RubyGems - mongo - Versions diffs - 2.11.6 → 2.12.0.rc0 - Mend

mongo 2.11.6 → 2.12.0.rc0

Files changed (327) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -2
data.tar.gz.sig +0 -0
data/CONTRIBUTING.md +1 -1
data/lib/mongo.rb +3 -0
data/lib/mongo/address.rb +13 -2
data/lib/mongo/auth.rb +1 -0
data/lib/mongo/auth/credential_cache.rb +51 -0
data/lib/mongo/auth/scram/conversation.rb +20 -16
data/lib/mongo/auth/user.rb +0 -8
data/lib/mongo/auth/user/view.rb +4 -4
data/lib/mongo/background_thread.rb +1 -1
data/lib/mongo/bulk_write.rb +5 -5
data/lib/mongo/client.rb +126 -11
data/lib/mongo/client_encryption.rb +103 -0
data/lib/mongo/cluster.rb +2 -2
data/lib/mongo/cluster/reapers/cursor_reaper.rb +18 -6
data/lib/mongo/cluster/sdam_flow.rb +54 -58
data/lib/mongo/cluster/srv_monitor.rb +1 -1
data/lib/mongo/collection.rb +3 -3
data/lib/mongo/collection/view.rb +1 -1
data/lib/mongo/collection/view/aggregation.rb +1 -1
data/lib/mongo/collection/view/change_stream.rb +12 -3
data/lib/mongo/collection/view/iterable.rb +14 -5
data/lib/mongo/collection/view/map_reduce.rb +2 -2
data/lib/mongo/collection/view/readable.rb +7 -9
data/lib/mongo/collection/view/writable.rb +7 -7
data/lib/mongo/crypt.rb +33 -0
data/lib/mongo/crypt/auto_decryption_context.rb +42 -0
data/lib/mongo/crypt/auto_encrypter.rb +169 -0
data/lib/mongo/crypt/auto_encryption_context.rb +44 -0
data/lib/mongo/crypt/binary.rb +155 -0
data/lib/mongo/crypt/binding.rb +1162 -0
data/lib/mongo/crypt/context.rb +135 -0
data/lib/mongo/crypt/data_key_context.rb +162 -0
data/lib/mongo/crypt/encryption_io.rb +283 -0
data/lib/mongo/crypt/explicit_decryption_context.rb +40 -0
data/lib/mongo/crypt/explicit_encrypter.rb +117 -0
data/lib/mongo/crypt/explicit_encryption_context.rb +89 -0
data/lib/mongo/crypt/handle.rb +293 -0
data/lib/mongo/crypt/hooks.rb +90 -0
data/lib/mongo/crypt/kms_context.rb +67 -0
data/lib/mongo/crypt/status.rb +131 -0
data/lib/mongo/cursor.rb +64 -32
data/lib/mongo/database.rb +13 -6
data/lib/mongo/database/view.rb +13 -4
data/lib/mongo/dbref.rb +9 -2
data/lib/mongo/error.rb +5 -1
data/lib/mongo/error/crypt_error.rb +31 -0
data/lib/mongo/error/{failed_stringprep_validation.rb → failed_string_prep_validation.rb} +0 -0
data/lib/mongo/error/invalid_cursor_operation.rb +27 -0
data/lib/mongo/error/kms_error.rb +22 -0
data/lib/mongo/error/max_bson_size.rb +14 -3
data/lib/mongo/error/mongocryptd_spawn_error.rb +22 -0
data/lib/mongo/error/no_server_available.rb +8 -3
data/lib/mongo/error/operation_failure.rb +1 -0
data/lib/mongo/grid/file.rb +0 -5
data/lib/mongo/grid/file/chunk.rb +0 -2
data/lib/mongo/grid/file/info.rb +2 -1
data/lib/mongo/grid/fs_bucket.rb +13 -15
data/lib/mongo/grid/stream/write.rb +3 -9
data/lib/mongo/index/view.rb +3 -3
data/lib/mongo/monitoring/event/command_started.rb +6 -1
data/lib/mongo/operation/collections_info.rb +6 -3
data/lib/mongo/operation/delete/op_msg.rb +1 -1
data/lib/mongo/operation/find/op_msg.rb +4 -1
data/lib/mongo/operation/get_more/op_msg.rb +4 -1
data/lib/mongo/operation/insert/command.rb +2 -2
data/lib/mongo/operation/insert/legacy.rb +2 -2
data/lib/mongo/operation/insert/op_msg.rb +3 -3
data/lib/mongo/operation/result.rb +36 -27
data/lib/mongo/operation/shared/executable.rb +10 -8
data/lib/mongo/operation/shared/executable_no_validate.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_find_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +2 -2
data/lib/mongo/operation/shared/write.rb +17 -10
data/lib/mongo/operation/update/op_msg.rb +1 -1
data/lib/mongo/protocol/compressed.rb +6 -5
data/lib/mongo/protocol/insert.rb +3 -1
data/lib/mongo/protocol/message.rb +72 -8
data/lib/mongo/protocol/msg.rb +191 -37
data/lib/mongo/protocol/query.rb +7 -9
data/lib/mongo/protocol/serializers.rb +6 -2
data/lib/mongo/server.rb +10 -4
data/lib/mongo/server/connection.rb +20 -9
data/lib/mongo/server/connection_base.rb +81 -12
data/lib/mongo/server/connection_common.rb +61 -0
data/lib/mongo/server/connection_pool.rb +37 -1
data/lib/mongo/server/description.rb +9 -11
data/lib/mongo/server/monitor.rb +2 -0
data/lib/mongo/server/monitor/connection.rb +3 -18
data/lib/mongo/server/pending_connection.rb +2 -1
data/lib/mongo/session.rb +2 -2
data/lib/mongo/session/session_pool.rb +8 -3
data/lib/mongo/socket.rb +29 -16
data/lib/mongo/socket/ssl.rb +23 -8
data/lib/mongo/socket/tcp.rb +12 -3
data/lib/mongo/timeout.rb +49 -0
data/lib/mongo/uri.rb +30 -1
data/lib/mongo/version.rb +1 -1
data/mongo.gemspec +1 -1
data/spec/README.md +134 -7
data/spec/integration/auth_spec.rb +53 -0
data/spec/integration/{client_options_spec.rb → client_authentication_options_spec.rb} +10 -10
data/spec/integration/client_construction_spec.rb +76 -1
data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +351 -0
data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +301 -0
data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +71 -0
data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +76 -0
data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +216 -0
data/spec/integration/client_side_encryption/auto_encryption_spec.rb +600 -0
data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +183 -0
data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +74 -0
data/spec/integration/client_side_encryption/client_close_spec.rb +59 -0
data/spec/integration/client_side_encryption/corpus_spec.rb +228 -0
data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +132 -0
data/spec/integration/client_side_encryption/data_key_spec.rb +163 -0
data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +114 -0
data/spec/integration/client_side_encryption/external_key_vault_spec.rb +137 -0
data/spec/integration/client_side_encryption/views_spec.rb +42 -0
data/spec/integration/client_update_spec.rb +120 -0
data/spec/integration/command_monitoring_spec.rb +3 -1
data/spec/integration/command_spec.rb +44 -10
data/spec/integration/connection_spec.rb +57 -0
data/spec/integration/reconnect_spec.rb +7 -6
data/spec/integration/size_limit_spec.rb +94 -0
data/spec/integration/srv_monitoring_spec.rb +14 -6
data/spec/lite_spec_helper.rb +31 -22
data/spec/mongo/auth/cr_spec.rb +8 -0
data/spec/mongo/auth/ldap_spec.rb +5 -1
data/spec/mongo/auth/scram/conversation_spec.rb +5 -6
data/spec/mongo/auth/scram/negotiation_spec.rb +74 -75
data/spec/mongo/auth/scram_spec.rb +45 -35
data/spec/mongo/auth/x509_spec.rb +5 -1
data/spec/mongo/client_construction_spec.rb +206 -3
data/spec/mongo/client_encryption_spec.rb +408 -0
data/spec/mongo/cluster/cursor_reaper_spec.rb +12 -8
data/spec/mongo/cluster/socket_reaper_spec.rb +14 -3
data/spec/mongo/collection/view/aggregation_spec.rb +0 -2
data/spec/mongo/collection/view/change_stream_spec.rb +7 -7
data/spec/mongo/collection/view/map_reduce_spec.rb +3 -3
data/spec/mongo/collection/view_spec.rb +1 -1
data/spec/mongo/collection_spec.rb +4 -33
data/spec/mongo/crypt/auto_decryption_context_spec.rb +90 -0
data/spec/mongo/crypt/auto_encrypter_spec.rb +182 -0
data/spec/mongo/crypt/auto_encryption_context_spec.rb +107 -0
data/spec/mongo/crypt/binary_spec.rb +115 -0
data/spec/mongo/crypt/binding/binary_spec.rb +56 -0
data/spec/mongo/crypt/binding/context_spec.rb +257 -0
data/spec/mongo/crypt/binding/helpers_spec.rb +46 -0
data/spec/mongo/crypt/binding/mongocrypt_spec.rb +144 -0
data/spec/mongo/crypt/binding/status_spec.rb +99 -0
data/spec/mongo/crypt/binding/version_spec.rb +22 -0
data/spec/mongo/crypt/binding_unloaded_spec.rb +20 -0
data/spec/mongo/crypt/data_key_context_spec.rb +213 -0
data/spec/mongo/crypt/encryption_io_spec.rb +136 -0
data/spec/mongo/crypt/explicit_decryption_context_spec.rb +72 -0
data/spec/mongo/crypt/explicit_encryption_context_spec.rb +170 -0
data/spec/mongo/crypt/handle_spec.rb +198 -0
data/spec/mongo/crypt/helpers/mongo_crypt_spec_helper.rb +108 -0
data/spec/mongo/crypt/status_spec.rb +152 -0
data/spec/mongo/cursor_spec.rb +24 -4
data/spec/mongo/database_spec.rb +20 -0
data/spec/mongo/error/crypt_error_spec.rb +26 -0
data/spec/mongo/error/max_bson_size_spec.rb +35 -0
data/spec/mongo/error/no_server_available_spec.rb +11 -1
data/spec/mongo/error/operation_failure_spec.rb +6 -6
data/spec/mongo/operation/aggregate_spec.rb +1 -1
data/spec/mongo/operation/collections_info_spec.rb +1 -1
data/spec/mongo/operation/command_spec.rb +3 -3
data/spec/mongo/operation/create_index_spec.rb +3 -3
data/spec/mongo/operation/create_user_spec.rb +3 -3
data/spec/mongo/operation/delete/bulk_spec.rb +6 -6
data/spec/mongo/operation/delete/op_msg_spec.rb +1 -6
data/spec/mongo/operation/delete_spec.rb +7 -7
data/spec/mongo/operation/drop_index_spec.rb +2 -2
data/spec/mongo/operation/find/legacy_spec.rb +1 -1
data/spec/mongo/operation/get_more_spec.rb +1 -1
data/spec/mongo/operation/indexes_spec.rb +1 -1
data/spec/mongo/operation/insert/bulk_spec.rb +7 -7
data/spec/mongo/operation/insert/op_msg_spec.rb +3 -6
data/spec/mongo/operation/insert_spec.rb +12 -12
data/spec/mongo/operation/map_reduce_spec.rb +2 -2
data/spec/mongo/operation/remove_user_spec.rb +3 -3
data/spec/mongo/operation/update/bulk_spec.rb +6 -6
data/spec/mongo/operation/update/op_msg_spec.rb +3 -6
data/spec/mongo/operation/update_spec.rb +7 -7
data/spec/mongo/operation/update_user_spec.rb +1 -1
data/spec/mongo/protocol/compressed_spec.rb +2 -3
data/spec/mongo/protocol/delete_spec.rb +9 -8
data/spec/mongo/protocol/get_more_spec.rb +9 -8
data/spec/mongo/protocol/insert_spec.rb +9 -8
data/spec/mongo/protocol/kill_cursors_spec.rb +6 -5
data/spec/mongo/protocol/msg_spec.rb +57 -53
data/spec/mongo/protocol/query_spec.rb +12 -12
data/spec/mongo/protocol/registry_spec.rb +1 -1
data/spec/mongo/protocol/reply_spec.rb +1 -1
data/spec/mongo/protocol/update_spec.rb +10 -9
data/spec/mongo/server/connection_pool_spec.rb +1 -1
data/spec/mongo/server/connection_spec.rb +28 -7
data/spec/mongo/socket_spec.rb +1 -1
data/spec/mongo/timeout_spec.rb +85 -0
data/spec/mongo/uri/srv_protocol_spec.rb +2 -2
data/spec/mongo/uri_spec.rb +52 -5
data/spec/mongo/write_concern_spec.rb +13 -1
data/spec/{support → runners}/auth.rb +14 -1
data/spec/{support → runners}/change_streams.rb +1 -1
data/spec/{support → runners}/change_streams/operation.rb +0 -0
data/spec/{support → runners}/cmap.rb +1 -1
data/spec/{support → runners}/cmap/verifier.rb +0 -0
data/spec/{support → runners}/command_monitoring.rb +0 -0
data/spec/runners/connection_string.rb +358 -4
data/spec/{support → runners}/crud.rb +9 -9
data/spec/{support → runners}/crud/context.rb +0 -0
data/spec/{support → runners}/crud/operation.rb +7 -3
data/spec/{support → runners}/crud/outcome.rb +0 -0
data/spec/{support → runners}/crud/requirement.rb +1 -1
data/spec/{support → runners}/crud/spec.rb +12 -1
data/spec/{support → runners}/crud/test.rb +0 -0
data/spec/{support → runners}/crud/test_base.rb +0 -0
data/spec/{support → runners}/crud/verifier.rb +10 -12
data/spec/{support → runners}/gridfs.rb +0 -0
data/spec/{support → runners}/sdam_monitoring.rb +0 -0
data/spec/{support → runners}/server_discovery_and_monitoring.rb +0 -0
data/spec/{support → runners}/server_selection.rb +0 -0
data/spec/{support → runners}/server_selection_rtt.rb +0 -0
data/spec/{support → runners}/transactions.rb +4 -4
data/spec/{support → runners}/transactions/context.rb +0 -0
data/spec/{support → runners}/transactions/operation.rb +0 -0
data/spec/{support → runners}/transactions/spec.rb +0 -0
data/spec/{support → runners}/transactions/test.rb +37 -5
data/spec/spec_helper.rb +0 -5
data/spec/spec_tests/auth_spec.rb +3 -3
data/spec/spec_tests/client_side_encryption_spec.rb +13 -0
data/spec/spec_tests/connection_string_spec.rb +1 -1
data/spec/spec_tests/data/auth/connection-string.yml +13 -0
data/spec/spec_tests/data/client_side_encryption/aggregate.yml +134 -0
data/spec/spec_tests/data/client_side_encryption/badQueries.yml +526 -0
data/spec/spec_tests/data/client_side_encryption/badSchema.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/basic.yml +116 -0
data/spec/spec_tests/data/client_side_encryption/bulk.yml +85 -0
data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +100 -0
data/spec/spec_tests/data/client_side_encryption/bypassedCommand.yml +42 -0
data/spec/spec_tests/data/client_side_encryption/count.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +59 -0
data/spec/spec_tests/data/client_side_encryption/delete.yml +105 -0
data/spec/spec_tests/data/client_side_encryption/distinct.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/explain.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/find.yml +119 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/getMore.yml +68 -0
data/spec/spec_tests/data/client_side_encryption/insert.yml +102 -0
data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +71 -0
data/spec/spec_tests/data/client_side_encryption/localKMS.yml +54 -0
data/spec/spec_tests/data/client_side_encryption/localSchema.yml +72 -0
data/spec/spec_tests/data/client_side_encryption/malformedCiphertext.yml +69 -0
data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +20 -0
data/spec/spec_tests/data/client_side_encryption/missingKey.yml +49 -0
data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/types.yml +527 -0
data/spec/spec_tests/data/client_side_encryption/unsupportedCommand.yml +25 -0
data/spec/spec_tests/data/client_side_encryption/updateMany.yml +77 -0
data/spec/spec_tests/data/client_side_encryption/updateOne.yml +168 -0
data/spec/spec_tests/data/read_write_concern/connection-string/write-concern.yml +1 -4
data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +21 -0
data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -4
data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +1 -1
data/spec/spec_tests/data/sdam/rs/primary_mismatched_me_not_removed.yml +73 -0
data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +1 -2
data/spec/spec_tests/data/sdam/rs/repeated.yml +101 -0
data/spec/spec_tests/data/sdam/rs/{primary_address_change.yml → ruby_primary_address_change.yml} +2 -0
data/spec/spec_tests/data/sdam/rs/{secondary_wrong_set_name_with_primary_second.yml → ruby_secondary_wrong_set_name_with_primary_second.yml} +0 -0
data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +27 -0
data/spec/spec_tests/data/sdam/sharded/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/sharded/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam_monitoring/{replica_set_with_primary_change.yml → replica_set_primary_address_change.yml} +27 -5
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_me_mismatch.yml +26 -74
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_removal.yml +20 -16
data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +73 -0
data/spec/spec_tests/data/transactions/pin-mongos.yml +2 -3
data/spec/spec_tests/data/uri_options/auth-options.yml +10 -0
data/spec/spec_tests/data/uri_options/tls-options.yml +75 -4
data/spec/spec_tests/read_write_concern_connection_string_spec.rb +1 -1
data/spec/spec_tests/uri_options_spec.rb +6 -8
data/spec/stress/connection_pool_timing_spec.rb +6 -3
data/spec/support/certificates/README.md +4 -0
data/spec/support/certificates/server-second-level-bundle.pem +77 -77
data/spec/support/certificates/server-second-level.crt +52 -52
data/spec/support/certificates/server-second-level.key +25 -25
data/spec/support/certificates/server-second-level.pem +77 -77
data/spec/support/client_registry.rb +19 -3
data/spec/support/cluster_config.rb +9 -1
data/spec/support/common_shortcuts.rb +12 -0
data/spec/support/constraints.rb +16 -0
data/spec/support/crypt.rb +140 -0
data/spec/support/crypt/corpus/corpus-key-aws.json +33 -0
data/spec/support/crypt/corpus/corpus-key-local.json +31 -0
data/spec/support/crypt/corpus/corpus-schema.json +2057 -0
data/spec/support/crypt/corpus/corpus.json +3657 -0
data/spec/support/crypt/corpus/corpus_encrypted.json +4152 -0
data/spec/support/crypt/data_keys/key_document_aws.json +34 -0
data/spec/support/crypt/data_keys/key_document_local.json +31 -0
data/spec/support/crypt/external/external-key.json +31 -0
data/spec/support/crypt/external/external-schema.json +19 -0
data/spec/support/crypt/limits/limits-doc.json +102 -0
data/spec/support/crypt/limits/limits-key.json +31 -0
data/spec/support/crypt/limits/limits-schema.json +1405 -0
data/spec/support/crypt/schema_maps/schema_map_aws.json +17 -0
data/spec/support/crypt/schema_maps/schema_map_aws_key_alt_names.json +12 -0
data/spec/support/crypt/schema_maps/schema_map_local.json +18 -0
data/spec/support/crypt/schema_maps/schema_map_local_key_alt_names.json +12 -0
data/spec/support/lite_constraints.rb +17 -1
data/spec/support/matchers.rb +19 -0
data/spec/support/shared/protocol.rb +2 -0
data/spec/support/spec_config.rb +43 -13
data/spec/support/utils.rb +132 -10
metadata +277 -81
metadata.gz.sig +0 -0
data/spec/integration/grid_fs_bucket_spec.rb +0 -48
data/spec/integration/zlib_compression_spec.rb +0 -25
data/spec/spec_tests/data/sdam/sharded/single_mongos.yml +0 -33
data/spec/support/connection_string.rb +0 -354

data/spec/mongo/crypt/binding/helpers_spec.rb ADDED

@@ -0,0 +1,46 @@
+require 'mongo'
+require 'support/lite_constraints'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  describe 'helper methods' do
+    require_libmongocrypt
+    describe '#validate_document' do
+      context 'with BSON::Document data' do
+        it 'does not raise an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document(BSON::Document.new)
+          end.not_to raise_error
+        end
+      end
+      context 'with Hash data' do
+        it 'does not raise an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document({})
+          end.not_to raise_error
+        end
+      end
+      context 'with nil data' do
+        it 'raises an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document(nil)
+          end.to raise_error(Mongo::Error::CryptError, /Attempted to pass nil data to libmongocrypt/)
+        end
+      end
+      context 'with non-document data' do
+        it 'raises an exception' do
+          expect do
+            Mongo::Crypt::Binding.validate_document('not a bson document')
+          end.to raise_error(Mongo::Error::CryptError, /Attempted to pass invalid data to libmongocrypt/)
+        end
+      end
+    end
+  end
+end

data/spec/mongo/crypt/binding/mongocrypt_spec.rb ADDED

@@ -0,0 +1,144 @@
+require 'mongo'
+require 'support/lite_constraints'
+require 'mongo/crypt/helpers/mongo_crypt_spec_helper'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  describe 'mongocrypt_t binding' do
+    require_libmongocrypt
+    after do
+      Mongo::Crypt::Binding.mongocrypt_destroy(mongocrypt)
+    end
+    describe '#mongocrypt_new' do
+      let(:mongocrypt) { Mongo::Crypt::Binding.mongocrypt_new }
+      it 'returns a pointer' do
+        expect(mongocrypt).to be_a_kind_of(FFI::Pointer)
+      end
+    end
+    describe '#mongocrypt_setopt_kms_provider_local' do
+      let(:mongocrypt) { Mongo::Crypt::Binding.mongocrypt_new }
+      let(:binary) do
+        p = FFI::MemoryPointer.new(key_bytes.size)
+              .write_array_of_type(FFI::TYPE_UINT8, :put_uint8, key_bytes)
+        Mongo::Crypt::Binding.mongocrypt_binary_new_from_data(p, key_bytes.length)
+      end
+      after do
+        Mongo::Crypt::Binding.mongocrypt_binary_destroy(binary)
+      end
+      context 'with valid key' do
+        let(:key_bytes) { [114, 117, 98, 121] * 24 } # 96 bytes
+        it 'returns true' do
+          expect(Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)).to be true
+        end
+      end
+      context 'with invalid key' do
+        let(:key_bytes) { [114, 117, 98, 121] * 23 } # NOT 96 bytes
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)).to be false
+        end
+      end
+    end
+    describe '#mongocrypt_init' do
+      let(:key_bytes) { [114, 117, 98, 121] * 24 } # 96 bytes
+      let(:binary) do
+        p = FFI::MemoryPointer.new(key_bytes.size)
+              .write_array_of_type(FFI::TYPE_UINT8, :put_uint8, key_bytes)
+        Mongo::Crypt::Binding.mongocrypt_binary_new_from_data(p, key_bytes.length)
+      end
+      let(:mongocrypt) do
+        mongocrypt = Mongo::Crypt::Binding.mongocrypt_new
+        Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)
+        mongocrypt
+      end
+      after do
+        Mongo::Crypt::Binding.mongocrypt_binary_destroy(binary)
+      end
+      context 'with valid kms option' do
+        before do
+          MongoCryptSpecHelper.bind_crypto_hooks(mongocrypt)
+        end
+        it 'returns true' do
+          expect(Mongo::Crypt::Binding.mongocrypt_init(mongocrypt)).to be true
+        end
+      end
+      context 'without binding crypto hooks' do
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_init(mongocrypt)).to be false
+        end
+      end
+      context 'with invalid kms option' do
+        before do
+          MongoCryptSpecHelper.bind_crypto_hooks(mongocrypt)
+        end
+        let(:key_bytes) { [114, 117, 98, 121] * 23 } # NOT 96 bytes
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_init(mongocrypt)).to be false
+        end
+      end
+    end
+    describe '#mongocrypt_status' do
+      let(:status) { Mongo::Crypt::Binding.mongocrypt_status_new }
+      let(:mongocrypt) { mongocrypt = Mongo::Crypt::Binding.mongocrypt_new }
+      after do
+        Mongo::Crypt::Binding.mongocrypt_status_destroy(status)
+      end
+      context 'for a new mongocrypt_t object' do
+        it 'returns an ok status' do
+          Mongo::Crypt::Binding.mongocrypt_status(mongocrypt, status)
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status)).to eq(:ok)
+        end
+      end
+      context 'for a mongocrypt_t object with invalid kms options' do
+        let(:key_bytes) { [114, 117, 98, 121] * 23 } # NOT 96 bytes
+        let(:binary) do
+          p = FFI::MemoryPointer.new(key_bytes.size)
+                .write_array_of_type(FFI::TYPE_UINT8, :put_uint8, key_bytes)
+          Mongo::Crypt::Binding.mongocrypt_binary_new_from_data(p, key_bytes.length)
+        end
+        after do
+          Mongo::Crypt::Binding.mongocrypt_binary_destroy(binary)
+        end
+        it 'returns a error_client status' do
+          Mongo::Crypt::Binding.mongocrypt_setopt_kms_provider_local(mongocrypt, binary)
+          Mongo::Crypt::Binding.mongocrypt_status(mongocrypt, status)
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status)).to eq(:error_client)
+        end
+      end
+    end
+  end
+end

data/spec/mongo/crypt/binding/status_spec.rb ADDED

@@ -0,0 +1,99 @@
+require 'mongo'
+require 'support/lite_constraints'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  describe 'mongocrypt_status_t binding' do
+    require_libmongocrypt
+    let(:status) { Mongo::Crypt::Binding.mongocrypt_status_new }
+    let(:message) { "Operation unauthorized" }
+    let(:status_with_info) do
+      Mongo::Crypt::Binding.mongocrypt_status_set(
+        status,
+        :error_client,
+        401,
+        message,
+        message.length + 1
+      )
+      status
+    end
+    after do
+      Mongo::Crypt::Binding.mongocrypt_status_destroy(status)
+    end
+    describe '#mongocrypt_status_new' do
+      it 'returns a pointer' do
+        expect(status).to be_a_kind_of(FFI::Pointer)
+      end
+    end
+    describe '#mongocrypt_status_type' do
+      context 'when status has no type' do
+        it 'returns :ok/0' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status)).to eq(:ok)
+        end
+      end
+      context 'when status has type' do
+        it 'returns type' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_type(status_with_info)).to eq(:error_client)
+        end
+      end
+    end
+    describe '#mongocrypt_status_code' do
+      context 'when status has no code' do
+        it 'returns 0' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_code(status)).to eq(0)
+        end
+      end
+      context 'when status has code' do
+        it 'returns code' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_code(status_with_info)).to eq(401)
+        end
+      end
+    end
+    describe '#mongocrypt_status_message' do
+      context 'when status has no message' do
+        it 'returns nil' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_message(status, nil)).to eq(nil)
+        end
+      end
+      context 'when status has message' do
+        it 'returns message' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_message(status_with_info, nil)).to eq(message)
+        end
+      end
+    end
+    describe '#mongocrypt_status_ok' do
+      context 'when status_type is not ok' do
+        it 'returns false' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_ok(status_with_info)).to be false
+        end
+      end
+      context 'when status_type is ok' do
+        let(:message) { 'Operation successful' }
+        let(:status_with_info) do
+          Mongo::Crypt::Binding.mongocrypt_status_set(status, :ok, 200, message, message.length + 1)
+          status
+        end
+        it 'returns true' do
+          expect(Mongo::Crypt::Binding.mongocrypt_status_ok(status_with_info)).to be true
+        end
+      end
+    end
+  end
+end

data/spec/mongo/crypt/binding/version_spec.rb ADDED

@@ -0,0 +1,22 @@
+require 'mongo'
+require 'support/lite_constraints'
+RSpec.configure do |config|
+  config.extend(LiteConstraints)
+end
+describe 'Mongo::Crypt::Binding' do
+  require_libmongocrypt
+  describe '#mongocrypt_version' do
+    let(:version) { Mongo::Crypt::Binding.mongocrypt_version(nil) }
+    it 'is a string' do
+      expect(version).to be_a_kind_of(String)
+    end
+    it 'is in the x.y.z-tag format' do
+      expect(version).to match(/\A(\d+.){2}(\d+)?(-[A-Za-z\+\d]+)?\z/)
+    end
+  end
+end

data/spec/mongo/crypt/binding_unloaded_spec.rb ADDED

@@ -0,0 +1,20 @@
+require 'lite_spec_helper'
+describe 'Mongo::Crypt::Binding' do
+  require_no_libmongocrypt
+  context 'when load fails' do
+    it 'retries loading at the next reference' do
+      lambda do
+        Mongo::Crypt::Binding
+      end.should raise_error(LoadError, /no path to libmongocrypt specified/)
+      # second load should also be attempted and should fail with the
+      # LoadError exception
+      lambda do
+        Mongo::Crypt::Binding
+      end.should raise_error(LoadError, /no path to libmongocrypt specified/)
+    end
+  end
+end

data/spec/mongo/crypt/data_key_context_spec.rb ADDED

@@ -0,0 +1,213 @@
+require 'mongo'
+require 'base64'
+require 'lite_spec_helper'
+describe Mongo::Crypt::DataKeyContext do
+  require_libmongocrypt
+  include_context 'define shared FLE helpers'
+  let(:mongocrypt) do
+    Mongo::Crypt::Handle.new(kms_providers)
+  end
+  let(:io) { double("Mongo::Crypt::EncryptionIO") }
+  let(:context) { described_class.new(mongocrypt, io, kms_provider_name, options) }
+  let(:base_options) { {} }
+  let(:options) { base_options }
+  describe '#initialize' do
+    shared_examples 'it properly sets key_alt_names' do
+      context 'with one key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: ['keyAltName1']) }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with multiple key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: ['keyAltName1', 'keyAltName2']) }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with empty key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: []) }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with invalid key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: ['keyAltName1', 3]) }
+        it 'does raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /All values of the :key_alt_names option Array must be Strings/)
+        end
+      end
+      context 'with non-array key_alt_names' do
+        let(:options) { base_options.merge(key_alt_names: "keyAltName1") }
+        it 'does raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /key_alt_names option must be an Array/)
+        end
+      end
+    end
+    context 'with invalid kms provider'do
+      let(:kms_providers) { local_kms_providers }
+      let(:kms_provider_name) { 'invalid' }
+      it 'raises an exception' do
+        expect do
+          context
+        end.to raise_exception(/invalid is an invalid kms provider/)
+      end
+    end
+    context 'with local kms provider and empty options' do
+      include_context 'with local kms_providers'
+      it_behaves_like 'it properly sets key_alt_names'
+      it 'does not raise an exception' do
+        expect do
+          context
+        end.not_to raise_error
+      end
+    end
+    context 'with aws kms provider' do
+      include_context 'with AWS kms_providers'
+      let(:base_options) { { master_key: { region: 'us-east-2', key: 'arn' } } }
+      it_behaves_like 'it properly sets key_alt_names'
+      context 'with empty options' do
+        let(:options) { {} }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /options Hash must contain a key named :master_key with a Hash value/)
+        end
+      end
+      context 'with an invalid master key option' do
+        let(:options) { { master_key: 'key' } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /:master_key option must be a Hash/)
+        end
+      end
+      context 'where master key is an empty hash' do
+        let(:options) { { master_key: {} } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /The value of :region option of the :master_key options hash cannot be nil/)
+        end
+      end
+      context 'with a nil region option' do
+        let(:options) { { master_key: { region: nil } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /The value of :region option of the :master_key options hash cannot be nil/)
+        end
+      end
+      context 'with an invalid region option' do
+        let(:options) { { master_key: { region: 5 } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /5 is an invalid AWS master_key region/)
+        end
+      end
+      context 'with an invalid key option' do
+        let(:options) { { master_key: { region: 'us-east-2', key: nil } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /The value of :key option of the :master_key options hash cannot be nil/)
+        end
+      end
+      context 'with an invalid key option' do
+        let(:options) { { master_key: { region: 'us-east-2', key: 5 } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /5 is an invalid AWS master_key key/)
+        end
+      end
+      context 'with an invalid endpoint option' do
+        let(:options) { { master_key: { region: 'us-east-2', key: 'arn', endpoint: 5 } } }
+        it 'raises an exception' do
+          expect do
+            context
+          end.to raise_error(ArgumentError, /5 is an invalid AWS master_key endpoint/)
+        end
+      end
+      context 'with valid options' do
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+      context 'with valid endpoint' do
+        let(:options) { { master_key: { region: 'us-east-2', key: 'arn', endpoint: 'endpoint/to/kms' } } }
+        it 'does not raise an exception' do
+          expect do
+            context
+          end.not_to raise_error
+        end
+      end
+    end
+  end
+  describe '#run_state_machine' do
+    # TODO: test with AWS KMS provider
+    context 'with local KMS provider' do
+      include_context 'with local kms_providers'
+      it 'creates a data key' do
+        expect(context.run_state_machine).to be_a_kind_of(Hash)
+      end
+    end
+  end
+end