RubyGems - mongo - Versions diffs - 2.11.6 → 2.12.0.rc0 - Mend

mongo 2.11.6 → 2.12.0.rc0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (327) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -2
data.tar.gz.sig +0 -0
data/CONTRIBUTING.md +1 -1
data/lib/mongo.rb +3 -0
data/lib/mongo/address.rb +13 -2
data/lib/mongo/auth.rb +1 -0
data/lib/mongo/auth/credential_cache.rb +51 -0
data/lib/mongo/auth/scram/conversation.rb +20 -16
data/lib/mongo/auth/user.rb +0 -8
data/lib/mongo/auth/user/view.rb +4 -4
data/lib/mongo/background_thread.rb +1 -1
data/lib/mongo/bulk_write.rb +5 -5
data/lib/mongo/client.rb +126 -11
data/lib/mongo/client_encryption.rb +103 -0
data/lib/mongo/cluster.rb +2 -2
data/lib/mongo/cluster/reapers/cursor_reaper.rb +18 -6
data/lib/mongo/cluster/sdam_flow.rb +54 -58
data/lib/mongo/cluster/srv_monitor.rb +1 -1
data/lib/mongo/collection.rb +3 -3
data/lib/mongo/collection/view.rb +1 -1
data/lib/mongo/collection/view/aggregation.rb +1 -1
data/lib/mongo/collection/view/change_stream.rb +12 -3
data/lib/mongo/collection/view/iterable.rb +14 -5
data/lib/mongo/collection/view/map_reduce.rb +2 -2
data/lib/mongo/collection/view/readable.rb +7 -9
data/lib/mongo/collection/view/writable.rb +7 -7
data/lib/mongo/crypt.rb +33 -0
data/lib/mongo/crypt/auto_decryption_context.rb +42 -0
data/lib/mongo/crypt/auto_encrypter.rb +169 -0
data/lib/mongo/crypt/auto_encryption_context.rb +44 -0
data/lib/mongo/crypt/binary.rb +155 -0
data/lib/mongo/crypt/binding.rb +1162 -0
data/lib/mongo/crypt/context.rb +135 -0
data/lib/mongo/crypt/data_key_context.rb +162 -0
data/lib/mongo/crypt/encryption_io.rb +283 -0
data/lib/mongo/crypt/explicit_decryption_context.rb +40 -0
data/lib/mongo/crypt/explicit_encrypter.rb +117 -0
data/lib/mongo/crypt/explicit_encryption_context.rb +89 -0
data/lib/mongo/crypt/handle.rb +293 -0
data/lib/mongo/crypt/hooks.rb +90 -0
data/lib/mongo/crypt/kms_context.rb +67 -0
data/lib/mongo/crypt/status.rb +131 -0
data/lib/mongo/cursor.rb +64 -32
data/lib/mongo/database.rb +13 -6
data/lib/mongo/database/view.rb +13 -4
data/lib/mongo/dbref.rb +9 -2
data/lib/mongo/error.rb +5 -1
data/lib/mongo/error/crypt_error.rb +31 -0
data/lib/mongo/error/{failed_stringprep_validation.rb → failed_string_prep_validation.rb} +0 -0
data/lib/mongo/error/invalid_cursor_operation.rb +27 -0
data/lib/mongo/error/kms_error.rb +22 -0
data/lib/mongo/error/max_bson_size.rb +14 -3
data/lib/mongo/error/mongocryptd_spawn_error.rb +22 -0
data/lib/mongo/error/no_server_available.rb +8 -3
data/lib/mongo/error/operation_failure.rb +1 -0
data/lib/mongo/grid/file.rb +0 -5
data/lib/mongo/grid/file/chunk.rb +0 -2
data/lib/mongo/grid/file/info.rb +2 -1
data/lib/mongo/grid/fs_bucket.rb +13 -15
data/lib/mongo/grid/stream/write.rb +3 -9
data/lib/mongo/index/view.rb +3 -3
data/lib/mongo/monitoring/event/command_started.rb +6 -1
data/lib/mongo/operation/collections_info.rb +6 -3
data/lib/mongo/operation/delete/op_msg.rb +1 -1
data/lib/mongo/operation/find/op_msg.rb +4 -1
data/lib/mongo/operation/get_more/op_msg.rb +4 -1
data/lib/mongo/operation/insert/command.rb +2 -2
data/lib/mongo/operation/insert/legacy.rb +2 -2
data/lib/mongo/operation/insert/op_msg.rb +3 -3
data/lib/mongo/operation/result.rb +36 -27
data/lib/mongo/operation/shared/executable.rb +10 -8
data/lib/mongo/operation/shared/executable_no_validate.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_find_command.rb +2 -2
data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +2 -2
data/lib/mongo/operation/shared/write.rb +17 -10
data/lib/mongo/operation/update/op_msg.rb +1 -1
data/lib/mongo/protocol/compressed.rb +6 -5
data/lib/mongo/protocol/insert.rb +3 -1
data/lib/mongo/protocol/message.rb +72 -8
data/lib/mongo/protocol/msg.rb +191 -37
data/lib/mongo/protocol/query.rb +7 -9
data/lib/mongo/protocol/serializers.rb +6 -2
data/lib/mongo/server.rb +10 -4
data/lib/mongo/server/connection.rb +20 -9
data/lib/mongo/server/connection_base.rb +81 -12
data/lib/mongo/server/connection_common.rb +61 -0
data/lib/mongo/server/connection_pool.rb +37 -1
data/lib/mongo/server/description.rb +9 -11
data/lib/mongo/server/monitor.rb +2 -0
data/lib/mongo/server/monitor/connection.rb +3 -18
data/lib/mongo/server/pending_connection.rb +2 -1
data/lib/mongo/session.rb +2 -2
data/lib/mongo/session/session_pool.rb +8 -3
data/lib/mongo/socket.rb +29 -16
data/lib/mongo/socket/ssl.rb +23 -8
data/lib/mongo/socket/tcp.rb +12 -3
data/lib/mongo/timeout.rb +49 -0
data/lib/mongo/uri.rb +30 -1
data/lib/mongo/version.rb +1 -1
data/mongo.gemspec +1 -1
data/spec/README.md +134 -7
data/spec/integration/auth_spec.rb +53 -0
data/spec/integration/{client_options_spec.rb → client_authentication_options_spec.rb} +10 -10
data/spec/integration/client_construction_spec.rb +76 -1
data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +351 -0
data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +301 -0
data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +71 -0
data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +76 -0
data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +216 -0
data/spec/integration/client_side_encryption/auto_encryption_spec.rb +600 -0
data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +183 -0
data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +74 -0
data/spec/integration/client_side_encryption/client_close_spec.rb +59 -0
data/spec/integration/client_side_encryption/corpus_spec.rb +228 -0
data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +132 -0
data/spec/integration/client_side_encryption/data_key_spec.rb +163 -0
data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +114 -0
data/spec/integration/client_side_encryption/external_key_vault_spec.rb +137 -0
data/spec/integration/client_side_encryption/views_spec.rb +42 -0
data/spec/integration/client_update_spec.rb +120 -0
data/spec/integration/command_monitoring_spec.rb +3 -1
data/spec/integration/command_spec.rb +44 -10
data/spec/integration/connection_spec.rb +57 -0
data/spec/integration/reconnect_spec.rb +7 -6
data/spec/integration/size_limit_spec.rb +94 -0
data/spec/integration/srv_monitoring_spec.rb +14 -6
data/spec/lite_spec_helper.rb +31 -22
data/spec/mongo/auth/cr_spec.rb +8 -0
data/spec/mongo/auth/ldap_spec.rb +5 -1
data/spec/mongo/auth/scram/conversation_spec.rb +5 -6
data/spec/mongo/auth/scram/negotiation_spec.rb +74 -75
data/spec/mongo/auth/scram_spec.rb +45 -35
data/spec/mongo/auth/x509_spec.rb +5 -1
data/spec/mongo/client_construction_spec.rb +206 -3
data/spec/mongo/client_encryption_spec.rb +408 -0
data/spec/mongo/cluster/cursor_reaper_spec.rb +12 -8
data/spec/mongo/cluster/socket_reaper_spec.rb +14 -3
data/spec/mongo/collection/view/aggregation_spec.rb +0 -2
data/spec/mongo/collection/view/change_stream_spec.rb +7 -7
data/spec/mongo/collection/view/map_reduce_spec.rb +3 -3
data/spec/mongo/collection/view_spec.rb +1 -1
data/spec/mongo/collection_spec.rb +4 -33
data/spec/mongo/crypt/auto_decryption_context_spec.rb +90 -0
data/spec/mongo/crypt/auto_encrypter_spec.rb +182 -0
data/spec/mongo/crypt/auto_encryption_context_spec.rb +107 -0
data/spec/mongo/crypt/binary_spec.rb +115 -0
data/spec/mongo/crypt/binding/binary_spec.rb +56 -0
data/spec/mongo/crypt/binding/context_spec.rb +257 -0
data/spec/mongo/crypt/binding/helpers_spec.rb +46 -0
data/spec/mongo/crypt/binding/mongocrypt_spec.rb +144 -0
data/spec/mongo/crypt/binding/status_spec.rb +99 -0
data/spec/mongo/crypt/binding/version_spec.rb +22 -0
data/spec/mongo/crypt/binding_unloaded_spec.rb +20 -0
data/spec/mongo/crypt/data_key_context_spec.rb +213 -0
data/spec/mongo/crypt/encryption_io_spec.rb +136 -0
data/spec/mongo/crypt/explicit_decryption_context_spec.rb +72 -0
data/spec/mongo/crypt/explicit_encryption_context_spec.rb +170 -0
data/spec/mongo/crypt/handle_spec.rb +198 -0
data/spec/mongo/crypt/helpers/mongo_crypt_spec_helper.rb +108 -0
data/spec/mongo/crypt/status_spec.rb +152 -0
data/spec/mongo/cursor_spec.rb +24 -4
data/spec/mongo/database_spec.rb +20 -0
data/spec/mongo/error/crypt_error_spec.rb +26 -0
data/spec/mongo/error/max_bson_size_spec.rb +35 -0
data/spec/mongo/error/no_server_available_spec.rb +11 -1
data/spec/mongo/error/operation_failure_spec.rb +6 -6
data/spec/mongo/operation/aggregate_spec.rb +1 -1
data/spec/mongo/operation/collections_info_spec.rb +1 -1
data/spec/mongo/operation/command_spec.rb +3 -3
data/spec/mongo/operation/create_index_spec.rb +3 -3
data/spec/mongo/operation/create_user_spec.rb +3 -3
data/spec/mongo/operation/delete/bulk_spec.rb +6 -6
data/spec/mongo/operation/delete/op_msg_spec.rb +1 -6
data/spec/mongo/operation/delete_spec.rb +7 -7
data/spec/mongo/operation/drop_index_spec.rb +2 -2
data/spec/mongo/operation/find/legacy_spec.rb +1 -1
data/spec/mongo/operation/get_more_spec.rb +1 -1
data/spec/mongo/operation/indexes_spec.rb +1 -1
data/spec/mongo/operation/insert/bulk_spec.rb +7 -7
data/spec/mongo/operation/insert/op_msg_spec.rb +3 -6
data/spec/mongo/operation/insert_spec.rb +12 -12
data/spec/mongo/operation/map_reduce_spec.rb +2 -2
data/spec/mongo/operation/remove_user_spec.rb +3 -3
data/spec/mongo/operation/update/bulk_spec.rb +6 -6
data/spec/mongo/operation/update/op_msg_spec.rb +3 -6
data/spec/mongo/operation/update_spec.rb +7 -7
data/spec/mongo/operation/update_user_spec.rb +1 -1
data/spec/mongo/protocol/compressed_spec.rb +2 -3
data/spec/mongo/protocol/delete_spec.rb +9 -8
data/spec/mongo/protocol/get_more_spec.rb +9 -8
data/spec/mongo/protocol/insert_spec.rb +9 -8
data/spec/mongo/protocol/kill_cursors_spec.rb +6 -5
data/spec/mongo/protocol/msg_spec.rb +57 -53
data/spec/mongo/protocol/query_spec.rb +12 -12
data/spec/mongo/protocol/registry_spec.rb +1 -1
data/spec/mongo/protocol/reply_spec.rb +1 -1
data/spec/mongo/protocol/update_spec.rb +10 -9
data/spec/mongo/server/connection_pool_spec.rb +1 -1
data/spec/mongo/server/connection_spec.rb +28 -7
data/spec/mongo/socket_spec.rb +1 -1
data/spec/mongo/timeout_spec.rb +85 -0
data/spec/mongo/uri/srv_protocol_spec.rb +2 -2
data/spec/mongo/uri_spec.rb +52 -5
data/spec/mongo/write_concern_spec.rb +13 -1
data/spec/{support → runners}/auth.rb +14 -1
data/spec/{support → runners}/change_streams.rb +1 -1
data/spec/{support → runners}/change_streams/operation.rb +0 -0
data/spec/{support → runners}/cmap.rb +1 -1
data/spec/{support → runners}/cmap/verifier.rb +0 -0
data/spec/{support → runners}/command_monitoring.rb +0 -0
data/spec/runners/connection_string.rb +358 -4
data/spec/{support → runners}/crud.rb +9 -9
data/spec/{support → runners}/crud/context.rb +0 -0
data/spec/{support → runners}/crud/operation.rb +7 -3
data/spec/{support → runners}/crud/outcome.rb +0 -0
data/spec/{support → runners}/crud/requirement.rb +1 -1
data/spec/{support → runners}/crud/spec.rb +12 -1
data/spec/{support → runners}/crud/test.rb +0 -0
data/spec/{support → runners}/crud/test_base.rb +0 -0
data/spec/{support → runners}/crud/verifier.rb +10 -12
data/spec/{support → runners}/gridfs.rb +0 -0
data/spec/{support → runners}/sdam_monitoring.rb +0 -0
data/spec/{support → runners}/server_discovery_and_monitoring.rb +0 -0
data/spec/{support → runners}/server_selection.rb +0 -0
data/spec/{support → runners}/server_selection_rtt.rb +0 -0
data/spec/{support → runners}/transactions.rb +4 -4
data/spec/{support → runners}/transactions/context.rb +0 -0
data/spec/{support → runners}/transactions/operation.rb +0 -0
data/spec/{support → runners}/transactions/spec.rb +0 -0
data/spec/{support → runners}/transactions/test.rb +37 -5
data/spec/spec_helper.rb +0 -5
data/spec/spec_tests/auth_spec.rb +3 -3
data/spec/spec_tests/client_side_encryption_spec.rb +13 -0
data/spec/spec_tests/connection_string_spec.rb +1 -1
data/spec/spec_tests/data/auth/connection-string.yml +13 -0
data/spec/spec_tests/data/client_side_encryption/aggregate.yml +134 -0
data/spec/spec_tests/data/client_side_encryption/badQueries.yml +526 -0
data/spec/spec_tests/data/client_side_encryption/badSchema.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/basic.yml +116 -0
data/spec/spec_tests/data/client_side_encryption/bulk.yml +85 -0
data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +100 -0
data/spec/spec_tests/data/client_side_encryption/bypassedCommand.yml +42 -0
data/spec/spec_tests/data/client_side_encryption/count.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +59 -0
data/spec/spec_tests/data/client_side_encryption/delete.yml +105 -0
data/spec/spec_tests/data/client_side_encryption/distinct.yml +73 -0
data/spec/spec_tests/data/client_side_encryption/explain.yml +64 -0
data/spec/spec_tests/data/client_side_encryption/find.yml +119 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +57 -0
data/spec/spec_tests/data/client_side_encryption/getMore.yml +68 -0
data/spec/spec_tests/data/client_side_encryption/insert.yml +102 -0
data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +71 -0
data/spec/spec_tests/data/client_side_encryption/localKMS.yml +54 -0
data/spec/spec_tests/data/client_side_encryption/localSchema.yml +72 -0
data/spec/spec_tests/data/client_side_encryption/malformedCiphertext.yml +69 -0
data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +20 -0
data/spec/spec_tests/data/client_side_encryption/missingKey.yml +49 -0
data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +61 -0
data/spec/spec_tests/data/client_side_encryption/types.yml +527 -0
data/spec/spec_tests/data/client_side_encryption/unsupportedCommand.yml +25 -0
data/spec/spec_tests/data/client_side_encryption/updateMany.yml +77 -0
data/spec/spec_tests/data/client_side_encryption/updateOne.yml +168 -0
data/spec/spec_tests/data/read_write_concern/connection-string/write-concern.yml +1 -4
data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +21 -0
data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -4
data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +1 -1
data/spec/spec_tests/data/sdam/rs/primary_mismatched_me_not_removed.yml +73 -0
data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +1 -2
data/spec/spec_tests/data/sdam/rs/repeated.yml +101 -0
data/spec/spec_tests/data/sdam/rs/{primary_address_change.yml → ruby_primary_address_change.yml} +2 -0
data/spec/spec_tests/data/sdam/rs/{secondary_wrong_set_name_with_primary_second.yml → ruby_secondary_wrong_set_name_with_primary_second.yml} +0 -0
data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +27 -0
data/spec/spec_tests/data/sdam/sharded/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/sharded/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
data/spec/spec_tests/data/sdam/single/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
data/spec/spec_tests/data/sdam_monitoring/{replica_set_with_primary_change.yml → replica_set_primary_address_change.yml} +27 -5
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_me_mismatch.yml +26 -74
data/spec/spec_tests/data/sdam_monitoring/replica_set_with_removal.yml +20 -16
data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +73 -0
data/spec/spec_tests/data/transactions/pin-mongos.yml +2 -3
data/spec/spec_tests/data/uri_options/auth-options.yml +10 -0
data/spec/spec_tests/data/uri_options/tls-options.yml +75 -4
data/spec/spec_tests/read_write_concern_connection_string_spec.rb +1 -1
data/spec/spec_tests/uri_options_spec.rb +6 -8
data/spec/stress/connection_pool_timing_spec.rb +6 -3
data/spec/support/certificates/README.md +4 -0
data/spec/support/certificates/server-second-level-bundle.pem +77 -77
data/spec/support/certificates/server-second-level.crt +52 -52
data/spec/support/certificates/server-second-level.key +25 -25
data/spec/support/certificates/server-second-level.pem +77 -77
data/spec/support/client_registry.rb +19 -3
data/spec/support/cluster_config.rb +9 -1
data/spec/support/common_shortcuts.rb +12 -0
data/spec/support/constraints.rb +16 -0
data/spec/support/crypt.rb +140 -0
data/spec/support/crypt/corpus/corpus-key-aws.json +33 -0
data/spec/support/crypt/corpus/corpus-key-local.json +31 -0
data/spec/support/crypt/corpus/corpus-schema.json +2057 -0
data/spec/support/crypt/corpus/corpus.json +3657 -0
data/spec/support/crypt/corpus/corpus_encrypted.json +4152 -0
data/spec/support/crypt/data_keys/key_document_aws.json +34 -0
data/spec/support/crypt/data_keys/key_document_local.json +31 -0
data/spec/support/crypt/external/external-key.json +31 -0
data/spec/support/crypt/external/external-schema.json +19 -0
data/spec/support/crypt/limits/limits-doc.json +102 -0
data/spec/support/crypt/limits/limits-key.json +31 -0
data/spec/support/crypt/limits/limits-schema.json +1405 -0
data/spec/support/crypt/schema_maps/schema_map_aws.json +17 -0
data/spec/support/crypt/schema_maps/schema_map_aws_key_alt_names.json +12 -0
data/spec/support/crypt/schema_maps/schema_map_local.json +18 -0
data/spec/support/crypt/schema_maps/schema_map_local_key_alt_names.json +12 -0
data/spec/support/lite_constraints.rb +17 -1
data/spec/support/matchers.rb +19 -0
data/spec/support/shared/protocol.rb +2 -0
data/spec/support/spec_config.rb +43 -13
data/spec/support/utils.rb +132 -10
metadata +277 -81
metadata.gz.sig +0 -0
data/spec/integration/grid_fs_bucket_spec.rb +0 -48
data/spec/integration/zlib_compression_spec.rb +0 -25
data/spec/spec_tests/data/sdam/sharded/single_mongos.yml +0 -33
data/spec/support/connection_string.rb +0 -354

data/spec/spec_tests/data/client_side_encryption/badQueries.yml ADDED

@@ -0,0 +1,526 @@
+runOn:
+  - minServerVersion: "4.1.10"
+database_name: &database_name "default"
+collection_name: &collection_name "default"
+data:
+  - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
+  - &doc1_encrypted { _id: 2, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACDdw4KFz3ZLquhsbt7RmDjD0N67n0uSXx7IGnQNCLeIKvot6s/ouI21Eo84IOtb6lhwUNPlSEBNY0/hbszWAKJg==', 'subType': '06'}} }
+json_schema: {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
+key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}]
+# TODO: I could see an argument against having these tests of mongocryptd as part
+# of driver tests. When mongocryptd introduces support for these operators, these
+# tests will fail. But it's also easy enough to remove these tests when that happens.
+tests:
+  - description: "$text unconditionally fails"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: find
+        arguments:
+          filter:
+            { $text: { $search: "search text" } }
+        result:
+          errorContains: "Unsupported match expression operator for encryption"
+  - description: "$where unconditionally fails"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: find
+        arguments:
+          filter:
+            { $where: { $code: "function() { return true }" } }
+        result:
+          errorContains: "Unsupported match expression operator for encryption"
+  - description: "$bit operators succeed on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: find
+        arguments:
+          filter: { unencrypted: { $bitsAllClear: 35 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $bitsAllClear: 35 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $bitsAllSet: 35 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $bitsAllSet: 35 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $bitsAnyClear: 35 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $bitsAnyClear: 35 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $bitsAnySet: 35 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $bitsAnySet: 35 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+  - description: "geo operators succeed on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: find
+        arguments:
+          filter: { unencrypted: { $near: [0,0] }}
+        result:
+          # Still an error because no geo index, but from mongod - not mongocryptd.
+          errorContains: "unable to find index"
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $near: [0,0] }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $nearSphere: [0,0] }}
+        result:
+          # Still an error because no geo index, but from mongod - not mongocryptd.
+          errorContains: "unable to find index"
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $nearSphere: [0,0] }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $geoIntersects: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $geoIntersects: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $geoWithin: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $geoWithin: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+  - description: "inequality operators succeed on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: find
+        arguments:
+          filter: { unencrypted: { $gt: 1 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $gt: 1 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $lt: 1 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $lt: 1 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $gte: 1 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $gte: 1 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $lte: 1 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $lte: 1 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+  - description: "other misc operators succeed on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: find
+        arguments:
+          filter: { unencrypted: { $mod: [3, 1] }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $mod: [3, 1] }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $regex: "pattern", $options: "" }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $regex: "pattern", $options: "" }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $size: 2 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $size: 2 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $type: 2 }}
+        result: []
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $type: 2 }}
+        result:
+          errorContains: "Invalid match expression operator on encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $eq: null }}
+        result:
+          - &doc0 { _id: 1, encrypted_string: "string0" }
+          - &doc1 { _id: 2, encrypted_string: "string1" }
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $eq: null }}
+        result:
+          errorContains: "Illegal equality to null predicate for encrypted field"
+      - name: find
+        arguments:
+          filter: { unencrypted: { $in: [null] }}
+        result:
+          - *doc0
+          - *doc1
+      - name: find
+        arguments:
+          filter: { encrypted_string: { $in: [null] }}
+        result:
+          errorContains: "Illegal equality to null inside $in against an encrypted field"
+  - description: "$addToSet succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $addToSet: { "unencrypted": ["a"]}}
+        result:
+          matchedCount: 1
+          modifiedCount: 1
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $addToSet: { "encrypted_string": ["a"]}}
+        result:
+          errorContains: "$addToSet not allowed on encrypted values"
+  - description: "$inc succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $inc: { "unencrypted": 1}}
+        result:
+          matchedCount: 1
+          modifiedCount: 1
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $inc: { "encrypted_string": 1}}
+        result:
+          errorContains: "$inc and $mul not allowed on encrypted values"
+  - description: "$mul succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $mul: { "unencrypted": 1}}
+        result:
+          matchedCount: 1
+          modifiedCount: 1
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $mul: { "encrypted_string": 1}}
+        result:
+          errorContains: "$inc and $mul not allowed on encrypted values"
+  - description: "$max succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $max: { "unencrypted": 1}}
+        result:
+          matchedCount: 1
+          modifiedCount: 1
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $max: { "encrypted_string": 1}}
+        result:
+          errorContains: "$max and $min not allowed on encrypted values"
+  - description: "$min succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $min: { "unencrypted": 1}}
+        result:
+          matchedCount: 1
+          modifiedCount: 1
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $min: { "encrypted_string": 1}}
+        result:
+          errorContains: "$max and $min not allowed on encrypted values"
+  - description: "$currentDate succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $currentDate: { "unencrypted": true}}
+        result:
+          matchedCount: 1
+          modifiedCount: 1
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $currentDate: { "encrypted_string": true }}
+        result:
+          errorContains: "$currentDate not allowed on encrypted values"
+  - description: "$pop succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $pop: { "unencrypted": 1}}
+        result:
+          matchedCount: 1
+          modifiedCount: 0
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $pop: { "encrypted_string": 1 }}
+        result:
+          errorContains: "$pop not allowed on encrypted values"
+  - description: "$pull succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $pull: { "unencrypted": 1}}
+        result:
+          matchedCount: 1
+          modifiedCount: 0
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $pull: { "encrypted_string": 1 }}
+        result:
+          errorContains: "$pull not allowed on encrypted values"
+  - description: "$pullAll succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $pullAll: { "unencrypted": [1] }}
+        result:
+          matchedCount: 1
+          modifiedCount: 0
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $pullAll: { "encrypted_string": [1] }}
+        result:
+          errorContains: "$pullAll not allowed on encrypted values"
+  - description: "$push succeeds on unencrypted, error on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $push: { "unencrypted": 1}}
+        result:
+          matchedCount: 1
+          modifiedCount: 1
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $push: { "encrypted_string": 1 }}
+        result:
+          errorContains: "$push not allowed on encrypted values"
+  - description: "array filters on encrypted fields does not error in mongocryptd, but errors in mongod"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $set : { "encrypted_string.$[i].x": 1 }}
+          arrayFilters: [{ i.x: 1 }]
+        result:
+          errorContains: "Array update operations not allowed on encrypted values"
+  - description: "positional operator succeeds on unencrypted, errors on encrypted"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { "unencrypted": 1 }
+          update: { $set : { "unencrypted.$": 1 }}
+        result:
+          matchedCount: 0
+          modifiedCount: 0
+          upsertedCount: 0
+      - name: updateOne
+        arguments:
+          filter: { "encrypted_string": "abc" }
+          update: { $set : { "encrypted_string.$": "abc" }}
+        result:
+          errorContains: "Cannot encrypt fields below '$' positional update operator"
+  - description: "an update that would produce an array on an encrypted field errors"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: updateOne
+        arguments:
+          filter: { }
+          update: { $set : { "encrypted_string": [1,2] }}
+        result:
+          errorContains: "Cannot encrypt element of type array"
+  - description: "an insert with encrypted field on _id errors"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+        schemaMap:
+          "default.default": {'properties': {'_id': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}}
+    operations:
+      - name: insertOne
+        arguments:
+          document: { _id: 1 }
+        result:
+          errorContains: "Invalid schema containing the 'encrypt' keyword."
+  - description: "an insert with an array value for an encrypted field fails"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: insertOne
+        arguments:
+          document: { encrypted_string: [ "123", "456"] }
+        result:
+          errorContains: "Cannot encrypt element of type array"
+  - description: "an insert with a Timestamp(0,0) value in the top-level fails"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: insertOne
+        arguments:
+          document: { random: {"$timestamp": {"t": 0, "i": 0 }} }
+        result:
+          errorContains: "A command that inserts cannot supply Timestamp(0, 0) for an encrypted"
+  - description: "distinct with the key referring to a field where the keyID is a JSON Pointer errors"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          aws: {} # Credentials filled in from environment.
+    operations:
+      - name: distinct
+        arguments:
+          filter: {}
+          fieldName: "encrypted_w_altname"
+        result:
+          errorContains: "The distinct key is not allowed to be marked for encryption with a non-UUID keyId"