diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 06cf5e61ff..b44d304b97 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -52,7 +52,7 @@ if [[ -z "${CLIENT_ENCRYPTION}" ]]; then unset AWS_ACCESS_KEY_ID; unset AWS_SECRET_ACCESS_KEY; else - npm install mongodb-client-encryption@1.1.1-beta.0 + npm install mongodb-client-encryption@latest fi MONGODB_UNIFIED_TOPOLOGY=${UNIFIED} MONGODB_URI=${MONGODB_URI} npm run ${TEST_NPM_SCRIPT} diff --git a/lib/encrypter.js b/lib/encrypter.js new file mode 100644 index 0000000000..4f0155d361 --- /dev/null +++ b/lib/encrypter.js @@ -0,0 +1,163 @@ +'use strict'; +const MongoClient = require('./mongo_client'); +const BSON = require('./core/connection/utils').retrieveBSON(); +const MongoError = require('./core/error').MongoError; + +try { + require.resolve('mongodb-client-encryption'); +} catch (err) { + throw new MongoError( + 'Auto-encryption requested, but the module is not installed. ' + + 'Please add `mongodb-client-encryption` as a dependency of your project' + ); +} + +const mongodbClientEncryption = require('mongodb-client-encryption'); +if (typeof mongodbClientEncryption.extension !== 'function') { + throw new MongoError( + 'loaded version of `mongodb-client-encryption` does not have property `extension`. ' + + 'Please make sure you are loading the correct version of `mongodb-client-encryption`' + ); +} +const AutoEncrypter = mongodbClientEncryption.extension(require('../index')).AutoEncrypter; + +const kInternalClient = Symbol('internalClient'); + +class Encrypter { + /** + * @param {MongoClient} client + * @param {{autoEncryption: import('./mongo_client').AutoEncryptionOptions, bson: object}} options + */ + constructor(client, options) { + this.bypassAutoEncryption = !!options.autoEncryption.bypassAutoEncryption; + this.needsConnecting = false; + + if (options.maxPoolSize === 0 && options.autoEncryption.keyVaultClient == null) { + options.autoEncryption.keyVaultClient = client; + } else if (options.autoEncryption.keyVaultClient == null) { + options.autoEncryption.keyVaultClient = this.getInternalClient(client); + } + + if (this.bypassAutoEncryption) { + options.autoEncryption.metadataClient = undefined; + } else if (options.maxPoolSize === 0) { + options.autoEncryption.metadataClient = client; + } else { + options.autoEncryption.metadataClient = this.getInternalClient(client); + } + + options.autoEncryption.bson = Encrypter.makeBSON(options); + + this.autoEncrypter = new AutoEncrypter(client, options.autoEncryption); + } + + getInternalClient(client) { + if (!this[kInternalClient]) { + const clonedOptions = {}; + + for (const key of Object.keys(client.s.options)) { + if ( + ['autoEncryption', 'minPoolSize', 'servers', 'caseTranslate', 'dbName'].indexOf(key) !== + -1 + ) + continue; + clonedOptions[key] = client.s.options[key]; + } + + clonedOptions.minPoolSize = 0; + + const allEvents = [ + // APM + 'commandStarted', + 'commandSucceeded', + 'commandFailed', + + // SDAM + 'serverOpening', + 'serverClosed', + 'serverDescriptionChanged', + 'serverHeartbeatStarted', + 'serverHeartbeatSucceeded', + 'serverHeartbeatFailed', + 'topologyOpening', + 'topologyClosed', + 'topologyDescriptionChanged', + + // Legacy + 'joined', + 'left', + 'ping', + 'ha', + + // CMAP + 'connectionPoolCreated', + 'connectionPoolClosed', + 'connectionCreated', + 'connectionReady', + 'connectionClosed', + 'connectionCheckOutStarted', + 'connectionCheckOutFailed', + 'connectionCheckedOut', + 'connectionCheckedIn', + 'connectionPoolCleared' + ]; + + this[kInternalClient] = new MongoClient(client.s.url, clonedOptions); + + for (const eventName of allEvents) { + for (const listener of client.listeners(eventName)) { + this[kInternalClient].on(eventName, listener); + } + } + + client.on('newListener', (eventName, listener) => { + this[kInternalClient].on(eventName, listener); + }); + + this.needsConnecting = true; + } + return this[kInternalClient]; + } + + connectInternalClient(callback) { + if (this.needsConnecting) { + this.needsConnecting = false; + return this[kInternalClient].connect(callback); + } + + return callback(); + } + + close(client, force, callback) { + this.autoEncrypter.teardown(e => { + if (this[kInternalClient] && client !== this[kInternalClient]) { + return this[kInternalClient].close(force, callback); + } + callback(e); + }); + } + + static makeBSON(options) { + return ( + (options || {}).bson || + new BSON([ + BSON.Binary, + BSON.Code, + BSON.DBRef, + BSON.Decimal128, + BSON.Double, + BSON.Int32, + BSON.Long, + BSON.Map, + BSON.MaxKey, + BSON.MinKey, + BSON.ObjectId, + BSON.BSONRegExp, + BSON.Symbol, + BSON.Timestamp + ]) + ); + } +} + +module.exports = { Encrypter }; diff --git a/lib/mongo_client.js b/lib/mongo_client.js index 7ace024256..7058b5ad78 100644 --- a/lib/mongo_client.js +++ b/lib/mongo_client.js @@ -71,6 +71,24 @@ const validOptions = require('./operations/connect').validOptions; * @property {string} [platform] Optional platform information */ +/** + * @public + * @typedef AutoEncryptionOptions + * @property {MongoClient} [keyVaultClient] A `MongoClient` used to fetch keys from a key vault + * @property {string} [keyVaultNamespace] The namespace where keys are stored in the key vault + * @property {object} [kmsProviders] Configuration options that are used by specific KMS providers during key generation, encryption, and decryption. + * @property {object} [schemaMap] A map of namespaces to a local JSON schema for encryption + * + * > **NOTE**: Supplying options.schemaMap provides more security than relying on JSON Schemas obtained from the server. + * > It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending decrypted data that should be encrypted. + * > Schemas supplied in the schemaMap only apply to configuring automatic encryption for client side encryption. + * > Other validation rules in the JSON schema will not be enforced by the driver and will result in an error. + * + * @property {object} [options] An optional hook to catch logging messages from the underlying encryption engine + * @property {object} [extraOptions] + * @property {boolean} [bypassAutoEncryption] + */ + /** * Creates a new MongoClient instance * @class @@ -151,7 +169,18 @@ const validOptions = require('./operations/connect').validOptions; * @param {number} [options.minPoolSize=0] **Only applies to the unified topology** The minimum number of connections that MUST exist at any moment in a single connection pool. * @param {number} [options.maxIdleTimeMS] **Only applies to the unified topology** The maximum amount of time a connection should remain idle in the connection pool before being marked idle. The default is infinity. * @param {number} [options.waitQueueTimeoutMS=0] **Only applies to the unified topology** The maximum amount of time operation execution should wait for a connection to become available. The default is 0 which means there is no limit. - * @param {AutoEncrypter~AutoEncryptionOptions} [options.autoEncryption] Optionally enable client side auto encryption + * @param {AutoEncryptionOptions} [options.autoEncryption] Optionally enable client side auto encryption. + * + * > Automatic encryption is an enterprise only feature that only applies to operations on a collection. Automatic encryption is not supported for operations on a database or view, and operations that are not bypassed will result in error + * > (see [libmongocrypt: Auto Encryption Allow-List](https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/client-side-encryption.rst#libmongocrypt-auto-encryption-allow-list)). To bypass automatic encryption for all operations, set bypassAutoEncryption=true in AutoEncryptionOpts. + * > + * > Automatic encryption requires the authenticated user to have the [listCollections privilege action](https://docs.mongodb.com/manual/reference/command/listCollections/#dbcmd.listCollections). + * > + * > If a MongoClient with a limited connection pool size (i.e a non-zero maxPoolSize) is configured with AutoEncryptionOptions, a separate internal MongoClient is created if any of the following are true: + * > - AutoEncryptionOptions.keyVaultClient is not passed. + * > - AutoEncryptionOptions.bypassAutomaticEncryption is false. + * > If an internal MongoClient is created, it is configured with the same options as the parent MongoClient except minPoolSize is set to 0 and AutoEncryptionOptions is omitted. + * * @param {DriverInfoOptions} [options.driverInfo] Allows a wrapping driver to amend the client metadata generated by the driver to include information about the wrapping driver * @param {boolean} [options.directConnection=false] Enable directConnection * @param {MongoClient~connectCallback} [callback] The command result callback @@ -162,6 +191,8 @@ function MongoClient(url, options) { // Set up event emitter EventEmitter.call(this); + if (options && options.autoEncryption) require('./encrypter'); // Does CSFLE lib check + // The internal state this.s = { url: url, @@ -268,13 +299,13 @@ MongoClient.prototype.close = function(force, callback) { } client.topology.close(force, err => { - const autoEncrypter = client.topology.s.options.autoEncrypter; - if (!autoEncrypter) { - completeClose(err); - return; + const encrypter = client.topology.s.options.encrypter; + if (encrypter) { + return encrypter.close(client, force, err2 => { + completeClose(err || err2); + }); } - - autoEncrypter.teardown(force, err2 => completeClose(err || err2)); + completeClose(err); }); }); }; diff --git a/lib/operations/connect.js b/lib/operations/connect.js index 9d122a2fa9..ef97be5b76 100644 --- a/lib/operations/connect.js +++ b/lib/operations/connect.js @@ -16,7 +16,6 @@ const emitDeprecationWarning = require('../utils').emitDeprecationWarning; const emitWarningOnce = require('../utils').emitWarningOnce; const fs = require('fs'); const WriteConcern = require('../write_concern'); -const BSON = require('../core/connection/utils').retrieveBSON(); const CMAP_EVENT_NAMES = require('../cmap/events').CMAP_EVENT_NAMES; let client; @@ -496,58 +495,9 @@ function createTopology(mongoClient, topologyType, options, callback) { // determine CSFLE support if (options.autoEncryption != null) { - let AutoEncrypter; - try { - require.resolve('mongodb-client-encryption'); - } catch (err) { - callback( - new MongoError( - 'Auto-encryption requested, but the module is not installed. Please add `mongodb-client-encryption` as a dependency of your project' - ) - ); - return; - } - - try { - let mongodbClientEncryption = require('mongodb-client-encryption'); - if (typeof mongodbClientEncryption.extension !== 'function') { - callback( - new MongoError( - 'loaded version of `mongodb-client-encryption` does not have property `extension`. Please make sure you are loading the correct version of `mongodb-client-encryption`' - ) - ); - } - AutoEncrypter = mongodbClientEncryption.extension(require('../../index')).AutoEncrypter; - } catch (err) { - callback(err); - return; - } - - const mongoCryptOptions = Object.assign( - { - bson: - options.bson || - new BSON([ - BSON.Binary, - BSON.Code, - BSON.DBRef, - BSON.Decimal128, - BSON.Double, - BSON.Int32, - BSON.Long, - BSON.Map, - BSON.MaxKey, - BSON.MinKey, - BSON.ObjectId, - BSON.BSONRegExp, - BSON.Symbol, - BSON.Timestamp - ]) - }, - options.autoEncryption - ); - - options.autoEncrypter = new AutoEncrypter(mongoClient, mongoCryptOptions); + const Encrypter = require('../encrypter').Encrypter; + options.encrypter = new Encrypter(mongoClient, options); + options.autoEncrypter = options.encrypter.autoEncrypter; } // Create the topology @@ -585,7 +535,10 @@ function createTopology(mongoClient, topologyType, options, callback) { return; } - callback(undefined, topology); + options.encrypter.connectInternalClient(error => { + if (error) return callback(error); + callback(undefined, topology); + }); }); }); diff --git a/test/functional/client_side_encryption/deadlock_tests.js b/test/functional/client_side_encryption/deadlock_tests.js new file mode 100644 index 0000000000..c23ebaced1 --- /dev/null +++ b/test/functional/client_side_encryption/deadlock_tests.js @@ -0,0 +1,337 @@ +'use strict'; + +const expect = require('chai').expect; +const dropCollection = require('../shared').dropCollection; +const util = require('util'); +const fs = require('fs'); +const path = require('path'); +const EJSON = require('mongodb-extjson'); + +/* REFERENCE: (note commit hash) */ +/* https://github.com/mongodb/specifications/blob/b3beada72ae1c992294ae6a8eea572003a274c35/source/client-side-encryption/tests/README.rst#deadlock-tests */ + +const LOCAL_KEY = Buffer.from( + 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', + 'base64' +); + +const externalKey = EJSON.parse( + fs.readFileSync( + path.resolve(__dirname, '../../spec/client-side-encryption/external/external-key.json') + ) +); +const $jsonSchema = EJSON.parse( + fs.readFileSync( + path.resolve(__dirname, '../../spec/client-side-encryption/external/external-schema.json') + ) +); + +const kEvents = Symbol('events'); +const kClientsCreated = Symbol('clientsCreated'); +const CapturingMongoClient = class extends require('../../../index.js').MongoClient { + constructor(url, options) { + options = options || {}; + options.useUnifiedTopology = true; + options.useNewUrlParser = true; + options.monitorCommands = true; + super(url, options); + + this[kEvents] = []; + this.on('commandStarted', ev => this[kEvents].push(ev)); + + this[kClientsCreated] = 0; + this.on('topologyOpening', () => this[kClientsCreated]++); + } +}; + +function deadlockTest(options, assertions) { + return function() { + const url = this.configuration.url(); + const clientTest = this.clientTest; + const ciphertext = this.ciphertext; + + const clientEncryptedOpts = { + autoEncryption: { + keyVaultNamespace: 'keyvault.datakeys', + kmsProviders: { local: { key: LOCAL_KEY } }, + bypassAutoEncryption: options.bypassAutoEncryption, + keyVaultClient: options.useKeyVaultClient ? this.clientKeyVault : undefined + }, + maxPoolSize: options.maxPoolSize + }; + const clientEncrypted = new CapturingMongoClient(url, clientEncryptedOpts); + + return clientEncrypted + .connect() + .then(() => { + if (clientEncryptedOpts.autoEncryption.bypassAutoEncryption === true) { + return clientTest + .db('db') + .collection('coll') + .insertOne({ _id: 0, encrypted: ciphertext }); + } + return clientEncrypted + .db('db') + .collection('coll') + .insertOne({ _id: 0, encrypted: 'string0' }); + }) + .then(() => + clientEncrypted + .db('db') + .collection('coll') + .findOne({ _id: 0 }) + ) + .then(res => { + expect(res).to.have.property('_id', 0); + expect(res).to.have.property('encrypted', 'string0'); + assertions(clientEncrypted, this.clientKeyVault); + return clientEncrypted.close(); + }); + }; +} + +function deadlockTests(metadata) { + describe('Connection Pool Deadlock Prevention', function() { + beforeEach(function() { + const mongodbClientEncryption = this.configuration.mongodbClientEncryption; + const url = this.configuration.url(); + + this.clientTest = new CapturingMongoClient(url); + this.clientKeyVault = new CapturingMongoClient(url, { + monitorCommands: true, + maxPoolSize: 1 + }); + + this.clientEncryption = undefined; + this.ciphertext = undefined; + + return this.clientTest + .connect() + .then(() => this.clientKeyVault.connect()) + .then(() => dropCollection(this.clientTest.db('keyvault'), 'datakeys')) + .then(() => dropCollection(this.clientTest.db('db'), 'coll')) + .then( + () => + this.clientTest + .db('keyvault') + .collection('datakeys') + .insertOne(externalKey), + { writeConcern: { w: 'majority' } } + ) + .then(() => + this.clientTest.db('db').createCollection('coll', { validator: { $jsonSchema } }) + ) + .then(() => { + this.clientEncryption = new mongodbClientEncryption.ClientEncryption(this.clientTest, { + kmsProviders: { local: { key: LOCAL_KEY } }, + keyVaultNamespace: 'keyvault.datakeys', + keyVaultClient: this.keyVaultClient + }); + this.clientEncryption.encryptPromisified = util.promisify( + this.clientEncryption.encrypt.bind(this.clientEncryption) + ); + + return this.clientEncryption.encryptPromisified('string0', { + algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', + keyAltName: 'local' + }); + }) + .then(ciphertext => { + this.ciphertext = ciphertext; + }); + }); + + afterEach(function() { + return Promise.all([this.clientKeyVault.close(), this.clientTest.close()]).then(() => { + this.clientKeyVault = undefined; + this.clientTest = undefined; + this.clientEncryption = undefined; + }); + }); + + const CASE1 = { maxPoolSize: 1, bypassAutoEncryption: false, useKeyVaultClient: false }; + it( + 'Case 1', + metadata, + deadlockTest(CASE1, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(4); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + + expect(events[2].command).to.have.property('insert'); + expect(events[2].command.$db).to.equal('db'); + + expect(events[3].command).to.have.property('find'); + expect(events[3].command.$db).to.equal('db'); + }) + ); + + const CASE2 = { maxPoolSize: 1, bypassAutoEncryption: false, useKeyVaultClient: true }; + it( + 'Case 2', + metadata, + deadlockTest(CASE2, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(3); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('insert'); + expect(events[1].command.$db).to.equal('db'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE3 = { maxPoolSize: 1, bypassAutoEncryption: true, useKeyVaultClient: false }; + it( + 'Case 3', + metadata, + deadlockTest(CASE3, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(2); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + }) + ); + + const CASE4 = { maxPoolSize: 1, bypassAutoEncryption: true, useKeyVaultClient: true }; + it( + 'Case 4', + metadata, + deadlockTest(CASE4, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(1); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE5 = { maxPoolSize: 0, bypassAutoEncryption: false, useKeyVaultClient: false }; + it( + 'Case 5', + metadata, + deadlockTest(CASE5, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(5); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('listCollections'); + expect(events[1].command.$db).to.equal('keyvault'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('keyvault'); + + expect(events[3].command).to.have.property('insert'); + expect(events[3].command.$db).to.equal('db'); + + expect(events[4].command).to.have.property('find'); + expect(events[4].command.$db).to.equal('db'); + }) + ); + + const CASE6 = { maxPoolSize: 0, bypassAutoEncryption: false, useKeyVaultClient: true }; + it( + 'Case 6', + metadata, + deadlockTest(CASE6, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(3); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('insert'); + expect(events[1].command.$db).to.equal('db'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE7 = { maxPoolSize: 0, bypassAutoEncryption: true, useKeyVaultClient: false }; + it( + 'Case 7', + metadata, + deadlockTest(CASE7, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(2); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + }) + ); + + const CASE8 = { maxPoolSize: 0, bypassAutoEncryption: true, useKeyVaultClient: true }; + it( + 'Case 8', + metadata, + deadlockTest(CASE8, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(1); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + }); +} + +module.exports = { deadlockTests }; diff --git a/test/functional/client_side_encryption/prose.test.js b/test/functional/client_side_encryption/prose.test.js index f36f555de8..7350365fdd 100644 --- a/test/functional/client_side_encryption/prose.test.js +++ b/test/functional/client_side_encryption/prose.test.js @@ -1,5 +1,6 @@ 'use strict'; +const deadlockTests = require('./deadlock_tests.js').deadlockTests; const chai = require('chai'); const expect = chai.expect; chai.use(require('chai-subset')); @@ -1026,4 +1027,6 @@ describe('Client Side Encryption Prose Tests', function() { defineTest(true); defineTest(false); }); + + deadlockTests(metadata); }); diff --git a/test/spec/client-side-encryption/tests/README.rst b/test/spec/client-side-encryption/tests/README.rst index c22585325c..0e39422904 100644 --- a/test/spec/client-side-encryption/tests/README.rst +++ b/test/spec/client-side-encryption/tests/README.rst @@ -769,4 +769,178 @@ The following tests that setting ``bypassAutoEncryption=true`` really does bypas #. Use ``client_encrypted`` to insert the document ``{"unencrypted": "test"}`` into ``db.coll``. Expect this to succeed. -#. Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 (or whatever was passed via ``--port``) with serverSelectionTimeoutMS=1000. Run an ``isMaster`` command and ensure it fails with a server selection timeout. \ No newline at end of file +#. Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 (or whatever was passed via ``--port``) with serverSelectionTimeoutMS=1000. Run an ``isMaster`` command and ensure it fails with a server selection timeout. + +Deadlock tests +~~~~~~~~~~~~~~ + +.. _Connection Monitoring and Pooling: /source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst + +The following tests only apply to drivers that have implemented a connection pool (see the `Connection Monitoring and Pooling`_ specification). + +There are multiple parameterized test cases. Before each test case, perform the setup. + +Setup +````` + +Create a ``MongoClient`` for setup operations named ``client_test``. + +Create a ``MongoClient`` for key vault operations with ``maxPoolSize=1`` named ``client_keyvault``. Capture command started events. + +Using ``client_test``, drop the collections ``keyvault.datakeys`` and ``db.coll``. + +Insert the document `external/external-key.json <../external/external-key.json>`_ into ``keyvault.datakeys`` with majority write concern. + +Create a collection ``db.coll`` configured with a JSON schema `external/external-schema.json <../external/external-schema.json>`_ as the validator, like so: + +.. code:: typescript + + {"create": "coll", "validator": {"$jsonSchema": }} + +Create a ``ClientEncryption`` object, named ``client_encryption`` configured with: +- ``keyVaultClient``=``client_test`` +- ``keyVaultNamespace``="keyvault.datakeys" +- ``kmsProviders``=``{ "local": { "key": } }`` + +Use ``client_encryption`` to encrypt the value "string0" with ``algorithm``="AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" and ``keyAltName``="local". Store the result in a variable named ``ciphertext``. + +Proceed to run the test case. + +Each test case configures a ``MongoClient`` with automatic encryption (named ``client_encrypted``). + +Each test must assert the number of unique ``MongoClient``s created. This can be accomplished by capturing ``TopologyOpeningEvent``, or by checking command started events for a client identifier (not possible in all drivers). + +Running a test case +``````````````````` +- Create a ``MongoClient`` named ``client_encrypted`` configured as follows: + - Set ``AutoEncryptionOpts``: + - ``keyVaultNamespace="keyvault.datakeys"`` + - ``kmsProviders``=``{ "local": { "key": } }`` + - Append ``TestCase.AutoEncryptionOpts`` (defined below) + - Capture command started events. + - Set ``maxPoolSize=TestCase.MaxPoolSize`` +- If the testcase sets ``AutoEncryptionOpts.bypassAutoEncryption=true``: + - Use ``client_test`` to insert ``{ "_id": 0, "encrypted": }`` into ``db.coll``. +- Otherwise: + - Use ``client_encrypted`` to insert ``{ "_id": 0, "encrypted": "string0" }``. +- Use ``client_encrypted`` to run a ``findOne`` operation on ``db.coll``, with the filter ``{ "_id": 0 }``. +- Expect the result to be ``{ "_id": 0, "encrypted": "string0" }``. +- Check captured events against ``TestCase.Expectations``. +- Check the number of unique ``MongoClient``s created is equal to ``TestCase.ExpectedNumberOfClients``. + +Case 1 +`````` +- MaxPoolSize: 1 +- AutoEncryptionOpts: + - bypassAutoEncryption=false + - keyVaultClient=unset +- Expectations: + - Expect ``client_encrypted`` to have captured four ``CommandStartedEvent``: + - a listCollections to "db". + - a find on "keyvault". + - an insert on "db". + - a find on "db" +- ExpectedNumberOfClients: 2 + +Case 2 +`````` +- MaxPoolSize: 1 +- AutoEncryptionOpts: + - bypassAutoEncryption=false + - keyVaultClient=client_keyvault +- Expectations: + - Expect ``client_encrypted`` to have captured three ``CommandStartedEvent``: + - a listCollections to "db". + - an insert on "db". + - a find on "db" + - Expect ``client_keyvault`` to have captured one ``CommandStartedEvent``: + - a find on "keyvault". +- ExpectedNumberOfClients: 2 + +Case 3 +`````` +- MaxPoolSize: 1 +- AutoEncryptionOpts: + - bypassAutoEncryption=true + - keyVaultClient=unset +- Expectations: + - Expect ``client_encrypted`` to have captured three ``CommandStartedEvent``: + - a find on "db" + - a find on "keyvault". +- ExpectedNumberOfClients: 2 + +Case 4 +`````` +- MaxPoolSize: 1 +- AutoEncryptionOpts: + - bypassAutoEncryption=true + - keyVaultClient=client_keyvault +- Expectations: + - Expect ``client_encrypted`` to have captured two ``CommandStartedEvent``: + - a find on "db" + - Expect ``client_keyvault`` to have captured one ``CommandStartedEvent``: + - a find on "keyvault". +- ExpectedNumberOfClients: 1 + +Case 5 +`````` +Drivers that do not support an unlimited maximum pool size MUST skip this test. + +- MaxPoolSize: 0 +- AutoEncryptionOpts: + - bypassAutoEncryption=false + - keyVaultClient=unset +- Expectations: + - Expect ``client_encrypted`` to have captured five ``CommandStartedEvent``: + - a listCollections to "db". + - a listCollections to "keyvault". + - a find on "keyvault". + - an insert on "db". + - a find on "db" +- ExpectedNumberOfClients: 1 + +Case 6 +`````` +Drivers that do not support an unlimited maximum pool size MUST skip this test. + +- MaxPoolSize: 0 +- AutoEncryptionOpts: + - bypassAutoEncryption=false + - keyVaultClient=client_keyvault +- Expectations: + - Expect ``client_encrypted`` to have captured three ``CommandStartedEvent``: + - a listCollections to "db". + - an insert on "db". + - a find on "db" + - Expect ``client_keyvault`` to have captured one ``CommandStartedEvent``: + - a find on "keyvault". +- ExpectedNumberOfClients: 1 + +Case 7 +`````` +Drivers that do not support an unlimited maximum pool size MUST skip this test. + +- MaxPoolSize: 0 +- AutoEncryptionOpts: + - bypassAutoEncryption=true + - keyVaultClient=unset +- Expectations: + - Expect ``client_encrypted`` to have captured three ``CommandStartedEvent``: + - a find on "db" + - a find on "keyvault". +- ExpectedNumberOfClients: 1 + +Case 8 +`````` +Drivers that do not support an unlimited maximum pool size MUST skip this test. + +- MaxPoolSize: 0 +- AutoEncryptionOpts: + - bypassAutoEncryption=true + - keyVaultClient=client_keyvault +- Expectations: + - Expect ``client_encrypted`` to have captured two ``CommandStartedEvent``: + - a find on "db" + - Expect ``client_keyvault`` to have captured one ``CommandStartedEvent``: + - a find on "keyvault". +- ExpectedNumberOfClients: 1 \ No newline at end of file diff --git a/test/spec/client-side-encryption/tests/aggregate.json b/test/spec/client-side-encryption/tests/aggregate.json index a9e79f9edb..7de725b71d 100644 --- a/test/spec/client-side-encryption/tests/aggregate.json +++ b/test/spec/client-side-encryption/tests/aggregate.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -273,18 +261,6 @@ "command_name": "aggregate" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/aggregate.yml b/test/spec/client-side-encryption/tests/aggregate.yml index ac2b265a92..64ad5efa60 100644 --- a/test/spec/client-side-encryption/tests/aggregate.yml +++ b/test/spec/client-side-encryption/tests/aggregate.yml @@ -30,13 +30,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -83,13 +76,6 @@ tests: cursor: {} command_name: aggregate # Needs to fetch key when decrypting results - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/azureKMS.json b/test/spec/client-side-encryption/tests/azureKMS.json index 97af4c8ecf..f0f5329d70 100644 --- a/test/spec/client-side-encryption/tests/azureKMS.json +++ b/test/spec/client-side-encryption/tests/azureKMS.json @@ -139,18 +139,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/azureKMS.yml b/test/spec/client-side-encryption/tests/azureKMS.yml index a2fbb7111a..e3e0fc55a4 100644 --- a/test/spec/client-side-encryption/tests/azureKMS.yml +++ b/test/spec/client-side-encryption/tests/azureKMS.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/basic.json b/test/spec/client-side-encryption/tests/basic.json index 3f9895fd5d..3ed066f530 100644 --- a/test/spec/client-side-encryption/tests/basic.json +++ b/test/spec/client-side-encryption/tests/basic.json @@ -144,18 +144,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -283,18 +271,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/basic.yml b/test/spec/client-side-encryption/tests/basic.yml index 5c5f0cfbc4..dfbf5270cf 100644 --- a/test/spec/client-side-encryption/tests/basic.yml +++ b/test/spec/client-side-encryption/tests/basic.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -82,13 +75,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/bulk.json b/test/spec/client-side-encryption/tests/bulk.json index ead90985a1..1b62e5e8ab 100644 --- a/test/spec/client-side-encryption/tests/bulk.json +++ b/test/spec/client-side-encryption/tests/bulk.json @@ -178,18 +178,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/bulk.yml b/test/spec/client-side-encryption/tests/bulk.yml index c2ad522765..824ccdaa10 100644 --- a/test/spec/client-side-encryption/tests/bulk.yml +++ b/test/spec/client-side-encryption/tests/bulk.yml @@ -39,13 +39,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/count.json b/test/spec/client-side-encryption/tests/count.json index 24f46a110a..9df8cd639e 100644 --- a/test/spec/client-side-encryption/tests/count.json +++ b/test/spec/client-side-encryption/tests/count.json @@ -149,18 +149,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/count.yml b/test/spec/client-side-encryption/tests/count.yml index 05c56d5fa7..b8c436a4c0 100644 --- a/test/spec/client-side-encryption/tests/count.yml +++ b/test/spec/client-side-encryption/tests/count.yml @@ -28,13 +28,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/countDocuments.json b/test/spec/client-side-encryption/tests/countDocuments.json index 3cf5fbca8b..07ff97f264 100644 --- a/test/spec/client-side-encryption/tests/countDocuments.json +++ b/test/spec/client-side-encryption/tests/countDocuments.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/countDocuments.yml b/test/spec/client-side-encryption/tests/countDocuments.yml index 56b2ab147a..e28b478c05 100644 --- a/test/spec/client-side-encryption/tests/countDocuments.yml +++ b/test/spec/client-side-encryption/tests/countDocuments.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/delete.json b/test/spec/client-side-encryption/tests/delete.json index 30fb453a93..a6f4ffde91 100644 --- a/test/spec/client-side-encryption/tests/delete.json +++ b/test/spec/client-side-encryption/tests/delete.json @@ -151,18 +151,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -276,18 +264,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/delete.yml b/test/spec/client-side-encryption/tests/delete.yml index dc69a07122..60810d063d 100644 --- a/test/spec/client-side-encryption/tests/delete.yml +++ b/test/spec/client-side-encryption/tests/delete.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -76,13 +69,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/distinct.json b/test/spec/client-side-encryption/tests/distinct.json index 7a5f75c4a5..9786b07814 100644 --- a/test/spec/client-side-encryption/tests/distinct.json +++ b/test/spec/client-side-encryption/tests/distinct.json @@ -161,18 +161,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/distinct.yml b/test/spec/client-side-encryption/tests/distinct.yml index 8c8e4dd65d..ca1d8fbf6b 100644 --- a/test/spec/client-side-encryption/tests/distinct.yml +++ b/test/spec/client-side-encryption/tests/distinct.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/explain.json b/test/spec/client-side-encryption/tests/explain.json index 5ad46bc238..0e451e4818 100644 --- a/test/spec/client-side-encryption/tests/explain.json +++ b/test/spec/client-side-encryption/tests/explain.json @@ -155,18 +155,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/explain.yml b/test/spec/client-side-encryption/tests/explain.yml index a2733e7d32..c0dd9c57c0 100644 --- a/test/spec/client-side-encryption/tests/explain.yml +++ b/test/spec/client-side-encryption/tests/explain.yml @@ -33,13 +33,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/find.json b/test/spec/client-side-encryption/tests/find.json index b7c5258a13..1feddab0e3 100644 --- a/test/spec/client-side-encryption/tests/find.json +++ b/test/spec/client-side-encryption/tests/find.json @@ -160,18 +160,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -302,18 +290,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/find.yml b/test/spec/client-side-encryption/tests/find.yml index 053fb08544..20179a314c 100644 --- a/test/spec/client-side-encryption/tests/find.yml +++ b/test/spec/client-side-encryption/tests/find.yml @@ -30,13 +30,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -78,13 +71,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndDelete.json b/test/spec/client-side-encryption/tests/findOneAndDelete.json index 6261d8601b..e418a4581b 100644 --- a/test/spec/client-side-encryption/tests/findOneAndDelete.json +++ b/test/spec/client-side-encryption/tests/findOneAndDelete.json @@ -148,18 +148,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndDelete.yml b/test/spec/client-side-encryption/tests/findOneAndDelete.yml index 44dc5b53d4..6650f2132d 100644 --- a/test/spec/client-side-encryption/tests/findOneAndDelete.yml +++ b/test/spec/client-side-encryption/tests/findOneAndDelete.yml @@ -28,13 +28,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndReplace.json b/test/spec/client-side-encryption/tests/findOneAndReplace.json index d91bc05998..78baca8432 100644 --- a/test/spec/client-side-encryption/tests/findOneAndReplace.json +++ b/test/spec/client-side-encryption/tests/findOneAndReplace.json @@ -147,18 +147,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndReplace.yml b/test/spec/client-side-encryption/tests/findOneAndReplace.yml index 9288a22083..f39f3c0fb4 100644 --- a/test/spec/client-side-encryption/tests/findOneAndReplace.yml +++ b/test/spec/client-side-encryption/tests/findOneAndReplace.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndUpdate.json b/test/spec/client-side-encryption/tests/findOneAndUpdate.json index fad70609ad..1d85851151 100644 --- a/test/spec/client-side-encryption/tests/findOneAndUpdate.json +++ b/test/spec/client-side-encryption/tests/findOneAndUpdate.json @@ -149,18 +149,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndUpdate.yml b/test/spec/client-side-encryption/tests/findOneAndUpdate.yml index 38852149ac..459902fd44 100644 --- a/test/spec/client-side-encryption/tests/findOneAndUpdate.yml +++ b/test/spec/client-side-encryption/tests/findOneAndUpdate.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/gcpKMS.json b/test/spec/client-side-encryption/tests/gcpKMS.json index a715a7d152..297d5d0dc8 100644 --- a/test/spec/client-side-encryption/tests/gcpKMS.json +++ b/test/spec/client-side-encryption/tests/gcpKMS.json @@ -141,18 +141,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/gcpKMS.yml b/test/spec/client-side-encryption/tests/gcpKMS.yml index e07a8809cc..736d9684df 100644 --- a/test/spec/client-side-encryption/tests/gcpKMS.yml +++ b/test/spec/client-side-encryption/tests/gcpKMS.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/getMore.json b/test/spec/client-side-encryption/tests/getMore.json index cf23442226..ee99bf7537 100644 --- a/test/spec/client-side-encryption/tests/getMore.json +++ b/test/spec/client-side-encryption/tests/getMore.json @@ -179,18 +179,6 @@ "command_name": "find" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/getMore.yml b/test/spec/client-side-encryption/tests/getMore.yml index 0dc9cef6cb..4359ee8917 100644 --- a/test/spec/client-side-encryption/tests/getMore.yml +++ b/test/spec/client-side-encryption/tests/getMore.yml @@ -38,13 +38,6 @@ tests: find: *collection_name batchSize: 2 command_name: find - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/insert.json b/test/spec/client-side-encryption/tests/insert.json index 78fa8feba0..cf2910fd7a 100644 --- a/test/spec/client-side-encryption/tests/insert.json +++ b/test/spec/client-side-encryption/tests/insert.json @@ -131,18 +131,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -258,18 +246,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/insert.yml b/test/spec/client-side-encryption/tests/insert.yml index 0dc1042be2..99521f0350 100644 --- a/test/spec/client-side-encryption/tests/insert.yml +++ b/test/spec/client-side-encryption/tests/insert.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -71,13 +64,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/keyAltName.json b/test/spec/client-side-encryption/tests/keyAltName.json index d062bed453..7f71b9dbeb 100644 --- a/test/spec/client-side-encryption/tests/keyAltName.json +++ b/test/spec/client-side-encryption/tests/keyAltName.json @@ -131,18 +131,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/keyAltName.yml b/test/spec/client-side-encryption/tests/keyAltName.yml index 1536dc724c..a7660ba38c 100644 --- a/test/spec/client-side-encryption/tests/keyAltName.yml +++ b/test/spec/client-side-encryption/tests/keyAltName.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/localKMS.json b/test/spec/client-side-encryption/tests/localKMS.json index e4d25309c4..67c4ba1308 100644 --- a/test/spec/client-side-encryption/tests/localKMS.json +++ b/test/spec/client-side-encryption/tests/localKMS.json @@ -114,18 +114,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/localKMS.yml b/test/spec/client-side-encryption/tests/localKMS.yml index b5d82fb0a7..4c0d962f32 100644 --- a/test/spec/client-side-encryption/tests/localKMS.yml +++ b/test/spec/client-side-encryption/tests/localKMS.yml @@ -26,13 +26,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/localSchema.json b/test/spec/client-side-encryption/tests/localSchema.json index 7071d6fefd..4698520f6f 100644 --- a/test/spec/client-side-encryption/tests/localSchema.json +++ b/test/spec/client-side-encryption/tests/localSchema.json @@ -136,18 +136,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/localSchema.yml b/test/spec/client-side-encryption/tests/localSchema.yml index a5842fe61c..89b4bd51d0 100644 --- a/test/spec/client-side-encryption/tests/localSchema.yml +++ b/test/spec/client-side-encryption/tests/localSchema.yml @@ -25,13 +25,6 @@ tests: filter: { _id: 1 } result: [*doc0] expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/missingKey.json b/test/spec/client-side-encryption/tests/missingKey.json index ac8e8320b0..275147bb72 100644 --- a/test/spec/client-side-encryption/tests/missingKey.json +++ b/test/spec/client-side-encryption/tests/missingKey.json @@ -140,18 +140,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "different" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/missingKey.yml b/test/spec/client-side-encryption/tests/missingKey.yml index dc65d40b28..2be5395108 100644 --- a/test/spec/client-side-encryption/tests/missingKey.yml +++ b/test/spec/client-side-encryption/tests/missingKey.yml @@ -32,13 +32,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "different" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/replaceOne.json b/test/spec/client-side-encryption/tests/replaceOne.json index 5cdb3d40f0..9757686819 100644 --- a/test/spec/client-side-encryption/tests/replaceOne.json +++ b/test/spec/client-side-encryption/tests/replaceOne.json @@ -148,18 +148,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/replaceOne.yml b/test/spec/client-side-encryption/tests/replaceOne.yml index a2573d701c..e3b50a828b 100644 --- a/test/spec/client-side-encryption/tests/replaceOne.yml +++ b/test/spec/client-side-encryption/tests/replaceOne.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/types.json b/test/spec/client-side-encryption/tests/types.json index 47e4c27a2e..a070f8bff7 100644 --- a/test/spec/client-side-encryption/tests/types.json +++ b/test/spec/client-side-encryption/tests/types.json @@ -103,18 +103,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -254,18 +242,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -405,18 +381,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -656,18 +620,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -807,18 +759,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1057,18 +997,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1214,18 +1142,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1369,18 +1285,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/types.yml b/test/spec/client-side-encryption/tests/types.yml index 6136b0c60e..b0827eae73 100644 --- a/test/spec/client-side-encryption/tests/types.yml +++ b/test/spec/client-side-encryption/tests/types.yml @@ -27,13 +27,6 @@ tests: filter: { _id: 1 } result: *doc0 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -75,13 +68,6 @@ tests: filter: { _id: 1 } result: *doc1 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -123,13 +109,6 @@ tests: filter: { _id: 1 } result: *doc2 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -197,13 +176,6 @@ tests: filter: { _id: 1 } result: *doc6 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -245,13 +217,6 @@ tests: filter: { _id: 1 } result: *doc7 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -319,13 +284,6 @@ tests: filter: { _id: 1 } result: *doc10 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -367,13 +325,6 @@ tests: filter: { _id: 1 } result: *doc11 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -415,13 +366,6 @@ tests: filter: { _id: 1 } result: *doc13 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/updateMany.json b/test/spec/client-side-encryption/tests/updateMany.json index fd1f4d12bd..823909044b 100644 --- a/test/spec/client-side-encryption/tests/updateMany.json +++ b/test/spec/client-side-encryption/tests/updateMany.json @@ -164,18 +164,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/updateMany.yml b/test/spec/client-side-encryption/tests/updateMany.yml index 30c2e0854f..6d8c7e9707 100644 --- a/test/spec/client-side-encryption/tests/updateMany.yml +++ b/test/spec/client-side-encryption/tests/updateMany.yml @@ -32,13 +32,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/updateOne.json b/test/spec/client-side-encryption/tests/updateOne.json index bed763d720..23bada964f 100644 --- a/test/spec/client-side-encryption/tests/updateOne.json +++ b/test/spec/client-side-encryption/tests/updateOne.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/updateOne.yml b/test/spec/client-side-encryption/tests/updateOne.yml index 597d30c3f4..aef3716fad 100644 --- a/test/spec/client-side-encryption/tests/updateOne.yml +++ b/test/spec/client-side-encryption/tests/updateOne.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: