);
-
- runKMS(mock_kms, (shell) => {
- const keyVault = shell.getKeyVault();
- mockKey.keyVaultEndpoint = mock_kms.getEndpoint();
-
- const keyId = keyVault.createKey("azure", mockKey, ["mongoKey"]);
- const str = "mongo";
- assert.throws(() => {
- const encStr = shell.getClientEncryption().encrypt(keyId, str, randomAlgorithm);
- });
- });
-}
-
-testBadDecryptResult();
-
-function testBadDecryptKeyResult() {
- const mock_kms = new MockKMSServerAzure(FAULT_DECRYPT_WRONG_KEY, true);
-
- runKMS(mock_kms, (shell, cleanCacheShell) => {
- const keyVault = shell.getKeyVault();
- mockKey.keyVaultEndpoint = mock_kms.getEndpoint();
-
- keyVault.createKey("azure", mockKey, ["mongoKey"]);
- const keyId = keyVault.getKeys("mongoKey").toArray()[0]._id;
- const str = "mongo";
- const encStr = shell.getClientEncryption().encrypt(keyId, str, randomAlgorithm);
-
- mock_kms.enableFaults();
-
- assert.throws(() => {
- let str = cleanCacheShell.decrypt(encStr);
- });
- });
-}
-
-testBadDecryptKeyResult();
-
-function testBadDecryptError() {
- const mock_kms = new MockKMSServerAzure(FAULT_DECRYPT_CORRECT_FORMAT, false);
-
- runKMS(mock_kms, (shell) => {
- const keyVault = shell.getKeyVault();
- mockKey.keyVaultEndpoint = mock_kms.getEndpoint();
-
- keyVault.createKey("azure", mockKey, ["mongoKey"]);
- const keyId = keyVault.getKeys("mongoKey").toArray()[0]._id;
- const str = "mongo";
- let error = assert.throws(() => {
- const encStr = shell.getClientEncryption().encrypt(keyId, str, randomAlgorithm);
- });
- assert.commandFailedWithCode(error, [5265103]);
- });
-}
-
-testBadDecryptError();
-
-MongoRunner.stopMongod(conn);
-})();
View Lorry Controller Status