mongo 2.12.0.rc0 → 2.12.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +2 -1
- data/lib/mongo/client.rb +23 -9
- data/lib/mongo/client_encryption.rb +1 -1
- data/lib/mongo/cluster.rb +6 -2
- data/lib/mongo/crypt/auto_decryption_context.rb +3 -5
- data/lib/mongo/crypt/auto_encrypter.rb +17 -7
- data/lib/mongo/crypt/binding.rb +446 -379
- data/lib/mongo/crypt/context.rb +4 -4
- data/lib/mongo/crypt/encryption_io.rb +16 -10
- data/lib/mongo/crypt/explicit_encrypter.rb +3 -3
- data/lib/mongo/crypt/explicit_encryption_context.rb +1 -1
- data/lib/mongo/crypt/handle.rb +26 -4
- data/lib/mongo/crypt/hooks.rb +1 -1
- data/lib/mongo/database.rb +11 -1
- data/lib/mongo/error/bulk_write_error.rb +16 -14
- data/lib/mongo/error/notable.rb +0 -15
- data/lib/mongo/error/parser.rb +1 -1
- data/lib/mongo/grid/file/info.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_check_out_failed.rb +1 -1
- data/lib/mongo/operation/insert/command.rb +3 -2
- data/lib/mongo/operation/insert/legacy.rb +2 -1
- data/lib/mongo/operation/insert/op_msg.rb +1 -1
- data/lib/mongo/operation/shared/executable.rb +9 -9
- data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
- data/lib/mongo/operation/shared/read_preference_supported.rb +68 -19
- data/lib/mongo/operation/shared/response_handling.rb +1 -1
- data/lib/mongo/operation/shared/sessions_supported.rb +44 -3
- data/lib/mongo/protocol/bit_vector.rb +2 -1
- data/lib/mongo/protocol/message.rb +22 -7
- data/lib/mongo/protocol/msg.rb +2 -5
- data/lib/mongo/protocol/serializers.rb +32 -11
- data/lib/mongo/retryable.rb +1 -1
- data/lib/mongo/server/connection.rb +1 -1
- data/lib/mongo/server/connection_base.rb +9 -4
- data/lib/mongo/server/connection_pool/populator.rb +1 -1
- data/lib/mongo/session.rb +1 -1
- data/lib/mongo/srv/monitor.rb +73 -42
- data/lib/mongo/srv/result.rb +0 -1
- data/lib/mongo/uri.rb +1 -1
- data/lib/mongo/uri/srv_protocol.rb +1 -1
- data/lib/mongo/version.rb +1 -1
- data/mongo.gemspec +0 -2
- data/spec/README.md +106 -12
- data/spec/integration/client_construction_spec.rb +29 -5
- data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +6 -4
- data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +19 -17
- data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +5 -4
- data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +11 -8
- data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +14 -9
- data/spec/integration/client_side_encryption/auto_encryption_spec.rb +46 -45
- data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +11 -7
- data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +13 -9
- data/spec/integration/client_side_encryption/client_close_spec.rb +10 -6
- data/spec/integration/client_side_encryption/corpus_spec.rb +19 -14
- data/spec/integration/client_side_encryption/data_key_spec.rb +10 -8
- data/spec/integration/client_side_encryption/external_key_vault_spec.rb +12 -8
- data/spec/integration/client_side_encryption/views_spec.rb +6 -4
- data/spec/integration/client_update_spec.rb +36 -2
- data/spec/integration/crud_spec.rb +89 -0
- data/spec/integration/read_preference_spec.rb +26 -0
- data/spec/integration/srv_monitoring_spec.rb +2 -2
- data/spec/kerberos/kerberos_spec.rb +87 -0
- data/spec/lite_spec_helper.rb +4 -8
- data/spec/mongo/bulk_write/result_spec.rb +11 -7
- data/spec/mongo/client_encryption_spec.rb +3 -6
- data/spec/mongo/crypt/auto_encrypter_spec.rb +8 -3
- data/spec/mongo/crypt/handle_spec.rb +38 -4
- data/spec/mongo/error/bulk_write_error_spec.rb +49 -0
- data/spec/mongo/error/notable_spec.rb +59 -0
- data/spec/mongo/operation/find/legacy_spec.rb +1 -0
- data/spec/mongo/operation/read_preference_legacy_spec.rb +351 -0
- data/spec/mongo/operation/read_preference_op_msg_spec.rb +194 -0
- data/spec/mongo/srv/monitor_spec.rb +88 -69
- data/spec/runners/transactions.rb +5 -7
- data/spec/spec_tests/client_side_encryption_spec.rb +0 -5
- data/spec/spec_tests/data/client_side_encryption/bulk.yml +3 -0
- data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +4 -1
- data/spec/spec_tests/data/client_side_encryption/updateOne.yml +3 -0
- data/spec/support/cluster_tools.rb +6 -1
- data/spec/support/crypt.rb +14 -0
- data/spec/support/lite_constraints.rb +3 -1
- data/spec/support/spec_config.rb +10 -0
- data/spec/support/utils.rb +9 -1
- metadata +15 -14
- metadata.gz.sig +0 -0
- data/lib/mongo/cluster/srv_monitor.rb +0 -127
- data/lib/mongo/srv/warning_result.rb +0 -35
- data/spec/enterprise_auth/kerberos_spec.rb +0 -58
- data/spec/mongo/cluster/srv_monitor_spec.rb +0 -214
- data/spec/mongo/operation/read_preference_spec.rb +0 -245
@@ -31,6 +31,8 @@ describe 'Client-Side Encryption' do
|
|
31
31
|
local: { key: local_master_key },
|
32
32
|
},
|
33
33
|
key_vault_namespace: 'admin.datakeys',
|
34
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
35
|
+
extra_options: extra_options,
|
34
36
|
},
|
35
37
|
database: 'db',
|
36
38
|
)
|
@@ -47,8 +49,10 @@ describe 'Client-Side Encryption' do
|
|
47
49
|
}
|
48
50
|
].create
|
49
51
|
|
50
|
-
client.use('admin')['datakeys']
|
51
|
-
|
52
|
+
key_vault_collection = client.use('admin')['datakeys', write_concern: { w: :majority }]
|
53
|
+
|
54
|
+
key_vault_collection.drop
|
55
|
+
key_vault_collection.insert_one(
|
52
56
|
BSON::ExtJSON.parse(File.read('spec/support/crypt/limits/limits-key.json'))
|
53
57
|
)
|
54
58
|
end
|
@@ -85,7 +89,7 @@ describe 'Client-Side Encryption' do
|
|
85
89
|
context 'when bulk inserting two unencrypted documents under 2MiB' do
|
86
90
|
it 'can perform bulk insert using the encrypted client' do
|
87
91
|
bulk_write = Mongo::BulkWrite.new(
|
88
|
-
client_encrypted[
|
92
|
+
client_encrypted['coll'],
|
89
93
|
[
|
90
94
|
{ insert_one: { _id: 'over_2mib_1', unencrypted: 'a' * _2mib } },
|
91
95
|
{ insert_one: { _id: 'over_2mib_2', unencrypted: 'a' * _2mib } },
|
@@ -107,7 +111,7 @@ describe 'Client-Side Encryption' do
|
|
107
111
|
it 'can perform bulk delete using the encrypted client' do
|
108
112
|
# Insert documents that we can match and delete later
|
109
113
|
bulk_write = Mongo::BulkWrite.new(
|
110
|
-
client_encrypted[
|
114
|
+
client_encrypted['coll'],
|
111
115
|
[
|
112
116
|
{ insert_one: { _id: 'over_2mib_1', unencrypted: 'a' * _2mib } },
|
113
117
|
{ insert_one: { _id: 'over_2mib_2', unencrypted: 'a' * _2mib } },
|
@@ -128,7 +132,7 @@ describe 'Client-Side Encryption' do
|
|
128
132
|
context 'when bulk inserting two encrypted documents under 2MiB' do
|
129
133
|
it 'can perform bulk_insert using the encrypted client' do
|
130
134
|
bulk_write = Mongo::BulkWrite.new(
|
131
|
-
client_encrypted[
|
135
|
+
client_encrypted['coll'],
|
132
136
|
[
|
133
137
|
{
|
134
138
|
insert_one: limits_doc.merge(
|
@@ -158,7 +162,7 @@ describe 'Client-Side Encryption' do
|
|
158
162
|
|
159
163
|
context 'when a single document is just smaller than 16MiB' do
|
160
164
|
it 'can perform insert_one using the encrypted client' do
|
161
|
-
result = client_encrypted[
|
165
|
+
result = client_encrypted['coll'].insert_one(
|
162
166
|
_id: "under_16mib",
|
163
167
|
unencrypted: "a" * (_16mib - 2000)
|
164
168
|
)
|
@@ -170,7 +174,7 @@ describe 'Client-Side Encryption' do
|
|
170
174
|
context 'when an encrypted document is greater than the 16MiB limit' do
|
171
175
|
it 'raises an exception when attempting to insert the document' do
|
172
176
|
expect do
|
173
|
-
client_encrypted[
|
177
|
+
client_encrypted['coll'].insert_one(
|
174
178
|
limits_doc.merge(
|
175
179
|
_id: "encryption_exceeds_16mib",
|
176
180
|
unencrypted: "a" * (16*1024*1024 + 500*1024),
|
@@ -8,6 +8,10 @@ describe 'Client-Side Encryption' do
|
|
8
8
|
|
9
9
|
include_context 'define shared FLE helpers'
|
10
10
|
|
11
|
+
# Choose a different port for mongocryptd than the one used by all the other
|
12
|
+
# tests to avoid failures caused by other tests spawning mongocryptd.
|
13
|
+
let(:mongocryptd_port) { 27091 }
|
14
|
+
|
11
15
|
context 'via mongocryptdBypassSpawn' do
|
12
16
|
let(:test_schema_map) do
|
13
17
|
BSON::ExtJSON.parse(File.read('spec/support/crypt/external/external-schema.json'))
|
@@ -23,19 +27,19 @@ describe 'Client-Side Encryption' do
|
|
23
27
|
schema_map: { 'db.coll' => test_schema_map },
|
24
28
|
extra_options: {
|
25
29
|
mongocryptd_bypass_spawn: true,
|
26
|
-
mongocryptd_uri: "mongodb://localhost
|
27
|
-
mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port
|
30
|
+
mongocryptd_uri: "mongodb://localhost:#{mongocryptd_port}/db?serverSelectionTimeoutMS=1000",
|
31
|
+
mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=#{mongocryptd_port}"],
|
28
32
|
},
|
29
33
|
},
|
30
|
-
database:
|
34
|
+
database: 'db'
|
31
35
|
),
|
32
36
|
)
|
33
37
|
end
|
34
38
|
|
35
39
|
it 'does not spawn' do
|
36
40
|
lambda do
|
37
|
-
client[
|
38
|
-
end.should raise_error(Mongo::Error::NoServerAvailable, /Server address=localhost
|
41
|
+
client['coll'].insert_one(encrypted: 'test')
|
42
|
+
end.should raise_error(Mongo::Error::NoServerAvailable, /Server address=localhost:#{Regexp.quote(mongocryptd_port.to_s)} UNKNOWN/)
|
39
43
|
end
|
40
44
|
end
|
41
45
|
|
@@ -49,21 +53,21 @@ describe 'Client-Side Encryption' do
|
|
49
53
|
key_vault_namespace: 'admin.datakeys',
|
50
54
|
bypass_auto_encryption: true,
|
51
55
|
extra_options: {
|
52
|
-
mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port
|
56
|
+
mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=#{mongocryptd_port}"],
|
53
57
|
},
|
54
58
|
},
|
55
|
-
database:
|
59
|
+
database: 'db'
|
56
60
|
),
|
57
61
|
)
|
58
62
|
end
|
59
63
|
|
60
64
|
let(:mongocryptd_client) do
|
61
|
-
new_local_client([
|
65
|
+
new_local_client(["localhost:#{mongocryptd_port}"], server_selection_timeout: 1)
|
62
66
|
end
|
63
67
|
|
64
68
|
it 'does not spawn' do
|
65
69
|
lambda do
|
66
|
-
client[
|
70
|
+
client['coll'].insert_one(encrypted: 'test')
|
67
71
|
end.should_not raise_error
|
68
72
|
lambda do
|
69
73
|
mongocryptd_client.database.command(ismaster: 1)
|
@@ -6,7 +6,6 @@ describe 'Auto encryption client' do
|
|
6
6
|
min_server_fcv '4.2'
|
7
7
|
|
8
8
|
context 'after client is disconnected' do
|
9
|
-
|
10
9
|
include_context 'define shared FLE helpers'
|
11
10
|
include_context 'with local kms_providers'
|
12
11
|
|
@@ -18,19 +17,21 @@ describe 'Auto encryption client' do
|
|
18
17
|
kms_providers: kms_providers,
|
19
18
|
key_vault_namespace: 'admin.datakeys',
|
20
19
|
schema_map: { 'auto_encryption.users' => schema_map },
|
20
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
21
|
+
extra_options: extra_options,
|
21
22
|
},
|
22
|
-
database:
|
23
|
+
database: 'auto_encryption',
|
23
24
|
)
|
24
25
|
)
|
25
26
|
end
|
26
27
|
|
27
28
|
shared_examples 'a functioning auto-encrypter' do
|
28
29
|
it 'can still perform encryption' do
|
29
|
-
result = client[
|
30
|
+
result = client['users'].insert_one(ssn: '000-000-0000')
|
30
31
|
expect(result).to be_ok
|
31
32
|
|
32
33
|
encrypted_document = authorized_client
|
33
|
-
.use(
|
34
|
+
.use('auto_encryption')['users']
|
34
35
|
.find(_id: result.inserted_ids.first)
|
35
36
|
.first
|
36
37
|
|
@@ -40,7 +41,10 @@ describe 'Auto encryption client' do
|
|
40
41
|
|
41
42
|
context 'after performing operation with auto encryption' do
|
42
43
|
before do
|
43
|
-
|
44
|
+
key_vault_collection.drop
|
45
|
+
key_vault_collection.insert_one(data_key)
|
46
|
+
|
47
|
+
client['users'].insert_one(ssn: ssn)
|
44
48
|
client.close
|
45
49
|
end
|
46
50
|
|
@@ -49,7 +53,7 @@ describe 'Auto encryption client' do
|
|
49
53
|
|
50
54
|
context 'after performing operation without auto encryption' do
|
51
55
|
before do
|
52
|
-
client[
|
56
|
+
client['users'].insert_one(age: 23)
|
53
57
|
client.close
|
54
58
|
end
|
55
59
|
|
@@ -8,11 +8,13 @@ describe 'Client-Side Encryption' do
|
|
8
8
|
|
9
9
|
include_context 'define shared FLE helpers'
|
10
10
|
|
11
|
-
let(:client)
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
11
|
+
let(:client) { authorized_client }
|
12
|
+
|
13
|
+
let(:key_vault_client) do
|
14
|
+
client.with(
|
15
|
+
database: 'admin',
|
16
|
+
write_concern: { w: :majority }
|
17
|
+
)['datakeys']
|
16
18
|
end
|
17
19
|
|
18
20
|
let(:test_schema_map) { BSON::ExtJSON.parse(File.read('spec/support/crypt/corpus/corpus-schema.json')) }
|
@@ -33,8 +35,10 @@ describe 'Client-Side Encryption' do
|
|
33
35
|
},
|
34
36
|
key_vault_namespace: 'admin.datakeys',
|
35
37
|
schema_map: local_schema_map,
|
38
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
39
|
+
extra_options: extra_options,
|
36
40
|
},
|
37
|
-
database:
|
41
|
+
database: 'db',
|
38
42
|
)
|
39
43
|
)
|
40
44
|
end
|
@@ -123,18 +127,19 @@ describe 'Client-Side Encryption' do
|
|
123
127
|
end
|
124
128
|
|
125
129
|
before do
|
126
|
-
client.use(
|
130
|
+
client.use('db')['coll'].drop
|
127
131
|
|
128
|
-
client.use(
|
129
|
-
|
130
|
-
|
132
|
+
key_vault_collection = client.use('admin')['datakeys', write_concern: { w: :majority }]
|
133
|
+
key_vault_collection.drop
|
134
|
+
key_vault_collection.insert_one(local_data_key)
|
135
|
+
key_vault_collection.insert_one(aws_data_key)
|
131
136
|
end
|
132
137
|
|
133
138
|
shared_context 'with jsonSchema collection validator' do
|
134
139
|
let(:local_schema_map) { nil }
|
135
140
|
|
136
141
|
before do
|
137
|
-
client.use(
|
142
|
+
client.use('db')['coll',
|
138
143
|
{
|
139
144
|
'validator' => { '$jsonSchema' => test_schema_map }
|
140
145
|
}
|
@@ -148,11 +153,11 @@ describe 'Client-Side Encryption' do
|
|
148
153
|
|
149
154
|
shared_examples 'a functioning encrypter' do
|
150
155
|
it 'properly encrypts and decrypts a document' do
|
151
|
-
corpus_encrypted_id = client_encrypted[
|
156
|
+
corpus_encrypted_id = client_encrypted['coll']
|
152
157
|
.insert_one(corpus_copied)
|
153
158
|
.inserted_id
|
154
159
|
|
155
|
-
corpus_decrypted = client_encrypted[
|
160
|
+
corpus_decrypted = client_encrypted['coll']
|
156
161
|
.find(_id: corpus_encrypted_id)
|
157
162
|
.first
|
158
163
|
|
@@ -166,7 +171,7 @@ describe 'Client-Side Encryption' do
|
|
166
171
|
end
|
167
172
|
|
168
173
|
corpus_encrypted_actual = client
|
169
|
-
.use(
|
174
|
+
.use('db')['coll']
|
170
175
|
.find(_id: corpus_encrypted_id)
|
171
176
|
.first
|
172
177
|
|
@@ -50,8 +50,10 @@ describe 'Client-Side Encryption' do
|
|
50
50
|
},
|
51
51
|
key_vault_namespace: 'admin.datakeys',
|
52
52
|
schema_map: test_schema_map,
|
53
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
54
|
+
extra_options: extra_options,
|
53
55
|
},
|
54
|
-
database:
|
56
|
+
database: 'db',
|
55
57
|
)
|
56
58
|
)
|
57
59
|
end
|
@@ -73,8 +75,8 @@ describe 'Client-Side Encryption' do
|
|
73
75
|
end
|
74
76
|
|
75
77
|
before do
|
76
|
-
client.use(
|
77
|
-
client.use(
|
78
|
+
client.use('admin')['datakeys'].drop
|
79
|
+
client.use('db')['coll'].drop
|
78
80
|
end
|
79
81
|
|
80
82
|
shared_examples 'can create and use a data key' do
|
@@ -86,7 +88,7 @@ describe 'Client-Side Encryption' do
|
|
86
88
|
|
87
89
|
expect(data_key_id).to be_uuid
|
88
90
|
|
89
|
-
keys = client.use(
|
91
|
+
keys = client.use('admin')['datakeys'].find(_id: data_key_id)
|
90
92
|
|
91
93
|
expect(keys.count).to eq(1)
|
92
94
|
expect(keys.first['masterKey']['provider']).to eq(kms_provider_name)
|
@@ -107,12 +109,12 @@ describe 'Client-Side Encryption' do
|
|
107
109
|
|
108
110
|
expect(encrypted).to be_ciphertext
|
109
111
|
|
110
|
-
client_encrypted[
|
112
|
+
client_encrypted['coll'].insert_one(
|
111
113
|
_id: kms_provider_name,
|
112
|
-
|
114
|
+
value: encrypted,
|
113
115
|
)
|
114
116
|
|
115
|
-
document = client_encrypted[
|
117
|
+
document = client_encrypted['coll'].find(_id: kms_provider_name).first
|
116
118
|
|
117
119
|
expect(document['value']).to eq(value_to_encrypt)
|
118
120
|
|
@@ -128,7 +130,7 @@ describe 'Client-Side Encryption' do
|
|
128
130
|
expect(encrypted_with_alt_name).to eq(encrypted)
|
129
131
|
|
130
132
|
expect do
|
131
|
-
client_encrypted[
|
133
|
+
client_encrypted['coll'].insert_one(encrypted_placeholder: encrypted)
|
132
134
|
end.to raise_error(Mongo::Error::OperationFailure, /Cannot encrypt element of type binData/)
|
133
135
|
end
|
134
136
|
end
|
@@ -36,11 +36,11 @@ describe 'Client-Side Encryption' do
|
|
36
36
|
end
|
37
37
|
|
38
38
|
before do
|
39
|
-
client.use(
|
40
|
-
client.use(
|
39
|
+
client.use('admin')['datakeys'].drop
|
40
|
+
client.use('db')['coll'].drop
|
41
41
|
|
42
42
|
data_key = BSON::ExtJSON.parse(File.read('spec/support/crypt/external/external-key.json'))
|
43
|
-
client.use(
|
43
|
+
client.use('admin')['datakeys', write_concern: { w: :majority }].insert_one(data_key)
|
44
44
|
end
|
45
45
|
|
46
46
|
context 'with default key vault client' do
|
@@ -52,8 +52,10 @@ describe 'Client-Side Encryption' do
|
|
52
52
|
kms_providers: local_kms_providers,
|
53
53
|
key_vault_namespace: 'admin.datakeys',
|
54
54
|
schema_map: test_schema_map,
|
55
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
56
|
+
extra_options: extra_options,
|
55
57
|
},
|
56
|
-
database:
|
58
|
+
database: 'db',
|
57
59
|
)
|
58
60
|
)
|
59
61
|
end
|
@@ -69,10 +71,10 @@ describe 'Client-Side Encryption' do
|
|
69
71
|
end
|
70
72
|
|
71
73
|
it 'inserts an encrypted document with client' do
|
72
|
-
result = client_encrypted[
|
74
|
+
result = client_encrypted['coll'].insert_one(encrypted: 'test')
|
73
75
|
expect(result).to be_ok
|
74
76
|
|
75
|
-
encrypted = client.use(
|
77
|
+
encrypted = client.use('db')['coll'].find.first['encrypted']
|
76
78
|
expect(encrypted).to be_ciphertext
|
77
79
|
end
|
78
80
|
|
@@ -99,8 +101,10 @@ describe 'Client-Side Encryption' do
|
|
99
101
|
key_vault_namespace: 'admin.datakeys',
|
100
102
|
schema_map: test_schema_map,
|
101
103
|
key_vault_client: external_key_vault_client,
|
104
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
105
|
+
extra_options: extra_options,
|
102
106
|
},
|
103
|
-
database:
|
107
|
+
database: 'db',
|
104
108
|
)
|
105
109
|
)
|
106
110
|
end
|
@@ -117,7 +121,7 @@ describe 'Client-Side Encryption' do
|
|
117
121
|
|
118
122
|
it 'raises an authentication exception when auto encrypting' do
|
119
123
|
expect do
|
120
|
-
client_encrypted[
|
124
|
+
client_encrypted['coll'].insert_one(encrypted: 'test')
|
121
125
|
end.to raise_error(Mongo::Auth::Unauthorized, /fake-user/)
|
122
126
|
end
|
123
127
|
|
@@ -22,20 +22,22 @@ describe 'Client-Side Encryption' do
|
|
22
22
|
auto_encryption_options: {
|
23
23
|
kms_providers: local_kms_providers,
|
24
24
|
key_vault_namespace: 'admin.datakeys',
|
25
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
26
|
+
extra_options: extra_options,
|
25
27
|
},
|
26
|
-
database:
|
28
|
+
database: 'db',
|
27
29
|
)
|
28
30
|
)
|
29
31
|
end
|
30
32
|
|
31
33
|
before do
|
32
|
-
client.use(
|
33
|
-
client.use(
|
34
|
+
client.use('db')['view'].drop
|
35
|
+
client.use('db').database.command(create: 'view', viewOn: 'coll')
|
34
36
|
end
|
35
37
|
|
36
38
|
it 'does not perform encryption on views' do
|
37
39
|
expect do
|
38
|
-
client_encrypted[
|
40
|
+
client_encrypted['view'].insert_one({})
|
39
41
|
end.to raise_error(Mongo::Error::CryptError, /cannot auto encrypt a view/)
|
40
42
|
end
|
41
43
|
end
|
@@ -30,22 +30,50 @@ describe Mongo::Client do
|
|
30
30
|
auto_encryption_options: {
|
31
31
|
kms_providers: kms_providers,
|
32
32
|
key_vault_namespace: key_vault_namespace,
|
33
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
34
|
+
extra_options: extra_options,
|
33
35
|
},
|
34
36
|
database: :auto_encryption
|
35
37
|
),
|
36
38
|
)
|
37
39
|
end
|
38
40
|
|
39
|
-
|
40
|
-
|
41
|
+
context 'with new, invalid auto_encryption_options' do
|
42
|
+
let(:new_auto_encryption_options) { { kms_providers: nil } }
|
43
|
+
|
44
|
+
let(:new_client) do
|
45
|
+
old_client.with(auto_encryption_options: new_auto_encryption_options)
|
46
|
+
end
|
47
|
+
|
48
|
+
# Detection of leaked background threads only, these tests do not
|
49
|
+
# actually require a clean slate. https://jira.mongodb.org/browse/RUBY-2138
|
50
|
+
clean_slate
|
51
|
+
|
52
|
+
it 'raises an exception' do
|
53
|
+
expect do
|
54
|
+
new_client
|
55
|
+
end.to raise_error(ArgumentError)
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'allows the original client to keep encrypting' do
|
59
|
+
old_client[:users].insert_one(ssn: ssn)
|
60
|
+
document = authorized_client.use(:auto_encryption)[:users].find.first
|
61
|
+
expect(document['ssn']).to be_ciphertext
|
62
|
+
end
|
41
63
|
end
|
42
64
|
|
43
65
|
context 'with new auto_encryption_options' do
|
66
|
+
let!(:new_client) do
|
67
|
+
old_client.with(auto_encryption_options: new_auto_encryption_options)
|
68
|
+
end
|
69
|
+
|
44
70
|
let(:new_auto_encryption_options) do
|
45
71
|
{
|
46
72
|
kms_providers: kms_providers,
|
47
73
|
key_vault_namespace: key_vault_namespace,
|
48
74
|
schema_map: { 'auto_encryption.users' => schema_map },
|
75
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
76
|
+
extra_options: extra_options,
|
49
77
|
}
|
50
78
|
end
|
51
79
|
|
@@ -79,6 +107,10 @@ describe Mongo::Client do
|
|
79
107
|
end
|
80
108
|
|
81
109
|
context 'with nil auto_encryption_options' do
|
110
|
+
let!(:new_client) do
|
111
|
+
old_client.with(auto_encryption_options: new_auto_encryption_options)
|
112
|
+
end
|
113
|
+
|
82
114
|
let(:new_auto_encryption_options) { nil }
|
83
115
|
|
84
116
|
it 'removes auto encryption options' do
|
@@ -101,6 +133,8 @@ describe Mongo::Client do
|
|
101
133
|
auto_encryption_options: {
|
102
134
|
kms_providers: kms_providers,
|
103
135
|
key_vault_namespace: key_vault_namespace,
|
136
|
+
# Spawn mongocryptd on non-default port for sharded cluster tests
|
137
|
+
extra_options: extra_options,
|
104
138
|
}
|
105
139
|
)
|
106
140
|
)
|