mongo 2.17.2 → 2.18.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +21 -37
- data/lib/mongo/auth/base.rb +8 -1
- data/lib/mongo/auth.rb +12 -1
- data/lib/mongo/bulk_write/result.rb +10 -1
- data/lib/mongo/bulk_write/result_combiner.rb +2 -4
- data/lib/mongo/bulk_write.rb +115 -29
- data/lib/mongo/client.rb +133 -17
- data/lib/mongo/client_encryption.rb +113 -10
- data/lib/mongo/cluster/reapers/cursor_reaper.rb +11 -1
- data/lib/mongo/cluster.rb +26 -28
- data/lib/mongo/collection/helpers.rb +43 -0
- data/lib/mongo/collection/queryable_encryption.rb +122 -0
- data/lib/mongo/collection/view/aggregation.rb +22 -16
- data/lib/mongo/collection/view/change_stream.rb +65 -23
- data/lib/mongo/collection/view/explainable.rb +1 -1
- data/lib/mongo/collection/view/iterable.rb +2 -2
- data/lib/mongo/collection/view/map_reduce.rb +18 -9
- data/lib/mongo/collection/view/readable.rb +29 -25
- data/lib/mongo/collection/view/writable.rb +133 -40
- data/lib/mongo/collection.rb +117 -49
- data/lib/mongo/config/options.rb +62 -0
- data/lib/mongo/config/validators/option.rb +26 -0
- data/lib/mongo/config.rb +42 -0
- data/lib/mongo/crypt/auto_encrypter.rb +136 -14
- data/lib/mongo/crypt/binding.rb +513 -144
- data/lib/mongo/crypt/context.rb +5 -2
- data/lib/mongo/crypt/data_key_context.rb +12 -104
- data/lib/mongo/crypt/encryption_io.rb +94 -60
- data/lib/mongo/crypt/explicit_encrypter.rb +143 -26
- data/lib/mongo/crypt/explicit_encryption_context.rb +25 -2
- data/lib/mongo/crypt/handle.rb +160 -86
- data/lib/mongo/crypt/hooks.rb +25 -2
- data/lib/mongo/crypt/kms/aws.rb +136 -0
- data/lib/mongo/crypt/kms/azure.rb +144 -0
- data/lib/mongo/crypt/kms/credentials.rb +81 -0
- data/lib/mongo/crypt/kms/gcp.rb +189 -0
- data/lib/mongo/crypt/kms/kmip.rb +116 -0
- data/lib/mongo/crypt/kms/local.rb +82 -0
- data/lib/mongo/crypt/kms/master_key_document.rb +65 -0
- data/lib/mongo/crypt/kms.rb +117 -0
- data/lib/mongo/crypt/rewrap_many_data_key_context.rb +46 -0
- data/lib/mongo/crypt/rewrap_many_data_key_result.rb +37 -0
- data/lib/mongo/crypt/status.rb +8 -2
- data/lib/mongo/crypt.rb +3 -0
- data/lib/mongo/cursor/kill_spec.rb +27 -6
- data/lib/mongo/cursor.rb +26 -11
- data/lib/mongo/database/view.rb +6 -3
- data/lib/mongo/database.rb +57 -13
- data/lib/mongo/dbref.rb +1 -105
- data/lib/mongo/error/bulk_write_error.rb +31 -4
- data/lib/mongo/error/invalid_config_option.rb +20 -0
- data/lib/mongo/error/invalid_replacement_document.rb +27 -9
- data/lib/mongo/error/invalid_update_document.rb +27 -7
- data/lib/mongo/error/labelable.rb +72 -0
- data/lib/mongo/error/missing_connection.rb +25 -0
- data/lib/mongo/error/missing_file_chunk.rb +8 -2
- data/lib/mongo/error/notable.rb +7 -0
- data/lib/mongo/error/operation_failure.rb +34 -86
- data/lib/mongo/error/read_write_retryable.rb +108 -0
- data/lib/mongo/{operation/kill_cursors/legacy.rb → error/session_not_materialized.rb} +7 -19
- data/lib/mongo/error.rb +5 -37
- data/lib/mongo/grid/stream/read.rb +6 -0
- data/lib/mongo/index/view.rb +23 -7
- data/lib/mongo/monitoring/event/command_failed.rb +8 -2
- data/lib/mongo/monitoring/event/command_started.rb +1 -1
- data/lib/mongo/monitoring/event/command_succeeded.rb +9 -2
- data/lib/mongo/monitoring/publishable.rb +9 -5
- data/lib/mongo/operation/collections_info/result.rb +5 -2
- data/lib/mongo/operation/command/op_msg.rb +6 -0
- data/lib/mongo/operation/context.rb +24 -6
- data/lib/mongo/operation/count/op_msg.rb +4 -1
- data/lib/mongo/operation/create/op_msg.rb +4 -1
- data/lib/mongo/operation/create_index/op_msg.rb +2 -1
- data/lib/mongo/operation/delete/op_msg.rb +1 -0
- data/lib/mongo/operation/delete.rb +0 -1
- data/lib/mongo/operation/distinct/op_msg.rb +4 -1
- data/lib/mongo/operation/drop_index/op_msg.rb +5 -1
- data/lib/mongo/operation/get_more/command_builder.rb +5 -1
- data/lib/mongo/operation/insert/bulk_result.rb +5 -1
- data/lib/mongo/operation/insert/command.rb +0 -4
- data/lib/mongo/operation/insert/op_msg.rb +6 -3
- data/lib/mongo/operation/insert/result.rb +6 -3
- data/lib/mongo/operation/insert.rb +0 -1
- data/lib/mongo/operation/kill_cursors.rb +0 -1
- data/lib/mongo/operation/list_collections/op_msg.rb +4 -1
- data/lib/mongo/operation/map_reduce/result.rb +16 -0
- data/lib/mongo/operation/result.rb +21 -5
- data/lib/mongo/operation/shared/executable.rb +21 -6
- data/lib/mongo/operation/shared/polymorphic_operation.rb +15 -3
- data/lib/mongo/operation/shared/response_handling.rb +6 -5
- data/lib/mongo/operation/shared/sessions_supported.rb +7 -3
- data/lib/mongo/operation/shared/write.rb +18 -12
- data/lib/mongo/operation/update/op_msg.rb +2 -1
- data/lib/mongo/operation/update.rb +0 -1
- data/lib/mongo/protocol/caching_hash.rb +69 -0
- data/lib/mongo/protocol/msg.rb +21 -1
- data/lib/mongo/protocol.rb +1 -0
- data/lib/mongo/query_cache.rb +15 -0
- data/lib/mongo/retryable.rb +78 -30
- data/lib/mongo/server/connection.rb +33 -0
- data/lib/mongo/server/connection_base.rb +2 -0
- data/lib/mongo/server/connection_common.rb +4 -1
- data/lib/mongo/server/connection_pool.rb +74 -46
- data/lib/mongo/server/description/features.rb +3 -1
- data/lib/mongo/server/description.rb +7 -2
- data/lib/mongo/server/monitor/connection.rb +1 -0
- data/lib/mongo/server/monitor.rb +25 -13
- data/lib/mongo/server/push_monitor.rb +13 -3
- data/lib/mongo/server.rb +9 -5
- data/lib/mongo/session/session_pool.rb +8 -0
- data/lib/mongo/session.rb +111 -35
- data/lib/mongo/socket/ocsp_verifier.rb +4 -5
- data/lib/mongo/socket/tcp.rb +3 -0
- data/lib/mongo/srv/resolver.rb +24 -3
- data/lib/mongo/uri/options_mapper.rb +2 -0
- data/lib/mongo/uri/srv_protocol.rb +1 -1
- data/lib/mongo/uri.rb +20 -0
- data/lib/mongo/version.rb +1 -1
- data/lib/mongo.rb +22 -0
- data/mongo.gemspec +10 -4
- data/spec/README.md +23 -5
- data/spec/integration/aws_lambda_examples_spec.rb +68 -0
- data/spec/integration/bulk_write_error_message_spec.rb +32 -0
- data/spec/integration/bulk_write_spec.rb +16 -0
- data/spec/integration/change_stream_spec.rb +6 -5
- data/spec/integration/client_construction_spec.rb +74 -8
- data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +9 -9
- data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +168 -168
- data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +0 -1
- data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +31 -0
- data/spec/integration/client_side_encryption/auto_encryption_spec.rb +108 -1
- data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +2 -2
- data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +2 -2
- data/spec/integration/client_side_encryption/client_close_spec.rb +1 -1
- data/spec/integration/client_side_encryption/corpus_spec.rb +64 -35
- data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +39 -42
- data/spec/integration/client_side_encryption/data_key_spec.rb +97 -7
- data/spec/integration/client_side_encryption/decryption_events_prose_spec.rb +158 -0
- data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +59 -0
- data/spec/integration/client_side_encryption/explicit_queryable_encryption_spec.rb +147 -0
- data/spec/integration/client_side_encryption/external_key_vault_spec.rb +6 -6
- data/spec/integration/client_side_encryption/kms_tls_options_spec.rb +436 -0
- data/spec/integration/client_side_encryption/kms_tls_spec.rb +92 -0
- data/spec/integration/client_side_encryption/queryable_encryption_examples_spec.rb +111 -0
- data/spec/integration/client_side_encryption/unique_index_on_key_alt_names_prose_spec.rb +85 -0
- data/spec/integration/client_side_encryption/views_spec.rb +1 -1
- data/spec/integration/client_update_spec.rb +2 -2
- data/spec/integration/crud_spec.rb +12 -0
- data/spec/integration/cursor_pinning_spec.rb +3 -3
- data/spec/integration/fork_reconnect_spec.rb +15 -8
- data/spec/integration/grid_fs_bucket_spec.rb +3 -3
- data/spec/integration/ocsp_verifier_spec.rb +3 -0
- data/spec/integration/query_cache_spec.rb +34 -30
- data/spec/integration/reconnect_spec.rb +2 -0
- data/spec/integration/retryable_writes/retryable_writes_36_and_older_spec.rb +1 -1
- data/spec/integration/server_monitor_spec.rb +2 -1
- data/spec/integration/size_limit_spec.rb +4 -1
- data/spec/integration/snapshot_query_examples_spec.rb +127 -0
- data/spec/integration/srv_monitoring_spec.rb +38 -0
- data/spec/integration/srv_spec.rb +1 -0
- data/spec/integration/step_down_spec.rb +20 -4
- data/spec/integration/transaction_pinning_spec.rb +2 -2
- data/spec/integration/versioned_api_examples_spec.rb +37 -31
- data/spec/lite_spec_helper.rb +19 -9
- data/spec/mongo/address/ipv6_spec.rb +7 -0
- data/spec/mongo/address_spec.rb +7 -0
- data/spec/mongo/auth/scram/conversation_spec.rb +23 -23
- data/spec/mongo/auth/scram256/conversation_spec.rb +20 -20
- data/spec/mongo/auth/scram_negotiation_spec.rb +1 -0
- data/spec/mongo/bulk_write/result_spec.rb +15 -1
- data/spec/mongo/bulk_write_spec.rb +141 -20
- data/spec/mongo/client_construction_spec.rb +186 -9
- data/spec/mongo/client_encryption_spec.rb +10 -22
- data/spec/mongo/client_spec.rb +297 -1
- data/spec/mongo/cluster/cursor_reaper_spec.rb +21 -3
- data/spec/mongo/cluster_spec.rb +0 -44
- data/spec/mongo/collection/view/aggregation_spec.rb +121 -2
- data/spec/mongo/collection/view/change_stream_spec.rb +2 -2
- data/spec/mongo/collection/view/readable_spec.rb +605 -1
- data/spec/mongo/collection/view/writable_spec.rb +144 -32
- data/spec/mongo/collection_crud_spec.rb +63 -13
- data/spec/mongo/collection_spec.rb +32 -0
- data/spec/mongo/config/options_spec.rb +75 -0
- data/spec/mongo/config_spec.rb +73 -0
- data/spec/mongo/crypt/auto_decryption_context_spec.rb +17 -1
- data/spec/mongo/crypt/auto_encrypter_spec.rb +256 -5
- data/spec/mongo/crypt/auto_encryption_context_spec.rb +17 -1
- data/spec/mongo/crypt/binding/context_spec.rb +67 -17
- data/spec/mongo/crypt/binding/mongocrypt_spec.rb +17 -46
- data/spec/mongo/crypt/binding/version_spec.rb +33 -0
- data/spec/mongo/crypt/binding_unloaded_spec.rb +14 -0
- data/spec/mongo/crypt/data_key_context_spec.rb +42 -114
- data/spec/mongo/crypt/encryption_io_spec.rb +2 -0
- data/spec/mongo/crypt/explicit_decryption_context_spec.rb +32 -1
- data/spec/mongo/crypt/explicit_encryption_context_spec.rb +94 -1
- data/spec/mongo/crypt/handle_spec.rb +172 -156
- data/spec/mongo/crypt/hooks_spec.rb +30 -0
- data/spec/mongo/crypt/kms/credentials_spec.rb +357 -0
- data/spec/mongo/crypt/kms_spec.rb +59 -0
- data/spec/mongo/cursor_spec.rb +87 -1
- data/spec/mongo/database_spec.rb +66 -1
- data/spec/mongo/error/operation_failure_heavy_spec.rb +49 -0
- data/spec/mongo/index/view_spec.rb +125 -0
- data/spec/mongo/operation/create/op_msg_spec.rb +244 -0
- data/spec/mongo/operation/delete/op_msg_spec.rb +13 -4
- data/spec/mongo/operation/delete_spec.rb +0 -30
- data/spec/mongo/operation/insert/op_msg_spec.rb +18 -10
- data/spec/mongo/operation/insert_spec.rb +0 -32
- data/spec/mongo/operation/result_spec.rb +20 -0
- data/spec/mongo/operation/update/op_msg_spec.rb +13 -4
- data/spec/mongo/operation/update_spec.rb +0 -29
- data/spec/mongo/protocol/caching_hash_spec.rb +82 -0
- data/spec/mongo/protocol/msg_spec.rb +41 -0
- data/spec/mongo/query_cache_spec.rb +1 -0
- data/spec/mongo/retryable_spec.rb +32 -3
- data/spec/mongo/server/connection_auth_spec.rb +3 -1
- data/spec/mongo/server/connection_common_spec.rb +13 -1
- data/spec/mongo/server/connection_pool_spec.rb +120 -53
- data/spec/mongo/server/connection_spec.rb +50 -159
- data/spec/mongo/server/description/features_spec.rb +24 -0
- data/spec/mongo/server/push_monitor_spec.rb +2 -8
- data/spec/mongo/session_spec.rb +26 -6
- data/spec/mongo/session_transaction_spec.rb +2 -1
- data/spec/mongo/socket/ssl_spec.rb +18 -7
- data/spec/mongo/uri/srv_protocol_spec.rb +101 -2
- data/spec/mongo/uri_spec.rb +25 -0
- data/spec/runners/connection_string.rb +8 -0
- data/spec/runners/crud/operation.rb +12 -3
- data/spec/runners/crud/requirement.rb +9 -4
- data/spec/runners/crud/spec.rb +5 -0
- data/spec/runners/crud/test.rb +1 -1
- data/spec/runners/crud/verifier.rb +6 -0
- data/spec/runners/transactions/spec.rb +2 -2
- data/spec/runners/transactions/test.rb +19 -16
- data/spec/runners/transactions.rb +11 -8
- data/spec/runners/unified/assertions.rb +90 -11
- data/spec/runners/unified/change_stream_operations.rb +12 -0
- data/spec/runners/unified/client_side_encryption_operations.rb +83 -0
- data/spec/runners/unified/crud_operations.rb +67 -4
- data/spec/runners/unified/ddl_operations.rb +45 -0
- data/spec/runners/unified/error.rb +2 -1
- data/spec/runners/unified/grid_fs_operations.rb +21 -0
- data/spec/runners/unified/support_operations.rb +5 -2
- data/spec/runners/unified/test.rb +78 -5
- data/spec/runners/unified.rb +9 -2
- data/spec/shared/lib/mrss/constraints.rb +10 -17
- data/spec/shared/lib/mrss/docker_runner.rb +23 -3
- data/spec/shared/lib/mrss/eg_config_utils.rb +51 -0
- data/spec/shared/lib/mrss/event_subscriber.rb +15 -5
- data/spec/shared/lib/mrss/lite_constraints.rb +40 -1
- data/spec/shared/lib/mrss/session_registry.rb +69 -0
- data/spec/shared/lib/mrss/session_registry_legacy.rb +60 -0
- data/spec/shared/share/Dockerfile.erb +56 -54
- data/spec/shared/shlib/config.sh +27 -0
- data/spec/shared/shlib/distro.sh +2 -1
- data/spec/shared/shlib/server.sh +46 -21
- data/spec/shared/shlib/set_env.sh +43 -5
- data/spec/solo/clean_exit_spec.rb +5 -0
- data/spec/spec_helper.rb +0 -1
- data/spec/spec_tests/client_side_encryption_spec.rb +1 -1
- data/spec/spec_tests/client_side_encryption_unified_spec.rb +16 -0
- data/spec/spec_tests/crud_spec.rb +0 -10
- data/spec/spec_tests/data/change_streams_unified/change-streams-errors.yml +124 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-pre_and_post_images.yml +351 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-allowlist.yml +1171 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-errorLabels.yml +1071 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-showExpandedEvents.yml +298 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams.yml +859 -4
- data/spec/spec_tests/data/client_side_encryption/aggregate.yml +3 -17
- data/spec/spec_tests/data/client_side_encryption/azureKMS.yml +46 -0
- data/spec/spec_tests/data/client_side_encryption/badQueries.yml +12 -2
- data/spec/spec_tests/data/client_side_encryption/basic.yml +3 -17
- data/spec/spec_tests/data/client_side_encryption/bulk.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +2 -2
- data/spec/spec_tests/data/client_side_encryption/count.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/create-and-createIndexes.yml +58 -0
- data/spec/spec_tests/data/client_side_encryption/delete.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/distinct.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/explain.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/find.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/fle2-BypassQueryAnalysis.yml +101 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Compact.yml +80 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-CreateCollection.yml +1263 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-DecryptExistingData.yml +64 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Delete.yml +107 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-EncryptedFieldsMap.yml +80 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-jsonSchema.yml +90 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFieldsMap-defaults.yml +57 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-FindOneAndUpdate.yml +213 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Indexed.yml +86 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Unindexed.yml +83 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-MissingKey.yml +41 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-NoEncryption.yml +42 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Update.yml +221 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-validatorAndPartialFieldExpression.yml +168 -0
- data/spec/spec_tests/data/client_side_encryption/gcpKMS.yml +46 -0
- data/spec/spec_tests/data/client_side_encryption/getMore.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/insert.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/localKMS.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/localSchema.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +2 -0
- data/spec/spec_tests/data/client_side_encryption/missingKey.yml +2 -9
- data/spec/spec_tests/data/client_side_encryption/noSchema.yml +39 -0
- data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/types.yml +44 -70
- data/spec/spec_tests/data/client_side_encryption/unified/addKeyAltName.yml +194 -0
- data/spec/spec_tests/data/client_side_encryption/unified/createDataKey-kms_providers-invalid.yml +67 -0
- data/spec/spec_tests/data/client_side_encryption/unified/createDataKey.yml +309 -0
- data/spec/spec_tests/data/client_side_encryption/unified/deleteKey.yml +159 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKey.yml +105 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKeyByAltName.yml +104 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKeys.yml +122 -0
- data/spec/spec_tests/data/client_side_encryption/unified/removeKeyAltName.yml +157 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-decrypt_failure.yml +69 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-encrypt_failure.yml +122 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey.yml +432 -0
- data/spec/spec_tests/data/client_side_encryption/updateMany.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/updateOne.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/validatorAndPartialFieldExpression.yml +166 -0
- data/spec/spec_tests/data/collection_management/clustered-indexes.yml +135 -0
- data/spec/spec_tests/data/collection_management/createCollection-pre_and_post_images.yml +50 -0
- data/spec/spec_tests/data/collection_management/modifyCollection-pre_and_post_images.yml +58 -0
- data/spec/spec_tests/data/command_monitoring_unified/bulkWrite.yml +68 -0
- data/spec/spec_tests/data/command_monitoring_unified/command.yml +50 -0
- data/spec/spec_tests/data/command_monitoring_unified/deleteMany.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/deleteOne.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/find.yml +254 -0
- data/spec/spec_tests/data/command_monitoring_unified/insertMany.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/insertOne.yml +77 -0
- data/spec/spec_tests/data/command_monitoring_unified/pre-42-server-connection-id.yml +56 -0
- data/spec/spec_tests/data/command_monitoring_unified/server-connection-id.yml +56 -0
- data/spec/spec_tests/data/command_monitoring_unified/unacknowledgedBulkWrite.yml +55 -0
- data/spec/spec_tests/data/command_monitoring_unified/updateMany.yml +87 -0
- data/spec/spec_tests/data/command_monitoring_unified/updateOne.yml +118 -0
- data/spec/spec_tests/data/crud/read/aggregate-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/count-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/distinct-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/find-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/bulkWrite-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/deleteMany-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/deleteOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndDelete-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndReplace-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndUpdate-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/replaceOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/updateMany-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/updateOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud_unified/aggregate-allowdiskuse.yml +75 -0
- data/spec/spec_tests/data/crud_unified/aggregate-merge.yml +185 -0
- data/spec/spec_tests/data/crud_unified/aggregate-out-readConcern.yml +171 -0
- data/spec/spec_tests/data/crud_unified/aggregate.yml +215 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters-clientError.yml +98 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters.yml +174 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-comment.yml +189 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-clientError.yml +113 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-serverError.yml +142 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint.yml +154 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-hint-unacknowledged.yml +98 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-let.yml +86 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-hint-unacknowledged.yml +97 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-let.yml +86 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-insertOne-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-dots_and_dollars.yml +165 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-hint-unacknowledged.yml +103 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-let.yml +93 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-clientError.yml +148 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-serverError.yml +239 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint.yml +256 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-validation.yml +73 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-dots_and_dollars.yml +150 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-hint-unacknowledged.yml +104 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-let.yml +96 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-dots_and_dollars.yml +150 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-hint-unacknowledged.yml +103 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-let.yml +95 -0
- data/spec/spec_tests/data/crud_unified/countDocuments-comment.yml +92 -0
- data/spec/spec_tests/data/crud_unified/db-aggregate.yml +73 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-comment.yml +97 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-clientError.yml +87 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-serverError.yml +107 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-unacknowledged.yml +90 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint.yml +99 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-let.yml +2 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-comment.yml +98 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-clientError.yml +80 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-serverError.yml +100 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-unacknowledged.yml +89 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint.yml +95 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-let.yml +2 -0
- data/spec/spec_tests/data/crud_unified/distinct-comment.yml +98 -0
- data/spec/spec_tests/data/crud_unified/estimatedDocumentCount-comment.yml +95 -0
- data/spec/spec_tests/data/crud_unified/estimatedDocumentCount.yml +5 -135
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse-clientError.yml +55 -0
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse-serverError.yml +68 -0
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse.yml +79 -0
- data/spec/spec_tests/data/crud_unified/find-comment.yml +166 -0
- data/spec/spec_tests/data/crud_unified/find.yml +68 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-comment.yml +96 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-clientError.yml +91 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-serverError.yml +107 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-unacknowledged.yml +88 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint.yml +102 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-let.yml +2 -4
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-comment.yml +101 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-dots_and_dollars.yml +140 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-clientError.yml +83 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-serverError.yml +99 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-unacknowledged.yml +96 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint.yml +98 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-comment.yml +95 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-dots_and_dollars.yml +127 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-clientError.yml +84 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-serverError.yml +100 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-unacknowledged.yml +92 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint.yml +99 -0
- data/spec/spec_tests/data/crud_unified/insertMany-comment.yml +93 -0
- data/spec/spec_tests/data/crud_unified/insertMany-dots_and_dollars.yml +128 -0
- data/spec/spec_tests/data/crud_unified/insertOne-comment.yml +91 -0
- data/spec/spec_tests/data/crud_unified/insertOne-dots_and_dollars.yml +238 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-comment.yml +105 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-dots_and_dollars.yml +180 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-hint-unacknowledged.yml +95 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-hint.yml +108 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-let.yml +98 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-validation.yml +37 -0
- data/spec/spec_tests/data/crud_unified/updateMany-comment.yml +104 -0
- data/spec/spec_tests/data/crud_unified/updateMany-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-clientError.yml +91 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-serverError.yml +115 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-unacknowledged.yml +96 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint.yml +115 -0
- data/spec/spec_tests/data/crud_unified/updateMany-let.yml +5 -1
- data/spec/spec_tests/data/crud_unified/updateMany-validation.yml +39 -0
- data/spec/spec_tests/data/crud_unified/updateOne-comment.yml +104 -0
- data/spec/spec_tests/data/crud_unified/updateOne-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-clientError.yml +85 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-serverError.yml +109 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-unacknowledged.yml +95 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint.yml +109 -0
- data/spec/spec_tests/data/crud_unified/updateOne-let.yml +5 -1
- data/spec/spec_tests/data/crud_unified/updateOne-validation.yml +37 -0
- data/spec/spec_tests/data/crud_unified/updateWithPipelines.yml +8 -14
- data/spec/spec_tests/data/gridfs_unified/delete.yml +198 -0
- data/spec/spec_tests/data/gridfs_unified/download.yml +241 -0
- data/spec/spec_tests/data/gridfs_unified/downloadByName.yml +159 -0
- data/spec/spec_tests/data/gridfs_unified/upload-disableMD5.yml +92 -0
- data/spec/spec_tests/data/gridfs_unified/upload.yml +288 -0
- data/spec/spec_tests/data/retryable_reads/{aggregate-merge.yml → legacy/aggregate-merge.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{aggregate-serverErrors.yml → legacy/aggregate-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{aggregate.yml → legacy/aggregate.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch-serverErrors.yml → legacy/changeStreams-client.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch.yml → legacy/changeStreams-client.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch-serverErrors.yml → legacy/changeStreams-db.coll.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch.yml → legacy/changeStreams-db.coll.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch-serverErrors.yml → legacy/changeStreams-db.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch.yml → legacy/changeStreams-db.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{count-serverErrors.yml → legacy/count-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{count.yml → legacy/count.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{countDocuments-serverErrors.yml → legacy/countDocuments-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{countDocuments.yml → legacy/countDocuments.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{distinct-serverErrors.yml → legacy/distinct-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{distinct.yml → legacy/distinct.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-serverErrors-pre4.9.yml → legacy/estimatedDocumentCount-serverErrors.yml} +0 -2
- data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-pre4.9.yml → legacy/estimatedDocumentCount.yml} +0 -2
- data/spec/spec_tests/data/retryable_reads/{find-serverErrors.yml → legacy/find-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{find.yml → legacy/find.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{findOne-serverErrors.yml → legacy/findOne-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{findOne.yml → legacy/findOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-download-serverErrors.yml → legacy/gridfs-download-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-download.yml → legacy/gridfs-download.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName-serverErrors.yml → legacy/gridfs-downloadByName-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName.yml → legacy/gridfs-downloadByName.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionNames-serverErrors.yml → legacy/listCollectionNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionNames.yml → legacy/listCollectionNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionObjects-serverErrors.yml → legacy/listCollectionObjects-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionObjects.yml → legacy/listCollectionObjects.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollections-serverErrors.yml → legacy/listCollections-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollections.yml → legacy/listCollections.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseNames-serverErrors.yml → legacy/listDatabaseNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseNames.yml → legacy/listDatabaseNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects-serverErrors.yml → legacy/listDatabaseObjects-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects.yml → legacy/listDatabaseObjects.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabases-serverErrors.yml → legacy/listDatabases-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabases.yml → legacy/listDatabases.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexNames-serverErrors.yml → legacy/listIndexNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexNames.yml → legacy/listIndexNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexes-serverErrors.yml → legacy/listIndexes-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexes.yml → legacy/listIndexes.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{mapReduce.yml → legacy/mapReduce.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/unified/handshakeError.yml +129 -0
- data/spec/spec_tests/data/retryable_writes/{bulkWrite-errorLabels.yml → legacy/bulkWrite-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{bulkWrite-serverErrors.yml → legacy/bulkWrite-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{bulkWrite.yml → legacy/bulkWrite.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteMany.yml → legacy/deleteMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteOne-errorLabels.yml → legacy/deleteOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteOne-serverErrors.yml → legacy/deleteOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{deleteOne.yml → legacy/deleteOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-errorLabels.yml → legacy/findOneAndDelete-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-serverErrors.yml → legacy/findOneAndDelete-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete.yml → legacy/findOneAndDelete.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-errorLabels.yml → legacy/findOneAndReplace-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-serverErrors.yml → legacy/findOneAndReplace-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace.yml → legacy/findOneAndReplace.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-errorLabels.yml → legacy/findOneAndUpdate-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-serverErrors.yml → legacy/findOneAndUpdate-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate.yml → legacy/findOneAndUpdate.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertMany-errorLabels.yml → legacy/insertMany-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertMany-serverErrors.yml → legacy/insertMany-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{insertMany.yml → legacy/insertMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertOne-errorLabels.yml → legacy/insertOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertOne-serverErrors.yml → legacy/insertOne-serverErrors.yml} +5 -5
- data/spec/spec_tests/data/retryable_writes/{insertOne.yml → legacy/insertOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{replaceOne-errorLabels.yml → legacy/replaceOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{replaceOne-serverErrors.yml → legacy/replaceOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{replaceOne.yml → legacy/replaceOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateMany.yml → legacy/updateMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateOne-errorLabels.yml → legacy/updateOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateOne-serverErrors.yml → legacy/updateOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{updateOne.yml → legacy/updateOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/unified/bulkWrite-serverErrors.yml +96 -0
- data/spec/spec_tests/data/retryable_writes/unified/handshakeError.yml +137 -0
- data/spec/spec_tests/data/retryable_writes/unified/insertOne-serverErrors.yml +78 -0
- data/spec/spec_tests/data/sdam/errors/prefer-error-code.yml +2 -2
- data/spec/spec_tests/data/sdam_integration/hello-command-error.yml +6 -14
- data/spec/spec_tests/data/sdam_integration/hello-network-error.yml +4 -14
- data/spec/spec_tests/data/sdam_integration/hello-timeout.yml +8 -14
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/loadBalanced-no-results.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true-txt.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero-txt.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srv-service-name.yml +11 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet-txt.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-equal_to_srv_records.yml +16 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-greater_than_srv_records.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-less_than_srv_records.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero-txt.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-equal_to_srv_records.yml +13 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-greater_than_srv_records.yml +12 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-less_than_srv_records.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-zero.yml +11 -0
- data/spec/spec_tests/data/server_selection/Unknown/read/ghost.yml +11 -0
- data/spec/spec_tests/data/server_selection/Unknown/write/ghost.yml +11 -0
- data/spec/spec_tests/data/sessions_unified/driver-sessions-server-support.yml +123 -0
- data/spec/spec_tests/data/sessions_unified/snapshot-sessions-not-supported-client-error.yml +9 -3
- data/spec/spec_tests/data/transactions/error-labels.yml +1 -1
- data/spec/spec_tests/data/transactions/errors-client.yml +8 -9
- data/spec/spec_tests/data/transactions/mongos-recovery-token.yml +1 -1
- data/spec/spec_tests/data/transactions/retryable-abort-errorLabels.yml +0 -2
- data/spec/spec_tests/data/transactions/retryable-abort.yml +7 -9
- data/spec/spec_tests/data/transactions/retryable-commit-errorLabels.yml +0 -2
- data/spec/spec_tests/data/transactions/retryable-commit.yml +7 -9
- data/spec/spec_tests/data/transactions/retryable-writes.yml +0 -2
- data/spec/spec_tests/data/transactions_unified/do-not-retry-read-in-transaction.yml +64 -0
- data/spec/spec_tests/data/transactions_unified/retryable-abort-handshake.yml +118 -0
- data/spec/spec_tests/data/transactions_unified/retryable-commit-handshake.yml +118 -0
- data/spec/spec_tests/data/unified/invalid/expectedEventsForClient-ignoreExtraEvents-type.yml +15 -0
- data/spec/spec_tests/data/unified/valid-fail/operation-unsupported.yml +13 -0
- data/spec/spec_tests/data/unified/valid-pass/expectedEventsForClient-ignoreExtraEvents.yml +78 -0
- data/spec/spec_tests/data/unified/valid-pass/poc-change-streams.yml +4 -1
- data/spec/spec_tests/data/unified/valid-pass/poc-command-monitoring.yml +3 -3
- data/spec/spec_tests/data/unified/valid-pass/poc-transactions.yml +3 -2
- data/spec/spec_tests/data/uri_options/srv-options.yml +96 -0
- data/spec/spec_tests/data/versioned_api/crud-api-version-1-strict.yml +6 -4
- data/spec/spec_tests/data/versioned_api/crud-api-version-1.yml +7 -5
- data/spec/spec_tests/gridfs_unified_spec.rb +13 -0
- data/spec/spec_tests/retryable_reads_spec.rb +4 -1
- data/spec/spec_tests/retryable_reads_unified_spec.rb +22 -0
- data/spec/spec_tests/retryable_writes_spec.rb +4 -1
- data/spec/spec_tests/retryable_writes_unified_spec.rb +21 -0
- data/spec/spec_tests/seed_list_discovery_spec.rb +10 -1
- data/spec/spec_tests/unified_spec.rb +6 -1
- data/spec/stress/connection_pool_timing_spec.rb +3 -2
- data/spec/stress/fork_reconnect_stress_spec.rb +3 -2
- data/spec/support/authorization.rb +1 -1
- data/spec/support/background_thread_registry.rb +3 -13
- data/spec/support/certificates/retrieve-atlas-cert +38 -0
- data/spec/support/cluster_tools.rb +1 -1
- data/spec/support/common_shortcuts.rb +22 -0
- data/spec/support/crypt/corpus/corpus-encrypted.json +9515 -0
- data/spec/support/crypt/corpus/corpus-key-aws.json +32 -32
- data/spec/support/crypt/corpus/corpus-key-azure.json +33 -0
- data/spec/support/crypt/corpus/corpus-key-gcp.json +35 -0
- data/spec/support/crypt/corpus/corpus-key-kmip.json +32 -0
- data/spec/support/crypt/corpus/corpus-key-local.json +30 -30
- data/spec/support/crypt/corpus/corpus-schema.json +4399 -121
- data/spec/support/crypt/corpus/corpus.json +4999 -37
- data/spec/support/crypt/data_keys/key_document_azure.json +33 -0
- data/spec/support/crypt/data_keys/key_document_gcp.json +37 -0
- data/spec/support/crypt/data_keys/key_document_kmip.json +32 -0
- data/spec/support/crypt/encryptedFields.json +33 -0
- data/spec/support/crypt/keys/key1-document.json +30 -0
- data/spec/support/crypt/schema_maps/schema_map_azure.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_azure_key_alt_names.json +12 -0
- data/spec/support/crypt/schema_maps/schema_map_gcp.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_gcp_key_alt_names.json +12 -0
- data/spec/support/crypt/schema_maps/schema_map_kmip.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_kmip_key_alt_names.json +12 -0
- data/spec/support/crypt.rb +258 -13
- data/spec/support/macros.rb +28 -0
- data/spec/support/mongos_macros.rb +17 -0
- data/spec/support/shared/scram_conversation.rb +2 -1
- data/spec/support/shared/session.rb +13 -7
- data/spec/support/spec_config.rb +90 -1
- data/spec/support/utils.rb +25 -4
- data.tar.gz.sig +0 -0
- metadata +604 -290
- metadata.gz.sig +0 -0
- data/lib/mongo/operation/delete/legacy.rb +0 -64
- data/lib/mongo/operation/insert/legacy.rb +0 -68
- data/lib/mongo/operation/update/legacy/result.rb +0 -112
- data/lib/mongo/operation/update/legacy.rb +0 -76
- data/spec/mongo/dbref_spec.rb +0 -152
- data/spec/mongo/operation/kill_cursors_spec.rb +0 -47
- data/spec/spec_tests/change_streams_spec.rb +0 -93
- data/spec/spec_tests/command_monitoring_spec.rb +0 -71
- data/spec/spec_tests/data/change_streams/change-streams-errors.yml +0 -101
- data/spec/spec_tests/data/change_streams/change-streams-resume-allowlist.yml +0 -1173
- data/spec/spec_tests/data/change_streams/change-streams-resume-errorLabels.yml +0 -1105
- data/spec/spec_tests/data/change_streams/change-streams.yml +0 -535
- data/spec/spec_tests/data/command_monitoring/bulkWrite.yml +0 -49
- data/spec/spec_tests/data/command_monitoring/command.yml +0 -61
- data/spec/spec_tests/data/command_monitoring/deleteMany.yml +0 -55
- data/spec/spec_tests/data/command_monitoring/deleteOne.yml +0 -55
- data/spec/spec_tests/data/command_monitoring/find.yml +0 -266
- data/spec/spec_tests/data/command_monitoring/insertMany.yml +0 -75
- data/spec/spec_tests/data/command_monitoring/insertOne.yml +0 -51
- data/spec/spec_tests/data/command_monitoring/unacknowledgedBulkWrite.yml +0 -34
- data/spec/spec_tests/data/command_monitoring/updateMany.yml +0 -65
- data/spec/spec_tests/data/command_monitoring/updateOne.yml +0 -90
- data/spec/spec_tests/data/crud_v2/aggregate-merge.yml +0 -103
- data/spec/spec_tests/data/crud_v2/aggregate-out-readConcern.yml +0 -111
- data/spec/spec_tests/data/crud_v2/bulkWrite-arrayFilters.yml +0 -103
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-clientError.yml +0 -63
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-serverError.yml +0 -92
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint.yml +0 -103
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-clientError.yml +0 -90
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-serverError.yml +0 -147
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint.yml +0 -164
- data/spec/spec_tests/data/crud_v2/db-aggregate.yml +0 -39
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-serverError.yml +0 -62
- data/spec/spec_tests/data/crud_v2/deleteMany-hint.yml +0 -58
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-clientError.yml +0 -41
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-serverError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/deleteOne-hint.yml +0 -57
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-clientError.yml +0 -28
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-serverError.yml +0 -44
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse.yml +0 -50
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-clientError.yml +0 -45
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-serverError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint.yml +0 -56
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-serverError.yml +0 -59
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint.yml +0 -55
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-serverError.yml +0 -58
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint.yml +0 -55
- data/spec/spec_tests/data/crud_v2/replaceOne-hint.yml +0 -61
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-delete-hint-clientError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-update-hint-clientError.yml +0 -88
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteMany-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteOne-hint-clientError.yml +0 -38
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndDelete-hint-clientError.yml +0 -42
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndReplace-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndUpdate-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-replaceOne-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateMany-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateOne-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/updateMany-hint-clientError.yml +0 -45
- data/spec/spec_tests/data/crud_v2/updateMany-hint-serverError.yml +0 -66
- data/spec/spec_tests/data/crud_v2/updateMany-hint.yml +0 -65
- data/spec/spec_tests/data/crud_v2/updateOne-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/updateOne-hint-serverError.yml +0 -62
- data/spec/spec_tests/data/crud_v2/updateOne-hint.yml +0 -61
- data/spec/spec_tests/data/crud_v2/updateWithPipelines.yml +0 -157
- data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-4.9.yml +0 -60
- data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-serverErrors-4.9.yml +0 -146
- data/spec/support/crypt/corpus/corpus_encrypted.json +0 -4152
- data/spec/support/session_registry.rb +0 -55
data/lib/mongo/crypt/handle.rb
CHANGED
@@ -27,19 +27,41 @@ module Mongo
|
|
27
27
|
#
|
28
28
|
# @api private
|
29
29
|
class Handle
|
30
|
+
|
30
31
|
# Creates a new Handle object and initializes it with options
|
31
32
|
#
|
32
|
-
# @param [
|
33
|
-
#
|
34
|
-
#
|
35
|
-
#
|
36
|
-
#
|
33
|
+
# @param [ Crypt::KMS::Credentials ] kms_providers Credentials for KMS providers.
|
34
|
+
#
|
35
|
+
# @param [ Hash ] kms_tls_options TLS options to connect to KMS
|
36
|
+
# providers. Keys of the hash should be KSM provider names; values
|
37
|
+
# should be hashes of TLS connection options. The options are equivalent
|
38
|
+
# to TLS connection options of Mongo::Client.
|
37
39
|
#
|
40
|
+
# @param [ Hash ] options A hash of options.
|
38
41
|
# @option options [ Hash | nil ] :schema_map A hash representing the JSON schema
|
39
|
-
# of the collection that stores auto encrypted documents.
|
42
|
+
# of the collection that stores auto encrypted documents. This option is
|
43
|
+
# mutually exclusive with :schema_map_path.
|
44
|
+
# @option options [ String | nil ] :schema_map_path A path to a file contains the JSON schema
|
45
|
+
# of the collection that stores auto encrypted documents. This option is
|
46
|
+
# mutually exclusive with :schema_map.
|
47
|
+
# @option options [ Hash | nil ] :encrypted_fields_map maps a collection
|
48
|
+
# namespace to an encryptedFields.
|
49
|
+
# - Note: If a collection is present on both the encryptedFieldsMap
|
50
|
+
# and schemaMap, an error will be raised.
|
51
|
+
# @option options [ Boolean | nil ] :bypass_query_analysis When true
|
52
|
+
# disables automatic analysis of outgoing commands.
|
53
|
+
# @option options [ String | nil ] :crypt_shared_lib_path Path that should
|
54
|
+
# be the used to load the crypt shared library. Providing this option
|
55
|
+
# overrides default crypt shared library load paths for libmongocrypt.
|
56
|
+
# @option options [ Boolean | nil ] :crypt_shared_lib_required Whether
|
57
|
+
# crypt_shared library is required. If 'true', an error will be raised
|
58
|
+
# if a crypt_shared library cannot be loaded by libmongocrypt.
|
59
|
+
# @option options [ Boolean | nil ] :explicit_encryption_only Whether this
|
60
|
+
# handle is going to be used only for explicit encryption. If true,
|
61
|
+
# libmongocrypt is instructed not to load crypt shared library.
|
40
62
|
# @option options [ Logger ] :logger A Logger object to which libmongocrypt logs
|
41
63
|
# will be sent
|
42
|
-
def initialize(kms_providers, options={})
|
64
|
+
def initialize(kms_providers, kms_tls_options, options={})
|
43
65
|
# FFI::AutoPointer uses a custom release strategy to automatically free
|
44
66
|
# the pointer once this object goes out of scope
|
45
67
|
@mongocrypt = FFI::AutoPointer.new(
|
@@ -47,16 +69,39 @@ module Mongo
|
|
47
69
|
Binding.method(:mongocrypt_destroy)
|
48
70
|
)
|
49
71
|
|
50
|
-
@
|
51
|
-
|
72
|
+
@kms_tls_options = kms_tls_options
|
73
|
+
|
74
|
+
maybe_set_schema_map(options)
|
75
|
+
|
76
|
+
@encrypted_fields_map = options[:encrypted_fields_map]
|
77
|
+
set_encrypted_fields_map if @encrypted_fields_map
|
78
|
+
|
79
|
+
@bypass_query_analysis = options[:bypass_query_analysis]
|
80
|
+
set_bypass_query_analysis if @bypass_query_analysis
|
81
|
+
|
82
|
+
@crypt_shared_lib_path = options[:crypt_shared_lib_path]
|
83
|
+
@explicit_encryption_only = options[:explicit_encryption_only]
|
84
|
+
if @crypt_shared_lib_path
|
85
|
+
Binding.setopt_set_crypt_shared_lib_path_override(self, @crypt_shared_lib_path)
|
86
|
+
elsif !@bypass_query_analysis && !@explicit_encryption_only
|
87
|
+
Binding.setopt_append_crypt_shared_lib_search_path(self, "$SYSTEM")
|
88
|
+
end
|
52
89
|
|
53
90
|
@logger = options[:logger]
|
54
91
|
set_logger_callback if @logger
|
55
92
|
|
56
93
|
set_crypto_hooks
|
57
94
|
|
58
|
-
|
95
|
+
Binding.setopt_kms_providers(self, kms_providers.to_document)
|
96
|
+
|
59
97
|
initialize_mongocrypt
|
98
|
+
|
99
|
+
@crypt_shared_lib_required = !!options[:crypt_shared_lib_required]
|
100
|
+
if @crypt_shared_lib_required && crypt_shared_lib_version == 0
|
101
|
+
raise Mongo::Error::CryptError.new(
|
102
|
+
"Crypt shared library is required, but cannot be loaded according to libmongocrypt"
|
103
|
+
)
|
104
|
+
end
|
60
105
|
end
|
61
106
|
|
62
107
|
# Return the reference to the underlying @mongocrypt object
|
@@ -66,17 +111,70 @@ module Mongo
|
|
66
111
|
@mongocrypt
|
67
112
|
end
|
68
113
|
|
114
|
+
# Return TLS options for KMS provider. If there are no TLS options set,
|
115
|
+
# empty hash is returned.
|
116
|
+
#
|
117
|
+
# @param [ String ] provider KSM provider name.
|
118
|
+
#
|
119
|
+
# @return [ Hash ] TLS options to connect to KMS provider.
|
120
|
+
def kms_tls_options(provider)
|
121
|
+
@kms_tls_options.fetch(provider, {})
|
122
|
+
end
|
123
|
+
|
124
|
+
def crypt_shared_lib_version
|
125
|
+
Binding.crypt_shared_lib_version(self)
|
126
|
+
end
|
127
|
+
|
128
|
+
def crypt_shared_lib_available?
|
129
|
+
crypt_shared_lib_version != 0
|
130
|
+
end
|
131
|
+
|
69
132
|
private
|
70
133
|
|
71
134
|
# Set the schema map option on the underlying mongocrypt_t object
|
72
|
-
def
|
73
|
-
|
135
|
+
def maybe_set_schema_map(options)
|
136
|
+
if !options[:schema_map] && !options[:schema_map_path]
|
137
|
+
@schema_map = nil
|
138
|
+
elsif options[:schema_map] && options[:schema_map_path]
|
74
139
|
raise ArgumentError.new(
|
75
|
-
"
|
140
|
+
"Cannot set both schema_map and schema_map_path options."
|
141
|
+
)
|
142
|
+
elsif options[:schema_map]
|
143
|
+
unless options[:schema_map].is_a?(Hash)
|
144
|
+
raise ArgumentError.new(
|
145
|
+
"#{@schema_map} is an invalid schema_map; schema_map must be a Hash or nil."
|
146
|
+
)
|
147
|
+
end
|
148
|
+
@schema_map = options[:schema_map]
|
149
|
+
Binding.setopt_schema_map(self, @schema_map)
|
150
|
+
elsif options[:schema_map_path]
|
151
|
+
@schema_map = BSON::ExtJSON.parse(File.read(options[:schema_map_path]))
|
152
|
+
Binding.setopt_schema_map(self, @schema_map)
|
153
|
+
end
|
154
|
+
rescue Errno::ENOENT
|
155
|
+
raise ArgumentError.new(
|
156
|
+
"#{@schema_map_path} is an invalid path to a file contains schema_map."
|
157
|
+
)
|
158
|
+
end
|
159
|
+
|
160
|
+
def set_encrypted_fields_map
|
161
|
+
unless @encrypted_fields_map.is_a?(Hash)
|
162
|
+
raise ArgumentError.new(
|
163
|
+
"#{@encrypted_fields_map} is an invalid encrypted_fields_map: must be a Hash or nil"
|
164
|
+
)
|
165
|
+
end
|
166
|
+
|
167
|
+
Binding.setopt_encrypted_field_config_map(self, @encrypted_fields_map)
|
168
|
+
end
|
169
|
+
|
170
|
+
def set_bypass_query_analysis
|
171
|
+
unless [true, false].include?(@bypass_query_analysis)
|
172
|
+
raise ArgumentError.new(
|
173
|
+
"#{@bypass_query_analysis} is an invalid bypass_query_analysis value; must be a Boolean or nil"
|
76
174
|
)
|
77
175
|
end
|
78
176
|
|
79
|
-
Binding.
|
177
|
+
Binding.setopt_bypass_query_analysis(self) if @bypass_query_analysis
|
80
178
|
end
|
81
179
|
|
82
180
|
# Send the logs from libmongocrypt to the Mongo::Logger
|
@@ -136,13 +234,13 @@ module Mongo
|
|
136
234
|
# Perform AES encryption or decryption and write the output to the
|
137
235
|
# provided mongocrypt_binary_t object.
|
138
236
|
def do_aes(key_binary_p, iv_binary_p, input_binary_p, output_binary_p,
|
139
|
-
response_length_p, status_p, decrypt: false)
|
237
|
+
response_length_p, status_p, decrypt: false, mode: :CBC)
|
140
238
|
key = Binary.from_pointer(key_binary_p).to_s
|
141
239
|
iv = Binary.from_pointer(iv_binary_p).to_s
|
142
240
|
input = Binary.from_pointer(input_binary_p).to_s
|
143
241
|
|
144
242
|
write_binary_string_and_set_status(output_binary_p, status_p) do
|
145
|
-
output = Hooks.aes(key, iv, input, decrypt: decrypt)
|
243
|
+
output = Hooks.aes(key, iv, input, decrypt: decrypt, mode: mode)
|
146
244
|
response_length_p.write_int(output.bytesize)
|
147
245
|
|
148
246
|
output
|
@@ -161,7 +259,19 @@ module Mongo
|
|
161
259
|
end
|
162
260
|
end
|
163
261
|
|
164
|
-
#
|
262
|
+
# Perform signing using RSASSA-PKCS1-v1_5 with SHA256 hash and write
|
263
|
+
# the output to the provided mongocrypt_binary_t object.
|
264
|
+
def do_rsaes_pkcs_signature(key_binary_p, input_binary_p,
|
265
|
+
output_binary_p, status_p)
|
266
|
+
key = Binary.from_pointer(key_binary_p).to_s
|
267
|
+
input = Binary.from_pointer(input_binary_p).to_s
|
268
|
+
|
269
|
+
write_binary_string_and_set_status(output_binary_p, status_p) do
|
270
|
+
Hooks.rsaes_pkcs_signature(key, input)
|
271
|
+
end
|
272
|
+
end
|
273
|
+
|
274
|
+
# We are building libmongocrypt without crypto functions to remove the
|
165
275
|
# external dependency on OpenSSL. This method binds native Ruby crypto
|
166
276
|
# methods to the underlying mongocrypt_t object so that libmongocrypt can
|
167
277
|
# still perform cryptography.
|
@@ -227,85 +337,49 @@ module Mongo
|
|
227
337
|
@hmac_sha_256,
|
228
338
|
@hmac_hash,
|
229
339
|
)
|
230
|
-
end
|
231
|
-
|
232
|
-
# Validate the kms_providers option and use it to set the KMS provider
|
233
|
-
# information on the underlying mongocrypt_t object
|
234
|
-
def set_kms_providers(kms_providers)
|
235
|
-
unless kms_providers
|
236
|
-
raise ArgumentError.new("The kms_providers option must not be nil")
|
237
|
-
end
|
238
340
|
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
# Validate and set the local KMS provider information on the underlying
|
251
|
-
# mongocrypt_t object and raise an exception if the operation fails
|
252
|
-
def set_kms_providers_local(kms_providers)
|
253
|
-
unless kms_providers[:local][:key] && kms_providers[:local][:key].is_a?(String)
|
254
|
-
raise ArgumentError.new(
|
255
|
-
"The specified local kms_providers option is invalid: " +
|
256
|
-
"#{kms_providers[:local]}. kms_providers with :local key must be " +
|
257
|
-
"in the format: { local: { key: 'MASTER-KEY' } }"
|
341
|
+
@aes_ctr_encrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
|
342
|
+
output_binary_p, response_length_p, status_p|
|
343
|
+
do_aes(
|
344
|
+
key_binary_p,
|
345
|
+
iv_binary_p,
|
346
|
+
input_binary_p,
|
347
|
+
output_binary_p,
|
348
|
+
response_length_p,
|
349
|
+
status_p,
|
350
|
+
mode: :CTR,
|
258
351
|
)
|
259
352
|
end
|
260
353
|
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
access_key_id = kms_providers[:aws][:access_key_id]
|
273
|
-
secret_access_key = kms_providers[:aws][:secret_access_key]
|
274
|
-
|
275
|
-
unless kms_providers[:aws].key?(:access_key_id) &&
|
276
|
-
kms_providers[:aws].key?(:secret_access_key)
|
277
|
-
raise ArgumentError.new(
|
278
|
-
"The specified aws kms_providers option is invalid: #{kms_providers[:aws]}. " +
|
279
|
-
"kms_providers with :aws key must be in the format: " +
|
280
|
-
"{ aws: { access_key_id: 'YOUR-ACCESS-KEY-ID', secret_access_key: 'SECRET-ACCESS-KEY' } }"
|
354
|
+
@aes_ctr_decrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
|
355
|
+
output_binary_p, response_length_p, status_p|
|
356
|
+
do_aes(
|
357
|
+
key_binary_p,
|
358
|
+
iv_binary_p,
|
359
|
+
input_binary_p,
|
360
|
+
output_binary_p,
|
361
|
+
response_length_p,
|
362
|
+
status_p,
|
363
|
+
decrypt: true,
|
364
|
+
mode: :CTR,
|
281
365
|
)
|
282
366
|
end
|
283
367
|
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
"currently have nil"
|
290
|
-
)
|
291
|
-
end
|
292
|
-
|
293
|
-
unless value.is_a?(String)
|
294
|
-
raise ArgumentError.new(
|
295
|
-
"The aws #{key} option must be a String with at least one character; " \
|
296
|
-
"currently have #{value}"
|
297
|
-
)
|
298
|
-
end
|
368
|
+
Binding.setopt_aes_256_ctr(
|
369
|
+
self,
|
370
|
+
@aes_ctr_encrypt,
|
371
|
+
@aes_ctr_decrypt,
|
372
|
+
)
|
299
373
|
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
"it is currently an empty string"
|
304
|
-
)
|
305
|
-
end
|
374
|
+
@rsaes_pkcs_signature_cb = Proc.new do |_, key_binary_p, input_binary_p,
|
375
|
+
output_binary_p, status_p|
|
376
|
+
do_rsaes_pkcs_signature(key_binary_p, input_binary_p, output_binary_p, status_p)
|
306
377
|
end
|
307
378
|
|
308
|
-
Binding.
|
379
|
+
Binding.setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(
|
380
|
+
self,
|
381
|
+
@rsaes_pkcs_signature_cb
|
382
|
+
)
|
309
383
|
end
|
310
384
|
|
311
385
|
# Initialize the underlying mongocrypt_t object and raise an error if the operation fails
|
data/lib/mongo/crypt/hooks.rb
CHANGED
@@ -35,12 +35,13 @@ module Mongo
|
|
35
35
|
# @param [ String ] input The data to be encrypted/decrypted
|
36
36
|
# @param [ true | false ] decrypt Whether this method is decrypting. Default is
|
37
37
|
# false, which means the method will create an encryption cipher by default
|
38
|
+
# @param [ Symbol ] mode AES mode of operation
|
38
39
|
#
|
39
40
|
# @return [ String ] Output
|
40
41
|
# @raise [ Exception ] Exceptions raised during encryption are propagated
|
41
42
|
# to caller.
|
42
|
-
def aes(key, iv, input, decrypt: false)
|
43
|
-
cipher = OpenSSL::Cipher::AES.new(256,
|
43
|
+
def aes(key, iv, input, decrypt: false, mode: :CBC)
|
44
|
+
cipher = OpenSSL::Cipher::AES.new(256, mode)
|
44
45
|
|
45
46
|
decrypt ? cipher.decrypt : cipher.encrypt
|
46
47
|
cipher.key = key
|
@@ -88,6 +89,28 @@ module Mongo
|
|
88
89
|
Digest::SHA2.new(256).digest(input)
|
89
90
|
end
|
90
91
|
module_function :hash_sha256
|
92
|
+
|
93
|
+
# An RSASSA-PKCS1-v1_5 with SHA-256 signature function.
|
94
|
+
#
|
95
|
+
# @param [ String ] key The PKCS#8 private key in DER format, base64 encoded.
|
96
|
+
# @param [ String ] input The data to be signed.
|
97
|
+
#
|
98
|
+
# @return [ String ] The signature.
|
99
|
+
def rsaes_pkcs_signature(key, input)
|
100
|
+
private_key = if BSON::Environment.jruby?
|
101
|
+
# JRuby cannot read DER format, we need to convert key into PEM first.
|
102
|
+
key_pem = [
|
103
|
+
"-----BEGIN PRIVATE KEY-----",
|
104
|
+
Base64.strict_encode64(Base64.decode64(key)).scan(/.{1,64}/),
|
105
|
+
"-----END PRIVATE KEY-----",
|
106
|
+
].join("\n")
|
107
|
+
OpenSSL::PKey::RSA.new(key_pem)
|
108
|
+
else
|
109
|
+
OpenSSL::PKey.read(Base64.decode64(key))
|
110
|
+
end
|
111
|
+
private_key.sign(OpenSSL::Digest::SHA256.new, input)
|
112
|
+
end
|
113
|
+
module_function :rsaes_pkcs_signature
|
91
114
|
end
|
92
115
|
end
|
93
116
|
end
|
@@ -0,0 +1,136 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# encoding: utf-8
|
3
|
+
|
4
|
+
# Copyright (C) 2019-2021 MongoDB Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Crypt
|
20
|
+
module KMS
|
21
|
+
module AWS
|
22
|
+
|
23
|
+
# AWS KMS Credentials object contains credentials for using AWS KMS provider.
|
24
|
+
#
|
25
|
+
# @api private
|
26
|
+
class Credentials
|
27
|
+
extend Forwardable
|
28
|
+
include KMS::Validations
|
29
|
+
|
30
|
+
# @return [ String ] AWS access key.
|
31
|
+
attr_reader :access_key_id
|
32
|
+
|
33
|
+
# @return [ String ] AWS secret access key.
|
34
|
+
attr_reader :secret_access_key
|
35
|
+
|
36
|
+
# @return [ String | nil ] AWS session token.
|
37
|
+
attr_reader :session_token
|
38
|
+
|
39
|
+
# @api private
|
40
|
+
def_delegator :@opts, :empty?
|
41
|
+
|
42
|
+
FORMAT_HINT = "AWS KMS provider options must be in the format: " +
|
43
|
+
"{ access_key_id: 'YOUR-ACCESS-KEY-ID', secret_access_key: 'SECRET-ACCESS-KEY' }"
|
44
|
+
|
45
|
+
# Creates an AWS KMS credentials object form a parameters hash.
|
46
|
+
#
|
47
|
+
# @param [ Hash ] opts A hash that contains credentials for
|
48
|
+
# AWS KMS provider
|
49
|
+
# @option opts [ String ] :access_key_id AWS access key id.
|
50
|
+
# @option opts [ String ] :secret_access_key AWS secret access key.
|
51
|
+
# @option opts [ String | nil ] :session_token AWS session token, optional.
|
52
|
+
#
|
53
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
54
|
+
# formatted.
|
55
|
+
def initialize(opts)
|
56
|
+
@opts = opts
|
57
|
+
unless empty?
|
58
|
+
@access_key_id = validate_param(:access_key_id, opts, FORMAT_HINT)
|
59
|
+
@secret_access_key = validate_param(:secret_access_key, opts, FORMAT_HINT)
|
60
|
+
@session_token = validate_param(:session_token, opts, FORMAT_HINT, required: false)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
# Convert credentials object to a BSON document in libmongocrypt format.
|
65
|
+
#
|
66
|
+
# @return [ BSON::Document ] AWS KMS credentials in libmongocrypt format.
|
67
|
+
def to_document
|
68
|
+
return BSON::Document.new if empty?
|
69
|
+
BSON::Document.new({
|
70
|
+
accessKeyId: access_key_id,
|
71
|
+
secretAccessKey: secret_access_key,
|
72
|
+
}).tap do |bson|
|
73
|
+
unless session_token.nil?
|
74
|
+
bson.update({ sessionToken: session_token })
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
# AWS KMS master key document object contains KMS master key parameters.
|
81
|
+
#
|
82
|
+
# @api private
|
83
|
+
class MasterKeyDocument
|
84
|
+
include KMS::Validations
|
85
|
+
|
86
|
+
# @return [ String ] AWS region.
|
87
|
+
attr_reader :region
|
88
|
+
|
89
|
+
# @return [ String ] AWS KMS key.
|
90
|
+
attr_reader :key
|
91
|
+
|
92
|
+
# @return [ String | nil ] AWS KMS endpoint.
|
93
|
+
attr_reader :endpoint
|
94
|
+
|
95
|
+
FORMAT_HINT = "AWS key document must be in the format: " +
|
96
|
+
"{ region: 'REGION', key: 'KEY' }"
|
97
|
+
|
98
|
+
# Creates a master key document object form a parameters hash.
|
99
|
+
#
|
100
|
+
# @param [ Hash ] opts A hash that contains master key options for
|
101
|
+
# the AWS KMS provider.
|
102
|
+
# @option opts [ String ] :region AWS region.
|
103
|
+
# @option opts [ String ] :key AWS KMS key.
|
104
|
+
# @option opts [ String | nil ] :endpoint AWS KMS endpoint, optional.
|
105
|
+
#
|
106
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly.
|
107
|
+
def initialize(opts)
|
108
|
+
unless opts.is_a?(Hash)
|
109
|
+
raise ArgumentError.new(
|
110
|
+
'Key document options must contain a key named :master_key with a Hash value'
|
111
|
+
)
|
112
|
+
end
|
113
|
+
@region = validate_param(:region, opts, FORMAT_HINT)
|
114
|
+
@key = validate_param(:key, opts, FORMAT_HINT)
|
115
|
+
@endpoint = validate_param(:endpoint, opts, FORMAT_HINT, required: false)
|
116
|
+
end
|
117
|
+
|
118
|
+
# Convert master key document object to a BSON document in libmongocrypt format.
|
119
|
+
#
|
120
|
+
# @return [ BSON::Document ] AWS KMS master key document in libmongocrypt format.
|
121
|
+
def to_document
|
122
|
+
BSON::Document.new({
|
123
|
+
provider: 'aws',
|
124
|
+
region: region,
|
125
|
+
key: key,
|
126
|
+
}).tap do |bson|
|
127
|
+
unless endpoint.nil?
|
128
|
+
bson.update({ endpoint: endpoint })
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
@@ -0,0 +1,144 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# encoding: utf-8
|
3
|
+
|
4
|
+
# Copyright (C) 2019-2021 MongoDB Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Crypt
|
20
|
+
module KMS
|
21
|
+
module Azure
|
22
|
+
# Azure KMS Credentials object contains credentials for using Azure KMS provider.
|
23
|
+
#
|
24
|
+
# @api private
|
25
|
+
class Credentials
|
26
|
+
extend Forwardable
|
27
|
+
include KMS::Validations
|
28
|
+
|
29
|
+
# @return [ String ] Azure tenant id.
|
30
|
+
attr_reader :tenant_id
|
31
|
+
|
32
|
+
# @return [ String ] Azure client id.
|
33
|
+
attr_reader :client_id
|
34
|
+
|
35
|
+
# @return [ String ] Azure client secret.
|
36
|
+
attr_reader :client_secret
|
37
|
+
|
38
|
+
# @return [ String | nil ] Azure identity platform endpoint.
|
39
|
+
attr_reader :identity_platform_endpoint
|
40
|
+
|
41
|
+
# @api private
|
42
|
+
def_delegator :@opts, :empty?
|
43
|
+
|
44
|
+
FORMAT_HINT = "Azure KMS provider options must be in the format: " +
|
45
|
+
"{ tenant_id: 'TENANT-ID', client_id: 'TENANT_ID', client_secret: 'CLIENT_SECRET' }"
|
46
|
+
|
47
|
+
# Creates an Azure KMS credentials object form a parameters hash.
|
48
|
+
#
|
49
|
+
# @param [ Hash ] opts A hash that contains credentials for
|
50
|
+
# Azure KMS provider
|
51
|
+
# @option opts [ String ] :tenant_id Azure tenant id.
|
52
|
+
# @option opts [ String ] :client_id Azure client id.
|
53
|
+
# @option opts [ String ] :client_secret Azure client secret.
|
54
|
+
# @option opts [ String | nil ] :identity_platform_endpoint Azure
|
55
|
+
# identity platform endpoint, optional.
|
56
|
+
#
|
57
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
58
|
+
# formatted.
|
59
|
+
def initialize(opts)
|
60
|
+
@opts = opts
|
61
|
+
unless empty?
|
62
|
+
@tenant_id = validate_param(:tenant_id, opts, FORMAT_HINT)
|
63
|
+
@client_id = validate_param(:client_id, opts, FORMAT_HINT)
|
64
|
+
@client_secret = validate_param(:client_secret, opts, FORMAT_HINT)
|
65
|
+
@identity_platform_endpoint = validate_param(
|
66
|
+
:identity_platform_endpoint, opts, FORMAT_HINT, required: false
|
67
|
+
)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
# Convert credentials object to a BSON document in libmongocrypt format.
|
72
|
+
#
|
73
|
+
# @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
|
74
|
+
def to_document
|
75
|
+
return BSON::Document.new if empty?
|
76
|
+
BSON::Document.new({
|
77
|
+
tenantId: @tenant_id,
|
78
|
+
clientId: @client_id,
|
79
|
+
clientSecret: @client_secret,
|
80
|
+
}).tap do |bson|
|
81
|
+
unless identity_platform_endpoint.nil?
|
82
|
+
bson.update({ identityPlatformEndpoint: identity_platform_endpoint })
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
# Azure KMS master key document object contains KMS master key parameters.
|
89
|
+
#
|
90
|
+
# @api private
|
91
|
+
class MasterKeyDocument
|
92
|
+
include KMS::Validations
|
93
|
+
|
94
|
+
# @return [ String ] Azure key vault endpoint.
|
95
|
+
attr_reader :key_vault_endpoint
|
96
|
+
|
97
|
+
# @return [ String ] Azure KMS key name.
|
98
|
+
attr_reader :key_name
|
99
|
+
|
100
|
+
# @return [ String | nil ] Azure KMS key version.
|
101
|
+
attr_reader :key_version
|
102
|
+
|
103
|
+
FORMAT_HINT = "Azure key document must be in the format: " +
|
104
|
+
"{ key_vault_endpoint: 'KEY_VAULT_ENDPOINT', key_name: 'KEY_NAME' }"
|
105
|
+
|
106
|
+
# Creates a master key document object form a parameters hash.
|
107
|
+
#
|
108
|
+
# @param [ Hash ] opts A hash that contains master key options for
|
109
|
+
# the Azure KMS provider.
|
110
|
+
# @option opts [ String ] :key_vault_endpoint Azure key vault endpoint.
|
111
|
+
# @option opts [ String ] :key_name Azure KMS key name.
|
112
|
+
# @option opts [ String | nil ] :key_version Azure KMS key version, optional.
|
113
|
+
#
|
114
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly.
|
115
|
+
def initialize(opts)
|
116
|
+
unless opts.is_a?(Hash)
|
117
|
+
raise ArgumentError.new(
|
118
|
+
'Key document options must contain a key named :master_key with a Hash value'
|
119
|
+
)
|
120
|
+
end
|
121
|
+
@key_vault_endpoint = validate_param(:key_vault_endpoint, opts, FORMAT_HINT)
|
122
|
+
@key_name = validate_param(:key_name, opts, FORMAT_HINT)
|
123
|
+
@key_version = validate_param(:key_version, opts, FORMAT_HINT, required: false)
|
124
|
+
end
|
125
|
+
|
126
|
+
# Convert master key document object to a BSON document in libmongocrypt format.
|
127
|
+
#
|
128
|
+
# @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
|
129
|
+
def to_document
|
130
|
+
BSON::Document.new({
|
131
|
+
provider: 'azure',
|
132
|
+
keyVaultEndpoint: key_vault_endpoint,
|
133
|
+
keyName: key_name,
|
134
|
+
}).tap do |bson|
|
135
|
+
unless key_version.nil?
|
136
|
+
bson.update({ keyVersion: key_version })
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|