mongo 2.17.3 → 2.18.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +21 -37
- data/lib/mongo/auth/base.rb +8 -1
- data/lib/mongo/auth.rb +12 -1
- data/lib/mongo/bulk_write/result.rb +10 -1
- data/lib/mongo/bulk_write/result_combiner.rb +2 -4
- data/lib/mongo/bulk_write.rb +108 -28
- data/lib/mongo/client.rb +114 -12
- data/lib/mongo/client_encryption.rb +30 -9
- data/lib/mongo/cluster/reapers/cursor_reaper.rb +11 -1
- data/lib/mongo/cluster.rb +20 -24
- data/lib/mongo/collection/helpers.rb +43 -0
- data/lib/mongo/collection/queryable_encryption.rb +122 -0
- data/lib/mongo/collection/view/aggregation.rb +19 -16
- data/lib/mongo/collection/view/change_stream.rb +56 -23
- data/lib/mongo/collection/view/explainable.rb +1 -1
- data/lib/mongo/collection/view/iterable.rb +2 -3
- data/lib/mongo/collection/view/map_reduce.rb +18 -9
- data/lib/mongo/collection/view/readable.rb +19 -23
- data/lib/mongo/collection/view/writable.rb +133 -40
- data/lib/mongo/collection.rb +108 -48
- data/lib/mongo/config/options.rb +62 -0
- data/lib/mongo/config/validators/option.rb +26 -0
- data/lib/mongo/config.rb +31 -0
- data/lib/mongo/crypt/auto_encrypter.rb +79 -6
- data/lib/mongo/crypt/binding.rb +395 -143
- data/lib/mongo/crypt/context.rb +5 -2
- data/lib/mongo/crypt/data_key_context.rb +7 -104
- data/lib/mongo/crypt/encryption_io.rb +28 -60
- data/lib/mongo/crypt/explicit_encrypter.rb +27 -25
- data/lib/mongo/crypt/explicit_encryption_context.rb +31 -3
- data/lib/mongo/crypt/handle.rb +102 -79
- data/lib/mongo/crypt/hooks.rb +25 -2
- data/lib/mongo/crypt/kms/aws.rb +128 -0
- data/lib/mongo/crypt/kms/azure.rb +136 -0
- data/lib/mongo/crypt/kms/credentials.rb +81 -0
- data/lib/mongo/crypt/kms/gcp.rb +182 -0
- data/lib/mongo/crypt/kms/kmip.rb +110 -0
- data/lib/mongo/crypt/kms/local.rb +74 -0
- data/lib/mongo/crypt/kms/master_key_document.rb +65 -0
- data/lib/mongo/crypt/kms.rb +117 -0
- data/lib/mongo/crypt.rb +1 -0
- data/lib/mongo/cursor/kill_spec.rb +27 -6
- data/lib/mongo/cursor.rb +21 -16
- data/lib/mongo/database/view.rb +6 -3
- data/lib/mongo/database.rb +73 -12
- data/lib/mongo/dbref.rb +1 -105
- data/lib/mongo/error/bulk_write_error.rb +31 -4
- data/lib/mongo/error/invalid_config_option.rb +20 -0
- data/lib/mongo/error/invalid_replacement_document.rb +27 -9
- data/lib/mongo/error/invalid_update_document.rb +27 -7
- data/lib/mongo/error/labelable.rb +72 -0
- data/lib/mongo/error/missing_connection.rb +25 -0
- data/lib/mongo/error/notable.rb +7 -0
- data/lib/mongo/error/operation_failure.rb +34 -86
- data/lib/mongo/error/read_write_retryable.rb +108 -0
- data/lib/mongo/{operation/kill_cursors/legacy.rb → error/session_not_materialized.rb} +7 -19
- data/lib/mongo/error.rb +5 -37
- data/lib/mongo/index/view.rb +22 -7
- data/lib/mongo/monitoring/event/command_failed.rb +8 -2
- data/lib/mongo/monitoring/event/command_started.rb +1 -1
- data/lib/mongo/monitoring/event/command_succeeded.rb +9 -2
- data/lib/mongo/monitoring/publishable.rb +9 -5
- data/lib/mongo/operation/collections_info/result.rb +5 -2
- data/lib/mongo/operation/command/op_msg.rb +6 -0
- data/lib/mongo/operation/context.rb +24 -6
- data/lib/mongo/operation/count/op_msg.rb +4 -1
- data/lib/mongo/operation/create/op_msg.rb +16 -1
- data/lib/mongo/operation/create_index/op_msg.rb +2 -1
- data/lib/mongo/operation/delete/op_msg.rb +1 -0
- data/lib/mongo/operation/delete.rb +0 -1
- data/lib/mongo/operation/drop_index/op_msg.rb +5 -1
- data/lib/mongo/operation/get_more/command_builder.rb +5 -1
- data/lib/mongo/operation/insert/bulk_result.rb +5 -1
- data/lib/mongo/operation/insert/command.rb +0 -4
- data/lib/mongo/operation/insert/op_msg.rb +6 -3
- data/lib/mongo/operation/insert/result.rb +6 -3
- data/lib/mongo/operation/insert.rb +0 -1
- data/lib/mongo/operation/kill_cursors.rb +0 -1
- data/lib/mongo/operation/list_collections/op_msg.rb +4 -1
- data/lib/mongo/operation/map_reduce/result.rb +16 -0
- data/lib/mongo/operation/result.rb +21 -5
- data/lib/mongo/operation/shared/executable.rb +21 -6
- data/lib/mongo/operation/shared/polymorphic_operation.rb +15 -3
- data/lib/mongo/operation/shared/response_handling.rb +6 -5
- data/lib/mongo/operation/shared/sessions_supported.rb +3 -7
- data/lib/mongo/operation/shared/write.rb +18 -12
- data/lib/mongo/operation/update/op_msg.rb +2 -1
- data/lib/mongo/operation/update.rb +0 -1
- data/lib/mongo/protocol/caching_hash.rb +69 -0
- data/lib/mongo/protocol/msg.rb +37 -1
- data/lib/mongo/protocol.rb +1 -0
- data/lib/mongo/query_cache.rb +15 -0
- data/lib/mongo/retryable.rb +78 -30
- data/lib/mongo/server/connection.rb +33 -0
- data/lib/mongo/server/connection_base.rb +2 -0
- data/lib/mongo/server/connection_common.rb +4 -1
- data/lib/mongo/server/connection_pool.rb +69 -42
- data/lib/mongo/server/description/features.rb +3 -1
- data/lib/mongo/server/description.rb +7 -2
- data/lib/mongo/server/monitor/connection.rb +5 -10
- data/lib/mongo/server/monitor.rb +21 -13
- data/lib/mongo/server/push_monitor.rb +9 -3
- data/lib/mongo/server.rb +9 -5
- data/lib/mongo/session/session_pool.rb +8 -0
- data/lib/mongo/session.rb +111 -35
- data/lib/mongo/socket/ocsp_verifier.rb +4 -5
- data/lib/mongo/socket/tcp.rb +3 -0
- data/lib/mongo/srv/resolver.rb +24 -3
- data/lib/mongo/uri/options_mapper.rb +2 -0
- data/lib/mongo/uri/srv_protocol.rb +1 -1
- data/lib/mongo/uri.rb +20 -0
- data/lib/mongo/version.rb +1 -1
- data/lib/mongo.rb +20 -0
- data/mongo.gemspec +10 -4
- data/spec/README.md +5 -5
- data/spec/integration/aws_lambda_examples_spec.rb +68 -0
- data/spec/integration/bulk_write_error_message_spec.rb +32 -0
- data/spec/integration/bulk_write_spec.rb +0 -16
- data/spec/integration/change_stream_spec.rb +6 -5
- data/spec/integration/client_construction_spec.rb +1 -1
- data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +9 -9
- data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +18 -19
- data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +0 -1
- data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +31 -0
- data/spec/integration/client_side_encryption/auto_encryption_spec.rb +108 -1
- data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +2 -2
- data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +2 -2
- data/spec/integration/client_side_encryption/client_close_spec.rb +1 -1
- data/spec/integration/client_side_encryption/corpus_spec.rb +64 -35
- data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +39 -42
- data/spec/integration/client_side_encryption/data_key_spec.rb +97 -7
- data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +59 -0
- data/spec/integration/client_side_encryption/explicit_queryable_encryption_spec.rb +147 -0
- data/spec/integration/client_side_encryption/external_key_vault_spec.rb +6 -6
- data/spec/integration/client_side_encryption/kms_tls_options_spec.rb +394 -0
- data/spec/integration/client_side_encryption/kms_tls_spec.rb +92 -0
- data/spec/integration/client_side_encryption/queryable_encryption_examples_spec.rb +111 -0
- data/spec/integration/client_side_encryption/views_spec.rb +1 -1
- data/spec/integration/client_update_spec.rb +2 -2
- data/spec/integration/crud_spec.rb +12 -0
- data/spec/integration/cursor_pinning_spec.rb +3 -3
- data/spec/integration/fork_reconnect_spec.rb +15 -8
- data/spec/integration/grid_fs_bucket_spec.rb +3 -3
- data/spec/integration/ocsp_verifier_spec.rb +1 -0
- data/spec/integration/query_cache_spec.rb +34 -30
- data/spec/integration/retryable_writes/retryable_writes_36_and_older_spec.rb +1 -1
- data/spec/integration/sdam_events_spec.rb +0 -40
- data/spec/integration/server_monitor_spec.rb +2 -1
- data/spec/integration/size_limit_spec.rb +4 -1
- data/spec/integration/snapshot_query_examples_spec.rb +127 -0
- data/spec/integration/srv_monitoring_spec.rb +37 -0
- data/spec/integration/step_down_spec.rb +20 -4
- data/spec/integration/transaction_pinning_spec.rb +2 -2
- data/spec/integration/versioned_api_examples_spec.rb +37 -31
- data/spec/lite_spec_helper.rb +14 -5
- data/spec/mongo/address/ipv6_spec.rb +7 -0
- data/spec/mongo/address_spec.rb +7 -0
- data/spec/mongo/auth/scram/conversation_spec.rb +23 -23
- data/spec/mongo/auth/scram256/conversation_spec.rb +20 -20
- data/spec/mongo/auth/scram_negotiation_spec.rb +1 -0
- data/spec/mongo/bulk_write/result_spec.rb +15 -1
- data/spec/mongo/bulk_write_spec.rb +128 -20
- data/spec/mongo/client_construction_spec.rb +141 -7
- data/spec/mongo/client_encryption_spec.rb +11 -11
- data/spec/mongo/client_spec.rb +297 -1
- data/spec/mongo/cluster/cursor_reaper_spec.rb +21 -3
- data/spec/mongo/cluster_spec.rb +0 -44
- data/spec/mongo/collection/view/aggregation_spec.rb +2 -2
- data/spec/mongo/collection/view/change_stream_spec.rb +2 -2
- data/spec/mongo/collection/view/readable_spec.rb +35 -56
- data/spec/mongo/collection/view/writable_spec.rb +144 -32
- data/spec/mongo/collection_crud_spec.rb +63 -13
- data/spec/mongo/config/options_spec.rb +75 -0
- data/spec/mongo/config_spec.rb +73 -0
- data/spec/mongo/crypt/auto_decryption_context_spec.rb +17 -1
- data/spec/mongo/crypt/auto_encrypter_spec.rb +106 -0
- data/spec/mongo/crypt/auto_encryption_context_spec.rb +17 -1
- data/spec/mongo/crypt/binding/context_spec.rb +99 -17
- data/spec/mongo/crypt/binding/mongocrypt_spec.rb +17 -46
- data/spec/mongo/crypt/binding/version_spec.rb +25 -0
- data/spec/mongo/crypt/binding_unloaded_spec.rb +14 -0
- data/spec/mongo/crypt/data_key_context_spec.rb +42 -114
- data/spec/mongo/crypt/encryption_io_spec.rb +2 -0
- data/spec/mongo/crypt/explicit_decryption_context_spec.rb +32 -1
- data/spec/mongo/crypt/explicit_encryption_context_spec.rb +89 -1
- data/spec/mongo/crypt/handle_spec.rb +47 -169
- data/spec/mongo/crypt/hooks_spec.rb +30 -0
- data/spec/mongo/crypt/kms/credentials_spec.rb +404 -0
- data/spec/mongo/crypt/kms_spec.rb +59 -0
- data/spec/mongo/cursor_spec.rb +37 -51
- data/spec/mongo/database_spec.rb +66 -1
- data/spec/mongo/error/operation_failure_heavy_spec.rb +49 -0
- data/spec/mongo/index/view_spec.rb +69 -0
- data/spec/mongo/operation/create/op_msg_spec.rb +286 -0
- data/spec/mongo/operation/delete/op_msg_spec.rb +13 -4
- data/spec/mongo/operation/delete_spec.rb +0 -30
- data/spec/mongo/operation/insert/op_msg_spec.rb +18 -10
- data/spec/mongo/operation/insert_spec.rb +0 -32
- data/spec/mongo/operation/result_spec.rb +20 -0
- data/spec/mongo/operation/update/op_msg_spec.rb +13 -4
- data/spec/mongo/operation/update_spec.rb +0 -29
- data/spec/mongo/protocol/caching_hash_spec.rb +82 -0
- data/spec/mongo/protocol/msg_spec.rb +41 -0
- data/spec/mongo/query_cache_spec.rb +1 -0
- data/spec/mongo/retryable_spec.rb +32 -3
- data/spec/mongo/server/connection_auth_spec.rb +3 -1
- data/spec/mongo/server/connection_common_spec.rb +13 -1
- data/spec/mongo/server/connection_pool_spec.rb +94 -49
- data/spec/mongo/server/connection_spec.rb +50 -159
- data/spec/mongo/server/description/features_spec.rb +24 -0
- data/spec/mongo/server/push_monitor_spec.rb +2 -8
- data/spec/mongo/session_spec.rb +26 -6
- data/spec/mongo/session_transaction_spec.rb +2 -1
- data/spec/mongo/socket/ssl_spec.rb +15 -4
- data/spec/mongo/uri/srv_protocol_spec.rb +101 -2
- data/spec/mongo/uri_spec.rb +25 -0
- data/spec/runners/connection_string.rb +8 -0
- data/spec/runners/crud/operation.rb +12 -3
- data/spec/runners/crud/requirement.rb +3 -3
- data/spec/runners/crud/spec.rb +5 -0
- data/spec/runners/crud/verifier.rb +6 -0
- data/spec/runners/transactions/test.rb +33 -14
- data/spec/runners/transactions.rb +9 -6
- data/spec/runners/unified/assertions.rb +59 -10
- data/spec/runners/unified/change_stream_operations.rb +9 -0
- data/spec/runners/unified/crud_operations.rb +50 -2
- data/spec/runners/unified/ddl_operations.rb +20 -0
- data/spec/runners/unified/error.rb +2 -1
- data/spec/runners/unified/support_operations.rb +5 -2
- data/spec/runners/unified/test.rb +19 -4
- data/spec/runners/unified.rb +9 -2
- data/spec/shared/lib/mrss/constraints.rb +10 -17
- data/spec/shared/lib/mrss/docker_runner.rb +21 -3
- data/spec/shared/lib/mrss/lite_constraints.rb +32 -1
- data/spec/shared/lib/mrss/session_registry.rb +69 -0
- data/spec/shared/lib/mrss/session_registry_legacy.rb +60 -0
- data/spec/shared/share/Dockerfile.erb +56 -54
- data/spec/shared/shlib/config.sh +27 -0
- data/spec/shared/shlib/distro.sh +2 -1
- data/spec/shared/shlib/server.sh +46 -21
- data/spec/shared/shlib/set_env.sh +40 -5
- data/spec/spec_helper.rb +0 -1
- data/spec/spec_tests/crud_spec.rb +0 -10
- data/spec/spec_tests/data/change_streams_unified/change-streams-errors.yml +124 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-pre_and_post_images.yml +351 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-allowlist.yml +1171 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-errorLabels.yml +1068 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams.yml +859 -4
- data/spec/spec_tests/data/client_side_encryption/aggregate.yml +3 -17
- data/spec/spec_tests/data/client_side_encryption/azureKMS.yml +46 -0
- data/spec/spec_tests/data/client_side_encryption/badQueries.yml +12 -2
- data/spec/spec_tests/data/client_side_encryption/basic.yml +3 -17
- data/spec/spec_tests/data/client_side_encryption/bulk.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +2 -2
- data/spec/spec_tests/data/client_side_encryption/count.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/delete.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/distinct.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/explain.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/find.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/fle2-BypassQueryAnalysis.yml +101 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Compact.yml +80 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-CreateCollection.yml +1263 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-DecryptExistingData.yml +64 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Delete.yml +107 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-EncryptedFieldsMap.yml +80 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-jsonSchema.yml +90 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFieldsMap-defaults.yml +57 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-FindOneAndUpdate.yml +213 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Indexed.yml +86 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Unindexed.yml +83 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-MissingKey.yml +41 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-NoEncryption.yml +42 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Update.yml +221 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-validatorAndPartialFieldExpression.yml +168 -0
- data/spec/spec_tests/data/client_side_encryption/gcpKMS.yml +46 -0
- data/spec/spec_tests/data/client_side_encryption/getMore.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/insert.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/localKMS.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/localSchema.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +2 -0
- data/spec/spec_tests/data/client_side_encryption/missingKey.yml +2 -9
- data/spec/spec_tests/data/client_side_encryption/noSchema.yml +39 -0
- data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/types.yml +44 -70
- data/spec/spec_tests/data/client_side_encryption/updateMany.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/updateOne.yml +1 -8
- data/spec/spec_tests/data/collection_management/clustered-indexes.yml +135 -0
- data/spec/spec_tests/data/collection_management/createCollection-pre_and_post_images.yml +50 -0
- data/spec/spec_tests/data/collection_management/modifyCollection-pre_and_post_images.yml +58 -0
- data/spec/spec_tests/data/command_monitoring_unified/pre-42-server-connection-id.yml +56 -0
- data/spec/spec_tests/data/command_monitoring_unified/server-connection-id.yml +56 -0
- data/spec/spec_tests/data/crud/read/aggregate-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/count-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/distinct-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/find-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/bulkWrite-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/deleteMany-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/deleteOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndDelete-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndReplace-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndUpdate-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/replaceOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/updateMany-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/updateOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud_unified/aggregate-allowdiskuse.yml +75 -0
- data/spec/spec_tests/data/crud_unified/aggregate-merge.yml +185 -0
- data/spec/spec_tests/data/crud_unified/aggregate-out-readConcern.yml +171 -0
- data/spec/spec_tests/data/crud_unified/aggregate.yml +215 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters-clientError.yml +98 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters.yml +174 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-comment.yml +189 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-clientError.yml +113 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-serverError.yml +142 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint.yml +154 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-hint-unacknowledged.yml +98 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-let.yml +86 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-hint-unacknowledged.yml +97 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-let.yml +86 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-insertOne-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-dots_and_dollars.yml +165 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-hint-unacknowledged.yml +103 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-let.yml +93 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-clientError.yml +148 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-serverError.yml +239 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint.yml +256 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-validation.yml +73 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-dots_and_dollars.yml +150 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-hint-unacknowledged.yml +104 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-let.yml +96 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-dots_and_dollars.yml +150 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-hint-unacknowledged.yml +103 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-let.yml +95 -0
- data/spec/spec_tests/data/crud_unified/countDocuments-comment.yml +92 -0
- data/spec/spec_tests/data/crud_unified/db-aggregate.yml +73 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-comment.yml +97 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-clientError.yml +87 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-serverError.yml +107 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-unacknowledged.yml +90 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint.yml +99 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-let.yml +2 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-comment.yml +98 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-clientError.yml +80 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-serverError.yml +100 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-unacknowledged.yml +89 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint.yml +95 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-let.yml +2 -0
- data/spec/spec_tests/data/crud_unified/estimatedDocumentCount-comment.yml +95 -0
- data/spec/spec_tests/data/crud_unified/estimatedDocumentCount.yml +5 -135
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse-clientError.yml +55 -0
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse-serverError.yml +68 -0
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse.yml +79 -0
- data/spec/spec_tests/data/crud_unified/find-comment.yml +166 -0
- data/spec/spec_tests/data/crud_unified/find.yml +68 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-comment.yml +96 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-clientError.yml +91 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-serverError.yml +107 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-unacknowledged.yml +88 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint.yml +102 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-let.yml +2 -4
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-comment.yml +101 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-dots_and_dollars.yml +140 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-clientError.yml +83 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-serverError.yml +99 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-unacknowledged.yml +96 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint.yml +98 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-comment.yml +95 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-dots_and_dollars.yml +127 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-clientError.yml +84 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-serverError.yml +100 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-unacknowledged.yml +92 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint.yml +99 -0
- data/spec/spec_tests/data/crud_unified/insertMany-comment.yml +93 -0
- data/spec/spec_tests/data/crud_unified/insertMany-dots_and_dollars.yml +128 -0
- data/spec/spec_tests/data/crud_unified/insertOne-comment.yml +91 -0
- data/spec/spec_tests/data/crud_unified/insertOne-dots_and_dollars.yml +238 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-comment.yml +105 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-dots_and_dollars.yml +180 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-hint-unacknowledged.yml +95 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-hint.yml +108 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-let.yml +98 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-validation.yml +37 -0
- data/spec/spec_tests/data/crud_unified/updateMany-comment.yml +104 -0
- data/spec/spec_tests/data/crud_unified/updateMany-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-clientError.yml +91 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-serverError.yml +115 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-unacknowledged.yml +96 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint.yml +115 -0
- data/spec/spec_tests/data/crud_unified/updateMany-let.yml +5 -1
- data/spec/spec_tests/data/crud_unified/updateMany-validation.yml +39 -0
- data/spec/spec_tests/data/crud_unified/updateOne-comment.yml +104 -0
- data/spec/spec_tests/data/crud_unified/updateOne-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-clientError.yml +85 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-serverError.yml +109 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-unacknowledged.yml +95 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint.yml +109 -0
- data/spec/spec_tests/data/crud_unified/updateOne-let.yml +5 -1
- data/spec/spec_tests/data/crud_unified/updateOne-validation.yml +37 -0
- data/spec/spec_tests/data/crud_unified/updateWithPipelines.yml +8 -14
- data/spec/spec_tests/data/retryable_reads/{aggregate-merge.yml → legacy/aggregate-merge.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{aggregate-serverErrors.yml → legacy/aggregate-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{aggregate.yml → legacy/aggregate.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch-serverErrors.yml → legacy/changeStreams-client.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch.yml → legacy/changeStreams-client.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch-serverErrors.yml → legacy/changeStreams-db.coll.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch.yml → legacy/changeStreams-db.coll.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch-serverErrors.yml → legacy/changeStreams-db.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch.yml → legacy/changeStreams-db.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{count-serverErrors.yml → legacy/count-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{count.yml → legacy/count.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{countDocuments-serverErrors.yml → legacy/countDocuments-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{countDocuments.yml → legacy/countDocuments.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{distinct-serverErrors.yml → legacy/distinct-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{distinct.yml → legacy/distinct.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-serverErrors-pre4.9.yml → legacy/estimatedDocumentCount-serverErrors.yml} +0 -2
- data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-pre4.9.yml → legacy/estimatedDocumentCount.yml} +0 -2
- data/spec/spec_tests/data/retryable_reads/{find-serverErrors.yml → legacy/find-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{find.yml → legacy/find.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{findOne-serverErrors.yml → legacy/findOne-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{findOne.yml → legacy/findOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-download-serverErrors.yml → legacy/gridfs-download-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-download.yml → legacy/gridfs-download.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName-serverErrors.yml → legacy/gridfs-downloadByName-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName.yml → legacy/gridfs-downloadByName.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionNames-serverErrors.yml → legacy/listCollectionNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionNames.yml → legacy/listCollectionNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionObjects-serverErrors.yml → legacy/listCollectionObjects-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionObjects.yml → legacy/listCollectionObjects.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollections-serverErrors.yml → legacy/listCollections-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollections.yml → legacy/listCollections.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseNames-serverErrors.yml → legacy/listDatabaseNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseNames.yml → legacy/listDatabaseNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects-serverErrors.yml → legacy/listDatabaseObjects-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects.yml → legacy/listDatabaseObjects.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabases-serverErrors.yml → legacy/listDatabases-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabases.yml → legacy/listDatabases.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexNames-serverErrors.yml → legacy/listIndexNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexNames.yml → legacy/listIndexNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexes-serverErrors.yml → legacy/listIndexes-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexes.yml → legacy/listIndexes.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{mapReduce.yml → legacy/mapReduce.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/unified/handshakeError.yml +129 -0
- data/spec/spec_tests/data/retryable_writes/{bulkWrite-errorLabels.yml → legacy/bulkWrite-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{bulkWrite-serverErrors.yml → legacy/bulkWrite-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{bulkWrite.yml → legacy/bulkWrite.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteMany.yml → legacy/deleteMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteOne-errorLabels.yml → legacy/deleteOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteOne-serverErrors.yml → legacy/deleteOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{deleteOne.yml → legacy/deleteOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-errorLabels.yml → legacy/findOneAndDelete-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-serverErrors.yml → legacy/findOneAndDelete-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete.yml → legacy/findOneAndDelete.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-errorLabels.yml → legacy/findOneAndReplace-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-serverErrors.yml → legacy/findOneAndReplace-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace.yml → legacy/findOneAndReplace.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-errorLabels.yml → legacy/findOneAndUpdate-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-serverErrors.yml → legacy/findOneAndUpdate-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate.yml → legacy/findOneAndUpdate.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertMany-errorLabels.yml → legacy/insertMany-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertMany-serverErrors.yml → legacy/insertMany-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{insertMany.yml → legacy/insertMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertOne-errorLabels.yml → legacy/insertOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertOne-serverErrors.yml → legacy/insertOne-serverErrors.yml} +5 -5
- data/spec/spec_tests/data/retryable_writes/{insertOne.yml → legacy/insertOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{replaceOne-errorLabels.yml → legacy/replaceOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{replaceOne-serverErrors.yml → legacy/replaceOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{replaceOne.yml → legacy/replaceOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateMany.yml → legacy/updateMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateOne-errorLabels.yml → legacy/updateOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateOne-serverErrors.yml → legacy/updateOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{updateOne.yml → legacy/updateOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/unified/bulkWrite-serverErrors.yml +96 -0
- data/spec/spec_tests/data/retryable_writes/unified/handshakeError.yml +137 -0
- data/spec/spec_tests/data/retryable_writes/unified/insertOne-serverErrors.yml +78 -0
- data/spec/spec_tests/data/sdam/errors/prefer-error-code.yml +2 -2
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/loadBalanced-no-results.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true-txt.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero-txt.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srv-service-name.yml +11 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet-txt.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-equal_to_srv_records.yml +16 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-greater_than_srv_records.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-less_than_srv_records.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero-txt.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-equal_to_srv_records.yml +13 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-greater_than_srv_records.yml +12 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-less_than_srv_records.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-zero.yml +11 -0
- data/spec/spec_tests/data/server_selection/Unknown/read/ghost.yml +11 -0
- data/spec/spec_tests/data/server_selection/Unknown/write/ghost.yml +11 -0
- data/spec/spec_tests/data/sessions_unified/driver-sessions-server-support.yml +123 -0
- data/spec/spec_tests/data/sessions_unified/snapshot-sessions-not-supported-client-error.yml +9 -3
- data/spec/spec_tests/data/transactions/error-labels.yml +1 -1
- data/spec/spec_tests/data/transactions/errors-client.yml +8 -9
- data/spec/spec_tests/data/transactions/mongos-recovery-token.yml +1 -1
- data/spec/spec_tests/data/transactions/retryable-abort-errorLabels.yml +0 -2
- data/spec/spec_tests/data/transactions/retryable-abort.yml +7 -9
- data/spec/spec_tests/data/transactions/retryable-commit-errorLabels.yml +0 -2
- data/spec/spec_tests/data/transactions/retryable-commit.yml +7 -9
- data/spec/spec_tests/data/transactions/retryable-writes.yml +0 -2
- data/spec/spec_tests/data/unified/invalid/expectedEventsForClient-ignoreExtraEvents-type.yml +15 -0
- data/spec/spec_tests/data/unified/valid-fail/operation-unsupported.yml +13 -0
- data/spec/spec_tests/data/unified/valid-pass/expectedEventsForClient-ignoreExtraEvents.yml +78 -0
- data/spec/spec_tests/data/unified/valid-pass/poc-change-streams.yml +4 -1
- data/spec/spec_tests/data/unified/valid-pass/poc-command-monitoring.yml +3 -3
- data/spec/spec_tests/data/unified/valid-pass/poc-transactions.yml +3 -2
- data/spec/spec_tests/data/uri_options/srv-options.yml +96 -0
- data/spec/spec_tests/data/versioned_api/crud-api-version-1-strict.yml +6 -4
- data/spec/spec_tests/data/versioned_api/crud-api-version-1.yml +7 -5
- data/spec/spec_tests/retryable_reads_spec.rb +4 -1
- data/spec/spec_tests/retryable_reads_unified_spec.rb +22 -0
- data/spec/spec_tests/retryable_writes_spec.rb +4 -1
- data/spec/spec_tests/retryable_writes_unified_spec.rb +21 -0
- data/spec/spec_tests/seed_list_discovery_spec.rb +10 -1
- data/spec/spec_tests/unified_spec.rb +6 -1
- data/spec/stress/connection_pool_timing_spec.rb +2 -1
- data/spec/stress/fork_reconnect_stress_spec.rb +3 -2
- data/spec/support/authorization.rb +1 -1
- data/spec/support/certificates/atlas-ocsp-ca.crt +47 -40
- data/spec/support/certificates/atlas-ocsp.crt +106 -101
- data/spec/support/cluster_tools.rb +1 -1
- data/spec/support/common_shortcuts.rb +22 -0
- data/spec/support/crypt/corpus/corpus-encrypted.json +9515 -0
- data/spec/support/crypt/corpus/corpus-key-aws.json +32 -32
- data/spec/support/crypt/corpus/corpus-key-azure.json +33 -0
- data/spec/support/crypt/corpus/corpus-key-gcp.json +35 -0
- data/spec/support/crypt/corpus/corpus-key-kmip.json +32 -0
- data/spec/support/crypt/corpus/corpus-key-local.json +30 -30
- data/spec/support/crypt/corpus/corpus-schema.json +4399 -121
- data/spec/support/crypt/corpus/corpus.json +4999 -37
- data/spec/support/crypt/data_keys/key_document_azure.json +33 -0
- data/spec/support/crypt/data_keys/key_document_gcp.json +37 -0
- data/spec/support/crypt/data_keys/key_document_kmip.json +32 -0
- data/spec/support/crypt/encryptedFields.json +33 -0
- data/spec/support/crypt/keys/key1-document.json +30 -0
- data/spec/support/crypt/schema_maps/schema_map_azure.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_azure_key_alt_names.json +12 -0
- data/spec/support/crypt/schema_maps/schema_map_gcp.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_gcp_key_alt_names.json +12 -0
- data/spec/support/crypt/schema_maps/schema_map_kmip.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_kmip_key_alt_names.json +12 -0
- data/spec/support/crypt.rb +207 -6
- data/spec/support/macros.rb +18 -0
- data/spec/support/mongos_macros.rb +17 -0
- data/spec/support/shared/scram_conversation.rb +2 -1
- data/spec/support/shared/session.rb +13 -7
- data/spec/support/spec_config.rb +82 -1
- data/spec/support/utils.rb +25 -4
- data.tar.gz.sig +0 -0
- metadata +1468 -1214
- metadata.gz.sig +0 -0
- data/lib/mongo/operation/delete/legacy.rb +0 -64
- data/lib/mongo/operation/insert/legacy.rb +0 -68
- data/lib/mongo/operation/update/legacy/result.rb +0 -112
- data/lib/mongo/operation/update/legacy.rb +0 -76
- data/spec/mongo/dbref_spec.rb +0 -152
- data/spec/mongo/operation/kill_cursors_spec.rb +0 -47
- data/spec/spec_tests/change_streams_spec.rb +0 -93
- data/spec/spec_tests/data/change_streams/change-streams-errors.yml +0 -101
- data/spec/spec_tests/data/change_streams/change-streams-resume-allowlist.yml +0 -1173
- data/spec/spec_tests/data/change_streams/change-streams-resume-errorLabels.yml +0 -1105
- data/spec/spec_tests/data/change_streams/change-streams.yml +0 -535
- data/spec/spec_tests/data/crud_v2/aggregate-merge.yml +0 -103
- data/spec/spec_tests/data/crud_v2/aggregate-out-readConcern.yml +0 -111
- data/spec/spec_tests/data/crud_v2/bulkWrite-arrayFilters.yml +0 -103
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-clientError.yml +0 -63
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-serverError.yml +0 -92
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint.yml +0 -103
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-clientError.yml +0 -90
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-serverError.yml +0 -147
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint.yml +0 -164
- data/spec/spec_tests/data/crud_v2/db-aggregate.yml +0 -39
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-serverError.yml +0 -62
- data/spec/spec_tests/data/crud_v2/deleteMany-hint.yml +0 -58
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-clientError.yml +0 -41
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-serverError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/deleteOne-hint.yml +0 -57
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-clientError.yml +0 -28
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-serverError.yml +0 -44
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse.yml +0 -50
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-clientError.yml +0 -45
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-serverError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint.yml +0 -56
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-serverError.yml +0 -59
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint.yml +0 -55
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-serverError.yml +0 -58
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint.yml +0 -55
- data/spec/spec_tests/data/crud_v2/replaceOne-hint.yml +0 -61
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-delete-hint-clientError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-update-hint-clientError.yml +0 -88
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteMany-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteOne-hint-clientError.yml +0 -38
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndDelete-hint-clientError.yml +0 -42
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndReplace-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndUpdate-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-replaceOne-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateMany-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateOne-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/updateMany-hint-clientError.yml +0 -45
- data/spec/spec_tests/data/crud_v2/updateMany-hint-serverError.yml +0 -66
- data/spec/spec_tests/data/crud_v2/updateMany-hint.yml +0 -65
- data/spec/spec_tests/data/crud_v2/updateOne-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/updateOne-hint-serverError.yml +0 -62
- data/spec/spec_tests/data/crud_v2/updateOne-hint.yml +0 -61
- data/spec/spec_tests/data/crud_v2/updateWithPipelines.yml +0 -157
- data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-4.9.yml +0 -60
- data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-serverErrors-4.9.yml +0 -146
- data/spec/support/crypt/corpus/corpus_encrypted.json +0 -4152
- data/spec/support/session_registry.rb +0 -55
@@ -19,7 +19,7 @@ module Mongo
|
|
19
19
|
module Crypt
|
20
20
|
|
21
21
|
# A Context object initialized specifically for the purpose of creating
|
22
|
-
# a data key in the key
|
22
|
+
# a data key in the key management system.
|
23
23
|
#
|
24
24
|
# @api private
|
25
25
|
class DataKeyContext < Context
|
@@ -30,116 +30,19 @@ module Mongo
|
|
30
30
|
# wraps a mongocrypt_t object used to create a new mongocrypt_ctx_t
|
31
31
|
# @param [ Mongo::Crypt::EncryptionIO ] io An object that performs all
|
32
32
|
# driver I/O on behalf of libmongocrypt
|
33
|
-
# @param [
|
34
|
-
#
|
35
|
-
# @param [
|
36
|
-
#
|
37
|
-
# @option options [ Hash ] :master_key A Hash of options related to the AWS
|
38
|
-
# KMS provider option. Required if kms_provider is "aws".
|
39
|
-
# - :region [ String ] The The AWS region of the master key (required).
|
40
|
-
# - :key [ String ] The Amazon Resource Name (ARN) of the master key (required).
|
41
|
-
# - :endpoint [ String ] An alternate host to send KMS requests to (optional).
|
42
|
-
# @option options [ Array<String> ] :key_alt_names An optional array of strings specifying
|
33
|
+
# @param [ Mongo::Crypt::KMS::MasterKeyDocument ] master_key_document The master
|
34
|
+
# key document that contains master encryption key parameters.
|
35
|
+
# @param [ Array<String> | nil ] key_alt_names An optional array of strings specifying
|
43
36
|
# alternate names for the new data key.
|
44
|
-
def initialize(mongocrypt, io,
|
37
|
+
def initialize(mongocrypt, io, master_key_document, key_alt_names = nil)
|
45
38
|
super(mongocrypt, io)
|
46
|
-
|
47
|
-
|
48
|
-
when 'local'
|
49
|
-
Binding.ctx_setopt_master_key_local(self)
|
50
|
-
when 'aws'
|
51
|
-
unless options
|
52
|
-
raise ArgumentError.new(
|
53
|
-
'When "aws" is specified as the KMS provider, options cannot be nil'
|
54
|
-
)
|
55
|
-
end
|
56
|
-
|
57
|
-
unless options.key?(:master_key)
|
58
|
-
raise ArgumentError.new(
|
59
|
-
'When "aws" is specified as the KMS provider, the options Hash ' +
|
60
|
-
'must contain a key named :master_key with a Hash value in the ' +
|
61
|
-
'{ region: "AWS-REGION", key: "AWS-KEY-ARN" }'
|
62
|
-
)
|
63
|
-
end
|
64
|
-
|
65
|
-
master_key_opts = options[:master_key]
|
66
|
-
|
67
|
-
set_aws_master_key(master_key_opts)
|
68
|
-
set_aws_endpoint(master_key_opts[:endpoint]) if master_key_opts[:endpoint]
|
69
|
-
else
|
70
|
-
raise ArgumentError.new(
|
71
|
-
"#{kms_provider} is an invalid kms provider. " +
|
72
|
-
"Valid options are 'aws' and 'local'"
|
73
|
-
)
|
74
|
-
end
|
75
|
-
|
76
|
-
set_key_alt_names(options[:key_alt_names]) if options[:key_alt_names]
|
39
|
+
Binding.ctx_setopt_key_encryption_key(self, master_key_document.to_document)
|
40
|
+
set_key_alt_names(key_alt_names) if key_alt_names
|
77
41
|
initialize_ctx
|
78
42
|
end
|
79
43
|
|
80
44
|
private
|
81
45
|
|
82
|
-
# Configure the underlying mongocrypt_ctx_t object to accept AWS
|
83
|
-
# KMS options
|
84
|
-
def set_aws_master_key(master_key_opts)
|
85
|
-
unless master_key_opts
|
86
|
-
raise ArgumentError.new('The :master_key option cannot be nil')
|
87
|
-
end
|
88
|
-
|
89
|
-
unless master_key_opts.is_a?(Hash)
|
90
|
-
raise ArgumentError.new(
|
91
|
-
"#{master_key_opts} is an invalid :master_key option. " +
|
92
|
-
"The :master_key option must be a Hash in the format " +
|
93
|
-
"{ region: 'AWS-REGION', key: 'AWS-KEY-ARN' }"
|
94
|
-
)
|
95
|
-
end
|
96
|
-
|
97
|
-
region = master_key_opts[:region]
|
98
|
-
unless region
|
99
|
-
raise ArgumentError.new(
|
100
|
-
'The value of :region option of the :master_key options hash cannot be nil'
|
101
|
-
)
|
102
|
-
end
|
103
|
-
|
104
|
-
unless region.is_a?(String)
|
105
|
-
raise ArgumentError.new(
|
106
|
-
"#{master_key_opts[:region]} is an invalid AWS master_key region. " +
|
107
|
-
"The value of :region option of the :master_key options hash must be a String"
|
108
|
-
)
|
109
|
-
end
|
110
|
-
|
111
|
-
key = master_key_opts[:key]
|
112
|
-
unless key
|
113
|
-
raise ArgumentError.new(
|
114
|
-
'The value of :key option of the :master_key options hash cannot be nil'
|
115
|
-
)
|
116
|
-
end
|
117
|
-
|
118
|
-
unless key.is_a?(String)
|
119
|
-
raise ArgumentError.new(
|
120
|
-
"#{master_key_opts[:key]} is an invalid AWS master_key key. " +
|
121
|
-
"The value of :key option of the :master_key options hash must be a String"
|
122
|
-
)
|
123
|
-
end
|
124
|
-
|
125
|
-
Binding.ctx_setopt_master_key_aws(
|
126
|
-
self,
|
127
|
-
region,
|
128
|
-
key,
|
129
|
-
)
|
130
|
-
end
|
131
|
-
|
132
|
-
def set_aws_endpoint(endpoint)
|
133
|
-
unless endpoint.is_a?(String)
|
134
|
-
raise ArgumentError.new(
|
135
|
-
"#{endpoint} is an invalid AWS master_key endpoint. " +
|
136
|
-
"The value of :endpoint option of the :master_key options hash must be a String"
|
137
|
-
)
|
138
|
-
end
|
139
|
-
|
140
|
-
Binding.ctx_setopt_master_key_aws_endpoint(self, endpoint)
|
141
|
-
end
|
142
|
-
|
143
46
|
# Set the alt names option on the context
|
144
47
|
def set_key_alt_names(key_alt_names)
|
145
48
|
unless key_alt_names.is_a?(Array)
|
@@ -38,6 +38,8 @@ module Mongo
|
|
38
38
|
# defaults to nil.
|
39
39
|
# @param [ Mongo::Client ] key_vault_client The client connected to the
|
40
40
|
# key vault collection.
|
41
|
+
# @param [ Mongo::Client | nil ] metadata_client The client to be used to
|
42
|
+
# obtain collection metadata.
|
41
43
|
# @param [ String ] key_vault_namespace The key vault namespace in the format
|
42
44
|
# db_name.collection_name.
|
43
45
|
# @param [ Hash ] mongocryptd_options Options related to mongocryptd.
|
@@ -54,7 +56,7 @@ module Mongo
|
|
54
56
|
# options are not nil and are in the correct format.
|
55
57
|
def initialize(
|
56
58
|
client: nil, mongocryptd_client: nil, key_vault_namespace:,
|
57
|
-
key_vault_client:, mongocryptd_options: {}
|
59
|
+
key_vault_client:, metadata_client:, mongocryptd_options: {}
|
58
60
|
)
|
59
61
|
validate_key_vault_client!(key_vault_client)
|
60
62
|
validate_key_vault_namespace!(key_vault_namespace)
|
@@ -63,6 +65,7 @@ module Mongo
|
|
63
65
|
@mongocryptd_client = mongocryptd_client
|
64
66
|
@key_vault_db_name, @key_vault_collection_name = key_vault_namespace.split('.')
|
65
67
|
@key_vault_client = key_vault_client
|
68
|
+
@metadata_client = metadata_client
|
66
69
|
@options = mongocryptd_options
|
67
70
|
end
|
68
71
|
|
@@ -91,11 +94,11 @@ module Mongo
|
|
91
94
|
#
|
92
95
|
# @return [ Hash ] The collection information
|
93
96
|
def collection_info(db_name, filter)
|
94
|
-
unless @
|
95
|
-
raise ArgumentError, 'collection_info requires
|
97
|
+
unless @metadata_client
|
98
|
+
raise ArgumentError, 'collection_info requires metadata_client to have been passed to the constructor, but it was not'
|
96
99
|
end
|
97
100
|
|
98
|
-
@
|
101
|
+
@metadata_client.use(db_name).database.list_collections(filter: filter).first
|
99
102
|
end
|
100
103
|
|
101
104
|
# Send the command to mongocryptd to be marked with intent-to-encrypt markings
|
@@ -124,16 +127,17 @@ module Mongo
|
|
124
127
|
return response.first
|
125
128
|
end
|
126
129
|
|
127
|
-
# Get information about the
|
130
|
+
# Get information about the remote KMS encryption key and feed it to the the
|
128
131
|
# KmsContext object
|
129
132
|
#
|
130
133
|
# @param [ Mongo::Crypt::KmsContext ] kms_context A KmsContext object
|
131
|
-
# corresponding to one
|
134
|
+
# corresponding to one remote KMS data key. Contains information about
|
132
135
|
# the endpoint at which to establish a TLS connection and the message
|
133
136
|
# to send on that connection.
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
+
# @param [ Hash ] tls_options. TLS options to connect to KMS provider.
|
138
|
+
# The options are same as for Mongo::Client.
|
139
|
+
def feed_kms(kms_context, tls_options)
|
140
|
+
with_ssl_socket(kms_context.endpoint, tls_options) do |ssl_socket|
|
137
141
|
Timeout.timeout(SOCKET_TIMEOUT, Error::SocketTimeoutError,
|
138
142
|
'Socket write operation timed out'
|
139
143
|
) do
|
@@ -242,6 +246,8 @@ module Mongo
|
|
242
246
|
# Provide a TLS socket to be used for KMS calls in a block API
|
243
247
|
#
|
244
248
|
# @param [ String ] endpoint The URI at which to connect the TLS socket.
|
249
|
+
# @param [ Hash ] tls_options. TLS options to connect to KMS provider.
|
250
|
+
# The options are same as for Mongo::Client.
|
245
251
|
# @yieldparam [ OpenSSL::SSL::SSLSocket ] ssl_socket Yields a TLS socket
|
246
252
|
# connected to the specified endpoint.
|
247
253
|
#
|
@@ -250,59 +256,21 @@ module Mongo
|
|
250
256
|
#
|
251
257
|
# @note The socket is always closed when the provided block has finished
|
252
258
|
# executing
|
253
|
-
def with_ssl_socket(endpoint)
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
tcp_socket = TCPSocket.open(host, port)
|
259
|
-
begin
|
260
|
-
tcp_socket.setsockopt(::Socket::IPPROTO_TCP, ::Socket::TCP_NODELAY, 1)
|
261
|
-
|
262
|
-
ssl_socket = OpenSSL::SSL::SSLSocket.new(tcp_socket)
|
263
|
-
begin
|
264
|
-
# tcp_socket will be closed when ssl_socket is closed
|
265
|
-
ssl_socket.sync_close = true
|
266
|
-
# perform SNI
|
267
|
-
ssl_socket.hostname = "#{host}:#{port}"
|
268
|
-
|
269
|
-
Timeout.timeout(
|
270
|
-
SOCKET_TIMEOUT,
|
271
|
-
Error::SocketTimeoutError,
|
272
|
-
"KMS socket connection timed out after #{SOCKET_TIMEOUT} seconds",
|
273
|
-
) do
|
274
|
-
ssl_socket.connect
|
275
|
-
end
|
276
|
-
|
277
|
-
yield(ssl_socket)
|
278
|
-
ensure
|
279
|
-
begin
|
280
|
-
Timeout.timeout(
|
281
|
-
SOCKET_TIMEOUT,
|
282
|
-
Error::SocketTimeoutError,
|
283
|
-
'KMS TLS socket close timed out'
|
284
|
-
) do
|
285
|
-
ssl_socket.sysclose
|
286
|
-
end
|
287
|
-
rescue
|
288
|
-
end
|
289
|
-
end
|
290
|
-
ensure
|
291
|
-
# Still close tcp socket manually in case TLS socket creation
|
292
|
-
# fails.
|
293
|
-
begin
|
294
|
-
Timeout.timeout(
|
295
|
-
SOCKET_TIMEOUT,
|
296
|
-
Error::SocketTimeoutError,
|
297
|
-
'KMS TCP socket close timed out'
|
298
|
-
) do
|
299
|
-
tcp_socket.close
|
300
|
-
end
|
301
|
-
rescue
|
302
|
-
end
|
259
|
+
def with_ssl_socket(endpoint, tls_options)
|
260
|
+
address = begin
|
261
|
+
host, port = endpoint.split(':')
|
262
|
+
port ||= 443 # All supported KMS APIs use this port by default.
|
263
|
+
Address.new([host, port].join(':'))
|
303
264
|
end
|
265
|
+
mongo_socket = address.socket(
|
266
|
+
SOCKET_TIMEOUT,
|
267
|
+
tls_options.merge(ssl: true)
|
268
|
+
)
|
269
|
+
yield(mongo_socket.socket)
|
304
270
|
rescue => e
|
305
|
-
raise Error::KmsError, "Error
|
271
|
+
raise Error::KmsError, "Error when connecting to KMS provider: #{e.class}: #{e.message}"
|
272
|
+
ensure
|
273
|
+
mongo_socket&.close
|
306
274
|
end
|
307
275
|
end
|
308
276
|
end
|
@@ -29,14 +29,17 @@ module Mongo
|
|
29
29
|
# to connect to the key vault collection.
|
30
30
|
# @param [ String ] key_vault_namespace The namespace of the key vault
|
31
31
|
# collection in the format "db_name.collection_name".
|
32
|
-
# @
|
33
|
-
# configuration information.
|
34
|
-
#
|
35
|
-
|
36
|
-
|
37
|
-
|
32
|
+
# @param [ Crypt::KMS::Credentials ] kms_providers A hash of key management service
|
33
|
+
# configuration information.
|
34
|
+
# @param [ Hash ] kms_tls_options TLS options to connect to KMS
|
35
|
+
# providers. Keys of the hash should be KSM provider names; values
|
36
|
+
# should be hashes of TLS connection options. The options are equivalent
|
37
|
+
# to TLS connection options of Mongo::Client.
|
38
|
+
def initialize(key_vault_client, key_vault_namespace, kms_providers, kms_tls_options)
|
39
|
+
@crypt_handle = Handle.new(kms_providers, kms_tls_options)
|
38
40
|
@encryption_io = EncryptionIO.new(
|
39
41
|
key_vault_client: key_vault_client,
|
42
|
+
metadata_client: nil,
|
40
43
|
key_vault_namespace: key_vault_namespace
|
41
44
|
)
|
42
45
|
end
|
@@ -45,30 +48,19 @@ module Mongo
|
|
45
48
|
# that key in the KMS collection. The generated key is encrypted with
|
46
49
|
# the KMS master key.
|
47
50
|
#
|
48
|
-
# @param [
|
49
|
-
#
|
50
|
-
# @param [
|
51
|
-
#
|
52
|
-
# @option options [ Hash ] :master_key Information about the AWS master key. Required
|
53
|
-
# if kms_provider is "aws".
|
54
|
-
# - :region [ String ] The The AWS region of the master key (required).
|
55
|
-
# - :key [ String ] The Amazon Resource Name (ARN) of the master key (required).
|
56
|
-
# - :endpoint [ String ] An alternate host to send KMS requests to (optional).
|
57
|
-
# endpoint should be a host name with an optional port number separated
|
58
|
-
# by a colon (e.g. "kms.us-east-1.amazonaws.com" or
|
59
|
-
# "kms.us-east-1.amazonaws.com:443"). An endpoint in any other format
|
60
|
-
# will not be properly parsed.
|
61
|
-
# @option options [ Array<String> ] :key_alt_names An optional array of strings specifying
|
51
|
+
# @param [ Mongo::Crypt::KMS::MasterKeyDocument ] master_key_document The master
|
52
|
+
# key document that contains master encryption key parameters.
|
53
|
+
# @param [ Array<String> | nil ] key_alt_names An optional array of strings specifying
|
62
54
|
# alternate names for the new data key.
|
63
55
|
#
|
64
56
|
# @return [ BSON::Binary ] The 16-byte UUID of the new data key as a
|
65
57
|
# BSON::Binary object with type :uuid.
|
66
|
-
def create_and_insert_data_key(
|
58
|
+
def create_and_insert_data_key(master_key_document, key_alt_names)
|
67
59
|
data_key_document = Crypt::DataKeyContext.new(
|
68
60
|
@crypt_handle,
|
69
61
|
@encryption_io,
|
70
|
-
|
71
|
-
|
62
|
+
master_key_document,
|
63
|
+
key_alt_names
|
72
64
|
).run_state_machine
|
73
65
|
|
74
66
|
@encryption_io.insert_data_key(data_key_document).inserted_id
|
@@ -85,14 +77,24 @@ module Mongo
|
|
85
77
|
# @option options [ String ] :key_alt_name The alternate name for the
|
86
78
|
# encryption key.
|
87
79
|
# @option options [ String ] :algorithm The algorithm used to encrypt the value.
|
88
|
-
# Valid algorithms are "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
|
89
|
-
#
|
80
|
+
# Valid algorithms are "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
|
81
|
+
# "AEAD_AES_256_CBC_HMAC_SHA_512-Random", "Indexed", "Unindexed".
|
82
|
+
# @option options [ Integer | nil ] :contention_factor Contention factor
|
83
|
+
# to be applied if encryption algorithm is set to "Indexed". If not
|
84
|
+
# provided, it defaults to a value of 0. Contention factor should be set
|
85
|
+
# only if encryption algorithm is set to "Indexed".
|
86
|
+
# @option options [ Symbol ] query_type Query type to be applied
|
87
|
+
# if encryption algorithm is set to "Indexed". Query type should be set
|
88
|
+
# only if encryption algorithm is set to "Indexed". The only allowed
|
89
|
+
# value is :equality.
|
90
90
|
#
|
91
91
|
# @note The :key_id and :key_alt_name options are mutually exclusive. Only
|
92
92
|
# one is required to perform explicit encryption.
|
93
93
|
#
|
94
94
|
# @return [ BSON::Binary ] A BSON Binary object of subtype 6 (ciphertext)
|
95
95
|
# representing the encrypted value
|
96
|
+
# @raise [ ArgumentError ] if either contention_factor or query_type
|
97
|
+
# is set, and algorithm is not "Indexed".
|
96
98
|
def encrypt(value, options)
|
97
99
|
Crypt::ExplicitEncryptionContext.new(
|
98
100
|
@crypt_handle,
|
@@ -38,8 +38,16 @@ module Mongo
|
|
38
38
|
# @option options [ String ] :key_alt_name The alternate name of the data key
|
39
39
|
# that will be used to encrypt the value.
|
40
40
|
# @option options [ String ] :algorithm The algorithm used to encrypt the
|
41
|
-
# value. Valid algorithms are "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
|
42
|
-
#
|
41
|
+
# value. Valid algorithms are "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
|
42
|
+
# "AEAD_AES_256_CBC_HMAC_SHA_512-Random", "Indexed", "Unindexed".
|
43
|
+
# @option options [ Integer | nil ] :contention_factor Contention factor
|
44
|
+
# to be applied if encryption algorithm is set to "Indexed". If not
|
45
|
+
# provided, it defaults to a value of 0. Contention factor should be set
|
46
|
+
# only if encryption algorithm is set to "Indexed".
|
47
|
+
# @option options [ Symbol ] query_type Query type to be applied
|
48
|
+
# if encryption algorithm is set to "Indexed". Query type should be set
|
49
|
+
# only if encryption algorithm is set to "Indexed". The only allowed
|
50
|
+
# value is :equality.
|
43
51
|
#
|
44
52
|
# @raise [ ArgumentError|Mongo::Error::CryptError ] If invalid options are provided
|
45
53
|
def initialize(mongocrypt, io, doc, options={})
|
@@ -81,7 +89,27 @@ module Mongo
|
|
81
89
|
|
82
90
|
# Set the algorithm option on the mongocrypt_ctx_t object and raises
|
83
91
|
# an exception if the algorithm is invalid.
|
84
|
-
|
92
|
+
if options[:algorithm] == 'Indexed'
|
93
|
+
if options[:contention_factor]
|
94
|
+
Binding.ctx_setopt_contention_factor(self, options[:contention_factor])
|
95
|
+
end
|
96
|
+
if options[:query_type]
|
97
|
+
Binding.ctx_setopt_query_type(self, options[:query_type])
|
98
|
+
end
|
99
|
+
Binding.ctx_setopt_index_type(self, :equality)
|
100
|
+
else
|
101
|
+
if options[:contention_factor]
|
102
|
+
raise ArgumentError.new(':contention_factor is allowed only for "Indexed" algorithm')
|
103
|
+
end
|
104
|
+
if options[:query_type]
|
105
|
+
raise ArgumentError.new(':query_type is allowed only for "Indexed" algorithm')
|
106
|
+
end
|
107
|
+
if options[:algorithm] == 'Unindexed'
|
108
|
+
Binding.ctx_setopt_index_type(self, :none)
|
109
|
+
else
|
110
|
+
Binding.ctx_setopt_algorithm(self, options[:algorithm])
|
111
|
+
end
|
112
|
+
end
|
85
113
|
|
86
114
|
# Initializes the mongocrypt_ctx_t object for explicit encryption and
|
87
115
|
# passes in the value to be encrypted.
|
data/lib/mongo/crypt/handle.rb
CHANGED
@@ -27,19 +27,28 @@ module Mongo
|
|
27
27
|
#
|
28
28
|
# @api private
|
29
29
|
class Handle
|
30
|
+
|
30
31
|
# Creates a new Handle object and initializes it with options
|
31
32
|
#
|
32
|
-
# @param [
|
33
|
-
#
|
34
|
-
#
|
35
|
-
#
|
36
|
-
#
|
33
|
+
# @param [ Crypt::KMS::Credentials ] kms_providers Credentials for KMS providers.
|
34
|
+
#
|
35
|
+
# @param [ Hash ] kms_tls_options TLS options to connect to KMS
|
36
|
+
# providers. Keys of the hash should be KSM provider names; values
|
37
|
+
# should be hashes of TLS connection options. The options are equivalent
|
38
|
+
# to TLS connection options of Mongo::Client.
|
37
39
|
#
|
40
|
+
# @param [ Hash ] options A hash of options.
|
38
41
|
# @option options [ Hash | nil ] :schema_map A hash representing the JSON schema
|
39
42
|
# of the collection that stores auto encrypted documents.
|
43
|
+
# @option options [ Hash | nil ] :encrypted_fields_map maps a collection
|
44
|
+
# namespace to an encryptedFields.
|
45
|
+
# - Note: If a collection is present on both the encryptedFieldsMap
|
46
|
+
# and schemaMap, an error will be raised.
|
47
|
+
# @option options [ Boolean | nil ] :bypass_query_analysis When true
|
48
|
+
# disables automatic analysis of outgoing commands.
|
40
49
|
# @option options [ Logger ] :logger A Logger object to which libmongocrypt logs
|
41
50
|
# will be sent
|
42
|
-
def initialize(kms_providers, options={})
|
51
|
+
def initialize(kms_providers, kms_tls_options, options={})
|
43
52
|
# FFI::AutoPointer uses a custom release strategy to automatically free
|
44
53
|
# the pointer once this object goes out of scope
|
45
54
|
@mongocrypt = FFI::AutoPointer.new(
|
@@ -47,15 +56,23 @@ module Mongo
|
|
47
56
|
Binding.method(:mongocrypt_destroy)
|
48
57
|
)
|
49
58
|
|
59
|
+
@kms_tls_options = kms_tls_options
|
60
|
+
|
50
61
|
@schema_map = options[:schema_map]
|
51
62
|
set_schema_map if @schema_map
|
52
63
|
|
64
|
+
@encrypted_fields_map = options[:encrypted_fields_map]
|
65
|
+
set_encrypted_fields_map if @encrypted_fields_map
|
66
|
+
|
67
|
+
@bypass_query_analysis = options[:bypass_query_analysis]
|
68
|
+
set_bypass_query_analysis if @bypass_query_analysis
|
69
|
+
|
53
70
|
@logger = options[:logger]
|
54
71
|
set_logger_callback if @logger
|
55
72
|
|
56
73
|
set_crypto_hooks
|
57
74
|
|
58
|
-
|
75
|
+
Binding.setopt_kms_providers(self, kms_providers.to_document)
|
59
76
|
initialize_mongocrypt
|
60
77
|
end
|
61
78
|
|
@@ -66,6 +83,16 @@ module Mongo
|
|
66
83
|
@mongocrypt
|
67
84
|
end
|
68
85
|
|
86
|
+
# Return TLS options for KMS provider. If there are no TLS options set,
|
87
|
+
# empty hash is returned.
|
88
|
+
#
|
89
|
+
# @param [ String ] provider KSM provider name.
|
90
|
+
#
|
91
|
+
# @return [ Hash ] TLS options to connect to KMS provider.
|
92
|
+
def kms_tls_options(provider)
|
93
|
+
@kms_tls_options.fetch(provider, {})
|
94
|
+
end
|
95
|
+
|
69
96
|
private
|
70
97
|
|
71
98
|
# Set the schema map option on the underlying mongocrypt_t object
|
@@ -79,6 +106,26 @@ module Mongo
|
|
79
106
|
Binding.setopt_schema_map(self, @schema_map)
|
80
107
|
end
|
81
108
|
|
109
|
+
def set_encrypted_fields_map
|
110
|
+
unless @encrypted_fields_map.is_a?(Hash)
|
111
|
+
raise ArgumentError.new(
|
112
|
+
"#{@encrypted_fields_map} is an invalid encrypted_fields_map: must be a Hash or nil"
|
113
|
+
)
|
114
|
+
end
|
115
|
+
|
116
|
+
Binding.setopt_encrypted_field_config_map(self, @encrypted_fields_map)
|
117
|
+
end
|
118
|
+
|
119
|
+
def set_bypass_query_analysis
|
120
|
+
unless [true, false].include?(@bypass_query_analysis)
|
121
|
+
raise ArgumentError.new(
|
122
|
+
"#{@bypass_query_analysis} is an invalid bypass_query_analysis value; must be a Boolean or nil"
|
123
|
+
)
|
124
|
+
end
|
125
|
+
|
126
|
+
Binding.setopt_bypass_query_analysis(self) if @bypass_query_analysis
|
127
|
+
end
|
128
|
+
|
82
129
|
# Send the logs from libmongocrypt to the Mongo::Logger
|
83
130
|
def set_logger_callback
|
84
131
|
@log_callback = Proc.new do |level, msg|
|
@@ -136,13 +183,13 @@ module Mongo
|
|
136
183
|
# Perform AES encryption or decryption and write the output to the
|
137
184
|
# provided mongocrypt_binary_t object.
|
138
185
|
def do_aes(key_binary_p, iv_binary_p, input_binary_p, output_binary_p,
|
139
|
-
response_length_p, status_p, decrypt: false)
|
186
|
+
response_length_p, status_p, decrypt: false, mode: :CBC)
|
140
187
|
key = Binary.from_pointer(key_binary_p).to_s
|
141
188
|
iv = Binary.from_pointer(iv_binary_p).to_s
|
142
189
|
input = Binary.from_pointer(input_binary_p).to_s
|
143
190
|
|
144
191
|
write_binary_string_and_set_status(output_binary_p, status_p) do
|
145
|
-
output = Hooks.aes(key, iv, input, decrypt: decrypt)
|
192
|
+
output = Hooks.aes(key, iv, input, decrypt: decrypt, mode: mode)
|
146
193
|
response_length_p.write_int(output.bytesize)
|
147
194
|
|
148
195
|
output
|
@@ -161,7 +208,19 @@ module Mongo
|
|
161
208
|
end
|
162
209
|
end
|
163
210
|
|
164
|
-
#
|
211
|
+
# Perform signing using RSASSA-PKCS1-v1_5 with SHA256 hash and write
|
212
|
+
# the output to the provided mongocrypt_binary_t object.
|
213
|
+
def do_rsaes_pkcs_signature(key_binary_p, input_binary_p,
|
214
|
+
output_binary_p, status_p)
|
215
|
+
key = Binary.from_pointer(key_binary_p).to_s
|
216
|
+
input = Binary.from_pointer(input_binary_p).to_s
|
217
|
+
|
218
|
+
write_binary_string_and_set_status(output_binary_p, status_p) do
|
219
|
+
Hooks.rsaes_pkcs_signature(key, input)
|
220
|
+
end
|
221
|
+
end
|
222
|
+
|
223
|
+
# We are building libmongocrypt without crypto functions to remove the
|
165
224
|
# external dependency on OpenSSL. This method binds native Ruby crypto
|
166
225
|
# methods to the underlying mongocrypt_t object so that libmongocrypt can
|
167
226
|
# still perform cryptography.
|
@@ -227,85 +286,49 @@ module Mongo
|
|
227
286
|
@hmac_sha_256,
|
228
287
|
@hmac_hash,
|
229
288
|
)
|
230
|
-
end
|
231
|
-
|
232
|
-
# Validate the kms_providers option and use it to set the KMS provider
|
233
|
-
# information on the underlying mongocrypt_t object
|
234
|
-
def set_kms_providers(kms_providers)
|
235
|
-
unless kms_providers
|
236
|
-
raise ArgumentError.new("The kms_providers option must not be nil")
|
237
|
-
end
|
238
|
-
|
239
|
-
unless kms_providers.key?(:local) || kms_providers.key?(:aws)
|
240
|
-
raise ArgumentError.new(
|
241
|
-
'The kms_providers option must have one of the following keys: ' +
|
242
|
-
':aws, :local'
|
243
|
-
)
|
244
|
-
end
|
245
|
-
|
246
|
-
set_kms_providers_local(kms_providers) if kms_providers.key?(:local)
|
247
|
-
set_kms_providers_aws(kms_providers) if kms_providers.key?(:aws)
|
248
|
-
end
|
249
289
|
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
290
|
+
@aes_ctr_encrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
|
291
|
+
output_binary_p, response_length_p, status_p|
|
292
|
+
do_aes(
|
293
|
+
key_binary_p,
|
294
|
+
iv_binary_p,
|
295
|
+
input_binary_p,
|
296
|
+
output_binary_p,
|
297
|
+
response_length_p,
|
298
|
+
status_p,
|
299
|
+
mode: :CTR,
|
258
300
|
)
|
259
301
|
end
|
260
302
|
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
access_key_id = kms_providers[:aws][:access_key_id]
|
273
|
-
secret_access_key = kms_providers[:aws][:secret_access_key]
|
274
|
-
|
275
|
-
unless kms_providers[:aws].key?(:access_key_id) &&
|
276
|
-
kms_providers[:aws].key?(:secret_access_key)
|
277
|
-
raise ArgumentError.new(
|
278
|
-
"The specified aws kms_providers option is invalid: #{kms_providers[:aws]}. " +
|
279
|
-
"kms_providers with :aws key must be in the format: " +
|
280
|
-
"{ aws: { access_key_id: 'YOUR-ACCESS-KEY-ID', secret_access_key: 'SECRET-ACCESS-KEY' } }"
|
303
|
+
@aes_ctr_decrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
|
304
|
+
output_binary_p, response_length_p, status_p|
|
305
|
+
do_aes(
|
306
|
+
key_binary_p,
|
307
|
+
iv_binary_p,
|
308
|
+
input_binary_p,
|
309
|
+
output_binary_p,
|
310
|
+
response_length_p,
|
311
|
+
status_p,
|
312
|
+
decrypt: true,
|
313
|
+
mode: :CTR,
|
281
314
|
)
|
282
315
|
end
|
283
316
|
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
"currently have nil"
|
290
|
-
)
|
291
|
-
end
|
292
|
-
|
293
|
-
unless value.is_a?(String)
|
294
|
-
raise ArgumentError.new(
|
295
|
-
"The aws #{key} option must be a String with at least one character; " \
|
296
|
-
"currently have #{value}"
|
297
|
-
)
|
298
|
-
end
|
317
|
+
Binding.setopt_aes_256_ctr(
|
318
|
+
self,
|
319
|
+
@aes_ctr_encrypt,
|
320
|
+
@aes_ctr_decrypt,
|
321
|
+
)
|
299
322
|
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
"it is currently an empty string"
|
304
|
-
)
|
305
|
-
end
|
323
|
+
@rsaes_pkcs_signature_cb = Proc.new do |_, key_binary_p, input_binary_p,
|
324
|
+
output_binary_p, status_p|
|
325
|
+
do_rsaes_pkcs_signature(key_binary_p, input_binary_p, output_binary_p, status_p)
|
306
326
|
end
|
307
327
|
|
308
|
-
Binding.
|
328
|
+
Binding.setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(
|
329
|
+
self,
|
330
|
+
@rsaes_pkcs_signature_cb
|
331
|
+
)
|
309
332
|
end
|
310
333
|
|
311
334
|
# Initialize the underlying mongocrypt_t object and raise an error if the operation fails
|