RubyGems - mongo - Versions diffs - 2.11.4 → 2.12.3 - Mend

mongo 2.11.4 → 2.12.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (357) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/CONTRIBUTING.md +1 -1
data/README.md +2 -1
data/lib/mongo.rb +3 -0
data/lib/mongo/address.rb +44 -19
data/lib/mongo/auth.rb +1 -0
data/lib/mongo/auth/credential_cache.rb +51 -0
data/lib/mongo/auth/scram/conversation.rb +20 -16
data/lib/mongo/auth/user.rb +0 -8
data/lib/mongo/auth/user/view.rb +4 -4
data/lib/mongo/background_thread.rb +1 -1
data/lib/mongo/bulk_write.rb +5 -5
data/lib/mongo/client.rb +143 -14
data/lib/mongo/client_encryption.rb +103 -0
data/lib/mongo/cluster.rb +8 -4
data/lib/mongo/cluster/reapers/cursor_reaper.rb +18 -6
data/lib/mongo/cluster/sdam_flow.rb +54 -58
data/lib/mongo/collection.rb +3 -3
data/lib/mongo/collection/view.rb +1 -1
data/lib/mongo/collection/view/aggregation.rb +1 -1
data/lib/mongo/collection/view/change_stream.rb +12 -3
data/lib/mongo/collection/view/iterable.rb +14 -5
data/lib/mongo/collection/view/map_reduce.rb +2 -2
data/lib/mongo/collection/view/readable.rb +9 -7
data/lib/mongo/collection/view/writable.rb +7 -7
data/lib/mongo/crypt.rb +33 -0
data/lib/mongo/crypt/auto_decryption_context.rb +40 -0
data/lib/mongo/crypt/auto_encrypter.rb +179 -0
data/lib/mongo/crypt/auto_encryption_context.rb +44 -0
data/lib/mongo/crypt/binary.rb +155 -0
data/lib/mongo/crypt/binding.rb +1229 -0
data/lib/mongo/crypt/context.rb +135 -0
data/lib/mongo/crypt/data_key_context.rb +162 -0
data/lib/mongo/crypt/encryption_io.rb +289 -0
data/lib/mongo/crypt/explicit_decryption_context.rb +40 -0
data/lib/mongo/crypt/explicit_encrypter.rb +117 -0
data/lib/mongo/crypt/explicit_encryption_context.rb +89 -0
data/lib/mongo/crypt/handle.rb +315 -0
data/lib/mongo/crypt/hooks.rb +90 -0
data/lib/mongo/crypt/kms_context.rb +67 -0
data/lib/mongo/crypt/status.rb +131 -0
data/lib/mongo/cursor.rb +64 -32
data/lib/mongo/database.rb +23 -6
data/lib/mongo/database/view.rb +13 -4
data/lib/mongo/dbref.rb +9 -2
data/lib/mongo/error.rb +5 -1
data/lib/mongo/error/bulk_write_error.rb +16 -14
data/lib/mongo/error/crypt_error.rb +31 -0
data/lib/mongo/error/{failed_stringprep_validation.rb → failed_string_prep_validation.rb} +0 -0
data/lib/mongo/error/invalid_cursor_operation.rb +27 -0
data/lib/mongo/error/kms_error.rb +22 -0
data/lib/mongo/error/max_bson_size.rb +14 -3
data/lib/mongo/error/mongocryptd_spawn_error.rb +22 -0
data/lib/mongo/error/no_server_available.rb +8 -3
data/lib/mongo/error/notable.rb +0 -15
data/lib/mongo/error/operation_failure.rb +1 -0
data/lib/mongo/error/parser.rb +1 -1
data/lib/mongo/grid/file.rb +5 -0
data/lib/mongo/grid/file/chunk.rb +2 -0
data/lib/mongo/grid/file/info.rb +3 -2
data/lib/mongo/grid/fs_bucket.rb +15 -13
data/lib/mongo/grid/stream/write.rb +9 -3
data/lib/mongo/index/view.rb +3 -3
data/lib/mongo/monitoring/event/cmap/connection_check_out_failed.rb +1 -1
data/lib/mongo/monitoring/event/command_started.rb +6 -1
data/lib/mongo/operation/collections_info.rb +6 -3
data/lib/mongo/operation/delete/op_msg.rb +1 -1
data/lib/mongo/operation/find/op_msg.rb +4 -1
data/lib/mongo/operation/get_more/op_msg.rb +4 -1
data/lib/mongo/operation/insert/command.rb +3 -2
data/lib/mongo/operation/insert/legacy.rb +3 -2
data/lib/mongo/operation/insert/op_msg.rb +3 -3
data/lib/mongo/operation/result.rb +36 -27
data/lib/mongo/operation/shared/executable.rb +11 -9
data/lib/mongo/operation/shared/executable_no_validate.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_find_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +2 -2
data/lib/mongo/operation/shared/read_preference_supported.rb +68 -19
data/lib/mongo/operation/shared/response_handling.rb +1 -1
data/lib/mongo/operation/shared/sessions_supported.rb +44 -3
data/lib/mongo/operation/shared/write.rb +17 -10
data/lib/mongo/operation/update/op_msg.rb +1 -1
data/lib/mongo/protocol/bit_vector.rb +2 -1
data/lib/mongo/protocol/compressed.rb +6 -5
data/lib/mongo/protocol/insert.rb +3 -1
data/lib/mongo/protocol/message.rb +94 -15
data/lib/mongo/protocol/msg.rb +207 -37
data/lib/mongo/protocol/query.rb +7 -9
data/lib/mongo/protocol/serializers.rb +43 -15
data/lib/mongo/retryable.rb +1 -1
data/lib/mongo/server.rb +10 -4
data/lib/mongo/server/connection.rb +20 -9
data/lib/mongo/server/connection_base.rb +118 -18
data/lib/mongo/server/connection_common.rb +61 -0
data/lib/mongo/server/connection_pool.rb +37 -1
data/lib/mongo/server/connection_pool/populator.rb +1 -1
data/lib/mongo/server/description.rb +9 -11
data/lib/mongo/server/monitor.rb +2 -0
data/lib/mongo/server/monitor/connection.rb +3 -18
data/lib/mongo/server/pending_connection.rb +2 -1
data/lib/mongo/session.rb +3 -3
data/lib/mongo/session/session_pool.rb +8 -3
data/lib/mongo/socket.rb +29 -16
data/lib/mongo/socket/ssl.rb +23 -8
data/lib/mongo/socket/tcp.rb +12 -3
data/lib/mongo/srv/monitor.rb +73 -42
data/lib/mongo/srv/result.rb +0 -1
data/lib/mongo/timeout.rb +49 -0
data/lib/mongo/uri.rb +30 -1
data/lib/mongo/uri/srv_protocol.rb +1 -1
data/lib/mongo/version.rb +1 -1
data/mongo.gemspec +1 -3
data/spec/README.md +228 -7
data/spec/integration/auth_spec.rb +53 -0
data/spec/integration/bulk_write_spec.rb +19 -0
data/spec/integration/{client_options_spec.rb → client_authentication_options_spec.rb} +10 -10
data/spec/integration/client_construction_spec.rb +100 -1
data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +353 -0
data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +303 -0
data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +72 -0
data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +79 -0
data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +221 -0
data/spec/integration/client_side_encryption/auto_encryption_spec.rb +601 -0
data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +187 -0
data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +78 -0
data/spec/integration/client_side_encryption/client_close_spec.rb +63 -0
data/spec/integration/client_side_encryption/corpus_spec.rb +233 -0
data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +132 -0
data/spec/integration/client_side_encryption/data_key_spec.rb +165 -0
data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +114 -0
data/spec/integration/client_side_encryption/external_key_vault_spec.rb +141 -0
data/spec/integration/client_side_encryption/views_spec.rb +44 -0
data/spec/integration/client_update_spec.rb +154 -0
data/spec/integration/command_monitoring_spec.rb +3 -1
data/spec/integration/command_spec.rb +44 -10
data/spec/integration/connection_spec.rb +57 -0
data/spec/integration/crud_spec.rb +89 -0
data/spec/integration/grid_fs_bucket_spec.rb +48 -0
data/spec/integration/read_preference_spec.rb +26 -0
data/spec/integration/reconnect_spec.rb +7 -6
data/spec/integration/size_limit_spec.rb +111 -0
data/spec/integration/srv_monitoring_spec.rb +16 -8
data/spec/integration/zlib_compression_spec.rb +25 -0
data/spec/kerberos/kerberos_spec.rb +87 -0
data/spec/lite_spec_helper.rb +34 -29
data/spec/mongo/auth/cr_spec.rb +8 -0
data/spec/mongo/auth/ldap_spec.rb +5 -1
data/spec/mongo/auth/scram/conversation_spec.rb +5 -6
data/spec/mongo/auth/scram/negotiation_spec.rb +74 -75
data/spec/mongo/auth/scram_spec.rb +45 -35
data/spec/mongo/auth/user/view_spec.rb +3 -6
data/spec/mongo/auth/x509_spec.rb +5 -1
data/spec/mongo/bulk_write/result_spec.rb +11 -7
data/spec/mongo/client_construction_spec.rb +206 -2
data/spec/mongo/client_encryption_spec.rb +405 -0
data/spec/mongo/cluster/cursor_reaper_spec.rb +12 -8
data/spec/mongo/cluster/socket_reaper_spec.rb +14 -3
data/spec/mongo/collection/view/aggregation_spec.rb +0 -2
data/spec/mongo/collection/view/change_stream_spec.rb +7 -7
data/spec/mongo/collection/view/map_reduce_spec.rb +3 -3
data/spec/mongo/collection/view_spec.rb +1 -1
data/spec/mongo/collection_spec.rb +28 -9
data/spec/mongo/crypt/auto_decryption_context_spec.rb +90 -0
data/spec/mongo/crypt/auto_encrypter_spec.rb +187 -0
data/spec/mongo/crypt/auto_encryption_context_spec.rb +107 -0
data/spec/mongo/crypt/binary_spec.rb +115 -0
data/spec/mongo/crypt/binding/binary_spec.rb +56 -0
data/spec/mongo/crypt/binding/context_spec.rb +257 -0
data/spec/mongo/crypt/binding/helpers_spec.rb +46 -0
data/spec/mongo/crypt/binding/mongocrypt_spec.rb +144 -0
data/spec/mongo/crypt/binding/status_spec.rb +99 -0
data/spec/mongo/crypt/binding/version_spec.rb +22 -0
data/spec/mongo/crypt/binding_unloaded_spec.rb +20 -0
data/spec/mongo/crypt/data_key_context_spec.rb +213 -0
data/spec/mongo/crypt/encryption_io_spec.rb +136 -0
data/spec/mongo/crypt/explicit_decryption_context_spec.rb +72 -0
data/spec/mongo/crypt/explicit_encryption_context_spec.rb +170 -0
data/spec/mongo/crypt/handle_spec.rb +232 -0
data/spec/mongo/crypt/helpers/mongo_crypt_spec_helper.rb +108 -0
data/spec/mongo/crypt/status_spec.rb +152 -0
data/spec/mongo/cursor_spec.rb +24 -4
data/spec/mongo/database_spec.rb +20 -0
data/spec/mongo/error/bulk_write_error_spec.rb +49 -0
data/spec/mongo/error/crypt_error_spec.rb +26 -0
data/spec/mongo/error/max_bson_size_spec.rb +35 -0
data/spec/mongo/error/no_server_available_spec.rb +11 -1
data/spec/mongo/error/notable_spec.rb +59 -0
data/spec/mongo/error/operation_failure_spec.rb +6 -6
data/spec/mongo/operation/aggregate_spec.rb +1 -1
data/spec/mongo/operation/collections_info_spec.rb +1 -1
data/spec/mongo/operation/command_spec.rb +3 -3
data/spec/mongo/operation/create_index_spec.rb +3 -3
data/spec/mongo/operation/create_user_spec.rb +3 -3
data/spec/mongo/operation/delete/bulk_spec.rb +6 -6
data/spec/mongo/operation/delete/op_msg_spec.rb +1 -6
data/spec/mongo/operation/delete_spec.rb +7 -7
data/spec/mongo/operation/drop_index_spec.rb +2 -2
data/spec/mongo/operation/find/legacy_spec.rb +2 -1
data/spec/mongo/operation/get_more_spec.rb +1 -1
data/spec/mongo/operation/indexes_spec.rb +1 -1
data/spec/mongo/operation/insert/bulk_spec.rb +7 -7
data/spec/mongo/operation/insert/op_msg_spec.rb +3 -6
data/spec/mongo/operation/insert_spec.rb +12 -12
data/spec/mongo/operation/map_reduce_spec.rb +2 -2
data/spec/mongo/operation/read_preference_legacy_spec.rb +351 -0
data/spec/mongo/operation/read_preference_op_msg_spec.rb +194 -0
data/spec/mongo/operation/remove_user_spec.rb +3 -3
data/spec/mongo/operation/update/bulk_spec.rb +6 -6
data/spec/mongo/operation/update/op_msg_spec.rb +3 -6
data/spec/mongo/operation/update_spec.rb +7 -7
data/spec/mongo/operation/update_user_spec.rb +1 -1
data/spec/mongo/protocol/compressed_spec.rb +2 -3
data/spec/mongo/protocol/delete_spec.rb +9 -8
data/spec/mongo/protocol/get_more_spec.rb +9 -8
data/spec/mongo/protocol/insert_spec.rb +9 -8
data/spec/mongo/protocol/kill_cursors_spec.rb +6 -5
data/spec/mongo/protocol/msg_spec.rb +57 -53
data/spec/mongo/protocol/query_spec.rb +12 -12
data/spec/mongo/protocol/registry_spec.rb +1 -1
data/spec/mongo/protocol/reply_spec.rb +1 -1
data/spec/mongo/protocol/update_spec.rb +10 -9
data/spec/mongo/server/connection_pool_spec.rb +1 -1
data/spec/mongo/server/connection_spec.rb +28 -7
data/spec/mongo/socket_spec.rb +1 -1
data/spec/mongo/srv/monitor_spec.rb +88 -69
data/spec/mongo/timeout_spec.rb +85 -0
data/spec/mongo/uri/srv_protocol_spec.rb +2 -2
data/spec/mongo/uri_spec.rb +52 -5
data/spec/mongo/write_concern_spec.rb +13 -1
data/spec/{support → runners}/auth.rb +14 -1
data/spec/{support → runners}/change_streams.rb +1 -1
data/spec/{support → runners}/change_streams/operation.rb +0 -0
data/spec/{support → runners}/cmap.rb +1 -1
data/spec/{support → runners}/cmap/verifier.rb +0 -0
data/spec/{support → runners}/command_monitoring.rb +0 -0
data/spec/runners/connection_string.rb +358 -4
data/spec/{support → runners}/crud.rb +9 -9
data/spec/{support → runners}/crud/context.rb +0 -0
data/spec/{support → runners}/crud/operation.rb +7 -3
data/spec/{support → runners}/crud/outcome.rb +0 -0
data/spec/{support → runners}/crud/requirement.rb +1 -1
data/spec/{support → runners}/crud/spec.rb +12 -1
data/spec/{support → runners}/crud/test.rb +0 -0
data/spec/{support → runners}/crud/test_base.rb +0 -0
data/spec/{support → runners}/crud/verifier.rb +10 -12
data/spec/{support → runners}/gridfs.rb +0 -0
data/spec/{support → runners}/sdam_monitoring.rb +0 -0
data/spec/{support → runners}/server_discovery_and_monitoring.rb +0 -0
data/spec/{support → runners}/server_selection.rb +0 -0
data/spec/{support → runners}/server_selection_rtt.rb +0 -0
data/spec/{support → runners}/transactions.rb +9 -11
data/spec/{support → runners}/transactions/context.rb +0 -0
data/spec/{support → runners}/transactions/operation.rb +0 -0
data/spec/{support → runners}/transactions/spec.rb +0 -0
data/spec/{support → runners}/transactions/test.rb +37 -5
data/spec/spec_helper.rb +0 -5
data/spec/spec_tests/auth_spec.rb +3 -3
data/spec/spec_tests/client_side_encryption_spec.rb +8 -0
data/spec/spec_tests/connection_string_spec.rb +1 -1
data/spec/spec_tests/data/auth/connection-string.yml +13 -0
data/spec/spec_tests/data/client_side_encryption/aggregate.yml +134 -0
data/spec/spec_tests/data/client_side_encryption/badQueries.yml +526 -0
data/spec/spec_tests/data/client_side_encryption/badSchema.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/basic.yml +116 -0
data/spec/spec_tests/data/client_side_encryption/bulk.yml +88 -0
data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +100 -0
data/spec/spec_tests/data/client_side_encryption/bypassedCommand.yml +42 -0
data/spec/spec_tests/data/client_side_encryption/count.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +59 -0
data/spec/spec_tests/data/client_side_encryption/delete.yml +105 -0
data/spec/spec_tests/data/client_side_encryption/distinct.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/explain.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/find.yml +119 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/getMore.yml +68 -0
data/spec/spec_tests/data/client_side_encryption/insert.yml +102 -0
data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +71 -0
data/spec/spec_tests/data/client_side_encryption/localKMS.yml +54 -0
data/spec/spec_tests/data/client_side_encryption/localSchema.yml +72 -0
data/spec/spec_tests/data/client_side_encryption/malformedCiphertext.yml +69 -0
data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +20 -0
data/spec/spec_tests/data/client_side_encryption/missingKey.yml +49 -0
data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/types.yml +527 -0
data/spec/spec_tests/data/client_side_encryption/unsupportedCommand.yml +25 -0
data/spec/spec_tests/data/client_side_encryption/updateMany.yml +77 -0
data/spec/spec_tests/data/client_side_encryption/updateOne.yml +171 -0
data/spec/spec_tests/data/read_write_concern/connection-string/write-concern.yml +1 -4
data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +21 -0
data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -4
data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +1 -1
data/spec/spec_tests/data/sdam/rs/primary_mismatched_me_not_removed.yml +73 -0
data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +1 -2
data/spec/spec_tests/data/sdam/rs/repeated.yml +101 -0
data/spec/spec_tests/data/sdam/rs/{primary_address_change.yml → ruby_primary_address_change.yml} +2 -0
data/spec/spec_tests/data/sdam/rs/{secondary_wrong_set_name_with_primary_second.yml → ruby_secondary_wrong_set_name_with_primary_second.yml} +0 -0
data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +27 -0
data/spec/spec_tests/data/sdam/sharded/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/sharded/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam_monitoring/{replica_set_with_primary_change.yml → replica_set_primary_address_change.yml} +27 -5
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_me_mismatch.yml +26 -74
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_removal.yml +20 -16
data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +73 -0
data/spec/spec_tests/data/transactions/pin-mongos.yml +2 -3
data/spec/spec_tests/data/uri_options/auth-options.yml +10 -0
data/spec/spec_tests/data/uri_options/tls-options.yml +75 -4
data/spec/spec_tests/read_write_concern_connection_string_spec.rb +1 -1
data/spec/spec_tests/uri_options_spec.rb +6 -8
data/spec/stress/connection_pool_timing_spec.rb +6 -3
data/spec/support/certificates/README.md +4 -0
data/spec/support/certificates/server-second-level-bundle.pem +77 -77
data/spec/support/certificates/server-second-level.crt +52 -52
data/spec/support/certificates/server-second-level.key +25 -25
data/spec/support/certificates/server-second-level.pem +77 -77
data/spec/support/client_registry.rb +19 -3
data/spec/support/cluster_config.rb +9 -1
data/spec/support/cluster_tools.rb +6 -1
data/spec/support/common_shortcuts.rb +12 -0
data/spec/support/constraints.rb +16 -0
data/spec/support/crypt.rb +154 -0
data/spec/support/crypt/corpus/corpus-key-aws.json +33 -0
data/spec/support/crypt/corpus/corpus-key-local.json +31 -0
data/spec/support/crypt/corpus/corpus-schema.json +2057 -0
data/spec/support/crypt/corpus/corpus.json +3657 -0
data/spec/support/crypt/corpus/corpus_encrypted.json +4152 -0
data/spec/support/crypt/data_keys/key_document_aws.json +34 -0
data/spec/support/crypt/data_keys/key_document_local.json +31 -0
data/spec/support/crypt/external/external-key.json +31 -0
data/spec/support/crypt/external/external-schema.json +19 -0
data/spec/support/crypt/limits/limits-doc.json +102 -0
data/spec/support/crypt/limits/limits-key.json +31 -0
data/spec/support/crypt/limits/limits-schema.json +1405 -0
data/spec/support/crypt/schema_maps/schema_map_aws.json +17 -0
data/spec/support/crypt/schema_maps/schema_map_aws_key_alt_names.json +12 -0
data/spec/support/crypt/schema_maps/schema_map_local.json +18 -0
data/spec/support/crypt/schema_maps/schema_map_local_key_alt_names.json +12 -0
data/spec/support/lite_constraints.rb +19 -1
data/spec/support/matchers.rb +19 -0
data/spec/support/shared/protocol.rb +2 -0
data/spec/support/spec_config.rb +53 -13
data/spec/support/utils.rb +140 -10
metadata +894 -687
metadata.gz.sig +0 -0
data/lib/mongo/cluster/srv_monitor.rb +0 -127
data/lib/mongo/srv/warning_result.rb +0 -35
data/spec/enterprise_auth/kerberos_spec.rb +0 -58
data/spec/mongo/cluster/srv_monitor_spec.rb +0 -214
data/spec/mongo/operation/read_preference_spec.rb +0 -245
data/spec/spec_tests/data/sdam/sharded/single_mongos.yml +0 -33
data/spec/support/connection_string.rb +0 -354

data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb ADDED

@@ -0,0 +1,303 @@
+require 'spec_helper'
+describe 'Auto Encryption' do
+  require_libmongocrypt
+  require_enterprise
+  min_server_fcv '4.2'
+  # Diagnostics of leaked background threads only, these tests do not
+  # actually require a clean slate. https://jira.mongodb.org/browse/RUBY-2138
+  clean_slate
+  include_context 'define shared FLE helpers'
+  include_context 'with local kms_providers'
+  let(:subscriber) { EventSubscriber.new }
+  let(:db_name) { 'auto_encryption' }
+  let(:encryption_client) do
+    new_local_client(
+      SpecConfig.instance.addresses,
+      SpecConfig.instance.test_options.merge(
+        auto_encryption_options: {
+          kms_providers: kms_providers,
+          key_vault_namespace: key_vault_namespace,
+          schema_map: { "auto_encryption.users" => schema_map },
+          # Spawn mongocryptd on non-default port for sharded cluster tests
+          extra_options: extra_options,
+        },
+        database: db_name
+      ),
+    ).tap do |client|
+      client.subscribe(Mongo::Monitoring::COMMAND, subscriber)
+    end
+  end
+  before(:each) do
+    key_vault_collection.drop
+    key_vault_collection.insert_one(data_key)
+    encryption_client['users'].drop
+    result = encryption_client['users'].insert_one(ssn: ssn, age: 23)
+  end
+  let(:started_event) do
+    subscriber.started_events.find do |event|
+      event.command_name == command_name && event.database_name == db_name
+    end
+  end
+  let(:succeeded_event) do
+    subscriber.succeeded_events.find do |event|
+      event.command_name == command_name && event.database_name == db_name
+    end
+  end
+  let(:key_vault_list_collections_event) do
+    subscriber.started_events.find do |event|
+      event.command_name == 'listCollections' && event.database_name == key_vault_db
+    end
+  end
+  shared_examples 'it has an encrypted key_vault_client' do
+    it 'registers a listCollections event on the key vault client' do
+      expect(key_vault_list_collections_event).not_to be_nil
+      expect(key_vault_list_collections_event.command['$db']).to eq(key_vault_db)
+    end
+  end
+  describe '#aggregate' do
+    let(:command_name) { 'aggregate' }
+    before do
+      encryption_client['users'].aggregate([{ '$match' => { 'ssn' => ssn } }]).first
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      expect(
+        started_event.command["pipeline"].first["$match"]["ssn"]["$eq"]
+      ).to be_ciphertext
+      # Command succeeded event occurs before ssn is decrypted
+      expect(succeeded_event.reply["cursor"]["firstBatch"].first["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#count' do
+    let(:command_name) { 'count' }
+    before do
+      encryption_client['users'].count(ssn: ssn)
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      # Command succeeded event does not contain any data to be decrypted
+      expect(started_event.command["query"]["ssn"]["$eq"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#distinct' do
+    let(:command_name) { 'distinct' }
+    before do
+      encryption_client['users'].distinct(:ssn)
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event does not contain any data to be encrypted
+      # Command succeeded event occurs before ssn is decrypted
+      expect(succeeded_event.reply["values"].first).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#delete_one' do
+    let(:command_name) { 'delete' }
+    before do
+      encryption_client['users'].delete_one(ssn: ssn)
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      # Command succeeded event does not contain any data to be decrypted
+      expect(started_event.command["deletes"].first["q"]["ssn"]["$eq"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#delete_many' do
+    let(:command_name) { 'delete' }
+    before do
+      encryption_client['users'].delete_many(ssn: ssn)
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      # Command succeeded event does not contain any data to be decrypted
+      expect(started_event.command["deletes"].first["q"]["ssn"]["$eq"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#find' do
+    let(:command_name) { 'find' }
+    before do
+      encryption_client['users'].find(ssn: ssn).first
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      expect(started_event.command["filter"]["ssn"]["$eq"]).to be_ciphertext
+      # Command succeeded event occurs before ssn is decrypted
+      expect(succeeded_event.reply["cursor"]["firstBatch"].first["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#find_one_and_delete' do
+    let(:command_name) { 'findAndModify' }
+    before do
+      encryption_client['users'].find_one_and_delete(ssn: ssn)
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      expect(started_event.command["query"]["ssn"]["$eq"]).to be_ciphertext
+      # Command succeeded event occurs before ssn is decrypted
+      expect(succeeded_event.reply["value"]["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#find_one_and_replace' do
+    let(:command_name) { 'findAndModify' }
+    before do
+      encryption_client['users'].find_one_and_replace(
+        { ssn: ssn },
+        { ssn: '555-555-5555' }
+      )
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      expect(started_event.command["query"]["ssn"]["$eq"]).to be_ciphertext
+      expect(started_event.command["update"]["ssn"]).to be_ciphertext
+      # Command succeeded event occurs before ssn is decrypted
+      expect(succeeded_event.reply["value"]["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#find_one_and_update' do
+    let(:command_name) { 'findAndModify' }
+    before do
+      encryption_client['users'].find_one_and_update(
+        { ssn: ssn },
+        { ssn: '555-555-5555' }
+      )
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      expect(started_event.command["query"]["ssn"]["$eq"]).to be_ciphertext
+      expect(started_event.command["update"]["ssn"]).to be_ciphertext
+      # Command succeeded event occurs before ssn is decrypted
+      expect(succeeded_event.reply["value"]["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#insert_one' do
+    let(:command_name) { 'insert' }
+    before do
+      encryption_client['users'].insert_one(ssn: ssn)
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      # Command succeeded event does not contain any data to be decrypted
+      expect(started_event.command["documents"].first["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#replace_one' do
+    let(:command_name) { 'update' }
+    before do
+      encryption_client['users'].replace_one(
+        { ssn: ssn },
+        { ssn: '555-555-5555' }
+      )
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      # Command succeeded event does not contain any data to be decrypted
+      expect(started_event.command["updates"].first["q"]["ssn"]["$eq"]).to be_ciphertext
+      expect(started_event.command["updates"].first["u"]["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#update_one' do
+    let(:command_name) { 'update' }
+    before do
+      encryption_client['users'].update_one({ ssn: ssn }, { ssn: '555-555-5555' })
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      # Command succeeded event does not contain any data to be decrypted
+      expect(started_event.command["updates"].first["q"]["ssn"]["$eq"]).to be_ciphertext
+      expect(started_event.command["updates"].first["u"]["ssn"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+  describe '#update_many' do
+    let(:command_name) { 'update' }
+    before do
+      # update_many does not support replacement-style updates
+      encryption_client['users'].update_many({ ssn: ssn }, { "$inc" => { :age => 1 } })
+    end
+    it 'has encrypted data in command monitoring' do
+      # Command started event occurs after ssn is encrypted
+      # Command succeeded event does not contain any data to be decrypted
+      expect(started_event.command["updates"].first["q"]["ssn"]["$eq"]).to be_ciphertext
+    end
+    it_behaves_like 'it has an encrypted key_vault_client'
+  end
+end

data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb ADDED

@@ -0,0 +1,72 @@
+require 'spec_helper'
+describe 'Auto Encryption' do
+  require_libmongocrypt
+  min_server_fcv '4.2'
+  require_enterprise
+  include_context 'define shared FLE helpers'
+  include_context 'with local kms_providers'
+  context 'with an invalid mongocryptd spawn path' do
+    let(:client) do
+      new_local_client(
+        SpecConfig.instance.addresses,
+        SpecConfig.instance.test_options.merge(
+          auto_encryption_options: {
+            kms_providers: kms_providers,
+            key_vault_namespace: key_vault_namespace,
+            schema_map: { 'auto_encryption.users' => schema_map },
+            extra_options: {
+              mongocryptd_spawn_path: 'echo hello world',
+              mongocryptd_spawn_args: []
+            }
+          },
+          database: 'auto_encryption'
+        ),
+      )
+    end
+    let(:server_selector) { double("ServerSelector") }
+    let(:cluster) { double("Cluster") }
+    before do
+      key_vault_collection.drop
+      key_vault_collection.insert_one(data_key)
+      allow(server_selector).to receive(:name)
+      allow(server_selector).to receive(:server_selection_timeout)
+      allow(server_selector).to receive(:local_threshold)
+      allow(cluster).to receive(:summary)
+      # Raise a server selection error on intent-to-encrypt commands to mock
+      # what would happen if mongocryptd hadn't already been spawned. It is
+      # necessary to mock this behavior because it is likely that another test
+      # will have already spawned mongocryptd, causing this test to fail.
+      allow_any_instance_of(Mongo::Database)
+        .to receive(:command)
+        .with(
+          hash_including(
+            'insert' => 'users',
+            '$db' => 'auto_encryption',
+            'ordered' => true,
+            'lsid' => kind_of(Hash),
+            'documents' => kind_of(Array),
+            'jsonSchema' => kind_of(Hash),
+            'isRemoteSchema' => false,
+          ),
+          { execution_options: { deserialize_as_bson: true } },
+        )
+        .and_raise(Mongo::Error::NoServerAvailable.new(server_selector, cluster))
+    end
+    it 'raises an exception when trying to perform auto encryption' do
+      expect do
+        client['users'].insert_one(ssn: ssn)
+      end.to raise_error(
+        Mongo::Error::MongocryptdSpawnError,
+        /Failed to spawn mongocryptd at the path "echo hello world" with arguments/
+      )
+    end
+  end
+end

data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb ADDED

@@ -0,0 +1,79 @@
+require 'spec_helper'
+describe 'Auto Encryption' do
+  require_libmongocrypt
+  max_server_version '4.0'
+  # Diagnostics of leaked background threads only, these tests do not
+  # actually require a clean slate. https://jira.mongodb.org/browse/RUBY-2138
+  clean_slate
+  include_context 'define shared FLE helpers'
+  let(:encryption_client) do
+    new_local_client(
+      SpecConfig.instance.addresses,
+      SpecConfig.instance.test_options.merge(
+        auto_encryption_options: {
+          kms_providers: kms_providers,
+          key_vault_namespace: key_vault_namespace,
+          # Must use local schema map because server versions older than 4.2
+          # do not support jsonSchema collection validator.
+          schema_map: { 'auto_encryption.users' => schema_map },
+          bypass_auto_encryption: bypass_auto_encryption,
+          # Spawn mongocryptd on non-default port for sharded cluster tests
+          extra_options: extra_options,
+        },
+        database: 'auto_encryption'
+      ),
+    )
+  end
+  let(:bypass_auto_encryption) { false }
+  let(:client) { authorized_client.use('auto_encryption') }
+  let(:encrypted_ssn_binary) do
+    BSON::Binary.new(Base64.decode64(encrypted_ssn), :ciphertext)
+  end
+  shared_examples 'it decrypts but does not encrypt on wire version < 8' do
+    before do
+      client['users'].drop
+      client['users'].insert_one(ssn: encrypted_ssn_binary)
+      key_vault_collection.drop
+      key_vault_collection.insert_one(data_key)
+    end
+    it 'raises an exception when trying to encrypt' do
+      expect do
+        encryption_client['users'].find(ssn: ssn).first
+      end.to raise_error(Mongo::Error::CryptError, /Auto-encryption requires a minimum MongoDB version of 4.2/)
+    end
+    context 'with bypass_auto_encryption=true' do
+      let(:bypass_auto_encryption) { true }
+      it 'does not raise an exception but doesn\'t encrypt' do
+        document = encryption_client['users'].find(ssn: ssn).first
+        expect(document).to be_nil
+      end
+      it 'still decrypts' do
+        document = encryption_client['users'].find(ssn: encrypted_ssn_binary).first
+        # ssn field is still decrypted
+        expect(document['ssn']).to eq(ssn)
+      end
+    end
+  end
+  context 'with AWS kms provider' do
+    include_context 'with AWS kms_providers'
+    it_behaves_like 'it decrypts but does not encrypt on wire version < 8'
+  end
+  context 'with local kms provider' do
+    include_context 'with local kms_providers'
+    it_behaves_like 'it decrypts but does not encrypt on wire version < 8'
+  end
+end