RubyGems - mongo - Versions diffs - 2.11.6 → 2.12.0.rc0 - Mend

mongo 2.11.6 → 2.12.0.rc0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (327) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -2
data.tar.gz.sig +0 -0
data/CONTRIBUTING.md +1 -1
data/lib/mongo.rb +3 -0
data/lib/mongo/address.rb +13 -2
data/lib/mongo/auth.rb +1 -0
data/lib/mongo/auth/credential_cache.rb +51 -0
data/lib/mongo/auth/scram/conversation.rb +20 -16
data/lib/mongo/auth/user.rb +0 -8
data/lib/mongo/auth/user/view.rb +4 -4
data/lib/mongo/background_thread.rb +1 -1
data/lib/mongo/bulk_write.rb +5 -5
data/lib/mongo/client.rb +126 -11
data/lib/mongo/client_encryption.rb +103 -0
data/lib/mongo/cluster.rb +2 -2
data/lib/mongo/cluster/reapers/cursor_reaper.rb +18 -6
data/lib/mongo/cluster/sdam_flow.rb +54 -58
data/lib/mongo/cluster/srv_monitor.rb +1 -1
data/lib/mongo/collection.rb +3 -3
data/lib/mongo/collection/view.rb +1 -1
data/lib/mongo/collection/view/aggregation.rb +1 -1
data/lib/mongo/collection/view/change_stream.rb +12 -3
data/lib/mongo/collection/view/iterable.rb +14 -5
data/lib/mongo/collection/view/map_reduce.rb +2 -2
data/lib/mongo/collection/view/readable.rb +7 -9
data/lib/mongo/collection/view/writable.rb +7 -7
data/lib/mongo/crypt.rb +33 -0
data/lib/mongo/crypt/auto_decryption_context.rb +42 -0
data/lib/mongo/crypt/auto_encrypter.rb +169 -0
data/lib/mongo/crypt/auto_encryption_context.rb +44 -0
data/lib/mongo/crypt/binary.rb +155 -0
data/lib/mongo/crypt/binding.rb +1162 -0
data/lib/mongo/crypt/context.rb +135 -0
data/lib/mongo/crypt/data_key_context.rb +162 -0
data/lib/mongo/crypt/encryption_io.rb +283 -0
data/lib/mongo/crypt/explicit_decryption_context.rb +40 -0
data/lib/mongo/crypt/explicit_encrypter.rb +117 -0
data/lib/mongo/crypt/explicit_encryption_context.rb +89 -0
data/lib/mongo/crypt/handle.rb +293 -0
data/lib/mongo/crypt/hooks.rb +90 -0
data/lib/mongo/crypt/kms_context.rb +67 -0
data/lib/mongo/crypt/status.rb +131 -0
data/lib/mongo/cursor.rb +64 -32
data/lib/mongo/database.rb +13 -6
data/lib/mongo/database/view.rb +13 -4
data/lib/mongo/dbref.rb +9 -2
data/lib/mongo/error.rb +5 -1
data/lib/mongo/error/crypt_error.rb +31 -0
data/lib/mongo/error/{failed_stringprep_validation.rb → failed_string_prep_validation.rb} +0 -0
data/lib/mongo/error/invalid_cursor_operation.rb +27 -0
data/lib/mongo/error/kms_error.rb +22 -0
data/lib/mongo/error/max_bson_size.rb +14 -3
data/lib/mongo/error/mongocryptd_spawn_error.rb +22 -0
data/lib/mongo/error/no_server_available.rb +8 -3
data/lib/mongo/error/operation_failure.rb +1 -0
data/lib/mongo/grid/file.rb +0 -5
data/lib/mongo/grid/file/chunk.rb +0 -2
data/lib/mongo/grid/file/info.rb +2 -1
data/lib/mongo/grid/fs_bucket.rb +13 -15
data/lib/mongo/grid/stream/write.rb +3 -9
data/lib/mongo/index/view.rb +3 -3
data/lib/mongo/monitoring/event/command_started.rb +6 -1
data/lib/mongo/operation/collections_info.rb +6 -3
data/lib/mongo/operation/delete/op_msg.rb +1 -1
data/lib/mongo/operation/find/op_msg.rb +4 -1
data/lib/mongo/operation/get_more/op_msg.rb +4 -1
data/lib/mongo/operation/insert/command.rb +2 -2
data/lib/mongo/operation/insert/legacy.rb +2 -2
data/lib/mongo/operation/insert/op_msg.rb +3 -3
data/lib/mongo/operation/result.rb +36 -27
data/lib/mongo/operation/shared/executable.rb +10 -8
data/lib/mongo/operation/shared/executable_no_validate.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_find_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +2 -2
data/lib/mongo/operation/shared/write.rb +17 -10
data/lib/mongo/operation/update/op_msg.rb +1 -1
data/lib/mongo/protocol/compressed.rb +6 -5
data/lib/mongo/protocol/insert.rb +3 -1
data/lib/mongo/protocol/message.rb +72 -8
data/lib/mongo/protocol/msg.rb +191 -37
data/lib/mongo/protocol/query.rb +7 -9
data/lib/mongo/protocol/serializers.rb +6 -2
data/lib/mongo/server.rb +10 -4
data/lib/mongo/server/connection.rb +20 -9
data/lib/mongo/server/connection_base.rb +81 -12
data/lib/mongo/server/connection_common.rb +61 -0
data/lib/mongo/server/connection_pool.rb +37 -1
data/lib/mongo/server/description.rb +9 -11
data/lib/mongo/server/monitor.rb +2 -0
data/lib/mongo/server/monitor/connection.rb +3 -18
data/lib/mongo/server/pending_connection.rb +2 -1
data/lib/mongo/session.rb +2 -2
data/lib/mongo/session/session_pool.rb +8 -3
data/lib/mongo/socket.rb +29 -16
data/lib/mongo/socket/ssl.rb +23 -8
data/lib/mongo/socket/tcp.rb +12 -3
data/lib/mongo/timeout.rb +49 -0
data/lib/mongo/uri.rb +30 -1
data/lib/mongo/version.rb +1 -1
data/mongo.gemspec +1 -1
data/spec/README.md +134 -7
data/spec/integration/auth_spec.rb +53 -0
data/spec/integration/{client_options_spec.rb → client_authentication_options_spec.rb} +10 -10
data/spec/integration/client_construction_spec.rb +76 -1
data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +351 -0
data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +301 -0
data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +71 -0
data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +76 -0
data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +216 -0
data/spec/integration/client_side_encryption/auto_encryption_spec.rb +600 -0
data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +183 -0
data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +74 -0
data/spec/integration/client_side_encryption/client_close_spec.rb +59 -0
data/spec/integration/client_side_encryption/corpus_spec.rb +228 -0
data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +132 -0
data/spec/integration/client_side_encryption/data_key_spec.rb +163 -0
data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +114 -0
data/spec/integration/client_side_encryption/external_key_vault_spec.rb +137 -0
data/spec/integration/client_side_encryption/views_spec.rb +42 -0
data/spec/integration/client_update_spec.rb +120 -0
data/spec/integration/command_monitoring_spec.rb +3 -1
data/spec/integration/command_spec.rb +44 -10
data/spec/integration/connection_spec.rb +57 -0
data/spec/integration/reconnect_spec.rb +7 -6
data/spec/integration/size_limit_spec.rb +94 -0
data/spec/integration/srv_monitoring_spec.rb +14 -6
data/spec/lite_spec_helper.rb +31 -22
data/spec/mongo/auth/cr_spec.rb +8 -0
data/spec/mongo/auth/ldap_spec.rb +5 -1
data/spec/mongo/auth/scram/conversation_spec.rb +5 -6
data/spec/mongo/auth/scram/negotiation_spec.rb +74 -75
data/spec/mongo/auth/scram_spec.rb +45 -35
data/spec/mongo/auth/x509_spec.rb +5 -1
data/spec/mongo/client_construction_spec.rb +206 -3
data/spec/mongo/client_encryption_spec.rb +408 -0
data/spec/mongo/cluster/cursor_reaper_spec.rb +12 -8
data/spec/mongo/cluster/socket_reaper_spec.rb +14 -3
data/spec/mongo/collection/view/aggregation_spec.rb +0 -2
data/spec/mongo/collection/view/change_stream_spec.rb +7 -7
data/spec/mongo/collection/view/map_reduce_spec.rb +3 -3
data/spec/mongo/collection/view_spec.rb +1 -1
data/spec/mongo/collection_spec.rb +4 -33
data/spec/mongo/crypt/auto_decryption_context_spec.rb +90 -0
data/spec/mongo/crypt/auto_encrypter_spec.rb +182 -0
data/spec/mongo/crypt/auto_encryption_context_spec.rb +107 -0
data/spec/mongo/crypt/binary_spec.rb +115 -0
data/spec/mongo/crypt/binding/binary_spec.rb +56 -0
data/spec/mongo/crypt/binding/context_spec.rb +257 -0
data/spec/mongo/crypt/binding/helpers_spec.rb +46 -0
data/spec/mongo/crypt/binding/mongocrypt_spec.rb +144 -0
data/spec/mongo/crypt/binding/status_spec.rb +99 -0
data/spec/mongo/crypt/binding/version_spec.rb +22 -0
data/spec/mongo/crypt/binding_unloaded_spec.rb +20 -0
data/spec/mongo/crypt/data_key_context_spec.rb +213 -0
data/spec/mongo/crypt/encryption_io_spec.rb +136 -0
data/spec/mongo/crypt/explicit_decryption_context_spec.rb +72 -0
data/spec/mongo/crypt/explicit_encryption_context_spec.rb +170 -0
data/spec/mongo/crypt/handle_spec.rb +198 -0
data/spec/mongo/crypt/helpers/mongo_crypt_spec_helper.rb +108 -0
data/spec/mongo/crypt/status_spec.rb +152 -0
data/spec/mongo/cursor_spec.rb +24 -4
data/spec/mongo/database_spec.rb +20 -0
data/spec/mongo/error/crypt_error_spec.rb +26 -0
data/spec/mongo/error/max_bson_size_spec.rb +35 -0
data/spec/mongo/error/no_server_available_spec.rb +11 -1
data/spec/mongo/error/operation_failure_spec.rb +6 -6
data/spec/mongo/operation/aggregate_spec.rb +1 -1
data/spec/mongo/operation/collections_info_spec.rb +1 -1
data/spec/mongo/operation/command_spec.rb +3 -3
data/spec/mongo/operation/create_index_spec.rb +3 -3
data/spec/mongo/operation/create_user_spec.rb +3 -3
data/spec/mongo/operation/delete/bulk_spec.rb +6 -6
data/spec/mongo/operation/delete/op_msg_spec.rb +1 -6
data/spec/mongo/operation/delete_spec.rb +7 -7
data/spec/mongo/operation/drop_index_spec.rb +2 -2
data/spec/mongo/operation/find/legacy_spec.rb +1 -1
data/spec/mongo/operation/get_more_spec.rb +1 -1
data/spec/mongo/operation/indexes_spec.rb +1 -1
data/spec/mongo/operation/insert/bulk_spec.rb +7 -7
data/spec/mongo/operation/insert/op_msg_spec.rb +3 -6
data/spec/mongo/operation/insert_spec.rb +12 -12
data/spec/mongo/operation/map_reduce_spec.rb +2 -2
data/spec/mongo/operation/remove_user_spec.rb +3 -3
data/spec/mongo/operation/update/bulk_spec.rb +6 -6
data/spec/mongo/operation/update/op_msg_spec.rb +3 -6
data/spec/mongo/operation/update_spec.rb +7 -7
data/spec/mongo/operation/update_user_spec.rb +1 -1
data/spec/mongo/protocol/compressed_spec.rb +2 -3
data/spec/mongo/protocol/delete_spec.rb +9 -8
data/spec/mongo/protocol/get_more_spec.rb +9 -8
data/spec/mongo/protocol/insert_spec.rb +9 -8
data/spec/mongo/protocol/kill_cursors_spec.rb +6 -5
data/spec/mongo/protocol/msg_spec.rb +57 -53
data/spec/mongo/protocol/query_spec.rb +12 -12
data/spec/mongo/protocol/registry_spec.rb +1 -1
data/spec/mongo/protocol/reply_spec.rb +1 -1
data/spec/mongo/protocol/update_spec.rb +10 -9
data/spec/mongo/server/connection_pool_spec.rb +1 -1
data/spec/mongo/server/connection_spec.rb +28 -7
data/spec/mongo/socket_spec.rb +1 -1
data/spec/mongo/timeout_spec.rb +85 -0
data/spec/mongo/uri/srv_protocol_spec.rb +2 -2
data/spec/mongo/uri_spec.rb +52 -5
data/spec/mongo/write_concern_spec.rb +13 -1
data/spec/{support → runners}/auth.rb +14 -1
data/spec/{support → runners}/change_streams.rb +1 -1
data/spec/{support → runners}/change_streams/operation.rb +0 -0
data/spec/{support → runners}/cmap.rb +1 -1
data/spec/{support → runners}/cmap/verifier.rb +0 -0
data/spec/{support → runners}/command_monitoring.rb +0 -0
data/spec/runners/connection_string.rb +358 -4
data/spec/{support → runners}/crud.rb +9 -9
data/spec/{support → runners}/crud/context.rb +0 -0
data/spec/{support → runners}/crud/operation.rb +7 -3
data/spec/{support → runners}/crud/outcome.rb +0 -0
data/spec/{support → runners}/crud/requirement.rb +1 -1
data/spec/{support → runners}/crud/spec.rb +12 -1
data/spec/{support → runners}/crud/test.rb +0 -0
data/spec/{support → runners}/crud/test_base.rb +0 -0
data/spec/{support → runners}/crud/verifier.rb +10 -12
data/spec/{support → runners}/gridfs.rb +0 -0
data/spec/{support → runners}/sdam_monitoring.rb +0 -0
data/spec/{support → runners}/server_discovery_and_monitoring.rb +0 -0
data/spec/{support → runners}/server_selection.rb +0 -0
data/spec/{support → runners}/server_selection_rtt.rb +0 -0
data/spec/{support → runners}/transactions.rb +4 -4
data/spec/{support → runners}/transactions/context.rb +0 -0
data/spec/{support → runners}/transactions/operation.rb +0 -0
data/spec/{support → runners}/transactions/spec.rb +0 -0
data/spec/{support → runners}/transactions/test.rb +37 -5
data/spec/spec_helper.rb +0 -5
data/spec/spec_tests/auth_spec.rb +3 -3
data/spec/spec_tests/client_side_encryption_spec.rb +13 -0
data/spec/spec_tests/connection_string_spec.rb +1 -1
data/spec/spec_tests/data/auth/connection-string.yml +13 -0
data/spec/spec_tests/data/client_side_encryption/aggregate.yml +134 -0
data/spec/spec_tests/data/client_side_encryption/badQueries.yml +526 -0
data/spec/spec_tests/data/client_side_encryption/badSchema.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/basic.yml +116 -0
data/spec/spec_tests/data/client_side_encryption/bulk.yml +85 -0
data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +100 -0
data/spec/spec_tests/data/client_side_encryption/bypassedCommand.yml +42 -0
data/spec/spec_tests/data/client_side_encryption/count.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +59 -0
data/spec/spec_tests/data/client_side_encryption/delete.yml +105 -0
data/spec/spec_tests/data/client_side_encryption/distinct.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/explain.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/find.yml +119 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/getMore.yml +68 -0
data/spec/spec_tests/data/client_side_encryption/insert.yml +102 -0
data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +71 -0
data/spec/spec_tests/data/client_side_encryption/localKMS.yml +54 -0
data/spec/spec_tests/data/client_side_encryption/localSchema.yml +72 -0
data/spec/spec_tests/data/client_side_encryption/malformedCiphertext.yml +69 -0
data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +20 -0
data/spec/spec_tests/data/client_side_encryption/missingKey.yml +49 -0
data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/types.yml +527 -0
data/spec/spec_tests/data/client_side_encryption/unsupportedCommand.yml +25 -0
data/spec/spec_tests/data/client_side_encryption/updateMany.yml +77 -0
data/spec/spec_tests/data/client_side_encryption/updateOne.yml +168 -0
data/spec/spec_tests/data/read_write_concern/connection-string/write-concern.yml +1 -4
data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +21 -0
data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -4
data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +1 -1
data/spec/spec_tests/data/sdam/rs/primary_mismatched_me_not_removed.yml +73 -0
data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +1 -2
data/spec/spec_tests/data/sdam/rs/repeated.yml +101 -0
data/spec/spec_tests/data/sdam/rs/{primary_address_change.yml → ruby_primary_address_change.yml} +2 -0
data/spec/spec_tests/data/sdam/rs/{secondary_wrong_set_name_with_primary_second.yml → ruby_secondary_wrong_set_name_with_primary_second.yml} +0 -0
data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +27 -0
data/spec/spec_tests/data/sdam/sharded/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/sharded/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam_monitoring/{replica_set_with_primary_change.yml → replica_set_primary_address_change.yml} +27 -5
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_me_mismatch.yml +26 -74
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_removal.yml +20 -16
data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +73 -0
data/spec/spec_tests/data/transactions/pin-mongos.yml +2 -3
data/spec/spec_tests/data/uri_options/auth-options.yml +10 -0
data/spec/spec_tests/data/uri_options/tls-options.yml +75 -4
data/spec/spec_tests/read_write_concern_connection_string_spec.rb +1 -1
data/spec/spec_tests/uri_options_spec.rb +6 -8
data/spec/stress/connection_pool_timing_spec.rb +6 -3
data/spec/support/certificates/README.md +4 -0
data/spec/support/certificates/server-second-level-bundle.pem +77 -77
data/spec/support/certificates/server-second-level.crt +52 -52
data/spec/support/certificates/server-second-level.key +25 -25
data/spec/support/certificates/server-second-level.pem +77 -77
data/spec/support/client_registry.rb +19 -3
data/spec/support/cluster_config.rb +9 -1
data/spec/support/common_shortcuts.rb +12 -0
data/spec/support/constraints.rb +16 -0
data/spec/support/crypt.rb +140 -0
data/spec/support/crypt/corpus/corpus-key-aws.json +33 -0
data/spec/support/crypt/corpus/corpus-key-local.json +31 -0
data/spec/support/crypt/corpus/corpus-schema.json +2057 -0
data/spec/support/crypt/corpus/corpus.json +3657 -0
data/spec/support/crypt/corpus/corpus_encrypted.json +4152 -0
data/spec/support/crypt/data_keys/key_document_aws.json +34 -0
data/spec/support/crypt/data_keys/key_document_local.json +31 -0
data/spec/support/crypt/external/external-key.json +31 -0
data/spec/support/crypt/external/external-schema.json +19 -0
data/spec/support/crypt/limits/limits-doc.json +102 -0
data/spec/support/crypt/limits/limits-key.json +31 -0
data/spec/support/crypt/limits/limits-schema.json +1405 -0
data/spec/support/crypt/schema_maps/schema_map_aws.json +17 -0
data/spec/support/crypt/schema_maps/schema_map_aws_key_alt_names.json +12 -0
data/spec/support/crypt/schema_maps/schema_map_local.json +18 -0
data/spec/support/crypt/schema_maps/schema_map_local_key_alt_names.json +12 -0
data/spec/support/lite_constraints.rb +17 -1
data/spec/support/matchers.rb +19 -0
data/spec/support/shared/protocol.rb +2 -0
data/spec/support/spec_config.rb +43 -13
data/spec/support/utils.rb +132 -10
metadata +277 -81
metadata.gz.sig +0 -0
data/spec/integration/grid_fs_bucket_spec.rb +0 -48
data/spec/integration/zlib_compression_spec.rb +0 -25
data/spec/spec_tests/data/sdam/sharded/single_mongos.yml +0 -33
data/spec/support/connection_string.rb +0 -354

data/spec/integration/client_side_encryption/auto_encryption_spec.rb ADDED

@@ -0,0 +1,600 @@
+require 'spec_helper'
+require 'bson'
+require 'json'
+describe 'Auto Encryption' do
+  require_libmongocrypt
+  min_server_fcv '4.2'
+  require_enterprise
+  # Diagnostics of leaked background threads only, these tests do not
+  # actually require a clean slate. https://jira.mongodb.org/browse/RUBY-2138
+  clean_slate
+  include_context 'define shared FLE helpers'
+  let(:encryption_client) do
+    new_local_client(
+      SpecConfig.instance.addresses,
+      SpecConfig.instance.test_options.merge(
+        auto_encryption_options: {
+          kms_providers: kms_providers,
+          key_vault_namespace: key_vault_namespace,
+          schema_map: local_schema,
+          bypass_auto_encryption: bypass_auto_encryption
+        },
+        database: 'auto_encryption'
+      ),
+    )
+  end
+  let(:client) { authorized_client.use(:auto_encryption) }
+  let(:admin_client) { authorized_client.use(:admin) }
+  let(:bypass_auto_encryption) { false }
+  let(:encrypted_ssn_binary) do
+    BSON::Binary.new(Base64.decode64(encrypted_ssn), :ciphertext)
+  end
+  shared_context 'bypass auto encryption' do
+    let(:bypass_auto_encryption) { true }
+  end
+  shared_context 'jsonSchema validator on collection' do
+    let(:local_schema) { nil }
+    before do
+      client[:users,
+        {
+          'validator' => { '$jsonSchema' => schema_map }
+        }
+      ].create
+    end
+  end
+  shared_context 'schema map in client options' do
+    let(:local_schema) { { "auto_encryption.users" => schema_map } }
+    before do
+      client[:users].create
+    end
+  end
+  shared_context 'encrypted document in collection' do
+    before do
+      client[:users].insert_one(ssn: encrypted_ssn_binary)
+    end
+  end
+  shared_context 'multiple encrypted documents in collection' do
+    before do
+      client[:users].insert_one(ssn: encrypted_ssn_binary)
+      client[:users].insert_one(ssn: encrypted_ssn_binary)
+    end
+  end
+  before(:each) do
+    client[:users].drop
+    admin_client[:datakeys].drop
+    admin_client[:datakeys].insert_one(data_key)
+  end
+  shared_examples 'an encrypted command' do
+    context 'with AWS KMS provider' do
+      include_context 'with AWS kms_providers'
+      context 'with validator' do
+        include_context 'jsonSchema validator on collection'
+        it_behaves_like 'it performs an encrypted command'
+      end
+      context 'with schema map' do
+        include_context 'schema map in client options'
+        it_behaves_like 'it performs an encrypted command'
+      end
+    end
+    context 'with local KMS provider' do
+      include_context 'with local kms_providers'
+      context 'with validator' do
+        include_context 'jsonSchema validator on collection'
+        it_behaves_like 'it performs an encrypted command'
+      end
+      context 'with schema map' do
+        include_context 'schema map in client options'
+        it_behaves_like 'it performs an encrypted command'
+      end
+    end
+  end
+  describe '#aggregate' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) do
+        encryption_client[:users].aggregate([
+          { '$match' => { 'ssn' => ssn } }
+        ]).first
+      end
+      it 'encrypts the command and decrypts the response' do
+        result.should_not be_nil
+        result['ssn'].should == ssn
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          result.should be_nil
+        end
+        it 'does auto decrypt the response' do
+          result = encryption_client[:users].aggregate([
+            { '$match' => { 'ssn' => encrypted_ssn_binary } }
+          ]).first
+          result.should_not be_nil
+          result['ssn'].should == ssn
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#count' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'multiple encrypted documents in collection'
+      let(:result) { encryption_client[:users].count(ssn: ssn) }
+      it 'encrypts the command and finds the documents' do
+        expect(result).to eq(2)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#distinct' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client[:users].distinct(:ssn) }
+      it 'decrypts the SSN field' do
+        expect(result.length).to eq(1)
+        expect(result).to include(ssn)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'still decrypts the SSN field' do
+          expect(result.length).to eq(1)
+          expect(result).to include(ssn)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#delete_one' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client[:users].delete_one(ssn: ssn) }
+      it 'encrypts the SSN field' do
+        expect(result.deleted_count).to eq(1)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the SSN field' do
+          expect(result.deleted_count).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#delete_many' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'multiple encrypted documents in collection'
+      let(:result) { encryption_client[:users].delete_many(ssn: ssn) }
+      it 'decrypts the SSN field' do
+        expect(result.deleted_count).to eq(2)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the SSN field' do
+          expect(result.deleted_count).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client[:users].find(ssn: ssn).first }
+      it 'encrypts the command and decrypts the response' do
+        result.should_not be_nil
+        expect(result['ssn']).to eq(ssn)
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to be_nil
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find_one_and_delete' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) { encryption_client[:users].find_one_and_delete(ssn: ssn) }
+      it 'encrypts the command and decrypts the response' do
+        expect(result['ssn']).to eq(ssn)
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to be_nil
+        end
+        it 'still decrypts the command' do
+          result = encryption_client[:users].find_one_and_delete(ssn: encrypted_ssn_binary)
+          expect(result['ssn']).to eq(ssn)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find_one_and_replace' do
+    shared_examples 'it performs an encrypted command' do
+      let(:name) { 'Alan Turing' }
+      context 'with :return_document => :before' do
+        include_context 'encrypted document in collection'
+        let(:result) do
+          encryption_client[:users].find_one_and_replace(
+            { ssn: ssn },
+            { name: name },
+            return_document: :before
+          )
+        end
+        it 'encrypts the command and decrypts the response, returning original document' do
+          expect(result['ssn']).to eq(ssn)
+          documents = client[:users].find
+          expect(documents.count).to eq(1)
+          expect(documents.first['ssn']).to be_nil
+        end
+      end
+      context 'with :return_document => :after' do
+        before do
+          client[:users].insert_one(name: name)
+        end
+        let(:result) do
+          encryption_client[:users].find_one_and_replace(
+            { name: name },
+            { ssn: ssn },
+            return_document: :after
+          )
+        end
+        it 'encrypts the command and decrypts the response, returning new document' do
+          expect(result['ssn']).to eq(ssn)
+          documents = client[:users].find
+          expect(documents.count).to eq(1)
+          expect(documents.first['ssn']).to eq(encrypted_ssn_binary)
+        end
+      end
+      context 'when bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        include_context 'encrypted document in collection'
+        let(:result) do
+          encryption_client[:users].find_one_and_replace(
+            { ssn: encrypted_ssn_binary },
+            { name: name },
+            :return_document => :before
+          )
+        end
+        it 'does not encrypt the command but still decrypts the response, returning original document' do
+          expect(result['ssn']).to eq(ssn)
+          documents = client[:users].find
+          expect(documents.count).to eq(1)
+          expect(documents.first['ssn']).to be_nil
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#find_one_and_update' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:name) { 'Alan Turing' }
+      let(:result) do
+        encryption_client[:users].find_one_and_update(
+          { ssn: ssn },
+          { name: name }
+        )
+      end
+      it 'encrypts the command and decrypts the response' do
+        expect(result['ssn']).to eq(ssn)
+        documents = client[:users].find
+        expect(documents.count).to eq(1)
+        expect(documents.first['ssn']).to be_nil
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result).to be_nil
+        end
+        it 'still decrypts the response' do
+          # Query using the encrypted ssn value so the find will succeed
+          result = encryption_client[:users].find_one_and_update(
+            { ssn: encrypted_ssn_binary },
+            { name: name }
+          )
+          expect(result['ssn']).to eq(ssn)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#insert_one' do
+    let(:query) { { ssn: ssn } }
+    let(:result) { encryption_client[:users].insert_one(query) }
+    shared_examples 'it performs an encrypted command' do
+      it 'encrypts the ssn field' do
+        expect(result).to be_ok
+        expect(result.inserted_ids.length).to eq(1)
+        id = result.inserted_ids.first
+        document = client[:users].find(_id: id).first
+        document.should_not be_nil
+        expect(document['ssn']).to eq(encrypted_ssn_binary)
+      end
+    end
+    shared_examples 'it obeys bypass_auto_encryption option' do
+      include_context 'bypass auto encryption'
+      it 'does not encrypt the command' do
+        result = encryption_client[:users].insert_one(ssn: ssn)
+        expect(result).to be_ok
+        expect(result.inserted_ids.length).to eq(1)
+        id = result.inserted_ids.first
+        document = client[:users].find(_id: id).first
+        expect(document['ssn']).to eq(ssn)
+      end
+    end
+    it_behaves_like 'an encrypted command'
+    context 'with jsonSchema in schema_map option' do
+      include_context 'schema map in client options'
+      context 'with AWS KMS provider' do
+        include_context 'with AWS kms_providers'
+        it_behaves_like 'it obeys bypass_auto_encryption option'
+      end
+      context 'with local KMS provider and ' do
+        include_context 'with local kms_providers'
+        it_behaves_like 'it obeys bypass_auto_encryption option'
+      end
+    end
+    context 'with schema_map client option pointing to wrong collection' do
+      let(:local_schema) { { 'wrong_db.wrong_coll' => schema_map } }
+      include_context 'with local kms_providers'
+      it 'does not raise an exception but doesn\'t encrypt either' do
+        expect do
+          result
+        end.not_to raise_error
+        expect(result).to be_ok
+        id = result.inserted_ids.first
+        document = client[:users].find(_id: id).first
+        document.should_not be_nil
+        # Document was not encrypted
+        expect(document['ssn']).to eq(ssn)
+      end
+    end
+    context 'encrypting using key alt name' do
+      include_context 'schema map in client options'
+      let(:query) { { ssn: ssn, altname: key_alt_name } }
+      context 'with AWS KMS provider' do
+        include_context 'with AWS kms_providers and key alt names'
+        it 'encrypts the ssn field' do
+          expect(result).to be_ok
+          expect(result.inserted_ids.length).to eq(1)
+          id = result.inserted_ids.first
+          document = client[:users].find(_id: id).first
+          document.should_not be_nil
+          # Auto-encryption with key alt names only works with random encryption,
+          # so it will not generate the same result on every test run.
+          expect(document['ssn']).to be_ciphertext
+        end
+      end
+      context 'with local KMS provider' do
+        include_context 'with local kms_providers and key alt names'
+        it 'encrypts the ssn field' do
+          expect(result).to be_ok
+          expect(result.inserted_ids.length).to eq(1)
+          id = result.inserted_ids.first
+          document = client[:users].find(_id: id).first
+          document.should_not be_nil
+          # Auto-encryption with key alt names only works with random encryption,
+          # so it will not generate the same result on every test run.
+          expect(document['ssn']).to be_a_kind_of(BSON::Binary)
+        end
+      end
+    end
+  end
+  describe '#replace_one' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:replacement_ssn) { '098-765-4321' }
+      let(:result) do
+        encryption_client[:users].replace_one(
+          { ssn: ssn },
+          { ssn: replacement_ssn }
+        )
+      end
+      it 'encrypts the ssn field' do
+        expect(result.modified_count).to eq(1)
+        find_result = encryption_client[:users].find(ssn: '098-765-4321')
+        expect(find_result.count).to eq(1)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result.modified_count).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#update_one' do
+    shared_examples 'it performs an encrypted command' do
+      include_context 'encrypted document in collection'
+      let(:result) do
+        encryption_client[:users].update_one({ ssn: ssn }, { ssn: '098-765-4321' })
+      end
+      it 'encrypts the ssn field' do
+        expect(result.n).to eq(1)
+        find_result = encryption_client[:users].find(ssn: '098-765-4321')
+        expect(find_result.count).to eq(1)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result.n).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+  describe '#update_many' do
+    shared_examples 'it performs an encrypted command' do
+      before do
+        client[:users].insert_one(ssn: encrypted_ssn_binary, age: 25)
+        client[:users].insert_one(ssn: encrypted_ssn_binary, age: 43)
+      end
+      let(:result) do
+        encryption_client[:users].update_many({ ssn: ssn }, { "$inc" => { :age =>  1 } })
+      end
+      it 'encrypts the ssn field' do
+        expect(result.n).to eq(2)
+        updated_documents = encryption_client[:users].find(ssn: ssn)
+        ages = updated_documents.map { |doc| doc['age'] }
+        expect(ages).to include(26)
+        expect(ages).to include(44)
+      end
+      context 'with bypass_auto_encryption=true' do
+        include_context 'bypass auto encryption'
+        it 'does not encrypt the command' do
+          expect(result.n).to eq(0)
+        end
+      end
+    end
+    it_behaves_like 'an encrypted command'
+  end
+end