fail loudly & avoid uppercased values in settings

Author: aclark4life

.evergreen/config.yml

@@ -140,12 +140,22 @@ buildvariants:
     tasks:
       - name: run-tests
 
-  - name: tests-8-qe
-    display_name: Run Tests 8.2 QE
+  - name: tests-8-qe-local
+    display_name: Run Tests 8.2 QE local KMS
     run_on: rhel87-small
     expansions:
       MONGODB_VERSION: "8.2"
       TOPOLOGY: replica_set
-      DJANGO_SETTINGS_MODULE: "encrypted_settings"
+      DJANGO_SETTINGS_MODULE: "local_kms_encrypted_settings"
+    tasks:
+      - name: run-encryption-tests
+
+  - name: tests-8-qe-aws
+    display_name: Run Tests 8.2 QE aws KMS
+    run_on: rhel87-small
+    expansions:
+      MONGODB_VERSION: "8.2"
+      TOPOLOGY: replica_set
+      DJANGO_SETTINGS_MODULE: "aws_kms_encrypted_settings"
     tasks:
       - name: run-encryption-tests

.github/workflows/aws_kms_encrypted_settings.py

@@ -0,0 +1,26 @@
+from local_kms_encrypted_settings import *  # noqa: F403
+
+DATABASES["encrypted"] = {  # noqa: F405
+    "ENGINE": "django_mongodb_backend",
+    "NAME": "djangotests_encrypted",
+    "OPTIONS": {
+        "auto_encryption_opts": AutoEncryptionOpts(  # noqa: F405
+            key_vault_namespace="djangotests_encrypted.__keyVault",
+            kms_providers={
+                "aws": {
+                    "accessKeyId": os.environ.get("FLE_AWS_KEY"),  # noqa: F405
+                    "secretAccessKey": os.environ.get("FLE_AWS_SECRET"),  # noqa: F405
+                }
+            },
+            crypt_shared_lib_path=os.environ["CRYPT_SHARED_LIB_PATH"],  # noqa: F405
+            crypt_shared_lib_required=True,
+        ),
+        "directConnection": True,
+    },
+    "KMS_CREDENTIALS": {
+        "aws": {
+            "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
+            "region": "us-east-1",
+        }
+    },
+}

.github/workflows/encrypted_settings.py …orkflows/local_kms_encrypted_settings.py.github/workflows/encrypted_settings.py renamed to .github/workflows/local_kms_encrypted_settings.py .github/workflows/encrypted_settings.py renamed to .github/workflows/local_kms_encrypted_settings.py

@@ -7,38 +7,18 @@
 
 os.environ["LD_LIBRARY_PATH"] = str(Path(os.environ["CRYPT_SHARED_LIB_PATH"]).parent)
 
-AWS_CREDS = {
-    "accessKeyId": os.environ.get("FLE_AWS_KEY", ""),
-    "secretAccessKey": os.environ.get("FLE_AWS_SECRET", ""),
-}
-
-_USE_AWS_KMS = any(AWS_CREDS.values())
-
-if _USE_AWS_KMS:
-    _AWS_REGION = os.environ.get("FLE_AWS_KMS_REGION", "us-east-1")
-    _AWS_KEY_ARN = os.environ.get(
-        "FLE_AWS_KMS_KEY_ARN",
-        "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
-    )
-    KMS_PROVIDERS = {"aws": AWS_CREDS}
-    KMS_CREDENTIALS = {"aws": {"key": _AWS_KEY_ARN, "region": _AWS_REGION}}
-else:
-    KMS_PROVIDERS = {"local": {"key": os.urandom(96)}}
-    KMS_CREDENTIALS = {"local": {}}
-
 DATABASES["encrypted"] = {  # noqa: F405
     "ENGINE": "django_mongodb_backend",
     "NAME": "djangotests_encrypted",
     "OPTIONS": {
         "auto_encryption_opts": AutoEncryptionOpts(
             key_vault_namespace="djangotests_encrypted.__keyVault",
-            kms_providers=KMS_PROVIDERS,
+            kms_providers={"local": {"key": os.urandom(96)}},
             crypt_shared_lib_path=os.environ["CRYPT_SHARED_LIB_PATH"],
-            crypt_shared_lib_required=True,
         ),
         "directConnection": True,
     },
-    "KMS_CREDENTIALS": KMS_CREDENTIALS,
+    "KMS_CREDENTIALS": {"local": {}},
 }
 
 

.github/workflows/test-python-atlas.yml

@@ -61,5 +61,5 @@ jobs:
     permissions:
         contents: read
     env:
-      DJANGO_SETTINGS_MODULE: "encrypted_settings"
+      DJANGO_SETTINGS_MODULE: "local_kms_encrypted_settings"
       CRYPT_SHARED_LIB_PATH: "${{ github.workspace }}/lib/mongo_crypt_v1.so"