mongo 2.17.3 → 2.18.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +21 -37
- data/lib/mongo/auth/base.rb +8 -1
- data/lib/mongo/auth.rb +12 -1
- data/lib/mongo/bulk_write/result.rb +10 -1
- data/lib/mongo/bulk_write/result_combiner.rb +2 -4
- data/lib/mongo/bulk_write.rb +108 -28
- data/lib/mongo/client.rb +114 -12
- data/lib/mongo/client_encryption.rb +30 -9
- data/lib/mongo/cluster/reapers/cursor_reaper.rb +11 -1
- data/lib/mongo/cluster.rb +20 -24
- data/lib/mongo/collection/helpers.rb +43 -0
- data/lib/mongo/collection/queryable_encryption.rb +122 -0
- data/lib/mongo/collection/view/aggregation.rb +19 -16
- data/lib/mongo/collection/view/change_stream.rb +56 -23
- data/lib/mongo/collection/view/explainable.rb +1 -1
- data/lib/mongo/collection/view/iterable.rb +2 -3
- data/lib/mongo/collection/view/map_reduce.rb +18 -9
- data/lib/mongo/collection/view/readable.rb +19 -23
- data/lib/mongo/collection/view/writable.rb +133 -40
- data/lib/mongo/collection.rb +108 -48
- data/lib/mongo/config/options.rb +62 -0
- data/lib/mongo/config/validators/option.rb +26 -0
- data/lib/mongo/config.rb +31 -0
- data/lib/mongo/crypt/auto_encrypter.rb +79 -6
- data/lib/mongo/crypt/binding.rb +395 -143
- data/lib/mongo/crypt/context.rb +5 -2
- data/lib/mongo/crypt/data_key_context.rb +7 -104
- data/lib/mongo/crypt/encryption_io.rb +28 -60
- data/lib/mongo/crypt/explicit_encrypter.rb +27 -25
- data/lib/mongo/crypt/explicit_encryption_context.rb +31 -3
- data/lib/mongo/crypt/handle.rb +102 -79
- data/lib/mongo/crypt/hooks.rb +25 -2
- data/lib/mongo/crypt/kms/aws.rb +128 -0
- data/lib/mongo/crypt/kms/azure.rb +136 -0
- data/lib/mongo/crypt/kms/credentials.rb +81 -0
- data/lib/mongo/crypt/kms/gcp.rb +182 -0
- data/lib/mongo/crypt/kms/kmip.rb +110 -0
- data/lib/mongo/crypt/kms/local.rb +74 -0
- data/lib/mongo/crypt/kms/master_key_document.rb +65 -0
- data/lib/mongo/crypt/kms.rb +117 -0
- data/lib/mongo/crypt.rb +1 -0
- data/lib/mongo/cursor/kill_spec.rb +27 -6
- data/lib/mongo/cursor.rb +21 -16
- data/lib/mongo/database/view.rb +6 -3
- data/lib/mongo/database.rb +73 -12
- data/lib/mongo/dbref.rb +1 -105
- data/lib/mongo/error/bulk_write_error.rb +31 -4
- data/lib/mongo/error/invalid_config_option.rb +20 -0
- data/lib/mongo/error/invalid_replacement_document.rb +27 -9
- data/lib/mongo/error/invalid_update_document.rb +27 -7
- data/lib/mongo/error/labelable.rb +72 -0
- data/lib/mongo/error/missing_connection.rb +25 -0
- data/lib/mongo/error/notable.rb +7 -0
- data/lib/mongo/error/operation_failure.rb +34 -86
- data/lib/mongo/error/read_write_retryable.rb +108 -0
- data/lib/mongo/{operation/kill_cursors/legacy.rb → error/session_not_materialized.rb} +7 -19
- data/lib/mongo/error.rb +5 -37
- data/lib/mongo/index/view.rb +22 -7
- data/lib/mongo/monitoring/event/command_failed.rb +8 -2
- data/lib/mongo/monitoring/event/command_started.rb +1 -1
- data/lib/mongo/monitoring/event/command_succeeded.rb +9 -2
- data/lib/mongo/monitoring/publishable.rb +9 -5
- data/lib/mongo/operation/collections_info/result.rb +5 -2
- data/lib/mongo/operation/command/op_msg.rb +6 -0
- data/lib/mongo/operation/context.rb +24 -6
- data/lib/mongo/operation/count/op_msg.rb +4 -1
- data/lib/mongo/operation/create/op_msg.rb +16 -1
- data/lib/mongo/operation/create_index/op_msg.rb +2 -1
- data/lib/mongo/operation/delete/op_msg.rb +1 -0
- data/lib/mongo/operation/delete.rb +0 -1
- data/lib/mongo/operation/drop_index/op_msg.rb +5 -1
- data/lib/mongo/operation/get_more/command_builder.rb +5 -1
- data/lib/mongo/operation/insert/bulk_result.rb +5 -1
- data/lib/mongo/operation/insert/command.rb +0 -4
- data/lib/mongo/operation/insert/op_msg.rb +6 -3
- data/lib/mongo/operation/insert/result.rb +6 -3
- data/lib/mongo/operation/insert.rb +0 -1
- data/lib/mongo/operation/kill_cursors.rb +0 -1
- data/lib/mongo/operation/list_collections/op_msg.rb +4 -1
- data/lib/mongo/operation/map_reduce/result.rb +16 -0
- data/lib/mongo/operation/result.rb +21 -5
- data/lib/mongo/operation/shared/executable.rb +21 -6
- data/lib/mongo/operation/shared/polymorphic_operation.rb +15 -3
- data/lib/mongo/operation/shared/response_handling.rb +6 -5
- data/lib/mongo/operation/shared/sessions_supported.rb +3 -7
- data/lib/mongo/operation/shared/write.rb +18 -12
- data/lib/mongo/operation/update/op_msg.rb +2 -1
- data/lib/mongo/operation/update.rb +0 -1
- data/lib/mongo/protocol/caching_hash.rb +69 -0
- data/lib/mongo/protocol/msg.rb +37 -1
- data/lib/mongo/protocol.rb +1 -0
- data/lib/mongo/query_cache.rb +15 -0
- data/lib/mongo/retryable.rb +78 -30
- data/lib/mongo/server/connection.rb +33 -0
- data/lib/mongo/server/connection_base.rb +2 -0
- data/lib/mongo/server/connection_common.rb +4 -1
- data/lib/mongo/server/connection_pool.rb +69 -42
- data/lib/mongo/server/description/features.rb +3 -1
- data/lib/mongo/server/description.rb +7 -2
- data/lib/mongo/server/monitor/connection.rb +5 -10
- data/lib/mongo/server/monitor.rb +21 -13
- data/lib/mongo/server/push_monitor.rb +9 -3
- data/lib/mongo/server.rb +9 -5
- data/lib/mongo/session/session_pool.rb +8 -0
- data/lib/mongo/session.rb +111 -35
- data/lib/mongo/socket/ocsp_verifier.rb +4 -5
- data/lib/mongo/socket/tcp.rb +3 -0
- data/lib/mongo/srv/resolver.rb +24 -3
- data/lib/mongo/uri/options_mapper.rb +2 -0
- data/lib/mongo/uri/srv_protocol.rb +1 -1
- data/lib/mongo/uri.rb +20 -0
- data/lib/mongo/version.rb +1 -1
- data/lib/mongo.rb +20 -0
- data/mongo.gemspec +10 -4
- data/spec/README.md +5 -5
- data/spec/integration/aws_lambda_examples_spec.rb +68 -0
- data/spec/integration/bulk_write_error_message_spec.rb +32 -0
- data/spec/integration/bulk_write_spec.rb +0 -16
- data/spec/integration/change_stream_spec.rb +6 -5
- data/spec/integration/client_construction_spec.rb +1 -1
- data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +9 -9
- data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +18 -19
- data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +0 -1
- data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +31 -0
- data/spec/integration/client_side_encryption/auto_encryption_spec.rb +108 -1
- data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +2 -2
- data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +2 -2
- data/spec/integration/client_side_encryption/client_close_spec.rb +1 -1
- data/spec/integration/client_side_encryption/corpus_spec.rb +64 -35
- data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +39 -42
- data/spec/integration/client_side_encryption/data_key_spec.rb +97 -7
- data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +59 -0
- data/spec/integration/client_side_encryption/explicit_queryable_encryption_spec.rb +147 -0
- data/spec/integration/client_side_encryption/external_key_vault_spec.rb +6 -6
- data/spec/integration/client_side_encryption/kms_tls_options_spec.rb +394 -0
- data/spec/integration/client_side_encryption/kms_tls_spec.rb +92 -0
- data/spec/integration/client_side_encryption/queryable_encryption_examples_spec.rb +111 -0
- data/spec/integration/client_side_encryption/views_spec.rb +1 -1
- data/spec/integration/client_update_spec.rb +2 -2
- data/spec/integration/crud_spec.rb +12 -0
- data/spec/integration/cursor_pinning_spec.rb +3 -3
- data/spec/integration/fork_reconnect_spec.rb +15 -8
- data/spec/integration/grid_fs_bucket_spec.rb +3 -3
- data/spec/integration/ocsp_verifier_spec.rb +1 -0
- data/spec/integration/query_cache_spec.rb +34 -30
- data/spec/integration/retryable_writes/retryable_writes_36_and_older_spec.rb +1 -1
- data/spec/integration/sdam_events_spec.rb +0 -40
- data/spec/integration/server_monitor_spec.rb +2 -1
- data/spec/integration/size_limit_spec.rb +4 -1
- data/spec/integration/snapshot_query_examples_spec.rb +127 -0
- data/spec/integration/srv_monitoring_spec.rb +37 -0
- data/spec/integration/step_down_spec.rb +20 -4
- data/spec/integration/transaction_pinning_spec.rb +2 -2
- data/spec/integration/versioned_api_examples_spec.rb +37 -31
- data/spec/lite_spec_helper.rb +14 -5
- data/spec/mongo/address/ipv6_spec.rb +7 -0
- data/spec/mongo/address_spec.rb +7 -0
- data/spec/mongo/auth/scram/conversation_spec.rb +23 -23
- data/spec/mongo/auth/scram256/conversation_spec.rb +20 -20
- data/spec/mongo/auth/scram_negotiation_spec.rb +1 -0
- data/spec/mongo/bulk_write/result_spec.rb +15 -1
- data/spec/mongo/bulk_write_spec.rb +128 -20
- data/spec/mongo/client_construction_spec.rb +141 -7
- data/spec/mongo/client_encryption_spec.rb +11 -11
- data/spec/mongo/client_spec.rb +297 -1
- data/spec/mongo/cluster/cursor_reaper_spec.rb +21 -3
- data/spec/mongo/cluster_spec.rb +0 -44
- data/spec/mongo/collection/view/aggregation_spec.rb +2 -2
- data/spec/mongo/collection/view/change_stream_spec.rb +2 -2
- data/spec/mongo/collection/view/readable_spec.rb +35 -56
- data/spec/mongo/collection/view/writable_spec.rb +144 -32
- data/spec/mongo/collection_crud_spec.rb +63 -13
- data/spec/mongo/config/options_spec.rb +75 -0
- data/spec/mongo/config_spec.rb +73 -0
- data/spec/mongo/crypt/auto_decryption_context_spec.rb +17 -1
- data/spec/mongo/crypt/auto_encrypter_spec.rb +106 -0
- data/spec/mongo/crypt/auto_encryption_context_spec.rb +17 -1
- data/spec/mongo/crypt/binding/context_spec.rb +99 -17
- data/spec/mongo/crypt/binding/mongocrypt_spec.rb +17 -46
- data/spec/mongo/crypt/binding/version_spec.rb +25 -0
- data/spec/mongo/crypt/binding_unloaded_spec.rb +14 -0
- data/spec/mongo/crypt/data_key_context_spec.rb +42 -114
- data/spec/mongo/crypt/encryption_io_spec.rb +2 -0
- data/spec/mongo/crypt/explicit_decryption_context_spec.rb +32 -1
- data/spec/mongo/crypt/explicit_encryption_context_spec.rb +89 -1
- data/spec/mongo/crypt/handle_spec.rb +47 -169
- data/spec/mongo/crypt/hooks_spec.rb +30 -0
- data/spec/mongo/crypt/kms/credentials_spec.rb +404 -0
- data/spec/mongo/crypt/kms_spec.rb +59 -0
- data/spec/mongo/cursor_spec.rb +37 -51
- data/spec/mongo/database_spec.rb +66 -1
- data/spec/mongo/error/operation_failure_heavy_spec.rb +49 -0
- data/spec/mongo/index/view_spec.rb +69 -0
- data/spec/mongo/operation/create/op_msg_spec.rb +286 -0
- data/spec/mongo/operation/delete/op_msg_spec.rb +13 -4
- data/spec/mongo/operation/delete_spec.rb +0 -30
- data/spec/mongo/operation/insert/op_msg_spec.rb +18 -10
- data/spec/mongo/operation/insert_spec.rb +0 -32
- data/spec/mongo/operation/result_spec.rb +20 -0
- data/spec/mongo/operation/update/op_msg_spec.rb +13 -4
- data/spec/mongo/operation/update_spec.rb +0 -29
- data/spec/mongo/protocol/caching_hash_spec.rb +82 -0
- data/spec/mongo/protocol/msg_spec.rb +41 -0
- data/spec/mongo/query_cache_spec.rb +1 -0
- data/spec/mongo/retryable_spec.rb +32 -3
- data/spec/mongo/server/connection_auth_spec.rb +3 -1
- data/spec/mongo/server/connection_common_spec.rb +13 -1
- data/spec/mongo/server/connection_pool_spec.rb +94 -49
- data/spec/mongo/server/connection_spec.rb +50 -159
- data/spec/mongo/server/description/features_spec.rb +24 -0
- data/spec/mongo/server/push_monitor_spec.rb +2 -8
- data/spec/mongo/session_spec.rb +26 -6
- data/spec/mongo/session_transaction_spec.rb +2 -1
- data/spec/mongo/socket/ssl_spec.rb +15 -4
- data/spec/mongo/uri/srv_protocol_spec.rb +101 -2
- data/spec/mongo/uri_spec.rb +25 -0
- data/spec/runners/connection_string.rb +8 -0
- data/spec/runners/crud/operation.rb +12 -3
- data/spec/runners/crud/requirement.rb +3 -3
- data/spec/runners/crud/spec.rb +5 -0
- data/spec/runners/crud/verifier.rb +6 -0
- data/spec/runners/transactions/test.rb +33 -14
- data/spec/runners/transactions.rb +9 -6
- data/spec/runners/unified/assertions.rb +59 -10
- data/spec/runners/unified/change_stream_operations.rb +9 -0
- data/spec/runners/unified/crud_operations.rb +50 -2
- data/spec/runners/unified/ddl_operations.rb +20 -0
- data/spec/runners/unified/error.rb +2 -1
- data/spec/runners/unified/support_operations.rb +5 -2
- data/spec/runners/unified/test.rb +19 -4
- data/spec/runners/unified.rb +9 -2
- data/spec/shared/lib/mrss/constraints.rb +10 -17
- data/spec/shared/lib/mrss/docker_runner.rb +21 -3
- data/spec/shared/lib/mrss/lite_constraints.rb +32 -1
- data/spec/shared/lib/mrss/session_registry.rb +69 -0
- data/spec/shared/lib/mrss/session_registry_legacy.rb +60 -0
- data/spec/shared/share/Dockerfile.erb +56 -54
- data/spec/shared/shlib/config.sh +27 -0
- data/spec/shared/shlib/distro.sh +2 -1
- data/spec/shared/shlib/server.sh +46 -21
- data/spec/shared/shlib/set_env.sh +40 -5
- data/spec/spec_helper.rb +0 -1
- data/spec/spec_tests/crud_spec.rb +0 -10
- data/spec/spec_tests/data/change_streams_unified/change-streams-errors.yml +124 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-pre_and_post_images.yml +351 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-allowlist.yml +1171 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-errorLabels.yml +1068 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams.yml +859 -4
- data/spec/spec_tests/data/client_side_encryption/aggregate.yml +3 -17
- data/spec/spec_tests/data/client_side_encryption/azureKMS.yml +46 -0
- data/spec/spec_tests/data/client_side_encryption/badQueries.yml +12 -2
- data/spec/spec_tests/data/client_side_encryption/basic.yml +3 -17
- data/spec/spec_tests/data/client_side_encryption/bulk.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +2 -2
- data/spec/spec_tests/data/client_side_encryption/count.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/delete.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/distinct.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/explain.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/find.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/fle2-BypassQueryAnalysis.yml +101 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Compact.yml +80 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-CreateCollection.yml +1263 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-DecryptExistingData.yml +64 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Delete.yml +107 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-EncryptedFieldsMap.yml +80 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-jsonSchema.yml +90 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFieldsMap-defaults.yml +57 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-FindOneAndUpdate.yml +213 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Indexed.yml +86 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Unindexed.yml +83 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-MissingKey.yml +41 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-NoEncryption.yml +42 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Update.yml +221 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-validatorAndPartialFieldExpression.yml +168 -0
- data/spec/spec_tests/data/client_side_encryption/gcpKMS.yml +46 -0
- data/spec/spec_tests/data/client_side_encryption/getMore.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/insert.yml +2 -16
- data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/localKMS.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/localSchema.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +2 -0
- data/spec/spec_tests/data/client_side_encryption/missingKey.yml +2 -9
- data/spec/spec_tests/data/client_side_encryption/noSchema.yml +39 -0
- data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/types.yml +44 -70
- data/spec/spec_tests/data/client_side_encryption/updateMany.yml +1 -8
- data/spec/spec_tests/data/client_side_encryption/updateOne.yml +1 -8
- data/spec/spec_tests/data/collection_management/clustered-indexes.yml +135 -0
- data/spec/spec_tests/data/collection_management/createCollection-pre_and_post_images.yml +50 -0
- data/spec/spec_tests/data/collection_management/modifyCollection-pre_and_post_images.yml +58 -0
- data/spec/spec_tests/data/command_monitoring_unified/pre-42-server-connection-id.yml +56 -0
- data/spec/spec_tests/data/command_monitoring_unified/server-connection-id.yml +56 -0
- data/spec/spec_tests/data/crud/read/aggregate-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/count-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/distinct-collation.yml +1 -1
- data/spec/spec_tests/data/crud/read/find-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/bulkWrite-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/deleteMany-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/deleteOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndDelete-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndReplace-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/findOneAndUpdate-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/replaceOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/updateMany-collation.yml +1 -1
- data/spec/spec_tests/data/crud/write/updateOne-collation.yml +1 -1
- data/spec/spec_tests/data/crud_unified/aggregate-allowdiskuse.yml +75 -0
- data/spec/spec_tests/data/crud_unified/aggregate-merge.yml +185 -0
- data/spec/spec_tests/data/crud_unified/aggregate-out-readConcern.yml +171 -0
- data/spec/spec_tests/data/crud_unified/aggregate.yml +215 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters-clientError.yml +98 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters.yml +174 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-comment.yml +189 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-clientError.yml +113 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-serverError.yml +142 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint.yml +154 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-hint-unacknowledged.yml +98 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-let.yml +86 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-hint-unacknowledged.yml +97 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-let.yml +86 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-insertOne-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-dots_and_dollars.yml +165 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-hint-unacknowledged.yml +103 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-let.yml +93 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-clientError.yml +148 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-serverError.yml +239 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint.yml +256 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-update-validation.yml +73 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-dots_and_dollars.yml +150 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-hint-unacknowledged.yml +104 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-let.yml +96 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-dots_and_dollars.yml +150 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-hint-unacknowledged.yml +103 -0
- data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-let.yml +95 -0
- data/spec/spec_tests/data/crud_unified/countDocuments-comment.yml +92 -0
- data/spec/spec_tests/data/crud_unified/db-aggregate.yml +73 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-comment.yml +97 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-clientError.yml +87 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-serverError.yml +107 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint-unacknowledged.yml +90 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-hint.yml +99 -0
- data/spec/spec_tests/data/crud_unified/deleteMany-let.yml +2 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-comment.yml +98 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-clientError.yml +80 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-serverError.yml +100 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint-unacknowledged.yml +89 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-hint.yml +95 -0
- data/spec/spec_tests/data/crud_unified/deleteOne-let.yml +2 -0
- data/spec/spec_tests/data/crud_unified/estimatedDocumentCount-comment.yml +95 -0
- data/spec/spec_tests/data/crud_unified/estimatedDocumentCount.yml +5 -135
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse-clientError.yml +55 -0
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse-serverError.yml +68 -0
- data/spec/spec_tests/data/crud_unified/find-allowdiskuse.yml +79 -0
- data/spec/spec_tests/data/crud_unified/find-comment.yml +166 -0
- data/spec/spec_tests/data/crud_unified/find.yml +68 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-comment.yml +96 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-clientError.yml +91 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-serverError.yml +107 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-unacknowledged.yml +88 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint.yml +102 -0
- data/spec/spec_tests/data/crud_unified/findOneAndDelete-let.yml +2 -4
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-comment.yml +101 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-dots_and_dollars.yml +140 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-clientError.yml +83 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-serverError.yml +99 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-unacknowledged.yml +96 -0
- data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint.yml +98 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-comment.yml +95 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-dots_and_dollars.yml +127 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-clientError.yml +84 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-serverError.yml +100 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-unacknowledged.yml +92 -0
- data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint.yml +99 -0
- data/spec/spec_tests/data/crud_unified/insertMany-comment.yml +93 -0
- data/spec/spec_tests/data/crud_unified/insertMany-dots_and_dollars.yml +128 -0
- data/spec/spec_tests/data/crud_unified/insertOne-comment.yml +91 -0
- data/spec/spec_tests/data/crud_unified/insertOne-dots_and_dollars.yml +238 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-comment.yml +105 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-dots_and_dollars.yml +180 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-hint-unacknowledged.yml +95 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-hint.yml +108 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-let.yml +98 -0
- data/spec/spec_tests/data/crud_unified/replaceOne-validation.yml +37 -0
- data/spec/spec_tests/data/crud_unified/updateMany-comment.yml +104 -0
- data/spec/spec_tests/data/crud_unified/updateMany-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-clientError.yml +91 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-serverError.yml +115 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint-unacknowledged.yml +96 -0
- data/spec/spec_tests/data/crud_unified/updateMany-hint.yml +115 -0
- data/spec/spec_tests/data/crud_unified/updateMany-let.yml +5 -1
- data/spec/spec_tests/data/crud_unified/updateMany-validation.yml +39 -0
- data/spec/spec_tests/data/crud_unified/updateOne-comment.yml +104 -0
- data/spec/spec_tests/data/crud_unified/updateOne-dots_and_dollars.yml +138 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-clientError.yml +85 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-serverError.yml +109 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint-unacknowledged.yml +95 -0
- data/spec/spec_tests/data/crud_unified/updateOne-hint.yml +109 -0
- data/spec/spec_tests/data/crud_unified/updateOne-let.yml +5 -1
- data/spec/spec_tests/data/crud_unified/updateOne-validation.yml +37 -0
- data/spec/spec_tests/data/crud_unified/updateWithPipelines.yml +8 -14
- data/spec/spec_tests/data/retryable_reads/{aggregate-merge.yml → legacy/aggregate-merge.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{aggregate-serverErrors.yml → legacy/aggregate-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{aggregate.yml → legacy/aggregate.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch-serverErrors.yml → legacy/changeStreams-client.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch.yml → legacy/changeStreams-client.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch-serverErrors.yml → legacy/changeStreams-db.coll.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch.yml → legacy/changeStreams-db.coll.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch-serverErrors.yml → legacy/changeStreams-db.watch-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch.yml → legacy/changeStreams-db.watch.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{count-serverErrors.yml → legacy/count-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{count.yml → legacy/count.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{countDocuments-serverErrors.yml → legacy/countDocuments-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{countDocuments.yml → legacy/countDocuments.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{distinct-serverErrors.yml → legacy/distinct-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{distinct.yml → legacy/distinct.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-serverErrors-pre4.9.yml → legacy/estimatedDocumentCount-serverErrors.yml} +0 -2
- data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-pre4.9.yml → legacy/estimatedDocumentCount.yml} +0 -2
- data/spec/spec_tests/data/retryable_reads/{find-serverErrors.yml → legacy/find-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{find.yml → legacy/find.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{findOne-serverErrors.yml → legacy/findOne-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{findOne.yml → legacy/findOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-download-serverErrors.yml → legacy/gridfs-download-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-download.yml → legacy/gridfs-download.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName-serverErrors.yml → legacy/gridfs-downloadByName-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName.yml → legacy/gridfs-downloadByName.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionNames-serverErrors.yml → legacy/listCollectionNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionNames.yml → legacy/listCollectionNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionObjects-serverErrors.yml → legacy/listCollectionObjects-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollectionObjects.yml → legacy/listCollectionObjects.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollections-serverErrors.yml → legacy/listCollections-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listCollections.yml → legacy/listCollections.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseNames-serverErrors.yml → legacy/listDatabaseNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseNames.yml → legacy/listDatabaseNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects-serverErrors.yml → legacy/listDatabaseObjects-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects.yml → legacy/listDatabaseObjects.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabases-serverErrors.yml → legacy/listDatabases-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listDatabases.yml → legacy/listDatabases.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexNames-serverErrors.yml → legacy/listIndexNames-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexNames.yml → legacy/listIndexNames.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexes-serverErrors.yml → legacy/listIndexes-serverErrors.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{listIndexes.yml → legacy/listIndexes.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/{mapReduce.yml → legacy/mapReduce.yml} +0 -0
- data/spec/spec_tests/data/retryable_reads/unified/handshakeError.yml +129 -0
- data/spec/spec_tests/data/retryable_writes/{bulkWrite-errorLabels.yml → legacy/bulkWrite-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{bulkWrite-serverErrors.yml → legacy/bulkWrite-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{bulkWrite.yml → legacy/bulkWrite.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteMany.yml → legacy/deleteMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteOne-errorLabels.yml → legacy/deleteOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{deleteOne-serverErrors.yml → legacy/deleteOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{deleteOne.yml → legacy/deleteOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-errorLabels.yml → legacy/findOneAndDelete-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-serverErrors.yml → legacy/findOneAndDelete-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndDelete.yml → legacy/findOneAndDelete.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-errorLabels.yml → legacy/findOneAndReplace-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-serverErrors.yml → legacy/findOneAndReplace-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndReplace.yml → legacy/findOneAndReplace.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-errorLabels.yml → legacy/findOneAndUpdate-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-serverErrors.yml → legacy/findOneAndUpdate-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate.yml → legacy/findOneAndUpdate.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertMany-errorLabels.yml → legacy/insertMany-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertMany-serverErrors.yml → legacy/insertMany-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{insertMany.yml → legacy/insertMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertOne-errorLabels.yml → legacy/insertOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{insertOne-serverErrors.yml → legacy/insertOne-serverErrors.yml} +5 -5
- data/spec/spec_tests/data/retryable_writes/{insertOne.yml → legacy/insertOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{replaceOne-errorLabels.yml → legacy/replaceOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{replaceOne-serverErrors.yml → legacy/replaceOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{replaceOne.yml → legacy/replaceOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateMany.yml → legacy/updateMany.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateOne-errorLabels.yml → legacy/updateOne-errorLabels.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/{updateOne-serverErrors.yml → legacy/updateOne-serverErrors.yml} +1 -1
- data/spec/spec_tests/data/retryable_writes/{updateOne.yml → legacy/updateOne.yml} +0 -0
- data/spec/spec_tests/data/retryable_writes/unified/bulkWrite-serverErrors.yml +96 -0
- data/spec/spec_tests/data/retryable_writes/unified/handshakeError.yml +137 -0
- data/spec/spec_tests/data/retryable_writes/unified/insertOne-serverErrors.yml +78 -0
- data/spec/spec_tests/data/sdam/errors/prefer-error-code.yml +2 -2
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/loadBalanced-no-results.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true-txt.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero-txt.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srv-service-name.yml +11 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet-txt.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet.yml +5 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-equal_to_srv_records.yml +16 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-greater_than_srv_records.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-less_than_srv_records.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero-txt.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero.yml +15 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-equal_to_srv_records.yml +13 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-greater_than_srv_records.yml +12 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-less_than_srv_records.yml +10 -0
- data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-zero.yml +11 -0
- data/spec/spec_tests/data/server_selection/Unknown/read/ghost.yml +11 -0
- data/spec/spec_tests/data/server_selection/Unknown/write/ghost.yml +11 -0
- data/spec/spec_tests/data/sessions_unified/driver-sessions-server-support.yml +123 -0
- data/spec/spec_tests/data/sessions_unified/snapshot-sessions-not-supported-client-error.yml +9 -3
- data/spec/spec_tests/data/transactions/error-labels.yml +1 -1
- data/spec/spec_tests/data/transactions/errors-client.yml +8 -9
- data/spec/spec_tests/data/transactions/mongos-recovery-token.yml +1 -1
- data/spec/spec_tests/data/transactions/retryable-abort-errorLabels.yml +0 -2
- data/spec/spec_tests/data/transactions/retryable-abort.yml +7 -9
- data/spec/spec_tests/data/transactions/retryable-commit-errorLabels.yml +0 -2
- data/spec/spec_tests/data/transactions/retryable-commit.yml +7 -9
- data/spec/spec_tests/data/transactions/retryable-writes.yml +0 -2
- data/spec/spec_tests/data/unified/invalid/expectedEventsForClient-ignoreExtraEvents-type.yml +15 -0
- data/spec/spec_tests/data/unified/valid-fail/operation-unsupported.yml +13 -0
- data/spec/spec_tests/data/unified/valid-pass/expectedEventsForClient-ignoreExtraEvents.yml +78 -0
- data/spec/spec_tests/data/unified/valid-pass/poc-change-streams.yml +4 -1
- data/spec/spec_tests/data/unified/valid-pass/poc-command-monitoring.yml +3 -3
- data/spec/spec_tests/data/unified/valid-pass/poc-transactions.yml +3 -2
- data/spec/spec_tests/data/uri_options/srv-options.yml +96 -0
- data/spec/spec_tests/data/versioned_api/crud-api-version-1-strict.yml +6 -4
- data/spec/spec_tests/data/versioned_api/crud-api-version-1.yml +7 -5
- data/spec/spec_tests/retryable_reads_spec.rb +4 -1
- data/spec/spec_tests/retryable_reads_unified_spec.rb +22 -0
- data/spec/spec_tests/retryable_writes_spec.rb +4 -1
- data/spec/spec_tests/retryable_writes_unified_spec.rb +21 -0
- data/spec/spec_tests/seed_list_discovery_spec.rb +10 -1
- data/spec/spec_tests/unified_spec.rb +6 -1
- data/spec/stress/connection_pool_timing_spec.rb +2 -1
- data/spec/stress/fork_reconnect_stress_spec.rb +3 -2
- data/spec/support/authorization.rb +1 -1
- data/spec/support/certificates/atlas-ocsp-ca.crt +47 -40
- data/spec/support/certificates/atlas-ocsp.crt +106 -101
- data/spec/support/cluster_tools.rb +1 -1
- data/spec/support/common_shortcuts.rb +22 -0
- data/spec/support/crypt/corpus/corpus-encrypted.json +9515 -0
- data/spec/support/crypt/corpus/corpus-key-aws.json +32 -32
- data/spec/support/crypt/corpus/corpus-key-azure.json +33 -0
- data/spec/support/crypt/corpus/corpus-key-gcp.json +35 -0
- data/spec/support/crypt/corpus/corpus-key-kmip.json +32 -0
- data/spec/support/crypt/corpus/corpus-key-local.json +30 -30
- data/spec/support/crypt/corpus/corpus-schema.json +4399 -121
- data/spec/support/crypt/corpus/corpus.json +4999 -37
- data/spec/support/crypt/data_keys/key_document_azure.json +33 -0
- data/spec/support/crypt/data_keys/key_document_gcp.json +37 -0
- data/spec/support/crypt/data_keys/key_document_kmip.json +32 -0
- data/spec/support/crypt/encryptedFields.json +33 -0
- data/spec/support/crypt/keys/key1-document.json +30 -0
- data/spec/support/crypt/schema_maps/schema_map_azure.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_azure_key_alt_names.json +12 -0
- data/spec/support/crypt/schema_maps/schema_map_gcp.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_gcp_key_alt_names.json +12 -0
- data/spec/support/crypt/schema_maps/schema_map_kmip.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_kmip_key_alt_names.json +12 -0
- data/spec/support/crypt.rb +207 -6
- data/spec/support/macros.rb +18 -0
- data/spec/support/mongos_macros.rb +17 -0
- data/spec/support/shared/scram_conversation.rb +2 -1
- data/spec/support/shared/session.rb +13 -7
- data/spec/support/spec_config.rb +82 -1
- data/spec/support/utils.rb +25 -4
- data.tar.gz.sig +0 -0
- metadata +1468 -1214
- metadata.gz.sig +0 -0
- data/lib/mongo/operation/delete/legacy.rb +0 -64
- data/lib/mongo/operation/insert/legacy.rb +0 -68
- data/lib/mongo/operation/update/legacy/result.rb +0 -112
- data/lib/mongo/operation/update/legacy.rb +0 -76
- data/spec/mongo/dbref_spec.rb +0 -152
- data/spec/mongo/operation/kill_cursors_spec.rb +0 -47
- data/spec/spec_tests/change_streams_spec.rb +0 -93
- data/spec/spec_tests/data/change_streams/change-streams-errors.yml +0 -101
- data/spec/spec_tests/data/change_streams/change-streams-resume-allowlist.yml +0 -1173
- data/spec/spec_tests/data/change_streams/change-streams-resume-errorLabels.yml +0 -1105
- data/spec/spec_tests/data/change_streams/change-streams.yml +0 -535
- data/spec/spec_tests/data/crud_v2/aggregate-merge.yml +0 -103
- data/spec/spec_tests/data/crud_v2/aggregate-out-readConcern.yml +0 -111
- data/spec/spec_tests/data/crud_v2/bulkWrite-arrayFilters.yml +0 -103
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-clientError.yml +0 -63
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-serverError.yml +0 -92
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint.yml +0 -103
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-clientError.yml +0 -90
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-serverError.yml +0 -147
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint.yml +0 -164
- data/spec/spec_tests/data/crud_v2/db-aggregate.yml +0 -39
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-serverError.yml +0 -62
- data/spec/spec_tests/data/crud_v2/deleteMany-hint.yml +0 -58
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-clientError.yml +0 -41
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-serverError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/deleteOne-hint.yml +0 -57
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-clientError.yml +0 -28
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-serverError.yml +0 -44
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse.yml +0 -50
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-clientError.yml +0 -45
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-serverError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint.yml +0 -56
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-serverError.yml +0 -59
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint.yml +0 -55
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-serverError.yml +0 -58
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint.yml +0 -55
- data/spec/spec_tests/data/crud_v2/replaceOne-hint.yml +0 -61
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-delete-hint-clientError.yml +0 -60
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-update-hint-clientError.yml +0 -88
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteMany-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteOne-hint-clientError.yml +0 -38
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndDelete-hint-clientError.yml +0 -42
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndReplace-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndUpdate-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-replaceOne-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateMany-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateOne-hint-clientError.yml +0 -40
- data/spec/spec_tests/data/crud_v2/updateMany-hint-clientError.yml +0 -45
- data/spec/spec_tests/data/crud_v2/updateMany-hint-serverError.yml +0 -66
- data/spec/spec_tests/data/crud_v2/updateMany-hint.yml +0 -65
- data/spec/spec_tests/data/crud_v2/updateOne-hint-clientError.yml +0 -43
- data/spec/spec_tests/data/crud_v2/updateOne-hint-serverError.yml +0 -62
- data/spec/spec_tests/data/crud_v2/updateOne-hint.yml +0 -61
- data/spec/spec_tests/data/crud_v2/updateWithPipelines.yml +0 -157
- data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-4.9.yml +0 -60
- data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-serverErrors-4.9.yml +0 -146
- data/spec/support/crypt/corpus/corpus_encrypted.json +0 -4152
- data/spec/support/session_registry.rb +0 -55
data/lib/mongo/crypt/hooks.rb
CHANGED
@@ -35,12 +35,13 @@ module Mongo
|
|
35
35
|
# @param [ String ] input The data to be encrypted/decrypted
|
36
36
|
# @param [ true | false ] decrypt Whether this method is decrypting. Default is
|
37
37
|
# false, which means the method will create an encryption cipher by default
|
38
|
+
# @param [ Symbol ] mode AES mode of operation
|
38
39
|
#
|
39
40
|
# @return [ String ] Output
|
40
41
|
# @raise [ Exception ] Exceptions raised during encryption are propagated
|
41
42
|
# to caller.
|
42
|
-
def aes(key, iv, input, decrypt: false)
|
43
|
-
cipher = OpenSSL::Cipher::AES.new(256,
|
43
|
+
def aes(key, iv, input, decrypt: false, mode: :CBC)
|
44
|
+
cipher = OpenSSL::Cipher::AES.new(256, mode)
|
44
45
|
|
45
46
|
decrypt ? cipher.decrypt : cipher.encrypt
|
46
47
|
cipher.key = key
|
@@ -88,6 +89,28 @@ module Mongo
|
|
88
89
|
Digest::SHA2.new(256).digest(input)
|
89
90
|
end
|
90
91
|
module_function :hash_sha256
|
92
|
+
|
93
|
+
# An RSASSA-PKCS1-v1_5 with SHA-256 signature function.
|
94
|
+
#
|
95
|
+
# @param [ String ] key The PKCS#8 private key in DER format, base64 encoded.
|
96
|
+
# @param [ String ] input The data to be signed.
|
97
|
+
#
|
98
|
+
# @return [ String ] The signature.
|
99
|
+
def rsaes_pkcs_signature(key, input)
|
100
|
+
private_key = if BSON::Environment.jruby?
|
101
|
+
# JRuby cannot read DER format, we need to convert key into PEM first.
|
102
|
+
key_pem = [
|
103
|
+
"-----BEGIN PRIVATE KEY-----",
|
104
|
+
Base64.strict_encode64(Base64.decode64(key)).scan(/.{1,64}/),
|
105
|
+
"-----END PRIVATE KEY-----",
|
106
|
+
].join("\n")
|
107
|
+
OpenSSL::PKey::RSA.new(key_pem)
|
108
|
+
else
|
109
|
+
OpenSSL::PKey.read(Base64.decode64(key))
|
110
|
+
end
|
111
|
+
private_key.sign(OpenSSL::Digest::SHA256.new, input)
|
112
|
+
end
|
113
|
+
module_function :rsaes_pkcs_signature
|
91
114
|
end
|
92
115
|
end
|
93
116
|
end
|
@@ -0,0 +1,128 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# encoding: utf-8
|
3
|
+
|
4
|
+
# Copyright (C) 2019-2021 MongoDB Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Crypt
|
20
|
+
module KMS
|
21
|
+
module AWS
|
22
|
+
|
23
|
+
# AWS KMS Credentials object contains credentials for using AWS KMS provider.
|
24
|
+
#
|
25
|
+
# @api private
|
26
|
+
class Credentials
|
27
|
+
include KMS::Validations
|
28
|
+
|
29
|
+
# @return [ String ] AWS access key.
|
30
|
+
attr_reader :access_key_id
|
31
|
+
|
32
|
+
# @return [ String ] AWS secret access key.
|
33
|
+
attr_reader :secret_access_key
|
34
|
+
|
35
|
+
# @return [ String | nil ] AWS session token.
|
36
|
+
attr_reader :session_token
|
37
|
+
|
38
|
+
FORMAT_HINT = "AWS KMS provider options must be in the format: " +
|
39
|
+
"{ access_key_id: 'YOUR-ACCESS-KEY-ID', secret_access_key: 'SECRET-ACCESS-KEY' }"
|
40
|
+
|
41
|
+
# Creates an AWS KMS credentials object form a parameters hash.
|
42
|
+
#
|
43
|
+
# @param [ Hash ] opts A hash that contains credentials for
|
44
|
+
# AWS KMS provider
|
45
|
+
# @option opts [ String ] :access_key_id AWS access key id.
|
46
|
+
# @option opts [ String ] :secret_access_key AWS secret access key.
|
47
|
+
# @option opts [ String | nil ] :session_token AWS session token, optional.
|
48
|
+
#
|
49
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
50
|
+
# formatted.
|
51
|
+
def initialize(opts)
|
52
|
+
@access_key_id = validate_param(:access_key_id, opts, FORMAT_HINT)
|
53
|
+
@secret_access_key = validate_param(:secret_access_key, opts, FORMAT_HINT)
|
54
|
+
@session_token = validate_param(:session_token, opts, FORMAT_HINT, required: false)
|
55
|
+
end
|
56
|
+
|
57
|
+
# Convert credentials object to a BSON document in libmongocrypt format.
|
58
|
+
#
|
59
|
+
# @return [ BSON::Document ] AWS KMS credentials in libmongocrypt format.
|
60
|
+
def to_document
|
61
|
+
BSON::Document.new({
|
62
|
+
accessKeyId: access_key_id,
|
63
|
+
secretAccessKey: secret_access_key,
|
64
|
+
}).tap do |bson|
|
65
|
+
unless session_token.nil?
|
66
|
+
bson.update({ sessionToken: session_token })
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
# AWS KMS master key document object contains KMS master key parameters.
|
73
|
+
#
|
74
|
+
# @api private
|
75
|
+
class MasterKeyDocument
|
76
|
+
include KMS::Validations
|
77
|
+
|
78
|
+
# @return [ String ] AWS region.
|
79
|
+
attr_reader :region
|
80
|
+
|
81
|
+
# @return [ String ] AWS KMS key.
|
82
|
+
attr_reader :key
|
83
|
+
|
84
|
+
# @return [ String | nil ] AWS KMS endpoint.
|
85
|
+
attr_reader :endpoint
|
86
|
+
|
87
|
+
FORMAT_HINT = "AWS key document must be in the format: " +
|
88
|
+
"{ region: 'REGION', key: 'KEY' }"
|
89
|
+
|
90
|
+
# Creates a master key document object form a parameters hash.
|
91
|
+
#
|
92
|
+
# @param [ Hash ] opts A hash that contains master key options for
|
93
|
+
# the AWS KMS provider.
|
94
|
+
# @option opts [ String ] :region AWS region.
|
95
|
+
# @option opts [ String ] :key AWS KMS key.
|
96
|
+
# @option opts [ String | nil ] :endpoint AWS KMS endpoint, optional.
|
97
|
+
#
|
98
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly.
|
99
|
+
def initialize(opts)
|
100
|
+
unless opts.is_a?(Hash)
|
101
|
+
raise ArgumentError.new(
|
102
|
+
'Key document options must contain a key named :master_key with a Hash value'
|
103
|
+
)
|
104
|
+
end
|
105
|
+
@region = validate_param(:region, opts, FORMAT_HINT)
|
106
|
+
@key = validate_param(:key, opts, FORMAT_HINT)
|
107
|
+
@endpoint = validate_param(:endpoint, opts, FORMAT_HINT, required: false)
|
108
|
+
end
|
109
|
+
|
110
|
+
# Convert master key document object to a BSON document in libmongocrypt format.
|
111
|
+
#
|
112
|
+
# @return [ BSON::Document ] AWS KMS master key document in libmongocrypt format.
|
113
|
+
def to_document
|
114
|
+
BSON::Document.new({
|
115
|
+
provider: 'aws',
|
116
|
+
region: region,
|
117
|
+
key: key,
|
118
|
+
}).tap do |bson|
|
119
|
+
unless endpoint.nil?
|
120
|
+
bson.update({ endpoint: endpoint })
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
@@ -0,0 +1,136 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# encoding: utf-8
|
3
|
+
|
4
|
+
# Copyright (C) 2019-2021 MongoDB Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Crypt
|
20
|
+
module KMS
|
21
|
+
module Azure
|
22
|
+
# Azure KMS Credentials object contains credentials for using Azure KMS provider.
|
23
|
+
#
|
24
|
+
# @api private
|
25
|
+
class Credentials
|
26
|
+
include KMS::Validations
|
27
|
+
|
28
|
+
# @return [ String ] Azure tenant id.
|
29
|
+
attr_reader :tenant_id
|
30
|
+
|
31
|
+
# @return [ String ] Azure client id.
|
32
|
+
attr_reader :client_id
|
33
|
+
|
34
|
+
# @return [ String ] Azure client secret.
|
35
|
+
attr_reader :client_secret
|
36
|
+
|
37
|
+
# @return [ String | nil ] Azure identity platform endpoint.
|
38
|
+
attr_reader :identity_platform_endpoint
|
39
|
+
|
40
|
+
FORMAT_HINT = "Azure KMS provider options must be in the format: " +
|
41
|
+
"{ tenant_id: 'TENANT-ID', client_id: 'TENANT_ID', client_secret: 'CLIENT_SECRET' }"
|
42
|
+
|
43
|
+
# Creates an Azure KMS credentials object form a parameters hash.
|
44
|
+
#
|
45
|
+
# @param [ Hash ] opts A hash that contains credentials for
|
46
|
+
# Azure KMS provider
|
47
|
+
# @option opts [ String ] :tenant_id Azure tenant id.
|
48
|
+
# @option opts [ String ] :client_id Azure client id.
|
49
|
+
# @option opts [ String ] :client_secret Azure client secret.
|
50
|
+
# @option opts [ String | nil ] :identity_platform_endpoint Azure
|
51
|
+
# identity platform endpoint, optional.
|
52
|
+
#
|
53
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
54
|
+
# formatted.
|
55
|
+
def initialize(opts)
|
56
|
+
@tenant_id = validate_param(:tenant_id, opts, FORMAT_HINT)
|
57
|
+
@client_id = validate_param(:client_id, opts, FORMAT_HINT)
|
58
|
+
@client_secret = validate_param(:client_secret, opts, FORMAT_HINT)
|
59
|
+
@identity_platform_endpoint = validate_param(
|
60
|
+
:identity_platform_endpoint, opts, FORMAT_HINT, required: false
|
61
|
+
)
|
62
|
+
end
|
63
|
+
|
64
|
+
# Convert credentials object to a BSON document in libmongocrypt format.
|
65
|
+
#
|
66
|
+
# @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
|
67
|
+
def to_document
|
68
|
+
BSON::Document.new({
|
69
|
+
tenantId: @tenant_id,
|
70
|
+
clientId: @client_id,
|
71
|
+
clientSecret: @client_secret,
|
72
|
+
}).tap do |bson|
|
73
|
+
unless identity_platform_endpoint.nil?
|
74
|
+
bson.update({ identityPlatformEndpoint: identity_platform_endpoint })
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
# Azure KMS master key document object contains KMS master key parameters.
|
81
|
+
#
|
82
|
+
# @api private
|
83
|
+
class MasterKeyDocument
|
84
|
+
include KMS::Validations
|
85
|
+
|
86
|
+
# @return [ String ] Azure key vault endpoint.
|
87
|
+
attr_reader :key_vault_endpoint
|
88
|
+
|
89
|
+
# @return [ String ] Azure KMS key name.
|
90
|
+
attr_reader :key_name
|
91
|
+
|
92
|
+
# @return [ String | nil ] Azure KMS key version.
|
93
|
+
attr_reader :key_version
|
94
|
+
|
95
|
+
FORMAT_HINT = "Azure key document must be in the format: " +
|
96
|
+
"{ key_vault_endpoint: 'KEY_VAULT_ENDPOINT', key_name: 'KEY_NAME' }"
|
97
|
+
|
98
|
+
# Creates a master key document object form a parameters hash.
|
99
|
+
#
|
100
|
+
# @param [ Hash ] opts A hash that contains master key options for
|
101
|
+
# the Azure KMS provider.
|
102
|
+
# @option opts [ String ] :key_vault_endpoint Azure key vault endpoint.
|
103
|
+
# @option opts [ String ] :key_name Azure KMS key name.
|
104
|
+
# @option opts [ String | nil ] :key_version Azure KMS key version, optional.
|
105
|
+
#
|
106
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly.
|
107
|
+
def initialize(opts)
|
108
|
+
unless opts.is_a?(Hash)
|
109
|
+
raise ArgumentError.new(
|
110
|
+
'Key document options must contain a key named :master_key with a Hash value'
|
111
|
+
)
|
112
|
+
end
|
113
|
+
@key_vault_endpoint = validate_param(:key_vault_endpoint, opts, FORMAT_HINT)
|
114
|
+
@key_name = validate_param(:key_name, opts, FORMAT_HINT)
|
115
|
+
@key_version = validate_param(:key_version, opts, FORMAT_HINT, required: false)
|
116
|
+
end
|
117
|
+
|
118
|
+
# Convert master key document object to a BSON document in libmongocrypt format.
|
119
|
+
#
|
120
|
+
# @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
|
121
|
+
def to_document
|
122
|
+
BSON::Document.new({
|
123
|
+
provider: 'azure',
|
124
|
+
keyVaultEndpoint: key_vault_endpoint,
|
125
|
+
keyName: key_name,
|
126
|
+
}).tap do |bson|
|
127
|
+
unless key_version.nil?
|
128
|
+
bson.update({ keyVersion: key_version })
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# encoding: utf-8
|
3
|
+
|
4
|
+
# Copyright (C) 2019-2021 MongoDB Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Crypt
|
20
|
+
module KMS
|
21
|
+
|
22
|
+
# KMS Credentials object contains credentials for using KMS providers.
|
23
|
+
#
|
24
|
+
# @api private
|
25
|
+
class Credentials
|
26
|
+
|
27
|
+
# Creates a KMS credentials object form a parameters hash.
|
28
|
+
#
|
29
|
+
# @param [ Hash ] kms_providers A hash that contains credential for
|
30
|
+
# KMS providers. The hash should have KMS provider names as keys,
|
31
|
+
# and required parameters for every provider as values.
|
32
|
+
# Required parameters for KMS providers are described in corresponding
|
33
|
+
# classes inside Mongo::Crypt::KMS module.
|
34
|
+
#
|
35
|
+
# @note There may be more than one KMS provider specified.
|
36
|
+
#
|
37
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
38
|
+
# formatted.
|
39
|
+
def initialize(kms_providers)
|
40
|
+
if kms_providers.nil?
|
41
|
+
raise ArgumentError.new("KMS providers options must not be nil")
|
42
|
+
end
|
43
|
+
if kms_providers.key?(:aws)
|
44
|
+
@aws = AWS::Credentials.new(kms_providers[:aws])
|
45
|
+
end
|
46
|
+
if kms_providers.key?(:azure)
|
47
|
+
@azure = Azure::Credentials.new(kms_providers[:azure])
|
48
|
+
end
|
49
|
+
if kms_providers.key?(:gcp)
|
50
|
+
@gcp = GCP::Credentials.new(kms_providers[:gcp])
|
51
|
+
end
|
52
|
+
if kms_providers.key?(:kmip)
|
53
|
+
@kmip = KMIP::Credentials.new(kms_providers[:kmip])
|
54
|
+
end
|
55
|
+
if kms_providers.key?(:local)
|
56
|
+
@local = Local::Credentials.new(kms_providers[:local])
|
57
|
+
end
|
58
|
+
if @aws.nil? && @azure.nil? && @gcp.nil? && @kmip.nil? && @local.nil?
|
59
|
+
raise ArgumentError.new(
|
60
|
+
"KMS providers options must have one of the following keys: " +
|
61
|
+
":aws, :azure, :gcp, :kmip, :local"
|
62
|
+
)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
# Convert credentials object to a BSON document in libmongocrypt format.
|
67
|
+
#
|
68
|
+
# @return [ BSON::Document ] Credentials as BSON document.
|
69
|
+
def to_document
|
70
|
+
BSON::Document.new({}).tap do |bson|
|
71
|
+
bson[:aws] = @aws.to_document if @aws
|
72
|
+
bson[:azure] = @azure.to_document if @azure
|
73
|
+
bson[:gcp] = @gcp.to_document if @gcp
|
74
|
+
bson[:kmip] = @kmip.to_document if @kmip
|
75
|
+
bson[:local] = @local.to_document if @local
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
@@ -0,0 +1,182 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# encoding: utf-8
|
3
|
+
|
4
|
+
# Copyright (C) 2019-2021 MongoDB Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Crypt
|
20
|
+
module KMS
|
21
|
+
module GCP
|
22
|
+
# GCP Cloud Key Management Credentials object contains credentials for
|
23
|
+
# using GCP KMS provider.
|
24
|
+
#
|
25
|
+
# @api private
|
26
|
+
class Credentials
|
27
|
+
include KMS::Validations
|
28
|
+
|
29
|
+
# @return [ String ] GCP email to authenticate with.
|
30
|
+
attr_reader :email
|
31
|
+
|
32
|
+
# @return [ String ] GCP private key, base64 encoded DER format.
|
33
|
+
attr_reader :private_key
|
34
|
+
|
35
|
+
# @return [ String | nil ] GCP KMS endpoint.
|
36
|
+
attr_reader :endpoint
|
37
|
+
|
38
|
+
FORMAT_HINT = "GCP KMS provider options must be in the format: " +
|
39
|
+
"{ email: 'EMAIL', private_key: 'PRIVATE-KEY' }"
|
40
|
+
|
41
|
+
# Creates an GCP KMS credentials object form a parameters hash.
|
42
|
+
#
|
43
|
+
# @param [ Hash ] opts A hash that contains credentials for
|
44
|
+
# GCP KMS provider
|
45
|
+
# @option opts [ String ] :email GCP email.
|
46
|
+
# @option opts [ String ] :private_key GCP private key. This method accepts
|
47
|
+
# private key in either base64 encoded DER format, or PEM format.
|
48
|
+
# @option opts [ String | nil ] :endpoint GCP endpoint, optional.
|
49
|
+
#
|
50
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
51
|
+
# formatted.
|
52
|
+
def initialize(opts)
|
53
|
+
@email = validate_param(:email, opts, FORMAT_HINT)
|
54
|
+
|
55
|
+
@private_key = begin
|
56
|
+
private_key_opt = validate_param(:private_key, opts, FORMAT_HINT)
|
57
|
+
if BSON::Environment.jruby?
|
58
|
+
# We cannot really validate private key on JRuby, so we assume
|
59
|
+
# it is in base64 encoded DER format.
|
60
|
+
private_key_opt
|
61
|
+
else
|
62
|
+
# Check if private key is in PEM format.
|
63
|
+
pkey = OpenSSL::PKey::RSA.new(private_key_opt)
|
64
|
+
# PEM it is, need to be converted to base64 encoded DER.
|
65
|
+
der = if pkey.respond_to?(:private_to_der)
|
66
|
+
pkey.private_to_der
|
67
|
+
else
|
68
|
+
pkey.to_der
|
69
|
+
end
|
70
|
+
Base64.encode64(der)
|
71
|
+
end
|
72
|
+
rescue OpenSSL::PKey::RSAError
|
73
|
+
# Check if private key is in DER.
|
74
|
+
begin
|
75
|
+
OpenSSL::PKey.read(Base64.decode64(private_key_opt))
|
76
|
+
# Private key is fine, use it.
|
77
|
+
private_key_opt
|
78
|
+
rescue OpenSSL::PKey::PKeyError
|
79
|
+
raise ArgumentError.new(
|
80
|
+
"The private_key option must be either either base64 encoded DER format, or PEM format."
|
81
|
+
)
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
@endpoint = validate_param(
|
86
|
+
:endpoint, opts, FORMAT_HINT, required: false
|
87
|
+
)
|
88
|
+
end
|
89
|
+
|
90
|
+
# Convert credentials object to a BSON document in libmongocrypt format.
|
91
|
+
#
|
92
|
+
# @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
|
93
|
+
def to_document
|
94
|
+
BSON::Document.new({
|
95
|
+
email: email,
|
96
|
+
privateKey: BSON::Binary.new(private_key, :generic),
|
97
|
+
}).tap do |bson|
|
98
|
+
unless endpoint.nil?
|
99
|
+
bson.update({ endpoint: endpoint })
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
# GCP KMS master key document object contains KMS master key parameters.
|
106
|
+
#
|
107
|
+
# @api private
|
108
|
+
class MasterKeyDocument
|
109
|
+
include KMS::Validations
|
110
|
+
|
111
|
+
# @return [ String ] GCP project id.
|
112
|
+
attr_reader :project_id
|
113
|
+
|
114
|
+
# @return [ String ] GCP location.
|
115
|
+
attr_reader :location
|
116
|
+
|
117
|
+
# @return [ String ] GCP KMS key ring.
|
118
|
+
attr_reader :key_ring
|
119
|
+
|
120
|
+
# @return [ String ] GCP KMS key name.
|
121
|
+
attr_reader :key_name
|
122
|
+
|
123
|
+
# @return [ String | nil ] GCP KMS key version.
|
124
|
+
attr_reader :key_version
|
125
|
+
|
126
|
+
# @return [ String | nil ] GCP KMS endpoint.
|
127
|
+
attr_reader :endpoint
|
128
|
+
|
129
|
+
FORMAT_HINT = "GCP key document must be in the format: " +
|
130
|
+
"{ project_id: 'PROJECT_ID', location: 'LOCATION', " +
|
131
|
+
"key_ring: 'KEY-RING', key_name: 'KEY-NAME' }"
|
132
|
+
|
133
|
+
# Creates a master key document object form a parameters hash.
|
134
|
+
#
|
135
|
+
# @param [ Hash ] opts A hash that contains master key options for
|
136
|
+
# the GCP KMS provider.
|
137
|
+
# @option opts [ String ] :project_id GCP project id.
|
138
|
+
# @option opts [ String ] :location GCP location.
|
139
|
+
# @option opts [ String ] :key_ring GCP KMS key ring.
|
140
|
+
# @option opts [ String ] :key_name GCP KMS key name.
|
141
|
+
# @option opts [ String | nil ] :key_version GCP KMS key version, optional.
|
142
|
+
# @option opts [ String | nil ] :endpoint GCP KMS key endpoint, optional.
|
143
|
+
#
|
144
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly.
|
145
|
+
def initialize(opts)
|
146
|
+
unless opts.is_a?(Hash)
|
147
|
+
raise ArgumentError.new(
|
148
|
+
'Key document options must contain a key named :master_key with a Hash value'
|
149
|
+
)
|
150
|
+
end
|
151
|
+
@project_id = validate_param(:project_id, opts, FORMAT_HINT)
|
152
|
+
@location = validate_param(:location, opts, FORMAT_HINT)
|
153
|
+
@key_ring = validate_param(:key_ring, opts, FORMAT_HINT)
|
154
|
+
@key_name = validate_param(:key_name, opts, FORMAT_HINT)
|
155
|
+
@key_version = validate_param(:key_version, opts, FORMAT_HINT, required: false)
|
156
|
+
@endpoint = validate_param(:endpoint, opts, FORMAT_HINT, required: false)
|
157
|
+
end
|
158
|
+
|
159
|
+
# Convert master key document object to a BSON document in libmongocrypt format.
|
160
|
+
#
|
161
|
+
# @return [ BSON::Document ] GCP KMS credentials in libmongocrypt format.
|
162
|
+
def to_document
|
163
|
+
BSON::Document.new({
|
164
|
+
provider: 'gcp',
|
165
|
+
projectId: project_id,
|
166
|
+
location: location,
|
167
|
+
keyRing: key_ring,
|
168
|
+
keyName: key_name
|
169
|
+
}).tap do |bson|
|
170
|
+
unless key_version.nil?
|
171
|
+
bson.update({ keyVersion: key_version })
|
172
|
+
end
|
173
|
+
unless endpoint.nil?
|
174
|
+
bson.update({ endpoint: endpoint })
|
175
|
+
end
|
176
|
+
end
|
177
|
+
end
|
178
|
+
end
|
179
|
+
end
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
@@ -0,0 +1,110 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# encoding: utf-8
|
3
|
+
|
4
|
+
# Copyright (C) 2019-2021 MongoDB Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Crypt
|
20
|
+
module KMS
|
21
|
+
module KMIP
|
22
|
+
# KMIP KMS Credentials object contains credentials for a
|
23
|
+
# remote KMIP KMS provider.
|
24
|
+
#
|
25
|
+
# @api private
|
26
|
+
class Credentials
|
27
|
+
include KMS::Validations
|
28
|
+
|
29
|
+
# @return [ String ] KMIP KMS endpoint with optional port.
|
30
|
+
attr_reader :endpoint
|
31
|
+
|
32
|
+
FORMAT_HINT = "KMIP KMS provider options must be in the format: " +
|
33
|
+
"{ endpoint: 'ENDPOINT' }"
|
34
|
+
|
35
|
+
# Creates a KMIP KMS credentials object form a parameters hash.
|
36
|
+
#
|
37
|
+
# @param [ Hash ] opts A hash that contains credentials for
|
38
|
+
# KMIP KMS provider.
|
39
|
+
# @option opts [ String ] :endpoint KMIP endpoint.
|
40
|
+
#
|
41
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
42
|
+
# formatted.
|
43
|
+
def initialize(opts)
|
44
|
+
@endpoint = validate_param(:endpoint, opts, FORMAT_HINT)
|
45
|
+
end
|
46
|
+
|
47
|
+
# Convert credentials object to a BSON document in libmongocrypt format.
|
48
|
+
#
|
49
|
+
# @return [ BSON::Document ] Local KMS credentials in libmongocrypt format.
|
50
|
+
def to_document
|
51
|
+
BSON::Document.new({
|
52
|
+
endpoint: endpoint,
|
53
|
+
})
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
# KMIP KMS master key document object contains KMS master key parameters.
|
58
|
+
#
|
59
|
+
# @api private
|
60
|
+
class MasterKeyDocument
|
61
|
+
include KMS::Validations
|
62
|
+
|
63
|
+
# @return [ String | nil ] The KMIP Unique Identifier to a 96 byte
|
64
|
+
# KMIP Secret Data managed object.
|
65
|
+
attr_reader :key_id
|
66
|
+
|
67
|
+
# @return [ String | nil ] KMIP KMS endpoint with optional port.
|
68
|
+
attr_reader :endpoint
|
69
|
+
|
70
|
+
FORMAT_HINT = "KMIP KMS key document must be in the format: " +
|
71
|
+
"{ key_id: 'KEY-ID', endpoint: 'ENDPOINT' }"
|
72
|
+
|
73
|
+
# Creates a master key document object form a parameters hash.
|
74
|
+
#
|
75
|
+
# @param [ Hash ] opts A hash that contains master key options for
|
76
|
+
# KMIP KMS provider
|
77
|
+
# @option opts [ String ] :key_id KMIP Unique Identifier to
|
78
|
+
# a 96 byte KMIP Secret Data managed object, optional. If key_id
|
79
|
+
# is omitted, the driver creates a random 96 byte identifier.
|
80
|
+
# @option opts [ String ] :endpoint KMIP endpoint, optional.
|
81
|
+
#
|
82
|
+
# @raise [ ArgumentError ] If required options are missing or incorrectly
|
83
|
+
# formatted.
|
84
|
+
def initialize(opts)
|
85
|
+
@key_id = validate_param(
|
86
|
+
:key_id, opts, FORMAT_HINT, required: false
|
87
|
+
) || SecureRandom.alphanumeric(96)
|
88
|
+
@endpoint = validate_param(
|
89
|
+
:endpoint, opts, FORMAT_HINT, required: false
|
90
|
+
)
|
91
|
+
end
|
92
|
+
|
93
|
+
# Convert master key document object to a BSON document in libmongocrypt format.
|
94
|
+
#
|
95
|
+
# @return [ BSON::Document ] KMIP KMS credentials in libmongocrypt format.
|
96
|
+
def to_document
|
97
|
+
BSON::Document.new({
|
98
|
+
provider: 'kmip',
|
99
|
+
keyId: key_id
|
100
|
+
}).tap do |bson|
|
101
|
+
unless endpoint.nil?
|
102
|
+
bson.update({ endpoint: endpoint })
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|