mongo 2.12.0.rc0 → 2.12.1

data/spec/integration/client_side_encryption/bson_size_limit_spec.rb

@@ -31,6 +31,8 @@ describe 'Client-Side Encryption' do
               local: { key: local_master_key },
             },
             key_vault_namespace: 'admin.datakeys',
+            # Spawn mongocryptd on non-default port for sharded cluster tests
+            extra_options: extra_options,
           },
           database: 'db',
         )
@@ -47,8 +49,10 @@ describe 'Client-Side Encryption' do
         }
       ].create
 
-      client.use('admin')['datakeys'].drop
-      client.use('admin')['datakeys'].insert_one(
+      key_vault_collection = client.use('admin')['datakeys', write_concern: { w: :majority }]
+
+      key_vault_collection.drop
+      key_vault_collection.insert_one(
         BSON::ExtJSON.parse(File.read('spec/support/crypt/limits/limits-key.json'))
       )
     end
@@ -85,7 +89,7 @@ describe 'Client-Side Encryption' do
     context 'when bulk inserting two unencrypted documents under 2MiB' do
       it 'can perform bulk insert using the encrypted client' do
         bulk_write = Mongo::BulkWrite.new(
-          client_encrypted[:coll],
+          client_encrypted['coll'],
           [
             { insert_one: { _id: 'over_2mib_1', unencrypted: 'a' * _2mib } },
             { insert_one: { _id: 'over_2mib_2', unencrypted: 'a' * _2mib } },
@@ -107,7 +111,7 @@ describe 'Client-Side Encryption' do
       it 'can perform bulk delete using the encrypted client' do
         # Insert documents that we can match and delete later
         bulk_write = Mongo::BulkWrite.new(
-          client_encrypted[:coll],
+          client_encrypted['coll'],
           [
             { insert_one: { _id: 'over_2mib_1', unencrypted: 'a' * _2mib } },
             { insert_one: { _id: 'over_2mib_2', unencrypted: 'a' * _2mib } },
@@ -128,7 +132,7 @@ describe 'Client-Side Encryption' do
     context 'when bulk inserting two encrypted documents under 2MiB' do
       it 'can perform bulk_insert using the encrypted client' do
         bulk_write = Mongo::BulkWrite.new(
-          client_encrypted[:coll],
+          client_encrypted['coll'],
           [
             {
               insert_one: limits_doc.merge(
@@ -158,7 +162,7 @@ describe 'Client-Side Encryption' do
 
     context 'when a single document is just smaller than 16MiB' do
       it 'can perform insert_one using the encrypted client' do
-        result = client_encrypted[:coll].insert_one(
+        result = client_encrypted['coll'].insert_one(
           _id: "under_16mib",
           unencrypted: "a" * (_16mib - 2000)
         )
@@ -170,7 +174,7 @@ describe 'Client-Side Encryption' do
     context 'when an encrypted document is greater than the 16MiB limit' do
       it 'raises an exception when attempting to insert the document' do
         expect do
-          client_encrypted[:coll].insert_one(
+          client_encrypted['coll'].insert_one(
             limits_doc.merge(
               _id: "encryption_exceeds_16mib",
               unencrypted: "a" * (16*1024*1024 + 500*1024),

data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb

@@ -8,6 +8,10 @@ describe 'Client-Side Encryption' do
 
     include_context 'define shared FLE helpers'
 
+    # Choose a different port for mongocryptd than the one used by all the other
+    # tests to avoid failures caused by other tests spawning mongocryptd.
+    let(:mongocryptd_port) { 27091 }
+
     context 'via mongocryptdBypassSpawn' do
       let(:test_schema_map) do
         BSON::ExtJSON.parse(File.read('spec/support/crypt/external/external-schema.json'))
@@ -23,19 +27,19 @@ describe 'Client-Side Encryption' do
               schema_map: { 'db.coll' => test_schema_map },
               extra_options: {
                 mongocryptd_bypass_spawn: true,
-                mongocryptd_uri: "mongodb://localhost:27090/db?serverSelectionTimeoutMS=1000",
-                mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27090"],
+                mongocryptd_uri: "mongodb://localhost:#{mongocryptd_port}/db?serverSelectionTimeoutMS=1000",
+                mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=#{mongocryptd_port}"],
               },
             },
-            database: :db
+            database: 'db'
           ),
         )
       end
 
       it 'does not spawn' do
         lambda do
-          client[:coll].insert_one(encrypted: 'test')
-        end.should raise_error(Mongo::Error::NoServerAvailable, /Server address=localhost:27090 UNKNOWN/)
+          client['coll'].insert_one(encrypted: 'test')
+        end.should raise_error(Mongo::Error::NoServerAvailable, /Server address=localhost:#{Regexp.quote(mongocryptd_port.to_s)} UNKNOWN/)
       end
     end
 
@@ -49,21 +53,21 @@ describe 'Client-Side Encryption' do
               key_vault_namespace: 'admin.datakeys',
               bypass_auto_encryption: true,
               extra_options: {
-                mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27090"],
+                mongocryptd_spawn_args: [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=#{mongocryptd_port}"],
               },
             },
-            database: :db
+            database: 'db'
           ),
         )
       end
 
       let(:mongocryptd_client) do
-        new_local_client(['localhost:27090'], server_selection_timeout: 1)
+        new_local_client(["localhost:#{mongocryptd_port}"], server_selection_timeout: 1)
       end
 
       it 'does not spawn' do
         lambda do
-          client[:coll].insert_one(encrypted: 'test')
+          client['coll'].insert_one(encrypted: 'test')
         end.should_not raise_error
         lambda do
           mongocryptd_client.database.command(ismaster: 1)

data/spec/integration/client_side_encryption/client_close_spec.rb

@@ -6,7 +6,6 @@ describe 'Auto encryption client' do
   min_server_fcv '4.2'
 
   context 'after client is disconnected' do
-
     include_context 'define shared FLE helpers'
     include_context 'with local kms_providers'
 
@@ -18,19 +17,21 @@ describe 'Auto encryption client' do
             kms_providers: kms_providers,
             key_vault_namespace: 'admin.datakeys',
             schema_map: { 'auto_encryption.users' => schema_map },
+            # Spawn mongocryptd on non-default port for sharded cluster tests
+            extra_options: extra_options,
           },
-          database: :auto_encryption,
+          database: 'auto_encryption',
         )
       )
     end
 
     shared_examples 'a functioning auto-encrypter' do
       it 'can still perform encryption' do
-        result = client[:users].insert_one(ssn: '000-000-0000')
+        result = client['users'].insert_one(ssn: '000-000-0000')
         expect(result).to be_ok
 
         encrypted_document = authorized_client
-          .use(:auto_encryption)[:users]
+          .use('auto_encryption')['users']
           .find(_id: result.inserted_ids.first)
           .first
 
@@ -40,7 +41,10 @@ describe 'Auto encryption client' do
 
     context 'after performing operation with auto encryption' do
       before do
-        client[:users].insert_one(ssn: ssn)
+        key_vault_collection.drop
+        key_vault_collection.insert_one(data_key)
+
+        client['users'].insert_one(ssn: ssn)
         client.close
       end
 
@@ -49,7 +53,7 @@ describe 'Auto encryption client' do
 
     context 'after performing operation without auto encryption' do
       before do
-        client[:users].insert_one(age: 23)
+        client['users'].insert_one(age: 23)
         client.close
       end
 

data/spec/integration/client_side_encryption/corpus_spec.rb

@@ -8,11 +8,13 @@ describe 'Client-Side Encryption' do
 
     include_context 'define shared FLE helpers'
 
-    let(:client) do
-      new_local_client(
-        SpecConfig.instance.addresses,
-        SpecConfig.instance.test_options
-      )
+    let(:client) { authorized_client }
+
+    let(:key_vault_client) do
+      client.with(
+        database: 'admin',
+        write_concern: { w: :majority }
+      )['datakeys']
     end
 
     let(:test_schema_map) { BSON::ExtJSON.parse(File.read('spec/support/crypt/corpus/corpus-schema.json')) }
@@ -33,8 +35,10 @@ describe 'Client-Side Encryption' do
             },
             key_vault_namespace: 'admin.datakeys',
             schema_map: local_schema_map,
+            # Spawn mongocryptd on non-default port for sharded cluster tests
+            extra_options: extra_options,
           },
-          database: :db,
+          database: 'db',
         )
       )
     end
@@ -123,18 +127,19 @@ describe 'Client-Side Encryption' do
     end
 
     before do
-      client.use(:db)[:coll].drop
+      client.use('db')['coll'].drop
 
-      client.use(:admin)[:datakeys].drop
-      client.use(:admin)[:datakeys].insert_one(local_data_key)
-      client.use(:admin)[:datakeys].insert_one(aws_data_key)
+      key_vault_collection = client.use('admin')['datakeys', write_concern: { w: :majority }]
+      key_vault_collection.drop
+      key_vault_collection.insert_one(local_data_key)
+      key_vault_collection.insert_one(aws_data_key)
     end
 
     shared_context 'with jsonSchema collection validator' do
       let(:local_schema_map) { nil }
 
       before do
-        client.use(:db)[:coll,
+        client.use('db')['coll',
           {
             'validator' => { '$jsonSchema' => test_schema_map }
           }
@@ -148,11 +153,11 @@ describe 'Client-Side Encryption' do
 
     shared_examples 'a functioning encrypter' do
       it 'properly encrypts and decrypts a document' do
-        corpus_encrypted_id = client_encrypted[:coll]
+        corpus_encrypted_id = client_encrypted['coll']
           .insert_one(corpus_copied)
           .inserted_id
 
-        corpus_decrypted = client_encrypted[:coll]
+        corpus_decrypted = client_encrypted['coll']
           .find(_id: corpus_encrypted_id)
           .first
 
@@ -166,7 +171,7 @@ describe 'Client-Side Encryption' do
         end
 
         corpus_encrypted_actual = client
-          .use(:db)[:coll]
+          .use('db')['coll']
           .find(_id: corpus_encrypted_id)
           .first
 

data/spec/integration/client_side_encryption/data_key_spec.rb

@@ -50,8 +50,10 @@ describe 'Client-Side Encryption' do
             },
             key_vault_namespace: 'admin.datakeys',
             schema_map: test_schema_map,
+            # Spawn mongocryptd on non-default port for sharded cluster tests
+            extra_options: extra_options,
           },
-          database: :db,
+          database: 'db',
         )
       )
     end
@@ -73,8 +75,8 @@ describe 'Client-Side Encryption' do
     end
 
     before do
-      client.use(:admin)[:datakeys].drop
-      client.use(:db)[:coll].drop
+      client.use('admin')['datakeys'].drop
+      client.use('db')['coll'].drop
     end
 
     shared_examples 'can create and use a data key' do
@@ -86,7 +88,7 @@ describe 'Client-Side Encryption' do
 
         expect(data_key_id).to be_uuid
 
-        keys = client.use(:admin)[:datakeys].find(_id: data_key_id)
+        keys = client.use('admin')['datakeys'].find(_id: data_key_id)
 
         expect(keys.count).to eq(1)
         expect(keys.first['masterKey']['provider']).to eq(kms_provider_name)
@@ -107,12 +109,12 @@ describe 'Client-Side Encryption' do
 
         expect(encrypted).to be_ciphertext
 
-        client_encrypted[:coll].insert_one(
+        client_encrypted['coll'].insert_one(
           _id: kms_provider_name,
-          'value': encrypted,
+          value: encrypted,
         )
 
-        document = client_encrypted[:coll].find(_id: kms_provider_name).first
+        document = client_encrypted['coll'].find(_id: kms_provider_name).first
 
         expect(document['value']).to eq(value_to_encrypt)
 
@@ -128,7 +130,7 @@ describe 'Client-Side Encryption' do
         expect(encrypted_with_alt_name).to eq(encrypted)
 
         expect do
-          client_encrypted[:coll].insert_one(encrypted_placeholder: encrypted)
+          client_encrypted['coll'].insert_one(encrypted_placeholder: encrypted)
         end.to raise_error(Mongo::Error::OperationFailure, /Cannot encrypt element of type binData/)
       end
     end

data/spec/integration/client_side_encryption/external_key_vault_spec.rb

@@ -36,11 +36,11 @@ describe 'Client-Side Encryption' do
     end
 
     before do
-      client.use(:admin)[:datakeys].drop
-      client.use(:db)[:coll].drop
+      client.use('admin')['datakeys'].drop
+      client.use('db')['coll'].drop
 
       data_key = BSON::ExtJSON.parse(File.read('spec/support/crypt/external/external-key.json'))
-      client.use(:admin)[:datakeys].insert_one(data_key)
+      client.use('admin')['datakeys', write_concern: { w: :majority }].insert_one(data_key)
     end
 
     context 'with default key vault client' do
@@ -52,8 +52,10 @@ describe 'Client-Side Encryption' do
               kms_providers: local_kms_providers,
               key_vault_namespace: 'admin.datakeys',
               schema_map: test_schema_map,
+              # Spawn mongocryptd on non-default port for sharded cluster tests
+              extra_options: extra_options,
             },
-            database: :db,
+            database: 'db',
           )
         )
       end
@@ -69,10 +71,10 @@ describe 'Client-Side Encryption' do
       end
 
       it 'inserts an encrypted document with client' do
-        result = client_encrypted[:coll].insert_one(encrypted: 'test')
+        result = client_encrypted['coll'].insert_one(encrypted: 'test')
         expect(result).to be_ok
 
-        encrypted = client.use(:db)[:coll].find.first['encrypted']
+        encrypted = client.use('db')['coll'].find.first['encrypted']
         expect(encrypted).to be_ciphertext
       end
 
@@ -99,8 +101,10 @@ describe 'Client-Side Encryption' do
               key_vault_namespace: 'admin.datakeys',
               schema_map: test_schema_map,
               key_vault_client: external_key_vault_client,
+              # Spawn mongocryptd on non-default port for sharded cluster tests
+              extra_options: extra_options,
             },
-            database: :db,
+            database: 'db',
           )
         )
       end
@@ -117,7 +121,7 @@ describe 'Client-Side Encryption' do
 
        it 'raises an authentication exception when auto encrypting' do
         expect do
-          client_encrypted[:coll].insert_one(encrypted: 'test')
+          client_encrypted['coll'].insert_one(encrypted: 'test')
         end.to raise_error(Mongo::Auth::Unauthorized, /fake-user/)
       end
 

data/spec/integration/client_side_encryption/views_spec.rb

@@ -22,20 +22,22 @@ describe 'Client-Side Encryption' do
           auto_encryption_options: {
             kms_providers: local_kms_providers,
             key_vault_namespace: 'admin.datakeys',
+            # Spawn mongocryptd on non-default port for sharded cluster tests
+            extra_options: extra_options,
           },
-          database: :db,
+          database: 'db',
         )
       )
     end
 
     before do
-      client.use(:db)[:view].drop
-      client.use(:db).database.command(create: "view", viewOn: "coll")
+      client.use('db')['view'].drop
+      client.use('db').database.command(create: 'view', viewOn: 'coll')
     end
 
     it 'does not perform encryption on views' do
       expect do
-        client_encrypted[:view].insert_one({})
+        client_encrypted['view'].insert_one({})
       end.to raise_error(Mongo::Error::CryptError, /cannot auto encrypt a view/)
     end
   end

data/spec/integration/client_update_spec.rb

@@ -30,22 +30,50 @@ describe Mongo::Client do
             auto_encryption_options: {
               kms_providers: kms_providers,
               key_vault_namespace: key_vault_namespace,
+              # Spawn mongocryptd on non-default port for sharded cluster tests
+              extra_options: extra_options,
             },
             database: :auto_encryption
           ),
         )
       end
 
-      let!(:new_client) do
-        old_client.with(auto_encryption_options: new_auto_encryption_options)
+      context 'with new, invalid auto_encryption_options' do
+        let(:new_auto_encryption_options) { { kms_providers: nil } }
+
+        let(:new_client) do
+          old_client.with(auto_encryption_options: new_auto_encryption_options)
+        end
+
+        # Detection of leaked background threads only, these tests do not
+        # actually require a clean slate. https://jira.mongodb.org/browse/RUBY-2138
+        clean_slate
+
+        it 'raises an exception' do
+          expect do
+            new_client
+          end.to raise_error(ArgumentError)
+        end
+
+        it 'allows the original client to keep encrypting' do
+          old_client[:users].insert_one(ssn: ssn)
+          document = authorized_client.use(:auto_encryption)[:users].find.first
+          expect(document['ssn']).to be_ciphertext
+        end
       end
 
       context 'with new auto_encryption_options' do
+        let!(:new_client) do
+          old_client.with(auto_encryption_options: new_auto_encryption_options)
+        end
+
         let(:new_auto_encryption_options) do
           {
             kms_providers: kms_providers,
             key_vault_namespace: key_vault_namespace,
             schema_map: { 'auto_encryption.users' => schema_map },
+            # Spawn mongocryptd on non-default port for sharded cluster tests
+            extra_options: extra_options,
           }
         end
 
@@ -79,6 +107,10 @@ describe Mongo::Client do
       end
 
       context 'with nil auto_encryption_options' do
+        let!(:new_client) do
+          old_client.with(auto_encryption_options: new_auto_encryption_options)
+        end
+
         let(:new_auto_encryption_options) { nil }
 
         it 'removes auto encryption options' do
@@ -101,6 +133,8 @@ describe Mongo::Client do
             auto_encryption_options: {
               kms_providers: kms_providers,
               key_vault_namespace: key_vault_namespace,
+              # Spawn mongocryptd on non-default port for sharded cluster tests
+              extra_options: extra_options,
             }
           )
         )