RubyGems - mongo - Versions diffs - 2.11.4 → 2.12.3 - Mend

mongo 2.11.4 → 2.12.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (357) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/CONTRIBUTING.md +1 -1
data/README.md +2 -1
data/lib/mongo.rb +3 -0
data/lib/mongo/address.rb +44 -19
data/lib/mongo/auth.rb +1 -0
data/lib/mongo/auth/credential_cache.rb +51 -0
data/lib/mongo/auth/scram/conversation.rb +20 -16
data/lib/mongo/auth/user.rb +0 -8
data/lib/mongo/auth/user/view.rb +4 -4
data/lib/mongo/background_thread.rb +1 -1
data/lib/mongo/bulk_write.rb +5 -5
data/lib/mongo/client.rb +143 -14
data/lib/mongo/client_encryption.rb +103 -0
data/lib/mongo/cluster.rb +8 -4
data/lib/mongo/cluster/reapers/cursor_reaper.rb +18 -6
data/lib/mongo/cluster/sdam_flow.rb +54 -58
data/lib/mongo/collection.rb +3 -3
data/lib/mongo/collection/view.rb +1 -1
data/lib/mongo/collection/view/aggregation.rb +1 -1
data/lib/mongo/collection/view/change_stream.rb +12 -3
data/lib/mongo/collection/view/iterable.rb +14 -5
data/lib/mongo/collection/view/map_reduce.rb +2 -2
data/lib/mongo/collection/view/readable.rb +9 -7
data/lib/mongo/collection/view/writable.rb +7 -7
data/lib/mongo/crypt.rb +33 -0
data/lib/mongo/crypt/auto_decryption_context.rb +40 -0
data/lib/mongo/crypt/auto_encrypter.rb +179 -0
data/lib/mongo/crypt/auto_encryption_context.rb +44 -0
data/lib/mongo/crypt/binary.rb +155 -0
data/lib/mongo/crypt/binding.rb +1229 -0
data/lib/mongo/crypt/context.rb +135 -0
data/lib/mongo/crypt/data_key_context.rb +162 -0
data/lib/mongo/crypt/encryption_io.rb +289 -0
data/lib/mongo/crypt/explicit_decryption_context.rb +40 -0
data/lib/mongo/crypt/explicit_encrypter.rb +117 -0
data/lib/mongo/crypt/explicit_encryption_context.rb +89 -0
data/lib/mongo/crypt/handle.rb +315 -0
data/lib/mongo/crypt/hooks.rb +90 -0
data/lib/mongo/crypt/kms_context.rb +67 -0
data/lib/mongo/crypt/status.rb +131 -0
data/lib/mongo/cursor.rb +64 -32
data/lib/mongo/database.rb +23 -6
data/lib/mongo/database/view.rb +13 -4
data/lib/mongo/dbref.rb +9 -2
data/lib/mongo/error.rb +5 -1
data/lib/mongo/error/bulk_write_error.rb +16 -14
data/lib/mongo/error/crypt_error.rb +31 -0
data/lib/mongo/error/{failed_stringprep_validation.rb → failed_string_prep_validation.rb} +0 -0
data/lib/mongo/error/invalid_cursor_operation.rb +27 -0
data/lib/mongo/error/kms_error.rb +22 -0
data/lib/mongo/error/max_bson_size.rb +14 -3
data/lib/mongo/error/mongocryptd_spawn_error.rb +22 -0
data/lib/mongo/error/no_server_available.rb +8 -3
data/lib/mongo/error/notable.rb +0 -15
data/lib/mongo/error/operation_failure.rb +1 -0
data/lib/mongo/error/parser.rb +1 -1
data/lib/mongo/grid/file.rb +5 -0
data/lib/mongo/grid/file/chunk.rb +2 -0
data/lib/mongo/grid/file/info.rb +3 -2
data/lib/mongo/grid/fs_bucket.rb +15 -13
data/lib/mongo/grid/stream/write.rb +9 -3
data/lib/mongo/index/view.rb +3 -3
data/lib/mongo/monitoring/event/cmap/connection_check_out_failed.rb +1 -1
data/lib/mongo/monitoring/event/command_started.rb +6 -1
data/lib/mongo/operation/collections_info.rb +6 -3
data/lib/mongo/operation/delete/op_msg.rb +1 -1
data/lib/mongo/operation/find/op_msg.rb +4 -1
data/lib/mongo/operation/get_more/op_msg.rb +4 -1
data/lib/mongo/operation/insert/command.rb +3 -2
data/lib/mongo/operation/insert/legacy.rb +3 -2
data/lib/mongo/operation/insert/op_msg.rb +3 -3
data/lib/mongo/operation/result.rb +36 -27
data/lib/mongo/operation/shared/executable.rb +11 -9
data/lib/mongo/operation/shared/executable_no_validate.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_find_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +2 -2
data/lib/mongo/operation/shared/read_preference_supported.rb +68 -19
data/lib/mongo/operation/shared/response_handling.rb +1 -1
data/lib/mongo/operation/shared/sessions_supported.rb +44 -3
data/lib/mongo/operation/shared/write.rb +17 -10
data/lib/mongo/operation/update/op_msg.rb +1 -1
data/lib/mongo/protocol/bit_vector.rb +2 -1
data/lib/mongo/protocol/compressed.rb +6 -5
data/lib/mongo/protocol/insert.rb +3 -1
data/lib/mongo/protocol/message.rb +94 -15
data/lib/mongo/protocol/msg.rb +207 -37
data/lib/mongo/protocol/query.rb +7 -9
data/lib/mongo/protocol/serializers.rb +43 -15
data/lib/mongo/retryable.rb +1 -1
data/lib/mongo/server.rb +10 -4
data/lib/mongo/server/connection.rb +20 -9
data/lib/mongo/server/connection_base.rb +118 -18
data/lib/mongo/server/connection_common.rb +61 -0
data/lib/mongo/server/connection_pool.rb +37 -1
data/lib/mongo/server/connection_pool/populator.rb +1 -1
data/lib/mongo/server/description.rb +9 -11
data/lib/mongo/server/monitor.rb +2 -0
data/lib/mongo/server/monitor/connection.rb +3 -18
data/lib/mongo/server/pending_connection.rb +2 -1
data/lib/mongo/session.rb +3 -3
data/lib/mongo/session/session_pool.rb +8 -3
data/lib/mongo/socket.rb +29 -16
data/lib/mongo/socket/ssl.rb +23 -8
data/lib/mongo/socket/tcp.rb +12 -3
data/lib/mongo/srv/monitor.rb +73 -42
data/lib/mongo/srv/result.rb +0 -1
data/lib/mongo/timeout.rb +49 -0
data/lib/mongo/uri.rb +30 -1
data/lib/mongo/uri/srv_protocol.rb +1 -1
data/lib/mongo/version.rb +1 -1
data/mongo.gemspec +1 -3
data/spec/README.md +228 -7
data/spec/integration/auth_spec.rb +53 -0
data/spec/integration/bulk_write_spec.rb +19 -0
data/spec/integration/{client_options_spec.rb → client_authentication_options_spec.rb} +10 -10
data/spec/integration/client_construction_spec.rb +100 -1
data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +353 -0
data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +303 -0
data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +72 -0
data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +79 -0
data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +221 -0
data/spec/integration/client_side_encryption/auto_encryption_spec.rb +601 -0
data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +187 -0
data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +78 -0
data/spec/integration/client_side_encryption/client_close_spec.rb +63 -0
data/spec/integration/client_side_encryption/corpus_spec.rb +233 -0
data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +132 -0
data/spec/integration/client_side_encryption/data_key_spec.rb +165 -0
data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +114 -0
data/spec/integration/client_side_encryption/external_key_vault_spec.rb +141 -0
data/spec/integration/client_side_encryption/views_spec.rb +44 -0
data/spec/integration/client_update_spec.rb +154 -0
data/spec/integration/command_monitoring_spec.rb +3 -1
data/spec/integration/command_spec.rb +44 -10
data/spec/integration/connection_spec.rb +57 -0
data/spec/integration/crud_spec.rb +89 -0
data/spec/integration/grid_fs_bucket_spec.rb +48 -0
data/spec/integration/read_preference_spec.rb +26 -0
data/spec/integration/reconnect_spec.rb +7 -6
data/spec/integration/size_limit_spec.rb +111 -0
data/spec/integration/srv_monitoring_spec.rb +16 -8
data/spec/integration/zlib_compression_spec.rb +25 -0
data/spec/kerberos/kerberos_spec.rb +87 -0
data/spec/lite_spec_helper.rb +34 -29
data/spec/mongo/auth/cr_spec.rb +8 -0
data/spec/mongo/auth/ldap_spec.rb +5 -1
data/spec/mongo/auth/scram/conversation_spec.rb +5 -6
data/spec/mongo/auth/scram/negotiation_spec.rb +74 -75
data/spec/mongo/auth/scram_spec.rb +45 -35
data/spec/mongo/auth/user/view_spec.rb +3 -6
data/spec/mongo/auth/x509_spec.rb +5 -1
data/spec/mongo/bulk_write/result_spec.rb +11 -7
data/spec/mongo/client_construction_spec.rb +206 -2
data/spec/mongo/client_encryption_spec.rb +405 -0
data/spec/mongo/cluster/cursor_reaper_spec.rb +12 -8
data/spec/mongo/cluster/socket_reaper_spec.rb +14 -3
data/spec/mongo/collection/view/aggregation_spec.rb +0 -2
data/spec/mongo/collection/view/change_stream_spec.rb +7 -7
data/spec/mongo/collection/view/map_reduce_spec.rb +3 -3
data/spec/mongo/collection/view_spec.rb +1 -1
data/spec/mongo/collection_spec.rb +28 -9
data/spec/mongo/crypt/auto_decryption_context_spec.rb +90 -0
data/spec/mongo/crypt/auto_encrypter_spec.rb +187 -0
data/spec/mongo/crypt/auto_encryption_context_spec.rb +107 -0
data/spec/mongo/crypt/binary_spec.rb +115 -0
data/spec/mongo/crypt/binding/binary_spec.rb +56 -0
data/spec/mongo/crypt/binding/context_spec.rb +257 -0
data/spec/mongo/crypt/binding/helpers_spec.rb +46 -0
data/spec/mongo/crypt/binding/mongocrypt_spec.rb +144 -0
data/spec/mongo/crypt/binding/status_spec.rb +99 -0
data/spec/mongo/crypt/binding/version_spec.rb +22 -0
data/spec/mongo/crypt/binding_unloaded_spec.rb +20 -0
data/spec/mongo/crypt/data_key_context_spec.rb +213 -0
data/spec/mongo/crypt/encryption_io_spec.rb +136 -0
data/spec/mongo/crypt/explicit_decryption_context_spec.rb +72 -0
data/spec/mongo/crypt/explicit_encryption_context_spec.rb +170 -0
data/spec/mongo/crypt/handle_spec.rb +232 -0
data/spec/mongo/crypt/helpers/mongo_crypt_spec_helper.rb +108 -0
data/spec/mongo/crypt/status_spec.rb +152 -0
data/spec/mongo/cursor_spec.rb +24 -4
data/spec/mongo/database_spec.rb +20 -0
data/spec/mongo/error/bulk_write_error_spec.rb +49 -0
data/spec/mongo/error/crypt_error_spec.rb +26 -0
data/spec/mongo/error/max_bson_size_spec.rb +35 -0
data/spec/mongo/error/no_server_available_spec.rb +11 -1
data/spec/mongo/error/notable_spec.rb +59 -0
data/spec/mongo/error/operation_failure_spec.rb +6 -6
data/spec/mongo/operation/aggregate_spec.rb +1 -1
data/spec/mongo/operation/collections_info_spec.rb +1 -1
data/spec/mongo/operation/command_spec.rb +3 -3
data/spec/mongo/operation/create_index_spec.rb +3 -3
data/spec/mongo/operation/create_user_spec.rb +3 -3
data/spec/mongo/operation/delete/bulk_spec.rb +6 -6
data/spec/mongo/operation/delete/op_msg_spec.rb +1 -6
data/spec/mongo/operation/delete_spec.rb +7 -7
data/spec/mongo/operation/drop_index_spec.rb +2 -2
data/spec/mongo/operation/find/legacy_spec.rb +2 -1
data/spec/mongo/operation/get_more_spec.rb +1 -1
data/spec/mongo/operation/indexes_spec.rb +1 -1
data/spec/mongo/operation/insert/bulk_spec.rb +7 -7
data/spec/mongo/operation/insert/op_msg_spec.rb +3 -6
data/spec/mongo/operation/insert_spec.rb +12 -12
data/spec/mongo/operation/map_reduce_spec.rb +2 -2
data/spec/mongo/operation/read_preference_legacy_spec.rb +351 -0
data/spec/mongo/operation/read_preference_op_msg_spec.rb +194 -0
data/spec/mongo/operation/remove_user_spec.rb +3 -3
data/spec/mongo/operation/update/bulk_spec.rb +6 -6
data/spec/mongo/operation/update/op_msg_spec.rb +3 -6
data/spec/mongo/operation/update_spec.rb +7 -7
data/spec/mongo/operation/update_user_spec.rb +1 -1
data/spec/mongo/protocol/compressed_spec.rb +2 -3
data/spec/mongo/protocol/delete_spec.rb +9 -8
data/spec/mongo/protocol/get_more_spec.rb +9 -8
data/spec/mongo/protocol/insert_spec.rb +9 -8
data/spec/mongo/protocol/kill_cursors_spec.rb +6 -5
data/spec/mongo/protocol/msg_spec.rb +57 -53
data/spec/mongo/protocol/query_spec.rb +12 -12
data/spec/mongo/protocol/registry_spec.rb +1 -1
data/spec/mongo/protocol/reply_spec.rb +1 -1
data/spec/mongo/protocol/update_spec.rb +10 -9
data/spec/mongo/server/connection_pool_spec.rb +1 -1
data/spec/mongo/server/connection_spec.rb +28 -7
data/spec/mongo/socket_spec.rb +1 -1
data/spec/mongo/srv/monitor_spec.rb +88 -69
data/spec/mongo/timeout_spec.rb +85 -0
data/spec/mongo/uri/srv_protocol_spec.rb +2 -2
data/spec/mongo/uri_spec.rb +52 -5
data/spec/mongo/write_concern_spec.rb +13 -1
data/spec/{support → runners}/auth.rb +14 -1
data/spec/{support → runners}/change_streams.rb +1 -1
data/spec/{support → runners}/change_streams/operation.rb +0 -0
data/spec/{support → runners}/cmap.rb +1 -1
data/spec/{support → runners}/cmap/verifier.rb +0 -0
data/spec/{support → runners}/command_monitoring.rb +0 -0
data/spec/runners/connection_string.rb +358 -4
data/spec/{support → runners}/crud.rb +9 -9
data/spec/{support → runners}/crud/context.rb +0 -0
data/spec/{support → runners}/crud/operation.rb +7 -3
data/spec/{support → runners}/crud/outcome.rb +0 -0
data/spec/{support → runners}/crud/requirement.rb +1 -1
data/spec/{support → runners}/crud/spec.rb +12 -1
data/spec/{support → runners}/crud/test.rb +0 -0
data/spec/{support → runners}/crud/test_base.rb +0 -0
data/spec/{support → runners}/crud/verifier.rb +10 -12
data/spec/{support → runners}/gridfs.rb +0 -0
data/spec/{support → runners}/sdam_monitoring.rb +0 -0
data/spec/{support → runners}/server_discovery_and_monitoring.rb +0 -0
data/spec/{support → runners}/server_selection.rb +0 -0
data/spec/{support → runners}/server_selection_rtt.rb +0 -0
data/spec/{support → runners}/transactions.rb +9 -11
data/spec/{support → runners}/transactions/context.rb +0 -0
data/spec/{support → runners}/transactions/operation.rb +0 -0
data/spec/{support → runners}/transactions/spec.rb +0 -0
data/spec/{support → runners}/transactions/test.rb +37 -5
data/spec/spec_helper.rb +0 -5
data/spec/spec_tests/auth_spec.rb +3 -3
data/spec/spec_tests/client_side_encryption_spec.rb +8 -0
data/spec/spec_tests/connection_string_spec.rb +1 -1
data/spec/spec_tests/data/auth/connection-string.yml +13 -0
data/spec/spec_tests/data/client_side_encryption/aggregate.yml +134 -0
data/spec/spec_tests/data/client_side_encryption/badQueries.yml +526 -0
data/spec/spec_tests/data/client_side_encryption/badSchema.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/basic.yml +116 -0
data/spec/spec_tests/data/client_side_encryption/bulk.yml +88 -0
data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +100 -0
data/spec/spec_tests/data/client_side_encryption/bypassedCommand.yml +42 -0
data/spec/spec_tests/data/client_side_encryption/count.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +59 -0
data/spec/spec_tests/data/client_side_encryption/delete.yml +105 -0
data/spec/spec_tests/data/client_side_encryption/distinct.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/explain.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/find.yml +119 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/getMore.yml +68 -0
data/spec/spec_tests/data/client_side_encryption/insert.yml +102 -0
data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +71 -0
data/spec/spec_tests/data/client_side_encryption/localKMS.yml +54 -0
data/spec/spec_tests/data/client_side_encryption/localSchema.yml +72 -0
data/spec/spec_tests/data/client_side_encryption/malformedCiphertext.yml +69 -0
data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +20 -0
data/spec/spec_tests/data/client_side_encryption/missingKey.yml +49 -0
data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/types.yml +527 -0
data/spec/spec_tests/data/client_side_encryption/unsupportedCommand.yml +25 -0
data/spec/spec_tests/data/client_side_encryption/updateMany.yml +77 -0
data/spec/spec_tests/data/client_side_encryption/updateOne.yml +171 -0
data/spec/spec_tests/data/read_write_concern/connection-string/write-concern.yml +1 -4
data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +21 -0
data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -4
data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +1 -1
data/spec/spec_tests/data/sdam/rs/primary_mismatched_me_not_removed.yml +73 -0
data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +1 -2
data/spec/spec_tests/data/sdam/rs/repeated.yml +101 -0
data/spec/spec_tests/data/sdam/rs/{primary_address_change.yml → ruby_primary_address_change.yml} +2 -0
data/spec/spec_tests/data/sdam/rs/{secondary_wrong_set_name_with_primary_second.yml → ruby_secondary_wrong_set_name_with_primary_second.yml} +0 -0
data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +27 -0
data/spec/spec_tests/data/sdam/sharded/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/sharded/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam_monitoring/{replica_set_with_primary_change.yml → replica_set_primary_address_change.yml} +27 -5
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_me_mismatch.yml +26 -74
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_removal.yml +20 -16
data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +73 -0
data/spec/spec_tests/data/transactions/pin-mongos.yml +2 -3
data/spec/spec_tests/data/uri_options/auth-options.yml +10 -0
data/spec/spec_tests/data/uri_options/tls-options.yml +75 -4
data/spec/spec_tests/read_write_concern_connection_string_spec.rb +1 -1
data/spec/spec_tests/uri_options_spec.rb +6 -8
data/spec/stress/connection_pool_timing_spec.rb +6 -3
data/spec/support/certificates/README.md +4 -0
data/spec/support/certificates/server-second-level-bundle.pem +77 -77
data/spec/support/certificates/server-second-level.crt +52 -52
data/spec/support/certificates/server-second-level.key +25 -25
data/spec/support/certificates/server-second-level.pem +77 -77
data/spec/support/client_registry.rb +19 -3
data/spec/support/cluster_config.rb +9 -1
data/spec/support/cluster_tools.rb +6 -1
data/spec/support/common_shortcuts.rb +12 -0
data/spec/support/constraints.rb +16 -0
data/spec/support/crypt.rb +154 -0
data/spec/support/crypt/corpus/corpus-key-aws.json +33 -0
data/spec/support/crypt/corpus/corpus-key-local.json +31 -0
data/spec/support/crypt/corpus/corpus-schema.json +2057 -0
data/spec/support/crypt/corpus/corpus.json +3657 -0
data/spec/support/crypt/corpus/corpus_encrypted.json +4152 -0
data/spec/support/crypt/data_keys/key_document_aws.json +34 -0
data/spec/support/crypt/data_keys/key_document_local.json +31 -0
data/spec/support/crypt/external/external-key.json +31 -0
data/spec/support/crypt/external/external-schema.json +19 -0
data/spec/support/crypt/limits/limits-doc.json +102 -0
data/spec/support/crypt/limits/limits-key.json +31 -0
data/spec/support/crypt/limits/limits-schema.json +1405 -0
data/spec/support/crypt/schema_maps/schema_map_aws.json +17 -0
data/spec/support/crypt/schema_maps/schema_map_aws_key_alt_names.json +12 -0
data/spec/support/crypt/schema_maps/schema_map_local.json +18 -0
data/spec/support/crypt/schema_maps/schema_map_local_key_alt_names.json +12 -0
data/spec/support/lite_constraints.rb +19 -1
data/spec/support/matchers.rb +19 -0
data/spec/support/shared/protocol.rb +2 -0
data/spec/support/spec_config.rb +53 -13
data/spec/support/utils.rb +140 -10
metadata +894 -687
metadata.gz.sig +0 -0
data/lib/mongo/cluster/srv_monitor.rb +0 -127
data/lib/mongo/srv/warning_result.rb +0 -35
data/spec/enterprise_auth/kerberos_spec.rb +0 -58
data/spec/mongo/cluster/srv_monitor_spec.rb +0 -214
data/spec/mongo/operation/read_preference_spec.rb +0 -245
data/spec/spec_tests/data/sdam/sharded/single_mongos.yml +0 -33
data/spec/support/connection_string.rb +0 -354

data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb ADDED

@@ -0,0 +1,221 @@
+require 'spec_helper'
+describe 'Client with auto encryption #reconnect' do
+  require_libmongocrypt
+  min_server_fcv '4.2'
+  require_enterprise
+  # Diagnostics of leaked background threads only, these tests do not
+  # actually require a clean slate. https://jira.mongodb.org/browse/RUBY-2138
+  clean_slate
+  include_context 'define shared FLE helpers'
+  let(:client) do
+    new_local_client(
+      SpecConfig.instance.addresses,
+      SpecConfig.instance.test_options.merge(
+        {
+          auto_encryption_options: {
+            kms_providers: kms_providers,
+            key_vault_namespace: key_vault_namespace,
+            key_vault_client: key_vault_client_option,
+            schema_map: { 'auto_encryption.users': schema_map },
+            # Spawn mongocryptd on non-default port for sharded cluster tests
+            extra_options: extra_options,
+          },
+          database: 'auto_encryption'
+        }
+      )
+    )
+  end
+  let(:unencrypted_client) { authorized_client.use('auto_encryption') }
+  let(:mongocryptd_client) { client.encrypter.mongocryptd_client }
+  let(:key_vault_client) { client.encrypter.key_vault_client }
+  let(:data_key_id) { data_key['_id'] }
+  shared_examples 'a functioning client' do
+    it 'can perform an encrypted find command' do
+      doc = client['users'].find(ssn: ssn).first
+      expect(doc).not_to be_nil
+      expect(doc['ssn']).to eq(ssn)
+    end
+  end
+  shared_examples 'a functioning mongocryptd client' do
+    it 'can perform a schemaRequiresEncryption command' do
+      # A schemaRequiresEncryption command; mongocryptd should respond that
+      # this command requires encryption.
+      response = mongocryptd_client.database.command(
+        insert: 'users',
+        ordered: true,
+        lsid: { id: BSON::Binary.new("\x00" * 16, :uuid) },
+        documents: [{
+          ssn: '123-456-7890',
+          _id: BSON::ObjectId.new,
+        }],
+        jsonSchema: schema_map,
+        isRemoteSchema: false
+      )
+      expect(response).to be_ok
+      expect(response.documents.first['schemaRequiresEncryption']).to be true
+    end
+  end
+  shared_examples 'a functioning key vault client' do
+    it 'can perform a find command' do
+      doc = key_vault_client.use(key_vault_db)[key_vault_coll, read_concern: { level: :majority}].find(_id: data_key_id).first
+      expect(doc).not_to be_nil
+      expect(doc['_id']).to eq(data_key_id)
+    end
+  end
+  shared_examples 'an auto-encryption client that reconnects properly' do
+    before do
+      key_vault_collection.drop
+      key_vault_collection.insert_one(data_key)
+      unencrypted_client['users'].drop
+      # Use a client without auto_encryption_options to insert an
+      # encrypted document into the collection; this ensures that the
+      # client with auto_encryption_options must perform decryption
+      # to properly read the document.
+      unencrypted_client['users'].insert_one(
+        ssn: BSON::Binary.new(Base64.decode64(encrypted_ssn), :ciphertext)
+      )
+    end
+    context 'after reconnecting without closing main client' do
+      before do
+        client.reconnect
+      end
+      it_behaves_like 'a functioning client'
+      it_behaves_like 'a functioning mongocryptd client'
+      it_behaves_like 'a functioning key vault client'
+    end
+    context 'after closing and reconnecting main client' do
+      before do
+        client.close
+        client.reconnect
+      end
+      it_behaves_like 'a functioning client'
+      it_behaves_like 'a functioning mongocryptd client'
+      it_behaves_like 'a functioning key vault client'
+    end
+    context 'after killing client monitor thread' do
+      before do
+        thread = client.cluster.servers.first.monitor.instance_variable_get('@thread')
+        expect(thread).to be_alive
+        thread.kill
+        sleep 0.1
+        expect(thread).not_to be_alive
+        client.reconnect
+      end
+      it_behaves_like 'a functioning client'
+      it_behaves_like 'a functioning mongocryptd client'
+      it_behaves_like 'a functioning key vault client'
+    end
+    context 'after closing mongocryptd client and reconnecting' do
+      before do
+        mongocryptd_client.close
+        client.reconnect
+      end
+      it_behaves_like 'a functioning client'
+      it_behaves_like 'a functioning mongocryptd client'
+      it_behaves_like 'a functioning key vault client'
+    end
+    context 'after killing mongocryptd client monitor thread and reconnecting' do
+      before do
+        thread = mongocryptd_client.cluster.servers.first.monitor.instance_variable_get('@thread')
+        expect(thread).to be_alive
+        thread.kill
+        sleep 0.1
+        expect(thread).not_to be_alive
+        client.reconnect
+      end
+      it_behaves_like 'a functioning client'
+      it_behaves_like 'a functioning mongocryptd client'
+      it_behaves_like 'a functioning key vault client'
+    end
+    context 'after closing key_vault_client and reconnecting' do
+      before do
+        key_vault_client.close
+        client.reconnect
+      end
+      it_behaves_like 'a functioning client'
+      it_behaves_like 'a functioning mongocryptd client'
+      it_behaves_like 'a functioning key vault client'
+    end
+    context 'after killing key_vault_client monitor thread and reconnecting' do
+      before do
+        thread = key_vault_client.cluster.servers.first.monitor.instance_variable_get('@thread')
+        expect(thread).to be_alive
+        thread.kill
+        sleep 0.1
+        expect(thread).not_to be_alive
+        client.reconnect
+      end
+      it_behaves_like 'a functioning client'
+      it_behaves_like 'a functioning mongocryptd client'
+      it_behaves_like 'a functioning key vault client'
+    end
+  end
+  context 'with default key vault client option' do
+    let(:key_vault_client_option) { nil }
+    context 'with AWS KMS providers' do
+      include_context 'with AWS kms_providers'
+      it_behaves_like 'an auto-encryption client that reconnects properly'
+    end
+    context 'with local KMS providers' do
+      include_context 'with local kms_providers'
+      it_behaves_like 'an auto-encryption client that reconnects properly'
+    end
+  end
+  context 'with custom key vault client option' do
+    let(:key_vault_client_option) do
+      new_local_client(
+        SpecConfig.instance.addresses,
+        SpecConfig.instance.test_options
+      )
+    end
+    context 'with AWS KMS providers' do
+      include_context 'with AWS kms_providers'
+      it_behaves_like 'an auto-encryption client that reconnects properly'
+    end
+    context 'with local KMS providers' do
+      include_context 'with local kms_providers'
+      it_behaves_like 'an auto-encryption client that reconnects properly'
+    end
+  end
+end

data/spec/integration/client_side_encryption/auto_encryption_spec.rb ADDED

@@ -0,0 +1,601 @@
+require 'spec_helper'
+require 'bson'
+require 'json'
+describe 'Auto Encryption' do
+  require_libmongocrypt
+  min_server_fcv '4.2'
+  require_enterprise
+  # Diagnostics of leaked background threads only, these tests do not
+  # actually require a clean slate. https://jira.mongodb.org/browse/RUBY-2138
+  clean_slate
+  include_context 'define shared FLE helpers'
+  let(:encryption_client) do
+    new_local_client(
+      SpecConfig.instance.addresses,
+      SpecConfig.instance.test_options.merge(
+        auto_encryption_options: {
+          kms_providers: kms_providers,
+          key_vault_namespace: key_vault_namespace,
+          schema_map: local_schema,
+          bypass_auto_encryption: bypass_auto_encryption,
+          # Spawn mongocryptd on non-default port for sharded cluster tests
+          extra_options: extra_options,
+        },
+        database: 'auto_encryption'
+      ),
+    )
+  end
+  let(:client) { authorized_client.use('auto_encryption') }
+  let(:bypass_auto_encryption) { false }
+  let(:encrypted_ssn_binary) do
+    BSON::Binary.new(Base64.decode64(encrypted_ssn), :ciphertext)
+  end
+  shared_context 'bypass auto encryption' do
+    let(:bypass_auto_encryption) { true }
+  end
+  shared_context 'jsonSchema validator on collection' do
+    let(:local_schema) { nil }
+    before do
+      client['users',
+        {
+          'validator' => { '$jsonSchema' => schema_map }
+        }
+      ].create
+    end
+  end
+  shared_context 'schema map in client options' do
+    let(:local_schema) { { "auto_encryption.users" => schema_map } }
+    before do
+      client['users'].create
+    end
+  end
+  shared_context 'encrypted document in collection' do
+    before do
+      client['users'].insert_one(ssn: encrypted_ssn_binary)
+    end
+  end
+  shared_context 'multiple encrypted documents in collection' do
+    before do
+      client['users'].insert_one(ssn: encrypted_ssn_binary)
+      client['users'].insert_one(ssn: encrypted_ssn_binary)
+    end
+  end
+  before(:each) do
+    client['users'].drop
+    key_vault_collection.drop
+    key_vault_collection.insert_one(data_key)
+  end
+  shared_examples 'an encrypted command' do
+    context 'with AWS KMS provider' do
+      include_context 'with AWS kms_providers'
+      context 'with validator' do
+        include_context 'jsonSchema validator on collection'
+        it_behaves_like 'it performs an encrypted command'
+      end
+      context 'with schema map' do
+        include_context 'schema map in client options'
+        it_behaves_like 'it performs an encrypted command'
+      end
+    end
+    context 'with local KMS provider' do
+      include_context 'with local kms_providers'
+      context 'with validator' do
+        include_context 'jsonSchema validator on collection'
+        it_behaves_like 'it performs an encrypted command'
+      end
+      context 'with schema map' do
+        include_context 'schema map in client options'
+        it_behaves_like 'it performs an encrypted command'
+      end
+    end
+  end
+  describe '#aggregate' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) do
+        encryption_client['users'].aggregate([
+          { '$match' => { 'ssn' => ssn } }
+        ]).first
+      end
+      it 'encrypts the command and decrypts the response' do
+        result.should_not be_nil
+        result['ssn'].should == ssn
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          result.should be_nil
+        end
+        it 'does auto decrypt the response' do
+          result = encryption_client['users'].aggregate([
+            { '$match' => { 'ssn' => encrypted_ssn_binary } }
+          ]).first
+          result.should_not be_nil
+          result['ssn'].should == ssn
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#count' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'multiple encrypted documents in collection'
+      let(:result) { encryption_client['users'].count(ssn: ssn) }
+      it 'encrypts the command and finds the documents' do
+        expect(result).to eq(2)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#distinct' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client['users'].distinct(:ssn) }
+      it 'decrypts the SSN field' do
+        expect(result.length).to eq(1)
+        expect(result).to include(ssn)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'still decrypts the SSN field' do
+          expect(result.length).to eq(1)
+          expect(result).to include(ssn)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#delete_one' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client['users'].delete_one(ssn: ssn) }
+      it 'encrypts the SSN field' do
+        expect(result.deleted_count).to eq(1)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the SSN field' do
+          expect(result.deleted_count).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#delete_many' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'multiple encrypted documents in collection'
+      let(:result) { encryption_client['users'].delete_many(ssn: ssn) }
+      it 'decrypts the SSN field' do
+        expect(result.deleted_count).to eq(2)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the SSN field' do
+          expect(result.deleted_count).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client['users'].find(ssn: ssn).first }
+      it 'encrypts the command and decrypts the response' do
+        result.should_not be_nil
+        expect(result['ssn']).to eq(ssn)
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to be_nil
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find_one_and_delete' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client['users'].find_one_and_delete(ssn: ssn) }
+      it 'encrypts the command and decrypts the response' do
+        expect(result['ssn']).to eq(ssn)
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to be_nil
+        end
+        it 'still decrypts the command' do
+          result = encryption_client['users'].find_one_and_delete(ssn: encrypted_ssn_binary)
+          expect(result['ssn']).to eq(ssn)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find_one_and_replace' do
+    shared_examples 'it performs an encrypted command' do
+      let(:name) { 'Alan Turing' }
+      context 'with :return_document => :before' do
+        include_context 'encrypted document in collection'
+        let(:result) do
+          encryption_client['users'].find_one_and_replace(
+            { ssn: ssn },
+            { name: name },
+            return_document: :before
+          )
+        end
+        it 'encrypts the command and decrypts the response, returning original document' do
+          expect(result['ssn']).to eq(ssn)
+          documents = client['users'].find
+          expect(documents.count).to eq(1)
+          expect(documents.first['ssn']).to be_nil
+        end
+      end
+      context 'with :return_document => :after' do
+        before do
+          client['users'].insert_one(name: name)
+        end
+        let(:result) do
+          encryption_client['users'].find_one_and_replace(
+            { name: name },
+            { ssn: ssn },
+            return_document: :after
+          )
+        end
+        it 'encrypts the command and decrypts the response, returning new document' do
+          expect(result['ssn']).to eq(ssn)
+          documents = client['users'].find
+          expect(documents.count).to eq(1)
+          expect(documents.first['ssn']).to eq(encrypted_ssn_binary)
+        end
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        include_context 'encrypted document in collection'
+        let(:result) do
+          encryption_client['users'].find_one_and_replace(
+            { ssn: encrypted_ssn_binary },
+            { name: name },
+            :return_document => :before
+          )
+        end
+        it 'does not encrypt the command but still decrypts the response, returning original document' do
+          expect(result['ssn']).to eq(ssn)
+          documents = client['users'].find
+          expect(documents.count).to eq(1)
+          expect(documents.first['ssn']).to be_nil
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find_one_and_update' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:name) { 'Alan Turing' }
+      let(:result) do
+        encryption_client['users'].find_one_and_update(
+          { ssn: ssn },
+          { name: name }
+        )
+      end
+      it 'encrypts the command and decrypts the response' do
+        expect(result['ssn']).to eq(ssn)
+        documents = client['users'].find
+        expect(documents.count).to eq(1)
+        expect(documents.first['ssn']).to be_nil
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to be_nil
+        end
+        it 'still decrypts the response' do
+          # Query using the encrypted ssn value so the find will succeed
+          result = encryption_client['users'].find_one_and_update(
+            { ssn: encrypted_ssn_binary },
+            { name: name }
+          )
+          expect(result['ssn']).to eq(ssn)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#insert_one' do
+    let(:query) { { ssn: ssn } }
+    let(:result) { encryption_client['users'].insert_one(query) }
+    shared_examples 'it performs an encrypted command' do
+      it 'encrypts the ssn field' do
+        expect(result).to be_ok
+        expect(result.inserted_ids.length).to eq(1)
+        id = result.inserted_ids.first
+        document = client['users'].find(_id: id).first
+        document.should_not be_nil
+        expect(document['ssn']).to eq(encrypted_ssn_binary)
+      end
+    end
+    shared_examples 'it obeys bypass_auto_encryption option' do
+      include_context 'bypass auto encryption'
+      it 'does not encrypt the command' do
+        result = encryption_client['users'].insert_one(ssn: ssn)
+        expect(result).to be_ok
+        expect(result.inserted_ids.length).to eq(1)
+        id = result.inserted_ids.first
+        document = client['users'].find(_id: id).first
+        expect(document['ssn']).to eq(ssn)
+      end
+    end
+    it_behaves_like 'an encrypted command'
+    context 'with jsonSchema in schema_map option' do
+      include_context 'schema map in client options'
+      context 'with AWS KMS provider' do
+        include_context 'with AWS kms_providers'
+        it_behaves_like 'it obeys bypass_auto_encryption option'
+      end
+      context 'with local KMS provider and ' do
+        include_context 'with local kms_providers'
+        it_behaves_like 'it obeys bypass_auto_encryption option'
+      end
+    end
+    context 'with schema_map client option pointing to wrong collection' do
+      let(:local_schema) { { 'wrong_db.wrong_coll' => schema_map } }
+      include_context 'with local kms_providers'
+      it 'does not raise an exception but doesn\'t encrypt either' do
+        expect do
+          result
+        end.not_to raise_error
+        expect(result).to be_ok
+        id = result.inserted_ids.first
+        document = client['users'].find(_id: id).first
+        document.should_not be_nil
+        # Document was not encrypted
+        expect(document['ssn']).to eq(ssn)
+      end
+    end
+    context 'encrypting using key alt name' do
+      include_context 'schema map in client options'
+      let(:query) { { ssn: ssn, altname: key_alt_name } }
+      context 'with AWS KMS provider' do
+        include_context 'with AWS kms_providers and key alt names'
+        it 'encrypts the ssn field' do
+          expect(result).to be_ok
+          expect(result.inserted_ids.length).to eq(1)
+          id = result.inserted_ids.first
+          document = client['users'].find(_id: id).first
+          document.should_not be_nil
+          # Auto-encryption with key alt names only works with random encryption,
+          # so it will not generate the same result on every test run.
+          expect(document['ssn']).to be_ciphertext
+        end
+      end
+      context 'with local KMS provider' do
+        include_context 'with local kms_providers and key alt names'
+        it 'encrypts the ssn field' do
+          expect(result).to be_ok
+          expect(result.inserted_ids.length).to eq(1)
+          id = result.inserted_ids.first
+          document = client['users'].find(_id: id).first
+          document.should_not be_nil
+          # Auto-encryption with key alt names only works with random encryption,
+          # so it will not generate the same result on every test run.
+          expect(document['ssn']).to be_a_kind_of(BSON::Binary)
+        end
+      end
+    end
+  end
+  describe '#replace_one' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:replacement_ssn) { '098-765-4321' }
+      let(:result) do
+        encryption_client['users'].replace_one(
+          { ssn: ssn },
+          { ssn: replacement_ssn }
+        )
+      end
+      it 'encrypts the ssn field' do
+        expect(result.modified_count).to eq(1)
+        find_result = encryption_client['users'].find(ssn: '098-765-4321')
+        expect(find_result.count).to eq(1)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result.modified_count).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#update_one' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) do
+        encryption_client['users'].update_one({ ssn: ssn }, { ssn: '098-765-4321' })
+      end
+      it 'encrypts the ssn field' do
+        expect(result.n).to eq(1)
+        find_result = encryption_client['users'].find(ssn: '098-765-4321')
+        expect(find_result.count).to eq(1)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result.n).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#update_many' do
+    shared_examples 'it performs an encrypted command' do
+      before do
+        client['users'].insert_one(ssn: encrypted_ssn_binary, age: 25)
+        client['users'].insert_one(ssn: encrypted_ssn_binary, age: 43)
+      end
+      let(:result) do
+        encryption_client['users'].update_many({ ssn: ssn }, { "$inc" => { :age =>  1 } })
+      end
+      it 'encrypts the ssn field' do
+        expect(result.n).to eq(2)
+        updated_documents = encryption_client['users'].find(ssn: ssn)
+        ages = updated_documents.map { |doc| doc['age'] }
+        expect(ages).to include(26)
+        expect(ages).to include(44)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result.n).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+end