RubyGems - mongo - Versions diffs - 2.11.6 → 2.12.0.rc0 - Mend

mongo 2.11.6 → 2.12.0.rc0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (327) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -2
data.tar.gz.sig +0 -0
data/CONTRIBUTING.md +1 -1
data/lib/mongo.rb +3 -0
data/lib/mongo/address.rb +13 -2
data/lib/mongo/auth.rb +1 -0
data/lib/mongo/auth/credential_cache.rb +51 -0
data/lib/mongo/auth/scram/conversation.rb +20 -16
data/lib/mongo/auth/user.rb +0 -8
data/lib/mongo/auth/user/view.rb +4 -4
data/lib/mongo/background_thread.rb +1 -1
data/lib/mongo/bulk_write.rb +5 -5
data/lib/mongo/client.rb +126 -11
data/lib/mongo/client_encryption.rb +103 -0
data/lib/mongo/cluster.rb +2 -2
data/lib/mongo/cluster/reapers/cursor_reaper.rb +18 -6
data/lib/mongo/cluster/sdam_flow.rb +54 -58
data/lib/mongo/cluster/srv_monitor.rb +1 -1
data/lib/mongo/collection.rb +3 -3
data/lib/mongo/collection/view.rb +1 -1
data/lib/mongo/collection/view/aggregation.rb +1 -1
data/lib/mongo/collection/view/change_stream.rb +12 -3
data/lib/mongo/collection/view/iterable.rb +14 -5
data/lib/mongo/collection/view/map_reduce.rb +2 -2
data/lib/mongo/collection/view/readable.rb +7 -9
data/lib/mongo/collection/view/writable.rb +7 -7
data/lib/mongo/crypt.rb +33 -0
data/lib/mongo/crypt/auto_decryption_context.rb +42 -0
data/lib/mongo/crypt/auto_encrypter.rb +169 -0
data/lib/mongo/crypt/auto_encryption_context.rb +44 -0
data/lib/mongo/crypt/binary.rb +155 -0
data/lib/mongo/crypt/binding.rb +1162 -0
data/lib/mongo/crypt/context.rb +135 -0
data/lib/mongo/crypt/data_key_context.rb +162 -0
data/lib/mongo/crypt/encryption_io.rb +283 -0
data/lib/mongo/crypt/explicit_decryption_context.rb +40 -0
data/lib/mongo/crypt/explicit_encrypter.rb +117 -0
data/lib/mongo/crypt/explicit_encryption_context.rb +89 -0
data/lib/mongo/crypt/handle.rb +293 -0
data/lib/mongo/crypt/hooks.rb +90 -0
data/lib/mongo/crypt/kms_context.rb +67 -0
data/lib/mongo/crypt/status.rb +131 -0
data/lib/mongo/cursor.rb +64 -32
data/lib/mongo/database.rb +13 -6
data/lib/mongo/database/view.rb +13 -4
data/lib/mongo/dbref.rb +9 -2
data/lib/mongo/error.rb +5 -1
data/lib/mongo/error/crypt_error.rb +31 -0
data/lib/mongo/error/{failed_stringprep_validation.rb → failed_string_prep_validation.rb} +0 -0
data/lib/mongo/error/invalid_cursor_operation.rb +27 -0
data/lib/mongo/error/kms_error.rb +22 -0
data/lib/mongo/error/max_bson_size.rb +14 -3
data/lib/mongo/error/mongocryptd_spawn_error.rb +22 -0
data/lib/mongo/error/no_server_available.rb +8 -3
data/lib/mongo/error/operation_failure.rb +1 -0
data/lib/mongo/grid/file.rb +0 -5
data/lib/mongo/grid/file/chunk.rb +0 -2
data/lib/mongo/grid/file/info.rb +2 -1
data/lib/mongo/grid/fs_bucket.rb +13 -15
data/lib/mongo/grid/stream/write.rb +3 -9
data/lib/mongo/index/view.rb +3 -3
data/lib/mongo/monitoring/event/command_started.rb +6 -1
data/lib/mongo/operation/collections_info.rb +6 -3
data/lib/mongo/operation/delete/op_msg.rb +1 -1
data/lib/mongo/operation/find/op_msg.rb +4 -1
data/lib/mongo/operation/get_more/op_msg.rb +4 -1
data/lib/mongo/operation/insert/command.rb +2 -2
data/lib/mongo/operation/insert/legacy.rb +2 -2
data/lib/mongo/operation/insert/op_msg.rb +3 -3
data/lib/mongo/operation/result.rb +36 -27
data/lib/mongo/operation/shared/executable.rb +10 -8
data/lib/mongo/operation/shared/executable_no_validate.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_find_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +2 -2
data/lib/mongo/operation/shared/write.rb +17 -10
data/lib/mongo/operation/update/op_msg.rb +1 -1
data/lib/mongo/protocol/compressed.rb +6 -5
data/lib/mongo/protocol/insert.rb +3 -1
data/lib/mongo/protocol/message.rb +72 -8
data/lib/mongo/protocol/msg.rb +191 -37
data/lib/mongo/protocol/query.rb +7 -9
data/lib/mongo/protocol/serializers.rb +6 -2
data/lib/mongo/server.rb +10 -4
data/lib/mongo/server/connection.rb +20 -9
data/lib/mongo/server/connection_base.rb +81 -12
data/lib/mongo/server/connection_common.rb +61 -0
data/lib/mongo/server/connection_pool.rb +37 -1
data/lib/mongo/server/description.rb +9 -11
data/lib/mongo/server/monitor.rb +2 -0
data/lib/mongo/server/monitor/connection.rb +3 -18
data/lib/mongo/server/pending_connection.rb +2 -1
data/lib/mongo/session.rb +2 -2
data/lib/mongo/session/session_pool.rb +8 -3
data/lib/mongo/socket.rb +29 -16
data/lib/mongo/socket/ssl.rb +23 -8
data/lib/mongo/socket/tcp.rb +12 -3
data/lib/mongo/timeout.rb +49 -0
data/lib/mongo/uri.rb +30 -1
data/lib/mongo/version.rb +1 -1
data/mongo.gemspec +1 -1
data/spec/README.md +134 -7
data/spec/integration/auth_spec.rb +53 -0
data/spec/integration/{client_options_spec.rb → client_authentication_options_spec.rb} +10 -10
data/spec/integration/client_construction_spec.rb +76 -1
data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +351 -0
data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +301 -0
data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +71 -0
data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +76 -0
data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +216 -0
data/spec/integration/client_side_encryption/auto_encryption_spec.rb +600 -0
data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +183 -0
data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +74 -0
data/spec/integration/client_side_encryption/client_close_spec.rb +59 -0
data/spec/integration/client_side_encryption/corpus_spec.rb +228 -0
data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +132 -0
data/spec/integration/client_side_encryption/data_key_spec.rb +163 -0
data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +114 -0
data/spec/integration/client_side_encryption/external_key_vault_spec.rb +137 -0
data/spec/integration/client_side_encryption/views_spec.rb +42 -0
data/spec/integration/client_update_spec.rb +120 -0
data/spec/integration/command_monitoring_spec.rb +3 -1
data/spec/integration/command_spec.rb +44 -10
data/spec/integration/connection_spec.rb +57 -0
data/spec/integration/reconnect_spec.rb +7 -6
data/spec/integration/size_limit_spec.rb +94 -0
data/spec/integration/srv_monitoring_spec.rb +14 -6
data/spec/lite_spec_helper.rb +31 -22
data/spec/mongo/auth/cr_spec.rb +8 -0
data/spec/mongo/auth/ldap_spec.rb +5 -1
data/spec/mongo/auth/scram/conversation_spec.rb +5 -6
data/spec/mongo/auth/scram/negotiation_spec.rb +74 -75
data/spec/mongo/auth/scram_spec.rb +45 -35
data/spec/mongo/auth/x509_spec.rb +5 -1
data/spec/mongo/client_construction_spec.rb +206 -3
data/spec/mongo/client_encryption_spec.rb +408 -0
data/spec/mongo/cluster/cursor_reaper_spec.rb +12 -8
data/spec/mongo/cluster/socket_reaper_spec.rb +14 -3
data/spec/mongo/collection/view/aggregation_spec.rb +0 -2
data/spec/mongo/collection/view/change_stream_spec.rb +7 -7
data/spec/mongo/collection/view/map_reduce_spec.rb +3 -3
data/spec/mongo/collection/view_spec.rb +1 -1
data/spec/mongo/collection_spec.rb +4 -33
data/spec/mongo/crypt/auto_decryption_context_spec.rb +90 -0
data/spec/mongo/crypt/auto_encrypter_spec.rb +182 -0
data/spec/mongo/crypt/auto_encryption_context_spec.rb +107 -0
data/spec/mongo/crypt/binary_spec.rb +115 -0
data/spec/mongo/crypt/binding/binary_spec.rb +56 -0
data/spec/mongo/crypt/binding/context_spec.rb +257 -0
data/spec/mongo/crypt/binding/helpers_spec.rb +46 -0
data/spec/mongo/crypt/binding/mongocrypt_spec.rb +144 -0
data/spec/mongo/crypt/binding/status_spec.rb +99 -0
data/spec/mongo/crypt/binding/version_spec.rb +22 -0
data/spec/mongo/crypt/binding_unloaded_spec.rb +20 -0
data/spec/mongo/crypt/data_key_context_spec.rb +213 -0
data/spec/mongo/crypt/encryption_io_spec.rb +136 -0
data/spec/mongo/crypt/explicit_decryption_context_spec.rb +72 -0
data/spec/mongo/crypt/explicit_encryption_context_spec.rb +170 -0
data/spec/mongo/crypt/handle_spec.rb +198 -0
data/spec/mongo/crypt/helpers/mongo_crypt_spec_helper.rb +108 -0
data/spec/mongo/crypt/status_spec.rb +152 -0
data/spec/mongo/cursor_spec.rb +24 -4
data/spec/mongo/database_spec.rb +20 -0
data/spec/mongo/error/crypt_error_spec.rb +26 -0
data/spec/mongo/error/max_bson_size_spec.rb +35 -0
data/spec/mongo/error/no_server_available_spec.rb +11 -1
data/spec/mongo/error/operation_failure_spec.rb +6 -6
data/spec/mongo/operation/aggregate_spec.rb +1 -1
data/spec/mongo/operation/collections_info_spec.rb +1 -1
data/spec/mongo/operation/command_spec.rb +3 -3
data/spec/mongo/operation/create_index_spec.rb +3 -3
data/spec/mongo/operation/create_user_spec.rb +3 -3
data/spec/mongo/operation/delete/bulk_spec.rb +6 -6
data/spec/mongo/operation/delete/op_msg_spec.rb +1 -6
data/spec/mongo/operation/delete_spec.rb +7 -7
data/spec/mongo/operation/drop_index_spec.rb +2 -2
data/spec/mongo/operation/find/legacy_spec.rb +1 -1
data/spec/mongo/operation/get_more_spec.rb +1 -1
data/spec/mongo/operation/indexes_spec.rb +1 -1
data/spec/mongo/operation/insert/bulk_spec.rb +7 -7
data/spec/mongo/operation/insert/op_msg_spec.rb +3 -6
data/spec/mongo/operation/insert_spec.rb +12 -12
data/spec/mongo/operation/map_reduce_spec.rb +2 -2
data/spec/mongo/operation/remove_user_spec.rb +3 -3
data/spec/mongo/operation/update/bulk_spec.rb +6 -6
data/spec/mongo/operation/update/op_msg_spec.rb +3 -6
data/spec/mongo/operation/update_spec.rb +7 -7
data/spec/mongo/operation/update_user_spec.rb +1 -1
data/spec/mongo/protocol/compressed_spec.rb +2 -3
data/spec/mongo/protocol/delete_spec.rb +9 -8
data/spec/mongo/protocol/get_more_spec.rb +9 -8
data/spec/mongo/protocol/insert_spec.rb +9 -8
data/spec/mongo/protocol/kill_cursors_spec.rb +6 -5
data/spec/mongo/protocol/msg_spec.rb +57 -53
data/spec/mongo/protocol/query_spec.rb +12 -12
data/spec/mongo/protocol/registry_spec.rb +1 -1
data/spec/mongo/protocol/reply_spec.rb +1 -1
data/spec/mongo/protocol/update_spec.rb +10 -9
data/spec/mongo/server/connection_pool_spec.rb +1 -1
data/spec/mongo/server/connection_spec.rb +28 -7
data/spec/mongo/socket_spec.rb +1 -1
data/spec/mongo/timeout_spec.rb +85 -0
data/spec/mongo/uri/srv_protocol_spec.rb +2 -2
data/spec/mongo/uri_spec.rb +52 -5
data/spec/mongo/write_concern_spec.rb +13 -1
data/spec/{support → runners}/auth.rb +14 -1
data/spec/{support → runners}/change_streams.rb +1 -1
data/spec/{support → runners}/change_streams/operation.rb +0 -0
data/spec/{support → runners}/cmap.rb +1 -1
data/spec/{support → runners}/cmap/verifier.rb +0 -0
data/spec/{support → runners}/command_monitoring.rb +0 -0
data/spec/runners/connection_string.rb +358 -4
data/spec/{support → runners}/crud.rb +9 -9
data/spec/{support → runners}/crud/context.rb +0 -0
data/spec/{support → runners}/crud/operation.rb +7 -3
data/spec/{support → runners}/crud/outcome.rb +0 -0
data/spec/{support → runners}/crud/requirement.rb +1 -1
data/spec/{support → runners}/crud/spec.rb +12 -1
data/spec/{support → runners}/crud/test.rb +0 -0
data/spec/{support → runners}/crud/test_base.rb +0 -0
data/spec/{support → runners}/crud/verifier.rb +10 -12
data/spec/{support → runners}/gridfs.rb +0 -0
data/spec/{support → runners}/sdam_monitoring.rb +0 -0
data/spec/{support → runners}/server_discovery_and_monitoring.rb +0 -0
data/spec/{support → runners}/server_selection.rb +0 -0
data/spec/{support → runners}/server_selection_rtt.rb +0 -0
data/spec/{support → runners}/transactions.rb +4 -4
data/spec/{support → runners}/transactions/context.rb +0 -0
data/spec/{support → runners}/transactions/operation.rb +0 -0
data/spec/{support → runners}/transactions/spec.rb +0 -0
data/spec/{support → runners}/transactions/test.rb +37 -5
data/spec/spec_helper.rb +0 -5
data/spec/spec_tests/auth_spec.rb +3 -3
data/spec/spec_tests/client_side_encryption_spec.rb +13 -0
data/spec/spec_tests/connection_string_spec.rb +1 -1
data/spec/spec_tests/data/auth/connection-string.yml +13 -0
data/spec/spec_tests/data/client_side_encryption/aggregate.yml +134 -0
data/spec/spec_tests/data/client_side_encryption/badQueries.yml +526 -0
data/spec/spec_tests/data/client_side_encryption/badSchema.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/basic.yml +116 -0
data/spec/spec_tests/data/client_side_encryption/bulk.yml +85 -0
data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +100 -0
data/spec/spec_tests/data/client_side_encryption/bypassedCommand.yml +42 -0
data/spec/spec_tests/data/client_side_encryption/count.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +59 -0
data/spec/spec_tests/data/client_side_encryption/delete.yml +105 -0
data/spec/spec_tests/data/client_side_encryption/distinct.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/explain.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/find.yml +119 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/getMore.yml +68 -0
data/spec/spec_tests/data/client_side_encryption/insert.yml +102 -0
data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +71 -0
data/spec/spec_tests/data/client_side_encryption/localKMS.yml +54 -0
data/spec/spec_tests/data/client_side_encryption/localSchema.yml +72 -0
data/spec/spec_tests/data/client_side_encryption/malformedCiphertext.yml +69 -0
data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +20 -0
data/spec/spec_tests/data/client_side_encryption/missingKey.yml +49 -0
data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/types.yml +527 -0
data/spec/spec_tests/data/client_side_encryption/unsupportedCommand.yml +25 -0
data/spec/spec_tests/data/client_side_encryption/updateMany.yml +77 -0
data/spec/spec_tests/data/client_side_encryption/updateOne.yml +168 -0
data/spec/spec_tests/data/read_write_concern/connection-string/write-concern.yml +1 -4
data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +21 -0
data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -4
data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +1 -1
data/spec/spec_tests/data/sdam/rs/primary_mismatched_me_not_removed.yml +73 -0
data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +1 -2
data/spec/spec_tests/data/sdam/rs/repeated.yml +101 -0
data/spec/spec_tests/data/sdam/rs/{primary_address_change.yml → ruby_primary_address_change.yml} +2 -0
data/spec/spec_tests/data/sdam/rs/{secondary_wrong_set_name_with_primary_second.yml → ruby_secondary_wrong_set_name_with_primary_second.yml} +0 -0
data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +27 -0
data/spec/spec_tests/data/sdam/sharded/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/sharded/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam_monitoring/{replica_set_with_primary_change.yml → replica_set_primary_address_change.yml} +27 -5
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_me_mismatch.yml +26 -74
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_removal.yml +20 -16
data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +73 -0
data/spec/spec_tests/data/transactions/pin-mongos.yml +2 -3
data/spec/spec_tests/data/uri_options/auth-options.yml +10 -0
data/spec/spec_tests/data/uri_options/tls-options.yml +75 -4
data/spec/spec_tests/read_write_concern_connection_string_spec.rb +1 -1
data/spec/spec_tests/uri_options_spec.rb +6 -8
data/spec/stress/connection_pool_timing_spec.rb +6 -3
data/spec/support/certificates/README.md +4 -0
data/spec/support/certificates/server-second-level-bundle.pem +77 -77
data/spec/support/certificates/server-second-level.crt +52 -52
data/spec/support/certificates/server-second-level.key +25 -25
data/spec/support/certificates/server-second-level.pem +77 -77
data/spec/support/client_registry.rb +19 -3
data/spec/support/cluster_config.rb +9 -1
data/spec/support/common_shortcuts.rb +12 -0
data/spec/support/constraints.rb +16 -0
data/spec/support/crypt.rb +140 -0
data/spec/support/crypt/corpus/corpus-key-aws.json +33 -0
data/spec/support/crypt/corpus/corpus-key-local.json +31 -0
data/spec/support/crypt/corpus/corpus-schema.json +2057 -0
data/spec/support/crypt/corpus/corpus.json +3657 -0
data/spec/support/crypt/corpus/corpus_encrypted.json +4152 -0
data/spec/support/crypt/data_keys/key_document_aws.json +34 -0
data/spec/support/crypt/data_keys/key_document_local.json +31 -0
data/spec/support/crypt/external/external-key.json +31 -0
data/spec/support/crypt/external/external-schema.json +19 -0
data/spec/support/crypt/limits/limits-doc.json +102 -0
data/spec/support/crypt/limits/limits-key.json +31 -0
data/spec/support/crypt/limits/limits-schema.json +1405 -0
data/spec/support/crypt/schema_maps/schema_map_aws.json +17 -0
data/spec/support/crypt/schema_maps/schema_map_aws_key_alt_names.json +12 -0
data/spec/support/crypt/schema_maps/schema_map_local.json +18 -0
data/spec/support/crypt/schema_maps/schema_map_local_key_alt_names.json +12 -0
data/spec/support/lite_constraints.rb +17 -1
data/spec/support/matchers.rb +19 -0
data/spec/support/shared/protocol.rb +2 -0
data/spec/support/spec_config.rb +43 -13
data/spec/support/utils.rb +132 -10
metadata +277 -81
metadata.gz.sig +0 -0
data/spec/integration/grid_fs_bucket_spec.rb +0 -48
data/spec/integration/zlib_compression_spec.rb +0 -25
data/spec/spec_tests/data/sdam/sharded/single_mongos.yml +0 -33
data/spec/support/connection_string.rb +0 -354

data/spec/mongo/crypt/binding/helpers_spec.rb ADDED

@@ -0,0 +1,46 @@
+require 'mongo'
+require 'support/lite_constraints'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  describe 'helper methods' do
+    require_libmongocrypt
+    describe '#validate_document' do
+      context 'with BSON::Document data' do
+        it 'does not raise an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document(BSON::Document.new)
+          end.not_to raise_error
+        end
+      end
+      context 'with Hash data' do
+        it 'does not raise an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document({})
+          end.not_to raise_error
+        end
+      end
+      context 'with nil data' do
+        it 'raises an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document(nil)
+          end.to raise_error(Mongo::Error::CryptError, /Attempted to pass nil data to libmongocrypt/)
+        end
+      end
+      context 'with non-document data' do
+        it 'raises an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document('not a bson document')
+          end.to raise_error(Mongo::Error::CryptError, /Attempted to pass invalid data to libmongocrypt/)
+        end
+      end
+    end
+  end
+end

data/spec/mongo/crypt/binding/mongocrypt_spec.rb ADDED

@@ -0,0 +1,144 @@
+require 'mongo'
+require 'support/lite_constraints'
+require 'mongo/crypt/helpers/mongo_crypt_spec_helper'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  describe 'mongocrypt_t binding' do
+    require_libmongocrypt
+    after do
+      Mongo::Crypt::Binding.mongocrypt_destroy(mongocrypt)
+    end
+    describe '#mongocrypt_new' do
+      let(:mongocrypt) { Mongo::Crypt::Binding.mongocrypt_new }
+      it 'returns a pointer' do
+        expect(mongocrypt).to be_a_kind_of(FFI::Pointer)
+      end
+    end
+    describe '#mongocrypt_setopt_kms_provider_local' do
+      let(:mongocrypt) { Mongo::Crypt::Binding.mongocrypt_new }
+      let(:binary) do
+        p = FFI::MemoryPointer.new(key_bytes.size)
+              .write_array_of_type(FFI::TYPE_UINT8, :put_uint8, key_bytes)
+        Mongo::Crypt::Binding.mongocrypt_binary_new_from_data(p, key_bytes.length)
+      end
+      after do
+        Mongo::Crypt::Binding.mongocrypt_binary_destroy(binary)
+      end
+      context 'with valid key' do
+        let(:key_bytes) { [114, 117, 98, 121] * 24 } # 96 bytes
+        it 'returns true' do
+          expect(Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)).to be true
+        end
+      end
+      context 'with invalid key' do
+        let(:key_bytes) { [114, 117, 98, 121] * 23 } # NOT 96 bytes
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)).to be false
+        end
+      end
+    end
+    describe '#mongocrypt_init' do
+      let(:key_bytes) { [114, 117, 98, 121] * 24 } # 96 bytes
+      let(:binary) do
+        p = FFI::MemoryPointer.new(key_bytes.size)
+              .write_array_of_type(FFI::TYPE_UINT8, :put_uint8, key_bytes)
+        Mongo::Crypt::Binding.mongocrypt_binary_new_from_data(p, key_bytes.length)
+      end
+      let(:mongocrypt) do
+        mongocrypt = Mongo::Crypt::Binding.mongocrypt_new
+        Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)
+        mongocrypt
+      end
+      after do
+        Mongo::Crypt::Binding.mongocrypt_binary_destroy(binary)
+      end
+      context 'with valid kms option' do
+        before do
+          MongoCryptSpecHelper.bind_crypto_hooks(mongocrypt)
+        end
+        it 'returns true' do
+          expect(Mongo::Crypt::Binding.mongocrypt_init(mongocrypt)).to be true
+        end
+      end
+      context 'without binding crypto hooks' do
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_init(mongocrypt)).to be false
+        end
+      end
+      context 'with invalid kms option' do
+        before do
+          MongoCryptSpecHelper.bind_crypto_hooks(mongocrypt)
+        end
+        let(:key_bytes) { [114, 117, 98, 121] * 23 } # NOT 96 bytes
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_init(mongocrypt)).to be false
+        end
+      end
+    end
+    describe '#mongocrypt_status' do
+      let(:status) { Mongo::Crypt::Binding.mongocrypt_status_new }
+      let(:mongocrypt) { mongocrypt = Mongo::Crypt::Binding.mongocrypt_new }
+      after do
+        Mongo::Crypt::Binding.mongocrypt_status_destroy(status)
+      end
+      context 'for a new mongocrypt_t object' do
+        it 'returns an ok status' do
+          Mongo::Crypt::Binding.mongocrypt_status(mongocrypt, status)
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status)).to eq(:ok)
+        end
+      end
+      context 'for a mongocrypt_t object with invalid kms options' do
+        let(:key_bytes) { [114, 117, 98, 121] * 23 } # NOT 96 bytes
+        let(:binary) do
+          p = FFI::MemoryPointer.new(key_bytes.size)
+                .write_array_of_type(FFI::TYPE_UINT8, :put_uint8, key_bytes)
+          Mongo::Crypt::Binding.mongocrypt_binary_new_from_data(p, key_bytes.length)
+        end
+        after do
+          Mongo::Crypt::Binding.mongocrypt_binary_destroy(binary)
+        end
+        it 'returns a error_client status' do
+          Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)
+          Mongo::Crypt::Binding.mongocrypt_status(mongocrypt, status)
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status)).to eq(:error_client)
+        end
+      end
+    end
+  end
+end

data/spec/mongo/crypt/binding/status_spec.rb ADDED

@@ -0,0 +1,99 @@
+require 'mongo'
+require 'support/lite_constraints'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  describe 'mongocrypt_status_t binding' do
+    require_libmongocrypt
+    let(:status) { Mongo::Crypt::Binding.mongocrypt_status_new }
+    let(:message) { "Operation unauthorized" }
+    let(:status_with_info) do
+      Mongo::Crypt::Binding.mongocrypt_status_set(
+        status,
+        :error_client,
+        401,
+        message,
+        message.length + 1
+      )
+      status
+    end
+    after do
+      Mongo::Crypt::Binding.mongocrypt_status_destroy(status)
+    end
+    describe '#mongocrypt_status_new' do
+      it 'returns a pointer' do
+        expect(status).to be_a_kind_of(FFI::Pointer)
+      end
+    end
+    describe '#mongocrypt_status_type' do
+      context 'when status has no type' do
+        it 'returns :ok/0' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status)).to eq(:ok)
+        end
+      end
+      context 'when status has type' do
+        it 'returns type' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status_with_info)).to eq(:error_client)
+        end
+      end
+    end
+    describe '#mongocrypt_status_code' do
+      context 'when status has no code' do
+        it 'returns 0' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_code(status)).to eq(0)
+        end
+      end
+      context 'when status has code' do
+        it 'returns code' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_code(status_with_info)).to eq(401)
+        end
+      end
+    end
+    describe '#mongocrypt_status_message' do
+      context 'when status has no message' do
+        it 'returns nil' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_message(status, nil)).to eq(nil)
+        end
+      end
+      context 'when status has message' do
+        it 'returns message' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_message(status_with_info, nil)).to eq(message)
+        end
+      end
+    end
+    describe '#mongocrypt_status_ok' do
+      context 'when status_type is not ok' do
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_ok(status_with_info)).to be false
+        end
+      end
+      context 'when status_type is ok' do
+        let(:message) { 'Operation successful' }
+        let(:status_with_info) do
+          Mongo::Crypt::Binding.mongocrypt_status_set(status, :ok, 200, message, message.length + 1)
+          status
+        end
+        it 'returns true' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_ok(status_with_info)).to be true
+        end
+      end
+    end
+  end
+end

data/spec/mongo/crypt/binding/version_spec.rb ADDED

@@ -0,0 +1,22 @@
+require 'mongo'
+require 'support/lite_constraints'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  require_libmongocrypt
+  describe '#mongocrypt_version' do
+    let(:version) { Mongo::Crypt::Binding.mongocrypt_version(nil) }
+    it 'is a string' do
+      expect(version).to be_a_kind_of(String)
+    end
+    it 'is in the x.y.z-tag format' do
+      expect(version).to match(/\A(\d+.){2}(\d+)?(-[A-Za-z\+\d]+)?\z/)
+    end
+  end
+end

data/spec/mongo/crypt/binding_unloaded_spec.rb ADDED

@@ -0,0 +1,20 @@
+require 'lite_spec_helper'
+describe 'Mongo::Crypt::Binding' do
+  require_no_libmongocrypt
+  context 'when load fails' do
+    it 'retries loading at the next reference' do
+      lambda do
+        Mongo::Crypt::Binding
+      end.should raise_error(LoadError, /no path to libmongocrypt specified/)
+      # second load should also be attempted and should fail with the
+      # LoadError exception
+      lambda do
+        Mongo::Crypt::Binding
+      end.should raise_error(LoadError, /no path to libmongocrypt specified/)
+    end
+  end
+end

data/spec/mongo/crypt/data_key_context_spec.rb ADDED

@@ -0,0 +1,213 @@
+require 'mongo'
+require 'base64'
+require 'lite_spec_helper'
+describe Mongo::Crypt::DataKeyContext do
+  require_libmongocrypt
+  include_context 'define shared FLE helpers'
+  let(:mongocrypt) do
+    Mongo::Crypt::Handle.new(kms_providers)
+  end
+  let(:io) { double("Mongo::Crypt::EncryptionIO") }
+  let(:context) { described_class.new(mongocrypt, io, kms_provider_name, options) }
+  let(:base_options) { {} }
+  let(:options) { base_options }
+  describe '#initialize' do
+    shared_examples 'it properly sets key_alt_names' do
+      context 'with one key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: ['keyAltName1']) }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with multiple key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: ['keyAltName1', 'keyAltName2']) }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with empty key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: []) }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with invalid key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: ['keyAltName1', 3]) }
+        it 'does raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /All values of the :key_alt_names option Array must be Strings/)
+        end
+      end
+      context 'with non-array key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: "keyAltName1") }
+        it 'does raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /key_alt_names option must be an Array/)
+        end
+      end
+    end
+    context 'with invalid kms provider'do
+      let(:kms_providers) { local_kms_providers }
+      let(:kms_provider_name) { 'invalid' }
+      it 'raises an exception' do
+        expect do
+          context
+        end.to raise_exception(/invalid is an invalid kms provider/)
+      end
+    end
+    context 'with local kms provider and empty options' do
+      include_context 'with local kms_providers'
+      it_behaves_like 'it properly sets key_alt_names'
+      it 'does not raise an exception' do
+        expect do
+          context
+        end.not_to raise_error
+      end
+    end
+    context 'with aws kms provider' do
+      include_context 'with AWS kms_providers'
+      let(:base_options) { { master_key: { region: 'us-east-2', key: 'arn' } } }
+      it_behaves_like 'it properly sets key_alt_names'
+      context 'with empty options' do
+        let(:options) { {} }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /options Hash must contain a key named :master_key with a Hash value/)
+        end
+      end
+      context 'with an invalid master key option' do
+        let(:options) { { master_key: 'key' } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /:master_key option must be a Hash/)
+        end
+      end
+      context 'where master key is an empty hash' do
+        let(:options) { { master_key: {} } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /The value of :region option of the :master_key options hash cannot be nil/)
+        end
+      end
+      context 'with a nil region option' do
+        let(:options) { { master_key: { region: nil } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /The value of :region option of the :master_key options hash cannot be nil/)
+        end
+      end
+      context 'with an invalid region option' do
+        let(:options) { { master_key: { region: 5 } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /5 is an invalid AWS master_key region/)
+        end
+      end
+      context 'with an invalid key option' do
+        let(:options) { { master_key: { region: 'us-east-2', key: nil } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /The value of :key option of the :master_key options hash cannot be nil/)
+        end
+      end
+      context 'with an invalid key option' do
+        let(:options) { { master_key: { region: 'us-east-2', key: 5 } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /5 is an invalid AWS master_key key/)
+        end
+      end
+      context 'with an invalid endpoint option' do
+        let(:options) { { master_key: { region: 'us-east-2', key: 'arn', endpoint: 5 } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /5 is an invalid AWS master_key endpoint/)
+        end
+      end
+      context 'with valid options' do
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with valid endpoint' do
+        let(:options) { { master_key: { region: 'us-east-2', key: 'arn', endpoint: 'endpoint/to/kms' } } }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+    end
+  end
+  describe '#run_state_machine' do
+    # TODO: test with AWS KMS provider
+    context 'with local KMS provider' do
+      include_context 'with local kms_providers'
+      it 'creates a data key' do
+        expect(context.run_state_machine).to be_a_kind_of(Hash)
+      end
+    end
+  end
+end