Update mock KMS server ports to avoid load balancer test conflicts (#1099)

Author: eramongodb

.evergreen/config.yml

@@ -783,10 +783,10 @@ functions:
         echo "Starting mock KMS servers..."
         cd ./drivers-evergreen-tools/.evergreen/csfle
         . ./activate_venv.sh
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 7999 &
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/expired.pem --port 8000 &
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/wrong-host.pem --port 8001 &
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 8002 --require_client_cert &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 8999 &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/expired.pem --port 9000 &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/wrong-host.pem --port 9001 &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --require_client_cert --port 9002 &
         python -u kms_kmip_server.py &
         echo "Starting mock KMS servers... done."
   start load balancer:

.evergreen/run-tests.sh

@@ -104,10 +104,10 @@ if [ "$CLIENT_SIDE_ENCRYPTION" = "on" ]; then
       echo "Could not detect mock KMS server on port $1"
       return 1
    }
-   wait_for_kms_server 7999
-   wait_for_kms_server 8000
-   wait_for_kms_server 8001
-   wait_for_kms_server 8002
+   wait_for_kms_server 8999
+   wait_for_kms_server 9000
+   wait_for_kms_server 9001
+   wait_for_kms_server 9002
    wait_for_kms_server 5698
    echo "Waiting for mock KMS servers to start... done."
    if ! test -d /cygdrive/c; then
@@ -164,4 +164,3 @@ case "$OS" in
 
       ;;
 esac
-

CONTRIBUTING.md

@@ -263,10 +263,10 @@ The set of mock KMS servers running in the background and their corresponding in
 
 | Port | CA File | Cert File | Command |
 | --- | --- | --- | --- |
-| 7999 | ca.pem | server.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 7999
-| 8000 | ca.pem | expired.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/expired.pem --port 8000
-| 8001 | ca.pem | wrong-host.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/wrong-host.pem --port 8001
-| 8002 | ca.pem | server.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 8002 --require_client_cert
+| 8999 | ca.pem | server.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 8999
+| 9000 | ca.pem | expired.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/expired.pem --port 9000
+| 9001 | ca.pem | wrong-host.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/wrong-host.pem --port 9001
+| 9002 | ca.pem | server.pem | python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port --require_client_cert 9002
 | 5698 | ca.pem | server.pem | python -u kms_kmip_server.py
 
 The path to `ca.pem` and `client.pem` must be passed through the following environment variables:

build/evergreen_config_lib/functions.py

@@ -567,10 +567,10 @@
         echo "Starting mock KMS servers..."
         cd ./drivers-evergreen-tools/.evergreen/csfle
         . ./activate_venv.sh
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 7999 &
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/expired.pem --port 8000 &
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/wrong-host.pem --port 8001 &
-        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 8002 --require_client_cert &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --port 8999 &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/expired.pem --port 9000 &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/wrong-host.pem --port 9001 &
+        python -u kms_http_server.py --ca_file ../x509gen/ca.pem --cert_file ../x509gen/server.pem --require_client_cert --port 9002 &
         python -u kms_kmip_server.py &
         echo "Starting mock KMS servers... done."
         ''', test=False, background=True),

src/libmongoc/tests/test-mongoc-client-side-encryption.c

@@ -2823,13 +2823,13 @@ test_kms_tls_cert_valid (void *unused)
 
 #if defined(MONGOC_ENABLE_SSL_SECURE_CHANNEL)
    /* Certificate verification fails with Secure Channel given
-    * "127.0.0.1:7999" with error: "hostname doesn't match certificate". */
+    * "127.0.0.1:8999" with error: "hostname doesn't match certificate". */
    ASSERT_OR_PRINT (
-      _mongoc_host_list_from_string_with_err (&host, "localhost:7999", &error),
+      _mongoc_host_list_from_string_with_err (&host, "localhost:8999", &error),
       error);
 #else
    ASSERT_OR_PRINT (
-      _mongoc_host_list_from_string_with_err (&host, "127.0.0.1:7999", &error),
+      _mongoc_host_list_from_string_with_err (&host, "127.0.0.1:8999", &error),
       error);
 #endif
 
@@ -2878,7 +2878,7 @@ test_kms_tls_cert_expired (void *unused)
       tmp_bson ("{ 'region': 'us-east-1', 'key': "
                 "'arn:aws:kms:us-east-1:579766882180:key/"
                 "89fcc2c4-08b0-4bd9-9f25-e30687b580d0', "
-                "'endpoint': '127.0.0.1:8000' }"));
+                "'endpoint': '127.0.0.1:9000' }"));
 
    ret = mongoc_client_encryption_create_datakey (
       client_encryption, "aws", opts, &keyid, &error);
@@ -2926,7 +2926,7 @@ test_kms_tls_cert_wrong_host (void *unused)
       tmp_bson ("{ 'region': 'us-east-1', 'key': "
                 "'arn:aws:kms:us-east-1:579766882180:key/"
                 "89fcc2c4-08b0-4bd9-9f25-e30687b580d0', "
-                "'endpoint': '127.0.0.1:8001' }"));
+                "'endpoint': '127.0.0.1:9001' }"));
 
    ret = mongoc_client_encryption_create_datakey (
       client_encryption, "aws", opts, &keyid, &error);
@@ -2997,7 +2997,7 @@ _tls_test_make_client_encryption (mongoc_client_t *keyvault_client,
       bson_concat (kms_providers,
                    tmp_bson ("{'azure': {'tenantId': '%s', 'clientId': '%s', "
                              "'clientSecret': '%s', "
-                             "'identityPlatformEndpoint': '127.0.0.1:8002' }}",
+                             "'identityPlatformEndpoint': '127.0.0.1:9002' }}",
                              mongoc_test_azure_tenant_id,
                              mongoc_test_azure_client_id,
                              mongoc_test_azure_client_secret));
@@ -3010,7 +3010,7 @@ _tls_test_make_client_encryption (mongoc_client_t *keyvault_client,
 
       bson_concat (kms_providers,
                    tmp_bson ("{'gcp': { 'email': '%s', 'privateKey': '%s', "
-                             "'endpoint': '127.0.0.1:8002' }}",
+                             "'endpoint': '127.0.0.1:9002' }}",
                              mongoc_test_gcp_email,
                              mongoc_test_gcp_privatekey));
       bson_concat (
@@ -3036,13 +3036,13 @@ _tls_test_make_client_encryption (mongoc_client_t *keyvault_client,
       bson_concat (kms_providers,
                    tmp_bson ("{'azure': {'tenantId': '%s', 'clientId': '%s', "
                              "'clientSecret': '%s', "
-                             "'identityPlatformEndpoint': '127.0.0.1:8002'}}",
+                             "'identityPlatformEndpoint': '127.0.0.1:9002'}}",
                              mongoc_test_azure_tenant_id,
                              mongoc_test_azure_client_id,
                              mongoc_test_azure_client_secret));
       bson_concat (kms_providers,
                    tmp_bson ("{'gcp': { 'email': '%s', 'privateKey': '%s', "
-                             "'endpoint': '127.0.0.1:8002'}}",
+                             "'endpoint': '127.0.0.1:9002'}}",
                              mongoc_test_gcp_email,
                              mongoc_test_gcp_privatekey));
       bson_concat (kms_providers,
@@ -3057,7 +3057,7 @@ _tls_test_make_client_encryption (mongoc_client_t *keyvault_client,
       bson_concat (kms_providers,
                    tmp_bson ("{'azure': {'tenantId': '%s', 'clientId': '%s', "
                              "'clientSecret': '%s', "
-                             "'identityPlatformEndpoint': '127.0.0.1:8000'}}",
+                             "'identityPlatformEndpoint': '127.0.0.1:9000'}}",
                              mongoc_test_azure_tenant_id,
                              mongoc_test_azure_client_id,
                              mongoc_test_azure_client_secret));
@@ -3066,14 +3066,14 @@ _tls_test_make_client_encryption (mongoc_client_t *keyvault_client,
 
       bson_concat (kms_providers,
                    tmp_bson ("{'gcp': { 'email': '%s', 'privateKey': '%s', "
-                             "'endpoint': '127.0.0.1:8000'}}",
+                             "'endpoint': '127.0.0.1:9000'}}",
                              mongoc_test_gcp_email,
                              mongoc_test_gcp_privatekey));
       bson_concat (tls_opts,
                    tmp_bson ("{'gcp': {'tlsCaFile': '%s'} }", ca_file));
 
       bson_concat (kms_providers,
-                   tmp_bson ("{'kmip': { 'endpoint': '127.0.0.1:8000' }}"));
+                   tmp_bson ("{'kmip': { 'endpoint': '127.0.0.1:9000' }}"));
       bson_concat (tls_opts,
                    tmp_bson ("{'kmip': {'tlsCaFile': '%s'} }", ca_file));
    } else if (test_ce == INVALID_HOSTNAME) {
@@ -3086,7 +3086,7 @@ _tls_test_make_client_encryption (mongoc_client_t *keyvault_client,
       bson_concat (kms_providers,
                    tmp_bson ("{'azure': {'tenantId': '%s', 'clientId': '%s', "
                              "'clientSecret': '%s', "
-                             "'identityPlatformEndpoint': '127.0.0.1:8001' }}",
+                             "'identityPlatformEndpoint': '127.0.0.1:9001' }}",
                              mongoc_test_azure_tenant_id,
                              mongoc_test_azure_client_id,
                              mongoc_test_azure_client_secret));
@@ -3095,14 +3095,14 @@ _tls_test_make_client_encryption (mongoc_client_t *keyvault_client,
 
       bson_concat (kms_providers,
                    tmp_bson ("{'gcp': { 'email': '%s', 'privateKey': '%s', "
-                             "'endpoint': '127.0.0.1:8001' }}",
+                             "'endpoint': '127.0.0.1:9001' }}",
                              mongoc_test_gcp_email,
                              mongoc_test_gcp_privatekey));
       bson_concat (tls_opts,
                    tmp_bson ("{'gcp': {'tlsCaFile': '%s'} }", ca_file));
 
       bson_concat (kms_providers,
-                   tmp_bson ("{'kmip': { 'endpoint': '127.0.0.1:8001' }}"));
+                   tmp_bson ("{'kmip': { 'endpoint': '127.0.0.1:9001' }}"));
       bson_concat (tls_opts,
                    tmp_bson ("{'kmip': {'tlsCaFile': '%s'} }", ca_file));
    } else {
@@ -3205,7 +3205,7 @@ test_kms_tls_options (void *unused)
       tmp_bson ("{ 'region': 'us-east-1', 'key': "
                 "'arn:aws:kms:us-east-1:579766882180:key/"
                 "89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'endpoint': "
-                "'127.0.0.1:8002' }"));
+                "'127.0.0.1:9002' }"));
    res = mongoc_client_encryption_create_datakey (
       client_encryption_no_client_cert, "aws", dkopts, &keyid, &error);
    ASSERT_ERROR_CONTAINS (
@@ -3221,7 +3221,7 @@ test_kms_tls_options (void *unused)
       tmp_bson ("{ 'region': 'us-east-1', 'key': "
                 "'arn:aws:kms:us-east-1:579766882180:key/"
                 "89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'endpoint': "
-                "'127.0.0.1:8002' }"));
+                "'127.0.0.1:9002' }"));
    res = mongoc_client_encryption_create_datakey (
       client_encryption_with_tls, "aws", dkopts, &keyid, &error);
    ASSERT_ERROR_CONTAINS (error,
@@ -3239,7 +3239,7 @@ test_kms_tls_options (void *unused)
       tmp_bson ("{ 'region': 'us-east-1', 'key': "
                 "'arn:aws:kms:us-east-1:579766882180:key/"
                 "89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'endpoint': "
-                "'127.0.0.1:8000' }"));
+                "'127.0.0.1:9000' }"));
    res = mongoc_client_encryption_create_datakey (
       client_encryption_expired, "aws", dkopts, &keyid, &error);
    ASSERT_EXPIRED (error);
@@ -3254,7 +3254,7 @@ test_kms_tls_options (void *unused)
       tmp_bson ("{ 'region': 'us-east-1', 'key': "
                 "'arn:aws:kms:us-east-1:579766882180:key/"
                 "89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'endpoint': "
-                "'127.0.0.1:8001' }"));
+                "'127.0.0.1:9001' }"));
    res = mongoc_client_encryption_create_datakey (
       client_encryption_invalid_hostname, "aws", dkopts, &keyid, &error);
    ASSERT_INVALID_HOSTNAME (error);