mongo 2.17.3 → 2.18.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (622) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/README.md +21 -37
  4. data/lib/mongo/auth/base.rb +8 -1
  5. data/lib/mongo/auth.rb +12 -1
  6. data/lib/mongo/bulk_write/result.rb +10 -1
  7. data/lib/mongo/bulk_write/result_combiner.rb +2 -4
  8. data/lib/mongo/bulk_write.rb +108 -28
  9. data/lib/mongo/client.rb +114 -12
  10. data/lib/mongo/client_encryption.rb +30 -9
  11. data/lib/mongo/cluster/reapers/cursor_reaper.rb +11 -1
  12. data/lib/mongo/cluster.rb +20 -24
  13. data/lib/mongo/collection/helpers.rb +43 -0
  14. data/lib/mongo/collection/queryable_encryption.rb +122 -0
  15. data/lib/mongo/collection/view/aggregation.rb +19 -16
  16. data/lib/mongo/collection/view/change_stream.rb +56 -23
  17. data/lib/mongo/collection/view/explainable.rb +1 -1
  18. data/lib/mongo/collection/view/iterable.rb +2 -3
  19. data/lib/mongo/collection/view/map_reduce.rb +18 -9
  20. data/lib/mongo/collection/view/readable.rb +19 -23
  21. data/lib/mongo/collection/view/writable.rb +133 -40
  22. data/lib/mongo/collection.rb +108 -48
  23. data/lib/mongo/config/options.rb +62 -0
  24. data/lib/mongo/config/validators/option.rb +26 -0
  25. data/lib/mongo/config.rb +31 -0
  26. data/lib/mongo/crypt/auto_encrypter.rb +79 -6
  27. data/lib/mongo/crypt/binding.rb +395 -143
  28. data/lib/mongo/crypt/context.rb +5 -2
  29. data/lib/mongo/crypt/data_key_context.rb +7 -104
  30. data/lib/mongo/crypt/encryption_io.rb +28 -60
  31. data/lib/mongo/crypt/explicit_encrypter.rb +27 -25
  32. data/lib/mongo/crypt/explicit_encryption_context.rb +31 -3
  33. data/lib/mongo/crypt/handle.rb +102 -79
  34. data/lib/mongo/crypt/hooks.rb +25 -2
  35. data/lib/mongo/crypt/kms/aws.rb +128 -0
  36. data/lib/mongo/crypt/kms/azure.rb +136 -0
  37. data/lib/mongo/crypt/kms/credentials.rb +81 -0
  38. data/lib/mongo/crypt/kms/gcp.rb +182 -0
  39. data/lib/mongo/crypt/kms/kmip.rb +110 -0
  40. data/lib/mongo/crypt/kms/local.rb +74 -0
  41. data/lib/mongo/crypt/kms/master_key_document.rb +65 -0
  42. data/lib/mongo/crypt/kms.rb +117 -0
  43. data/lib/mongo/crypt.rb +1 -0
  44. data/lib/mongo/cursor/kill_spec.rb +27 -6
  45. data/lib/mongo/cursor.rb +21 -16
  46. data/lib/mongo/database/view.rb +6 -3
  47. data/lib/mongo/database.rb +73 -12
  48. data/lib/mongo/dbref.rb +1 -105
  49. data/lib/mongo/error/bulk_write_error.rb +31 -4
  50. data/lib/mongo/error/invalid_config_option.rb +20 -0
  51. data/lib/mongo/error/invalid_replacement_document.rb +27 -9
  52. data/lib/mongo/error/invalid_update_document.rb +27 -7
  53. data/lib/mongo/error/labelable.rb +72 -0
  54. data/lib/mongo/error/missing_connection.rb +25 -0
  55. data/lib/mongo/error/notable.rb +7 -0
  56. data/lib/mongo/error/operation_failure.rb +34 -86
  57. data/lib/mongo/error/read_write_retryable.rb +108 -0
  58. data/lib/mongo/{operation/kill_cursors/legacy.rb → error/session_not_materialized.rb} +7 -19
  59. data/lib/mongo/error.rb +5 -37
  60. data/lib/mongo/index/view.rb +22 -7
  61. data/lib/mongo/monitoring/event/command_failed.rb +8 -2
  62. data/lib/mongo/monitoring/event/command_started.rb +1 -1
  63. data/lib/mongo/monitoring/event/command_succeeded.rb +9 -2
  64. data/lib/mongo/monitoring/publishable.rb +9 -5
  65. data/lib/mongo/operation/collections_info/result.rb +5 -2
  66. data/lib/mongo/operation/command/op_msg.rb +6 -0
  67. data/lib/mongo/operation/context.rb +24 -6
  68. data/lib/mongo/operation/count/op_msg.rb +4 -1
  69. data/lib/mongo/operation/create/op_msg.rb +16 -1
  70. data/lib/mongo/operation/create_index/op_msg.rb +2 -1
  71. data/lib/mongo/operation/delete/op_msg.rb +1 -0
  72. data/lib/mongo/operation/delete.rb +0 -1
  73. data/lib/mongo/operation/drop_index/op_msg.rb +5 -1
  74. data/lib/mongo/operation/get_more/command_builder.rb +5 -1
  75. data/lib/mongo/operation/insert/bulk_result.rb +5 -1
  76. data/lib/mongo/operation/insert/command.rb +0 -4
  77. data/lib/mongo/operation/insert/op_msg.rb +6 -3
  78. data/lib/mongo/operation/insert/result.rb +6 -3
  79. data/lib/mongo/operation/insert.rb +0 -1
  80. data/lib/mongo/operation/kill_cursors.rb +0 -1
  81. data/lib/mongo/operation/list_collections/op_msg.rb +4 -1
  82. data/lib/mongo/operation/map_reduce/result.rb +16 -0
  83. data/lib/mongo/operation/result.rb +21 -5
  84. data/lib/mongo/operation/shared/executable.rb +21 -6
  85. data/lib/mongo/operation/shared/polymorphic_operation.rb +15 -3
  86. data/lib/mongo/operation/shared/response_handling.rb +6 -5
  87. data/lib/mongo/operation/shared/sessions_supported.rb +3 -7
  88. data/lib/mongo/operation/shared/write.rb +18 -12
  89. data/lib/mongo/operation/update/op_msg.rb +2 -1
  90. data/lib/mongo/operation/update.rb +0 -1
  91. data/lib/mongo/protocol/caching_hash.rb +69 -0
  92. data/lib/mongo/protocol/msg.rb +37 -1
  93. data/lib/mongo/protocol.rb +1 -0
  94. data/lib/mongo/query_cache.rb +15 -0
  95. data/lib/mongo/retryable.rb +78 -30
  96. data/lib/mongo/server/connection.rb +33 -0
  97. data/lib/mongo/server/connection_base.rb +2 -0
  98. data/lib/mongo/server/connection_common.rb +4 -1
  99. data/lib/mongo/server/connection_pool.rb +69 -42
  100. data/lib/mongo/server/description/features.rb +3 -1
  101. data/lib/mongo/server/description.rb +7 -2
  102. data/lib/mongo/server/monitor/connection.rb +5 -10
  103. data/lib/mongo/server/monitor.rb +21 -13
  104. data/lib/mongo/server/push_monitor.rb +9 -3
  105. data/lib/mongo/server.rb +9 -5
  106. data/lib/mongo/session/session_pool.rb +8 -0
  107. data/lib/mongo/session.rb +111 -35
  108. data/lib/mongo/socket/ocsp_verifier.rb +4 -5
  109. data/lib/mongo/socket/tcp.rb +3 -0
  110. data/lib/mongo/srv/resolver.rb +24 -3
  111. data/lib/mongo/uri/options_mapper.rb +2 -0
  112. data/lib/mongo/uri/srv_protocol.rb +1 -1
  113. data/lib/mongo/uri.rb +20 -0
  114. data/lib/mongo/version.rb +1 -1
  115. data/lib/mongo.rb +20 -0
  116. data/mongo.gemspec +10 -4
  117. data/spec/README.md +5 -5
  118. data/spec/integration/aws_lambda_examples_spec.rb +68 -0
  119. data/spec/integration/bulk_write_error_message_spec.rb +32 -0
  120. data/spec/integration/bulk_write_spec.rb +0 -16
  121. data/spec/integration/change_stream_spec.rb +6 -5
  122. data/spec/integration/client_construction_spec.rb +1 -1
  123. data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +9 -9
  124. data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +18 -19
  125. data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +0 -1
  126. data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +31 -0
  127. data/spec/integration/client_side_encryption/auto_encryption_spec.rb +108 -1
  128. data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +2 -2
  129. data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +2 -2
  130. data/spec/integration/client_side_encryption/client_close_spec.rb +1 -1
  131. data/spec/integration/client_side_encryption/corpus_spec.rb +64 -35
  132. data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +39 -42
  133. data/spec/integration/client_side_encryption/data_key_spec.rb +97 -7
  134. data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +59 -0
  135. data/spec/integration/client_side_encryption/explicit_queryable_encryption_spec.rb +147 -0
  136. data/spec/integration/client_side_encryption/external_key_vault_spec.rb +6 -6
  137. data/spec/integration/client_side_encryption/kms_tls_options_spec.rb +394 -0
  138. data/spec/integration/client_side_encryption/kms_tls_spec.rb +92 -0
  139. data/spec/integration/client_side_encryption/queryable_encryption_examples_spec.rb +111 -0
  140. data/spec/integration/client_side_encryption/views_spec.rb +1 -1
  141. data/spec/integration/client_update_spec.rb +2 -2
  142. data/spec/integration/crud_spec.rb +12 -0
  143. data/spec/integration/cursor_pinning_spec.rb +3 -3
  144. data/spec/integration/fork_reconnect_spec.rb +15 -8
  145. data/spec/integration/grid_fs_bucket_spec.rb +3 -3
  146. data/spec/integration/ocsp_verifier_spec.rb +1 -0
  147. data/spec/integration/query_cache_spec.rb +34 -30
  148. data/spec/integration/retryable_writes/retryable_writes_36_and_older_spec.rb +1 -1
  149. data/spec/integration/sdam_events_spec.rb +0 -40
  150. data/spec/integration/server_monitor_spec.rb +2 -1
  151. data/spec/integration/size_limit_spec.rb +4 -1
  152. data/spec/integration/snapshot_query_examples_spec.rb +127 -0
  153. data/spec/integration/srv_monitoring_spec.rb +37 -0
  154. data/spec/integration/step_down_spec.rb +20 -4
  155. data/spec/integration/transaction_pinning_spec.rb +2 -2
  156. data/spec/integration/versioned_api_examples_spec.rb +37 -31
  157. data/spec/lite_spec_helper.rb +14 -5
  158. data/spec/mongo/address/ipv6_spec.rb +7 -0
  159. data/spec/mongo/address_spec.rb +7 -0
  160. data/spec/mongo/auth/scram/conversation_spec.rb +23 -23
  161. data/spec/mongo/auth/scram256/conversation_spec.rb +20 -20
  162. data/spec/mongo/auth/scram_negotiation_spec.rb +1 -0
  163. data/spec/mongo/bulk_write/result_spec.rb +15 -1
  164. data/spec/mongo/bulk_write_spec.rb +128 -20
  165. data/spec/mongo/client_construction_spec.rb +141 -7
  166. data/spec/mongo/client_encryption_spec.rb +11 -11
  167. data/spec/mongo/client_spec.rb +297 -1
  168. data/spec/mongo/cluster/cursor_reaper_spec.rb +21 -3
  169. data/spec/mongo/cluster_spec.rb +0 -44
  170. data/spec/mongo/collection/view/aggregation_spec.rb +2 -2
  171. data/spec/mongo/collection/view/change_stream_spec.rb +2 -2
  172. data/spec/mongo/collection/view/readable_spec.rb +35 -56
  173. data/spec/mongo/collection/view/writable_spec.rb +144 -32
  174. data/spec/mongo/collection_crud_spec.rb +63 -13
  175. data/spec/mongo/config/options_spec.rb +75 -0
  176. data/spec/mongo/config_spec.rb +73 -0
  177. data/spec/mongo/crypt/auto_decryption_context_spec.rb +17 -1
  178. data/spec/mongo/crypt/auto_encrypter_spec.rb +106 -0
  179. data/spec/mongo/crypt/auto_encryption_context_spec.rb +17 -1
  180. data/spec/mongo/crypt/binding/context_spec.rb +99 -17
  181. data/spec/mongo/crypt/binding/mongocrypt_spec.rb +17 -46
  182. data/spec/mongo/crypt/binding/version_spec.rb +25 -0
  183. data/spec/mongo/crypt/binding_unloaded_spec.rb +14 -0
  184. data/spec/mongo/crypt/data_key_context_spec.rb +42 -114
  185. data/spec/mongo/crypt/encryption_io_spec.rb +2 -0
  186. data/spec/mongo/crypt/explicit_decryption_context_spec.rb +32 -1
  187. data/spec/mongo/crypt/explicit_encryption_context_spec.rb +89 -1
  188. data/spec/mongo/crypt/handle_spec.rb +47 -169
  189. data/spec/mongo/crypt/hooks_spec.rb +30 -0
  190. data/spec/mongo/crypt/kms/credentials_spec.rb +404 -0
  191. data/spec/mongo/crypt/kms_spec.rb +59 -0
  192. data/spec/mongo/cursor_spec.rb +37 -51
  193. data/spec/mongo/database_spec.rb +66 -1
  194. data/spec/mongo/error/operation_failure_heavy_spec.rb +49 -0
  195. data/spec/mongo/index/view_spec.rb +69 -0
  196. data/spec/mongo/operation/create/op_msg_spec.rb +286 -0
  197. data/spec/mongo/operation/delete/op_msg_spec.rb +13 -4
  198. data/spec/mongo/operation/delete_spec.rb +0 -30
  199. data/spec/mongo/operation/insert/op_msg_spec.rb +18 -10
  200. data/spec/mongo/operation/insert_spec.rb +0 -32
  201. data/spec/mongo/operation/result_spec.rb +20 -0
  202. data/spec/mongo/operation/update/op_msg_spec.rb +13 -4
  203. data/spec/mongo/operation/update_spec.rb +0 -29
  204. data/spec/mongo/protocol/caching_hash_spec.rb +82 -0
  205. data/spec/mongo/protocol/msg_spec.rb +41 -0
  206. data/spec/mongo/query_cache_spec.rb +1 -0
  207. data/spec/mongo/retryable_spec.rb +32 -3
  208. data/spec/mongo/server/connection_auth_spec.rb +3 -1
  209. data/spec/mongo/server/connection_common_spec.rb +13 -1
  210. data/spec/mongo/server/connection_pool_spec.rb +94 -49
  211. data/spec/mongo/server/connection_spec.rb +50 -159
  212. data/spec/mongo/server/description/features_spec.rb +24 -0
  213. data/spec/mongo/server/push_monitor_spec.rb +2 -8
  214. data/spec/mongo/session_spec.rb +26 -6
  215. data/spec/mongo/session_transaction_spec.rb +2 -1
  216. data/spec/mongo/socket/ssl_spec.rb +15 -4
  217. data/spec/mongo/uri/srv_protocol_spec.rb +101 -2
  218. data/spec/mongo/uri_spec.rb +25 -0
  219. data/spec/runners/connection_string.rb +8 -0
  220. data/spec/runners/crud/operation.rb +12 -3
  221. data/spec/runners/crud/requirement.rb +3 -3
  222. data/spec/runners/crud/spec.rb +5 -0
  223. data/spec/runners/crud/verifier.rb +6 -0
  224. data/spec/runners/transactions/test.rb +33 -14
  225. data/spec/runners/transactions.rb +9 -6
  226. data/spec/runners/unified/assertions.rb +59 -10
  227. data/spec/runners/unified/change_stream_operations.rb +9 -0
  228. data/spec/runners/unified/crud_operations.rb +50 -2
  229. data/spec/runners/unified/ddl_operations.rb +20 -0
  230. data/spec/runners/unified/error.rb +2 -1
  231. data/spec/runners/unified/support_operations.rb +5 -2
  232. data/spec/runners/unified/test.rb +19 -4
  233. data/spec/runners/unified.rb +9 -2
  234. data/spec/shared/lib/mrss/constraints.rb +10 -17
  235. data/spec/shared/lib/mrss/docker_runner.rb +21 -3
  236. data/spec/shared/lib/mrss/lite_constraints.rb +32 -1
  237. data/spec/shared/lib/mrss/session_registry.rb +69 -0
  238. data/spec/shared/lib/mrss/session_registry_legacy.rb +60 -0
  239. data/spec/shared/share/Dockerfile.erb +56 -54
  240. data/spec/shared/shlib/config.sh +27 -0
  241. data/spec/shared/shlib/distro.sh +2 -1
  242. data/spec/shared/shlib/server.sh +46 -21
  243. data/spec/shared/shlib/set_env.sh +40 -5
  244. data/spec/spec_helper.rb +0 -1
  245. data/spec/spec_tests/crud_spec.rb +0 -10
  246. data/spec/spec_tests/data/change_streams_unified/change-streams-errors.yml +124 -0
  247. data/spec/spec_tests/data/change_streams_unified/change-streams-pre_and_post_images.yml +351 -0
  248. data/spec/spec_tests/data/change_streams_unified/change-streams-resume-allowlist.yml +1171 -0
  249. data/spec/spec_tests/data/change_streams_unified/change-streams-resume-errorLabels.yml +1068 -0
  250. data/spec/spec_tests/data/change_streams_unified/change-streams.yml +859 -4
  251. data/spec/spec_tests/data/client_side_encryption/aggregate.yml +3 -17
  252. data/spec/spec_tests/data/client_side_encryption/azureKMS.yml +46 -0
  253. data/spec/spec_tests/data/client_side_encryption/badQueries.yml +12 -2
  254. data/spec/spec_tests/data/client_side_encryption/basic.yml +3 -17
  255. data/spec/spec_tests/data/client_side_encryption/bulk.yml +1 -8
  256. data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +2 -2
  257. data/spec/spec_tests/data/client_side_encryption/count.yml +1 -8
  258. data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +1 -8
  259. data/spec/spec_tests/data/client_side_encryption/delete.yml +2 -16
  260. data/spec/spec_tests/data/client_side_encryption/distinct.yml +1 -8
  261. data/spec/spec_tests/data/client_side_encryption/explain.yml +1 -8
  262. data/spec/spec_tests/data/client_side_encryption/find.yml +2 -16
  263. data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +1 -8
  264. data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +1 -8
  265. data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +1 -8
  266. data/spec/spec_tests/data/client_side_encryption/fle2-BypassQueryAnalysis.yml +101 -0
  267. data/spec/spec_tests/data/client_side_encryption/fle2-Compact.yml +80 -0
  268. data/spec/spec_tests/data/client_side_encryption/fle2-CreateCollection.yml +1263 -0
  269. data/spec/spec_tests/data/client_side_encryption/fle2-DecryptExistingData.yml +64 -0
  270. data/spec/spec_tests/data/client_side_encryption/fle2-Delete.yml +107 -0
  271. data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-EncryptedFieldsMap.yml +80 -0
  272. data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-jsonSchema.yml +90 -0
  273. data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFieldsMap-defaults.yml +57 -0
  274. data/spec/spec_tests/data/client_side_encryption/fle2-FindOneAndUpdate.yml +213 -0
  275. data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Indexed.yml +86 -0
  276. data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Unindexed.yml +83 -0
  277. data/spec/spec_tests/data/client_side_encryption/fle2-MissingKey.yml +41 -0
  278. data/spec/spec_tests/data/client_side_encryption/fle2-NoEncryption.yml +42 -0
  279. data/spec/spec_tests/data/client_side_encryption/fle2-Update.yml +221 -0
  280. data/spec/spec_tests/data/client_side_encryption/fle2-validatorAndPartialFieldExpression.yml +168 -0
  281. data/spec/spec_tests/data/client_side_encryption/gcpKMS.yml +46 -0
  282. data/spec/spec_tests/data/client_side_encryption/getMore.yml +1 -8
  283. data/spec/spec_tests/data/client_side_encryption/insert.yml +2 -16
  284. data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +1 -8
  285. data/spec/spec_tests/data/client_side_encryption/localKMS.yml +1 -8
  286. data/spec/spec_tests/data/client_side_encryption/localSchema.yml +1 -8
  287. data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +2 -0
  288. data/spec/spec_tests/data/client_side_encryption/missingKey.yml +2 -9
  289. data/spec/spec_tests/data/client_side_encryption/noSchema.yml +39 -0
  290. data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +1 -8
  291. data/spec/spec_tests/data/client_side_encryption/types.yml +44 -70
  292. data/spec/spec_tests/data/client_side_encryption/updateMany.yml +1 -8
  293. data/spec/spec_tests/data/client_side_encryption/updateOne.yml +1 -8
  294. data/spec/spec_tests/data/collection_management/clustered-indexes.yml +135 -0
  295. data/spec/spec_tests/data/collection_management/createCollection-pre_and_post_images.yml +50 -0
  296. data/spec/spec_tests/data/collection_management/modifyCollection-pre_and_post_images.yml +58 -0
  297. data/spec/spec_tests/data/command_monitoring_unified/pre-42-server-connection-id.yml +56 -0
  298. data/spec/spec_tests/data/command_monitoring_unified/server-connection-id.yml +56 -0
  299. data/spec/spec_tests/data/crud/read/aggregate-collation.yml +1 -1
  300. data/spec/spec_tests/data/crud/read/count-collation.yml +1 -1
  301. data/spec/spec_tests/data/crud/read/distinct-collation.yml +1 -1
  302. data/spec/spec_tests/data/crud/read/find-collation.yml +1 -1
  303. data/spec/spec_tests/data/crud/write/bulkWrite-collation.yml +1 -1
  304. data/spec/spec_tests/data/crud/write/deleteMany-collation.yml +1 -1
  305. data/spec/spec_tests/data/crud/write/deleteOne-collation.yml +1 -1
  306. data/spec/spec_tests/data/crud/write/findOneAndDelete-collation.yml +1 -1
  307. data/spec/spec_tests/data/crud/write/findOneAndReplace-collation.yml +1 -1
  308. data/spec/spec_tests/data/crud/write/findOneAndUpdate-collation.yml +1 -1
  309. data/spec/spec_tests/data/crud/write/replaceOne-collation.yml +1 -1
  310. data/spec/spec_tests/data/crud/write/updateMany-collation.yml +1 -1
  311. data/spec/spec_tests/data/crud/write/updateOne-collation.yml +1 -1
  312. data/spec/spec_tests/data/crud_unified/aggregate-allowdiskuse.yml +75 -0
  313. data/spec/spec_tests/data/crud_unified/aggregate-merge.yml +185 -0
  314. data/spec/spec_tests/data/crud_unified/aggregate-out-readConcern.yml +171 -0
  315. data/spec/spec_tests/data/crud_unified/aggregate.yml +215 -0
  316. data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters-clientError.yml +98 -0
  317. data/spec/spec_tests/data/crud_unified/bulkWrite-arrayFilters.yml +174 -0
  318. data/spec/spec_tests/data/crud_unified/bulkWrite-comment.yml +189 -0
  319. data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-clientError.yml +113 -0
  320. data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint-serverError.yml +142 -0
  321. data/spec/spec_tests/data/crud_unified/bulkWrite-delete-hint.yml +154 -0
  322. data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-hint-unacknowledged.yml +98 -0
  323. data/spec/spec_tests/data/crud_unified/bulkWrite-deleteMany-let.yml +86 -0
  324. data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-hint-unacknowledged.yml +97 -0
  325. data/spec/spec_tests/data/crud_unified/bulkWrite-deleteOne-let.yml +86 -0
  326. data/spec/spec_tests/data/crud_unified/bulkWrite-insertOne-dots_and_dollars.yml +138 -0
  327. data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-dots_and_dollars.yml +165 -0
  328. data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-hint-unacknowledged.yml +103 -0
  329. data/spec/spec_tests/data/crud_unified/bulkWrite-replaceOne-let.yml +93 -0
  330. data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-clientError.yml +148 -0
  331. data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint-serverError.yml +239 -0
  332. data/spec/spec_tests/data/crud_unified/bulkWrite-update-hint.yml +256 -0
  333. data/spec/spec_tests/data/crud_unified/bulkWrite-update-validation.yml +73 -0
  334. data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-dots_and_dollars.yml +150 -0
  335. data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-hint-unacknowledged.yml +104 -0
  336. data/spec/spec_tests/data/crud_unified/bulkWrite-updateMany-let.yml +96 -0
  337. data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-dots_and_dollars.yml +150 -0
  338. data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-hint-unacknowledged.yml +103 -0
  339. data/spec/spec_tests/data/crud_unified/bulkWrite-updateOne-let.yml +95 -0
  340. data/spec/spec_tests/data/crud_unified/countDocuments-comment.yml +92 -0
  341. data/spec/spec_tests/data/crud_unified/db-aggregate.yml +73 -0
  342. data/spec/spec_tests/data/crud_unified/deleteMany-comment.yml +97 -0
  343. data/spec/spec_tests/data/crud_unified/deleteMany-hint-clientError.yml +87 -0
  344. data/spec/spec_tests/data/crud_unified/deleteMany-hint-serverError.yml +107 -0
  345. data/spec/spec_tests/data/crud_unified/deleteMany-hint-unacknowledged.yml +90 -0
  346. data/spec/spec_tests/data/crud_unified/deleteMany-hint.yml +99 -0
  347. data/spec/spec_tests/data/crud_unified/deleteMany-let.yml +2 -0
  348. data/spec/spec_tests/data/crud_unified/deleteOne-comment.yml +98 -0
  349. data/spec/spec_tests/data/crud_unified/deleteOne-hint-clientError.yml +80 -0
  350. data/spec/spec_tests/data/crud_unified/deleteOne-hint-serverError.yml +100 -0
  351. data/spec/spec_tests/data/crud_unified/deleteOne-hint-unacknowledged.yml +89 -0
  352. data/spec/spec_tests/data/crud_unified/deleteOne-hint.yml +95 -0
  353. data/spec/spec_tests/data/crud_unified/deleteOne-let.yml +2 -0
  354. data/spec/spec_tests/data/crud_unified/estimatedDocumentCount-comment.yml +95 -0
  355. data/spec/spec_tests/data/crud_unified/estimatedDocumentCount.yml +5 -135
  356. data/spec/spec_tests/data/crud_unified/find-allowdiskuse-clientError.yml +55 -0
  357. data/spec/spec_tests/data/crud_unified/find-allowdiskuse-serverError.yml +68 -0
  358. data/spec/spec_tests/data/crud_unified/find-allowdiskuse.yml +79 -0
  359. data/spec/spec_tests/data/crud_unified/find-comment.yml +166 -0
  360. data/spec/spec_tests/data/crud_unified/find.yml +68 -0
  361. data/spec/spec_tests/data/crud_unified/findOneAndDelete-comment.yml +96 -0
  362. data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-clientError.yml +91 -0
  363. data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-serverError.yml +107 -0
  364. data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint-unacknowledged.yml +88 -0
  365. data/spec/spec_tests/data/crud_unified/findOneAndDelete-hint.yml +102 -0
  366. data/spec/spec_tests/data/crud_unified/findOneAndDelete-let.yml +2 -4
  367. data/spec/spec_tests/data/crud_unified/findOneAndReplace-comment.yml +101 -0
  368. data/spec/spec_tests/data/crud_unified/findOneAndReplace-dots_and_dollars.yml +140 -0
  369. data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-clientError.yml +83 -0
  370. data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-serverError.yml +99 -0
  371. data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint-unacknowledged.yml +96 -0
  372. data/spec/spec_tests/data/crud_unified/findOneAndReplace-hint.yml +98 -0
  373. data/spec/spec_tests/data/crud_unified/findOneAndUpdate-comment.yml +95 -0
  374. data/spec/spec_tests/data/crud_unified/findOneAndUpdate-dots_and_dollars.yml +127 -0
  375. data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-clientError.yml +84 -0
  376. data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-serverError.yml +100 -0
  377. data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint-unacknowledged.yml +92 -0
  378. data/spec/spec_tests/data/crud_unified/findOneAndUpdate-hint.yml +99 -0
  379. data/spec/spec_tests/data/crud_unified/insertMany-comment.yml +93 -0
  380. data/spec/spec_tests/data/crud_unified/insertMany-dots_and_dollars.yml +128 -0
  381. data/spec/spec_tests/data/crud_unified/insertOne-comment.yml +91 -0
  382. data/spec/spec_tests/data/crud_unified/insertOne-dots_and_dollars.yml +238 -0
  383. data/spec/spec_tests/data/crud_unified/replaceOne-comment.yml +105 -0
  384. data/spec/spec_tests/data/crud_unified/replaceOne-dots_and_dollars.yml +180 -0
  385. data/spec/spec_tests/data/crud_unified/replaceOne-hint-unacknowledged.yml +95 -0
  386. data/spec/spec_tests/data/crud_unified/replaceOne-hint.yml +108 -0
  387. data/spec/spec_tests/data/crud_unified/replaceOne-let.yml +98 -0
  388. data/spec/spec_tests/data/crud_unified/replaceOne-validation.yml +37 -0
  389. data/spec/spec_tests/data/crud_unified/updateMany-comment.yml +104 -0
  390. data/spec/spec_tests/data/crud_unified/updateMany-dots_and_dollars.yml +138 -0
  391. data/spec/spec_tests/data/crud_unified/updateMany-hint-clientError.yml +91 -0
  392. data/spec/spec_tests/data/crud_unified/updateMany-hint-serverError.yml +115 -0
  393. data/spec/spec_tests/data/crud_unified/updateMany-hint-unacknowledged.yml +96 -0
  394. data/spec/spec_tests/data/crud_unified/updateMany-hint.yml +115 -0
  395. data/spec/spec_tests/data/crud_unified/updateMany-let.yml +5 -1
  396. data/spec/spec_tests/data/crud_unified/updateMany-validation.yml +39 -0
  397. data/spec/spec_tests/data/crud_unified/updateOne-comment.yml +104 -0
  398. data/spec/spec_tests/data/crud_unified/updateOne-dots_and_dollars.yml +138 -0
  399. data/spec/spec_tests/data/crud_unified/updateOne-hint-clientError.yml +85 -0
  400. data/spec/spec_tests/data/crud_unified/updateOne-hint-serverError.yml +109 -0
  401. data/spec/spec_tests/data/crud_unified/updateOne-hint-unacknowledged.yml +95 -0
  402. data/spec/spec_tests/data/crud_unified/updateOne-hint.yml +109 -0
  403. data/spec/spec_tests/data/crud_unified/updateOne-let.yml +5 -1
  404. data/spec/spec_tests/data/crud_unified/updateOne-validation.yml +37 -0
  405. data/spec/spec_tests/data/crud_unified/updateWithPipelines.yml +8 -14
  406. data/spec/spec_tests/data/retryable_reads/{aggregate-merge.yml → legacy/aggregate-merge.yml} +0 -0
  407. data/spec/spec_tests/data/retryable_reads/{aggregate-serverErrors.yml → legacy/aggregate-serverErrors.yml} +0 -0
  408. data/spec/spec_tests/data/retryable_reads/{aggregate.yml → legacy/aggregate.yml} +0 -0
  409. data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch-serverErrors.yml → legacy/changeStreams-client.watch-serverErrors.yml} +0 -0
  410. data/spec/spec_tests/data/retryable_reads/{changeStreams-client.watch.yml → legacy/changeStreams-client.watch.yml} +0 -0
  411. data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch-serverErrors.yml → legacy/changeStreams-db.coll.watch-serverErrors.yml} +0 -0
  412. data/spec/spec_tests/data/retryable_reads/{changeStreams-db.coll.watch.yml → legacy/changeStreams-db.coll.watch.yml} +0 -0
  413. data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch-serverErrors.yml → legacy/changeStreams-db.watch-serverErrors.yml} +0 -0
  414. data/spec/spec_tests/data/retryable_reads/{changeStreams-db.watch.yml → legacy/changeStreams-db.watch.yml} +0 -0
  415. data/spec/spec_tests/data/retryable_reads/{count-serverErrors.yml → legacy/count-serverErrors.yml} +0 -0
  416. data/spec/spec_tests/data/retryable_reads/{count.yml → legacy/count.yml} +0 -0
  417. data/spec/spec_tests/data/retryable_reads/{countDocuments-serverErrors.yml → legacy/countDocuments-serverErrors.yml} +0 -0
  418. data/spec/spec_tests/data/retryable_reads/{countDocuments.yml → legacy/countDocuments.yml} +0 -0
  419. data/spec/spec_tests/data/retryable_reads/{distinct-serverErrors.yml → legacy/distinct-serverErrors.yml} +0 -0
  420. data/spec/spec_tests/data/retryable_reads/{distinct.yml → legacy/distinct.yml} +0 -0
  421. data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-serverErrors-pre4.9.yml → legacy/estimatedDocumentCount-serverErrors.yml} +0 -2
  422. data/spec/spec_tests/data/retryable_reads/{estimatedDocumentCount-pre4.9.yml → legacy/estimatedDocumentCount.yml} +0 -2
  423. data/spec/spec_tests/data/retryable_reads/{find-serverErrors.yml → legacy/find-serverErrors.yml} +0 -0
  424. data/spec/spec_tests/data/retryable_reads/{find.yml → legacy/find.yml} +0 -0
  425. data/spec/spec_tests/data/retryable_reads/{findOne-serverErrors.yml → legacy/findOne-serverErrors.yml} +0 -0
  426. data/spec/spec_tests/data/retryable_reads/{findOne.yml → legacy/findOne.yml} +0 -0
  427. data/spec/spec_tests/data/retryable_reads/{gridfs-download-serverErrors.yml → legacy/gridfs-download-serverErrors.yml} +0 -0
  428. data/spec/spec_tests/data/retryable_reads/{gridfs-download.yml → legacy/gridfs-download.yml} +0 -0
  429. data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName-serverErrors.yml → legacy/gridfs-downloadByName-serverErrors.yml} +0 -0
  430. data/spec/spec_tests/data/retryable_reads/{gridfs-downloadByName.yml → legacy/gridfs-downloadByName.yml} +0 -0
  431. data/spec/spec_tests/data/retryable_reads/{listCollectionNames-serverErrors.yml → legacy/listCollectionNames-serverErrors.yml} +0 -0
  432. data/spec/spec_tests/data/retryable_reads/{listCollectionNames.yml → legacy/listCollectionNames.yml} +0 -0
  433. data/spec/spec_tests/data/retryable_reads/{listCollectionObjects-serverErrors.yml → legacy/listCollectionObjects-serverErrors.yml} +0 -0
  434. data/spec/spec_tests/data/retryable_reads/{listCollectionObjects.yml → legacy/listCollectionObjects.yml} +0 -0
  435. data/spec/spec_tests/data/retryable_reads/{listCollections-serverErrors.yml → legacy/listCollections-serverErrors.yml} +0 -0
  436. data/spec/spec_tests/data/retryable_reads/{listCollections.yml → legacy/listCollections.yml} +0 -0
  437. data/spec/spec_tests/data/retryable_reads/{listDatabaseNames-serverErrors.yml → legacy/listDatabaseNames-serverErrors.yml} +0 -0
  438. data/spec/spec_tests/data/retryable_reads/{listDatabaseNames.yml → legacy/listDatabaseNames.yml} +0 -0
  439. data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects-serverErrors.yml → legacy/listDatabaseObjects-serverErrors.yml} +0 -0
  440. data/spec/spec_tests/data/retryable_reads/{listDatabaseObjects.yml → legacy/listDatabaseObjects.yml} +0 -0
  441. data/spec/spec_tests/data/retryable_reads/{listDatabases-serverErrors.yml → legacy/listDatabases-serverErrors.yml} +0 -0
  442. data/spec/spec_tests/data/retryable_reads/{listDatabases.yml → legacy/listDatabases.yml} +0 -0
  443. data/spec/spec_tests/data/retryable_reads/{listIndexNames-serverErrors.yml → legacy/listIndexNames-serverErrors.yml} +0 -0
  444. data/spec/spec_tests/data/retryable_reads/{listIndexNames.yml → legacy/listIndexNames.yml} +0 -0
  445. data/spec/spec_tests/data/retryable_reads/{listIndexes-serverErrors.yml → legacy/listIndexes-serverErrors.yml} +0 -0
  446. data/spec/spec_tests/data/retryable_reads/{listIndexes.yml → legacy/listIndexes.yml} +0 -0
  447. data/spec/spec_tests/data/retryable_reads/{mapReduce.yml → legacy/mapReduce.yml} +0 -0
  448. data/spec/spec_tests/data/retryable_reads/unified/handshakeError.yml +129 -0
  449. data/spec/spec_tests/data/retryable_writes/{bulkWrite-errorLabels.yml → legacy/bulkWrite-errorLabels.yml} +0 -0
  450. data/spec/spec_tests/data/retryable_writes/{bulkWrite-serverErrors.yml → legacy/bulkWrite-serverErrors.yml} +1 -1
  451. data/spec/spec_tests/data/retryable_writes/{bulkWrite.yml → legacy/bulkWrite.yml} +0 -0
  452. data/spec/spec_tests/data/retryable_writes/{deleteMany.yml → legacy/deleteMany.yml} +0 -0
  453. data/spec/spec_tests/data/retryable_writes/{deleteOne-errorLabels.yml → legacy/deleteOne-errorLabels.yml} +0 -0
  454. data/spec/spec_tests/data/retryable_writes/{deleteOne-serverErrors.yml → legacy/deleteOne-serverErrors.yml} +1 -1
  455. data/spec/spec_tests/data/retryable_writes/{deleteOne.yml → legacy/deleteOne.yml} +0 -0
  456. data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-errorLabels.yml → legacy/findOneAndDelete-errorLabels.yml} +0 -0
  457. data/spec/spec_tests/data/retryable_writes/{findOneAndDelete-serverErrors.yml → legacy/findOneAndDelete-serverErrors.yml} +1 -1
  458. data/spec/spec_tests/data/retryable_writes/{findOneAndDelete.yml → legacy/findOneAndDelete.yml} +0 -0
  459. data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-errorLabels.yml → legacy/findOneAndReplace-errorLabels.yml} +0 -0
  460. data/spec/spec_tests/data/retryable_writes/{findOneAndReplace-serverErrors.yml → legacy/findOneAndReplace-serverErrors.yml} +1 -1
  461. data/spec/spec_tests/data/retryable_writes/{findOneAndReplace.yml → legacy/findOneAndReplace.yml} +0 -0
  462. data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-errorLabels.yml → legacy/findOneAndUpdate-errorLabels.yml} +0 -0
  463. data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate-serverErrors.yml → legacy/findOneAndUpdate-serverErrors.yml} +1 -1
  464. data/spec/spec_tests/data/retryable_writes/{findOneAndUpdate.yml → legacy/findOneAndUpdate.yml} +0 -0
  465. data/spec/spec_tests/data/retryable_writes/{insertMany-errorLabels.yml → legacy/insertMany-errorLabels.yml} +0 -0
  466. data/spec/spec_tests/data/retryable_writes/{insertMany-serverErrors.yml → legacy/insertMany-serverErrors.yml} +1 -1
  467. data/spec/spec_tests/data/retryable_writes/{insertMany.yml → legacy/insertMany.yml} +0 -0
  468. data/spec/spec_tests/data/retryable_writes/{insertOne-errorLabels.yml → legacy/insertOne-errorLabels.yml} +0 -0
  469. data/spec/spec_tests/data/retryable_writes/{insertOne-serverErrors.yml → legacy/insertOne-serverErrors.yml} +5 -5
  470. data/spec/spec_tests/data/retryable_writes/{insertOne.yml → legacy/insertOne.yml} +0 -0
  471. data/spec/spec_tests/data/retryable_writes/{replaceOne-errorLabels.yml → legacy/replaceOne-errorLabels.yml} +0 -0
  472. data/spec/spec_tests/data/retryable_writes/{replaceOne-serverErrors.yml → legacy/replaceOne-serverErrors.yml} +1 -1
  473. data/spec/spec_tests/data/retryable_writes/{replaceOne.yml → legacy/replaceOne.yml} +0 -0
  474. data/spec/spec_tests/data/retryable_writes/{updateMany.yml → legacy/updateMany.yml} +0 -0
  475. data/spec/spec_tests/data/retryable_writes/{updateOne-errorLabels.yml → legacy/updateOne-errorLabels.yml} +0 -0
  476. data/spec/spec_tests/data/retryable_writes/{updateOne-serverErrors.yml → legacy/updateOne-serverErrors.yml} +1 -1
  477. data/spec/spec_tests/data/retryable_writes/{updateOne.yml → legacy/updateOne.yml} +0 -0
  478. data/spec/spec_tests/data/retryable_writes/unified/bulkWrite-serverErrors.yml +96 -0
  479. data/spec/spec_tests/data/retryable_writes/unified/handshakeError.yml +137 -0
  480. data/spec/spec_tests/data/retryable_writes/unified/insertOne-serverErrors.yml +78 -0
  481. data/spec/spec_tests/data/sdam/errors/prefer-error-code.yml +2 -2
  482. data/spec/spec_tests/data/seed_list_discovery/load-balanced/loadBalanced-no-results.yml +5 -0
  483. data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true-txt.yml +5 -0
  484. data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-conflicts_with_loadBalanced-true.yml +5 -0
  485. data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero-txt.yml +10 -0
  486. data/spec/spec_tests/data/seed_list_discovery/load-balanced/srvMaxHosts-zero.yml +10 -0
  487. data/spec/spec_tests/data/seed_list_discovery/replica-set/srv-service-name.yml +11 -0
  488. data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet-txt.yml +5 -0
  489. data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-conflicts_with_replicaSet.yml +5 -0
  490. data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-equal_to_srv_records.yml +16 -0
  491. data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-greater_than_srv_records.yml +15 -0
  492. data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-less_than_srv_records.yml +15 -0
  493. data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero-txt.yml +15 -0
  494. data/spec/spec_tests/data/seed_list_discovery/replica-set/srvMaxHosts-zero.yml +15 -0
  495. data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-equal_to_srv_records.yml +13 -0
  496. data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-greater_than_srv_records.yml +12 -0
  497. data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-less_than_srv_records.yml +10 -0
  498. data/spec/spec_tests/data/seed_list_discovery/sharded/srvMaxHosts-zero.yml +11 -0
  499. data/spec/spec_tests/data/server_selection/Unknown/read/ghost.yml +11 -0
  500. data/spec/spec_tests/data/server_selection/Unknown/write/ghost.yml +11 -0
  501. data/spec/spec_tests/data/sessions_unified/driver-sessions-server-support.yml +123 -0
  502. data/spec/spec_tests/data/sessions_unified/snapshot-sessions-not-supported-client-error.yml +9 -3
  503. data/spec/spec_tests/data/transactions/error-labels.yml +1 -1
  504. data/spec/spec_tests/data/transactions/errors-client.yml +8 -9
  505. data/spec/spec_tests/data/transactions/mongos-recovery-token.yml +1 -1
  506. data/spec/spec_tests/data/transactions/retryable-abort-errorLabels.yml +0 -2
  507. data/spec/spec_tests/data/transactions/retryable-abort.yml +7 -9
  508. data/spec/spec_tests/data/transactions/retryable-commit-errorLabels.yml +0 -2
  509. data/spec/spec_tests/data/transactions/retryable-commit.yml +7 -9
  510. data/spec/spec_tests/data/transactions/retryable-writes.yml +0 -2
  511. data/spec/spec_tests/data/unified/invalid/expectedEventsForClient-ignoreExtraEvents-type.yml +15 -0
  512. data/spec/spec_tests/data/unified/valid-fail/operation-unsupported.yml +13 -0
  513. data/spec/spec_tests/data/unified/valid-pass/expectedEventsForClient-ignoreExtraEvents.yml +78 -0
  514. data/spec/spec_tests/data/unified/valid-pass/poc-change-streams.yml +4 -1
  515. data/spec/spec_tests/data/unified/valid-pass/poc-command-monitoring.yml +3 -3
  516. data/spec/spec_tests/data/unified/valid-pass/poc-transactions.yml +3 -2
  517. data/spec/spec_tests/data/uri_options/srv-options.yml +96 -0
  518. data/spec/spec_tests/data/versioned_api/crud-api-version-1-strict.yml +6 -4
  519. data/spec/spec_tests/data/versioned_api/crud-api-version-1.yml +7 -5
  520. data/spec/spec_tests/retryable_reads_spec.rb +4 -1
  521. data/spec/spec_tests/retryable_reads_unified_spec.rb +22 -0
  522. data/spec/spec_tests/retryable_writes_spec.rb +4 -1
  523. data/spec/spec_tests/retryable_writes_unified_spec.rb +21 -0
  524. data/spec/spec_tests/seed_list_discovery_spec.rb +10 -1
  525. data/spec/spec_tests/unified_spec.rb +6 -1
  526. data/spec/stress/connection_pool_timing_spec.rb +2 -1
  527. data/spec/stress/fork_reconnect_stress_spec.rb +3 -2
  528. data/spec/support/authorization.rb +1 -1
  529. data/spec/support/certificates/atlas-ocsp-ca.crt +47 -40
  530. data/spec/support/certificates/atlas-ocsp.crt +106 -101
  531. data/spec/support/cluster_tools.rb +1 -1
  532. data/spec/support/common_shortcuts.rb +22 -0
  533. data/spec/support/crypt/corpus/corpus-encrypted.json +9515 -0
  534. data/spec/support/crypt/corpus/corpus-key-aws.json +32 -32
  535. data/spec/support/crypt/corpus/corpus-key-azure.json +33 -0
  536. data/spec/support/crypt/corpus/corpus-key-gcp.json +35 -0
  537. data/spec/support/crypt/corpus/corpus-key-kmip.json +32 -0
  538. data/spec/support/crypt/corpus/corpus-key-local.json +30 -30
  539. data/spec/support/crypt/corpus/corpus-schema.json +4399 -121
  540. data/spec/support/crypt/corpus/corpus.json +4999 -37
  541. data/spec/support/crypt/data_keys/key_document_azure.json +33 -0
  542. data/spec/support/crypt/data_keys/key_document_gcp.json +37 -0
  543. data/spec/support/crypt/data_keys/key_document_kmip.json +32 -0
  544. data/spec/support/crypt/encryptedFields.json +33 -0
  545. data/spec/support/crypt/keys/key1-document.json +30 -0
  546. data/spec/support/crypt/schema_maps/schema_map_azure.json +17 -0
  547. data/spec/support/crypt/schema_maps/schema_map_azure_key_alt_names.json +12 -0
  548. data/spec/support/crypt/schema_maps/schema_map_gcp.json +17 -0
  549. data/spec/support/crypt/schema_maps/schema_map_gcp_key_alt_names.json +12 -0
  550. data/spec/support/crypt/schema_maps/schema_map_kmip.json +17 -0
  551. data/spec/support/crypt/schema_maps/schema_map_kmip_key_alt_names.json +12 -0
  552. data/spec/support/crypt.rb +207 -6
  553. data/spec/support/macros.rb +18 -0
  554. data/spec/support/mongos_macros.rb +17 -0
  555. data/spec/support/shared/scram_conversation.rb +2 -1
  556. data/spec/support/shared/session.rb +13 -7
  557. data/spec/support/spec_config.rb +82 -1
  558. data/spec/support/utils.rb +25 -4
  559. data.tar.gz.sig +0 -0
  560. metadata +1468 -1214
  561. metadata.gz.sig +0 -0
  562. data/lib/mongo/operation/delete/legacy.rb +0 -64
  563. data/lib/mongo/operation/insert/legacy.rb +0 -68
  564. data/lib/mongo/operation/update/legacy/result.rb +0 -112
  565. data/lib/mongo/operation/update/legacy.rb +0 -76
  566. data/spec/mongo/dbref_spec.rb +0 -152
  567. data/spec/mongo/operation/kill_cursors_spec.rb +0 -47
  568. data/spec/spec_tests/change_streams_spec.rb +0 -93
  569. data/spec/spec_tests/data/change_streams/change-streams-errors.yml +0 -101
  570. data/spec/spec_tests/data/change_streams/change-streams-resume-allowlist.yml +0 -1173
  571. data/spec/spec_tests/data/change_streams/change-streams-resume-errorLabels.yml +0 -1105
  572. data/spec/spec_tests/data/change_streams/change-streams.yml +0 -535
  573. data/spec/spec_tests/data/crud_v2/aggregate-merge.yml +0 -103
  574. data/spec/spec_tests/data/crud_v2/aggregate-out-readConcern.yml +0 -111
  575. data/spec/spec_tests/data/crud_v2/bulkWrite-arrayFilters.yml +0 -103
  576. data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-clientError.yml +0 -63
  577. data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-serverError.yml +0 -92
  578. data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint.yml +0 -103
  579. data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-clientError.yml +0 -90
  580. data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-serverError.yml +0 -147
  581. data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint.yml +0 -164
  582. data/spec/spec_tests/data/crud_v2/db-aggregate.yml +0 -39
  583. data/spec/spec_tests/data/crud_v2/deleteMany-hint-clientError.yml +0 -43
  584. data/spec/spec_tests/data/crud_v2/deleteMany-hint-serverError.yml +0 -62
  585. data/spec/spec_tests/data/crud_v2/deleteMany-hint.yml +0 -58
  586. data/spec/spec_tests/data/crud_v2/deleteOne-hint-clientError.yml +0 -41
  587. data/spec/spec_tests/data/crud_v2/deleteOne-hint-serverError.yml +0 -60
  588. data/spec/spec_tests/data/crud_v2/deleteOne-hint.yml +0 -57
  589. data/spec/spec_tests/data/crud_v2/find-allowdiskuse-clientError.yml +0 -28
  590. data/spec/spec_tests/data/crud_v2/find-allowdiskuse-serverError.yml +0 -44
  591. data/spec/spec_tests/data/crud_v2/find-allowdiskuse.yml +0 -50
  592. data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-clientError.yml +0 -45
  593. data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-serverError.yml +0 -60
  594. data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint.yml +0 -56
  595. data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-clientError.yml +0 -40
  596. data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-serverError.yml +0 -59
  597. data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint.yml +0 -55
  598. data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-clientError.yml +0 -40
  599. data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-serverError.yml +0 -58
  600. data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint.yml +0 -55
  601. data/spec/spec_tests/data/crud_v2/replaceOne-hint.yml +0 -61
  602. data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-delete-hint-clientError.yml +0 -60
  603. data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-update-hint-clientError.yml +0 -88
  604. data/spec/spec_tests/data/crud_v2/unacknowledged-deleteMany-hint-clientError.yml +0 -40
  605. data/spec/spec_tests/data/crud_v2/unacknowledged-deleteOne-hint-clientError.yml +0 -38
  606. data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndDelete-hint-clientError.yml +0 -42
  607. data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndReplace-hint-clientError.yml +0 -40
  608. data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndUpdate-hint-clientError.yml +0 -40
  609. data/spec/spec_tests/data/crud_v2/unacknowledged-replaceOne-hint-clientError.yml +0 -40
  610. data/spec/spec_tests/data/crud_v2/unacknowledged-updateMany-hint-clientError.yml +0 -43
  611. data/spec/spec_tests/data/crud_v2/unacknowledged-updateOne-hint-clientError.yml +0 -40
  612. data/spec/spec_tests/data/crud_v2/updateMany-hint-clientError.yml +0 -45
  613. data/spec/spec_tests/data/crud_v2/updateMany-hint-serverError.yml +0 -66
  614. data/spec/spec_tests/data/crud_v2/updateMany-hint.yml +0 -65
  615. data/spec/spec_tests/data/crud_v2/updateOne-hint-clientError.yml +0 -43
  616. data/spec/spec_tests/data/crud_v2/updateOne-hint-serverError.yml +0 -62
  617. data/spec/spec_tests/data/crud_v2/updateOne-hint.yml +0 -61
  618. data/spec/spec_tests/data/crud_v2/updateWithPipelines.yml +0 -157
  619. data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-4.9.yml +0 -60
  620. data/spec/spec_tests/data/retryable_reads/estimatedDocumentCount-serverErrors-4.9.yml +0 -146
  621. data/spec/support/crypt/corpus/corpus_encrypted.json +0 -4152
  622. data/spec/support/session_registry.rb +0 -55
@@ -35,12 +35,13 @@ module Mongo
35
35
  # @param [ String ] input The data to be encrypted/decrypted
36
36
  # @param [ true | false ] decrypt Whether this method is decrypting. Default is
37
37
  # false, which means the method will create an encryption cipher by default
38
+ # @param [ Symbol ] mode AES mode of operation
38
39
  #
39
40
  # @return [ String ] Output
40
41
  # @raise [ Exception ] Exceptions raised during encryption are propagated
41
42
  # to caller.
42
- def aes(key, iv, input, decrypt: false)
43
- cipher = OpenSSL::Cipher::AES.new(256, :CBC)
43
+ def aes(key, iv, input, decrypt: false, mode: :CBC)
44
+ cipher = OpenSSL::Cipher::AES.new(256, mode)
44
45
 
45
46
  decrypt ? cipher.decrypt : cipher.encrypt
46
47
  cipher.key = key
@@ -88,6 +89,28 @@ module Mongo
88
89
  Digest::SHA2.new(256).digest(input)
89
90
  end
90
91
  module_function :hash_sha256
92
+
93
+ # An RSASSA-PKCS1-v1_5 with SHA-256 signature function.
94
+ #
95
+ # @param [ String ] key The PKCS#8 private key in DER format, base64 encoded.
96
+ # @param [ String ] input The data to be signed.
97
+ #
98
+ # @return [ String ] The signature.
99
+ def rsaes_pkcs_signature(key, input)
100
+ private_key = if BSON::Environment.jruby?
101
+ # JRuby cannot read DER format, we need to convert key into PEM first.
102
+ key_pem = [
103
+ "-----BEGIN PRIVATE KEY-----",
104
+ Base64.strict_encode64(Base64.decode64(key)).scan(/.{1,64}/),
105
+ "-----END PRIVATE KEY-----",
106
+ ].join("\n")
107
+ OpenSSL::PKey::RSA.new(key_pem)
108
+ else
109
+ OpenSSL::PKey.read(Base64.decode64(key))
110
+ end
111
+ private_key.sign(OpenSSL::Digest::SHA256.new, input)
112
+ end
113
+ module_function :rsaes_pkcs_signature
91
114
  end
92
115
  end
93
116
  end
@@ -0,0 +1,128 @@
1
+ # frozen_string_literal: true
2
+ # encoding: utf-8
3
+
4
+ # Copyright (C) 2019-2021 MongoDB Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ module Mongo
19
+ module Crypt
20
+ module KMS
21
+ module AWS
22
+
23
+ # AWS KMS Credentials object contains credentials for using AWS KMS provider.
24
+ #
25
+ # @api private
26
+ class Credentials
27
+ include KMS::Validations
28
+
29
+ # @return [ String ] AWS access key.
30
+ attr_reader :access_key_id
31
+
32
+ # @return [ String ] AWS secret access key.
33
+ attr_reader :secret_access_key
34
+
35
+ # @return [ String | nil ] AWS session token.
36
+ attr_reader :session_token
37
+
38
+ FORMAT_HINT = "AWS KMS provider options must be in the format: " +
39
+ "{ access_key_id: 'YOUR-ACCESS-KEY-ID', secret_access_key: 'SECRET-ACCESS-KEY' }"
40
+
41
+ # Creates an AWS KMS credentials object form a parameters hash.
42
+ #
43
+ # @param [ Hash ] opts A hash that contains credentials for
44
+ # AWS KMS provider
45
+ # @option opts [ String ] :access_key_id AWS access key id.
46
+ # @option opts [ String ] :secret_access_key AWS secret access key.
47
+ # @option opts [ String | nil ] :session_token AWS session token, optional.
48
+ #
49
+ # @raise [ ArgumentError ] If required options are missing or incorrectly
50
+ # formatted.
51
+ def initialize(opts)
52
+ @access_key_id = validate_param(:access_key_id, opts, FORMAT_HINT)
53
+ @secret_access_key = validate_param(:secret_access_key, opts, FORMAT_HINT)
54
+ @session_token = validate_param(:session_token, opts, FORMAT_HINT, required: false)
55
+ end
56
+
57
+ # Convert credentials object to a BSON document in libmongocrypt format.
58
+ #
59
+ # @return [ BSON::Document ] AWS KMS credentials in libmongocrypt format.
60
+ def to_document
61
+ BSON::Document.new({
62
+ accessKeyId: access_key_id,
63
+ secretAccessKey: secret_access_key,
64
+ }).tap do |bson|
65
+ unless session_token.nil?
66
+ bson.update({ sessionToken: session_token })
67
+ end
68
+ end
69
+ end
70
+ end
71
+
72
+ # AWS KMS master key document object contains KMS master key parameters.
73
+ #
74
+ # @api private
75
+ class MasterKeyDocument
76
+ include KMS::Validations
77
+
78
+ # @return [ String ] AWS region.
79
+ attr_reader :region
80
+
81
+ # @return [ String ] AWS KMS key.
82
+ attr_reader :key
83
+
84
+ # @return [ String | nil ] AWS KMS endpoint.
85
+ attr_reader :endpoint
86
+
87
+ FORMAT_HINT = "AWS key document must be in the format: " +
88
+ "{ region: 'REGION', key: 'KEY' }"
89
+
90
+ # Creates a master key document object form a parameters hash.
91
+ #
92
+ # @param [ Hash ] opts A hash that contains master key options for
93
+ # the AWS KMS provider.
94
+ # @option opts [ String ] :region AWS region.
95
+ # @option opts [ String ] :key AWS KMS key.
96
+ # @option opts [ String | nil ] :endpoint AWS KMS endpoint, optional.
97
+ #
98
+ # @raise [ ArgumentError ] If required options are missing or incorrectly.
99
+ def initialize(opts)
100
+ unless opts.is_a?(Hash)
101
+ raise ArgumentError.new(
102
+ 'Key document options must contain a key named :master_key with a Hash value'
103
+ )
104
+ end
105
+ @region = validate_param(:region, opts, FORMAT_HINT)
106
+ @key = validate_param(:key, opts, FORMAT_HINT)
107
+ @endpoint = validate_param(:endpoint, opts, FORMAT_HINT, required: false)
108
+ end
109
+
110
+ # Convert master key document object to a BSON document in libmongocrypt format.
111
+ #
112
+ # @return [ BSON::Document ] AWS KMS master key document in libmongocrypt format.
113
+ def to_document
114
+ BSON::Document.new({
115
+ provider: 'aws',
116
+ region: region,
117
+ key: key,
118
+ }).tap do |bson|
119
+ unless endpoint.nil?
120
+ bson.update({ endpoint: endpoint })
121
+ end
122
+ end
123
+ end
124
+ end
125
+ end
126
+ end
127
+ end
128
+ end
@@ -0,0 +1,136 @@
1
+ # frozen_string_literal: true
2
+ # encoding: utf-8
3
+
4
+ # Copyright (C) 2019-2021 MongoDB Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ module Mongo
19
+ module Crypt
20
+ module KMS
21
+ module Azure
22
+ # Azure KMS Credentials object contains credentials for using Azure KMS provider.
23
+ #
24
+ # @api private
25
+ class Credentials
26
+ include KMS::Validations
27
+
28
+ # @return [ String ] Azure tenant id.
29
+ attr_reader :tenant_id
30
+
31
+ # @return [ String ] Azure client id.
32
+ attr_reader :client_id
33
+
34
+ # @return [ String ] Azure client secret.
35
+ attr_reader :client_secret
36
+
37
+ # @return [ String | nil ] Azure identity platform endpoint.
38
+ attr_reader :identity_platform_endpoint
39
+
40
+ FORMAT_HINT = "Azure KMS provider options must be in the format: " +
41
+ "{ tenant_id: 'TENANT-ID', client_id: 'TENANT_ID', client_secret: 'CLIENT_SECRET' }"
42
+
43
+ # Creates an Azure KMS credentials object form a parameters hash.
44
+ #
45
+ # @param [ Hash ] opts A hash that contains credentials for
46
+ # Azure KMS provider
47
+ # @option opts [ String ] :tenant_id Azure tenant id.
48
+ # @option opts [ String ] :client_id Azure client id.
49
+ # @option opts [ String ] :client_secret Azure client secret.
50
+ # @option opts [ String | nil ] :identity_platform_endpoint Azure
51
+ # identity platform endpoint, optional.
52
+ #
53
+ # @raise [ ArgumentError ] If required options are missing or incorrectly
54
+ # formatted.
55
+ def initialize(opts)
56
+ @tenant_id = validate_param(:tenant_id, opts, FORMAT_HINT)
57
+ @client_id = validate_param(:client_id, opts, FORMAT_HINT)
58
+ @client_secret = validate_param(:client_secret, opts, FORMAT_HINT)
59
+ @identity_platform_endpoint = validate_param(
60
+ :identity_platform_endpoint, opts, FORMAT_HINT, required: false
61
+ )
62
+ end
63
+
64
+ # Convert credentials object to a BSON document in libmongocrypt format.
65
+ #
66
+ # @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
67
+ def to_document
68
+ BSON::Document.new({
69
+ tenantId: @tenant_id,
70
+ clientId: @client_id,
71
+ clientSecret: @client_secret,
72
+ }).tap do |bson|
73
+ unless identity_platform_endpoint.nil?
74
+ bson.update({ identityPlatformEndpoint: identity_platform_endpoint })
75
+ end
76
+ end
77
+ end
78
+ end
79
+
80
+ # Azure KMS master key document object contains KMS master key parameters.
81
+ #
82
+ # @api private
83
+ class MasterKeyDocument
84
+ include KMS::Validations
85
+
86
+ # @return [ String ] Azure key vault endpoint.
87
+ attr_reader :key_vault_endpoint
88
+
89
+ # @return [ String ] Azure KMS key name.
90
+ attr_reader :key_name
91
+
92
+ # @return [ String | nil ] Azure KMS key version.
93
+ attr_reader :key_version
94
+
95
+ FORMAT_HINT = "Azure key document must be in the format: " +
96
+ "{ key_vault_endpoint: 'KEY_VAULT_ENDPOINT', key_name: 'KEY_NAME' }"
97
+
98
+ # Creates a master key document object form a parameters hash.
99
+ #
100
+ # @param [ Hash ] opts A hash that contains master key options for
101
+ # the Azure KMS provider.
102
+ # @option opts [ String ] :key_vault_endpoint Azure key vault endpoint.
103
+ # @option opts [ String ] :key_name Azure KMS key name.
104
+ # @option opts [ String | nil ] :key_version Azure KMS key version, optional.
105
+ #
106
+ # @raise [ ArgumentError ] If required options are missing or incorrectly.
107
+ def initialize(opts)
108
+ unless opts.is_a?(Hash)
109
+ raise ArgumentError.new(
110
+ 'Key document options must contain a key named :master_key with a Hash value'
111
+ )
112
+ end
113
+ @key_vault_endpoint = validate_param(:key_vault_endpoint, opts, FORMAT_HINT)
114
+ @key_name = validate_param(:key_name, opts, FORMAT_HINT)
115
+ @key_version = validate_param(:key_version, opts, FORMAT_HINT, required: false)
116
+ end
117
+
118
+ # Convert master key document object to a BSON document in libmongocrypt format.
119
+ #
120
+ # @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
121
+ def to_document
122
+ BSON::Document.new({
123
+ provider: 'azure',
124
+ keyVaultEndpoint: key_vault_endpoint,
125
+ keyName: key_name,
126
+ }).tap do |bson|
127
+ unless key_version.nil?
128
+ bson.update({ keyVersion: key_version })
129
+ end
130
+ end
131
+ end
132
+ end
133
+ end
134
+ end
135
+ end
136
+ end
@@ -0,0 +1,81 @@
1
+ # frozen_string_literal: true
2
+ # encoding: utf-8
3
+
4
+ # Copyright (C) 2019-2021 MongoDB Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ module Mongo
19
+ module Crypt
20
+ module KMS
21
+
22
+ # KMS Credentials object contains credentials for using KMS providers.
23
+ #
24
+ # @api private
25
+ class Credentials
26
+
27
+ # Creates a KMS credentials object form a parameters hash.
28
+ #
29
+ # @param [ Hash ] kms_providers A hash that contains credential for
30
+ # KMS providers. The hash should have KMS provider names as keys,
31
+ # and required parameters for every provider as values.
32
+ # Required parameters for KMS providers are described in corresponding
33
+ # classes inside Mongo::Crypt::KMS module.
34
+ #
35
+ # @note There may be more than one KMS provider specified.
36
+ #
37
+ # @raise [ ArgumentError ] If required options are missing or incorrectly
38
+ # formatted.
39
+ def initialize(kms_providers)
40
+ if kms_providers.nil?
41
+ raise ArgumentError.new("KMS providers options must not be nil")
42
+ end
43
+ if kms_providers.key?(:aws)
44
+ @aws = AWS::Credentials.new(kms_providers[:aws])
45
+ end
46
+ if kms_providers.key?(:azure)
47
+ @azure = Azure::Credentials.new(kms_providers[:azure])
48
+ end
49
+ if kms_providers.key?(:gcp)
50
+ @gcp = GCP::Credentials.new(kms_providers[:gcp])
51
+ end
52
+ if kms_providers.key?(:kmip)
53
+ @kmip = KMIP::Credentials.new(kms_providers[:kmip])
54
+ end
55
+ if kms_providers.key?(:local)
56
+ @local = Local::Credentials.new(kms_providers[:local])
57
+ end
58
+ if @aws.nil? && @azure.nil? && @gcp.nil? && @kmip.nil? && @local.nil?
59
+ raise ArgumentError.new(
60
+ "KMS providers options must have one of the following keys: " +
61
+ ":aws, :azure, :gcp, :kmip, :local"
62
+ )
63
+ end
64
+ end
65
+
66
+ # Convert credentials object to a BSON document in libmongocrypt format.
67
+ #
68
+ # @return [ BSON::Document ] Credentials as BSON document.
69
+ def to_document
70
+ BSON::Document.new({}).tap do |bson|
71
+ bson[:aws] = @aws.to_document if @aws
72
+ bson[:azure] = @azure.to_document if @azure
73
+ bson[:gcp] = @gcp.to_document if @gcp
74
+ bson[:kmip] = @kmip.to_document if @kmip
75
+ bson[:local] = @local.to_document if @local
76
+ end
77
+ end
78
+ end
79
+ end
80
+ end
81
+ end
@@ -0,0 +1,182 @@
1
+ # frozen_string_literal: true
2
+ # encoding: utf-8
3
+
4
+ # Copyright (C) 2019-2021 MongoDB Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ module Mongo
19
+ module Crypt
20
+ module KMS
21
+ module GCP
22
+ # GCP Cloud Key Management Credentials object contains credentials for
23
+ # using GCP KMS provider.
24
+ #
25
+ # @api private
26
+ class Credentials
27
+ include KMS::Validations
28
+
29
+ # @return [ String ] GCP email to authenticate with.
30
+ attr_reader :email
31
+
32
+ # @return [ String ] GCP private key, base64 encoded DER format.
33
+ attr_reader :private_key
34
+
35
+ # @return [ String | nil ] GCP KMS endpoint.
36
+ attr_reader :endpoint
37
+
38
+ FORMAT_HINT = "GCP KMS provider options must be in the format: " +
39
+ "{ email: 'EMAIL', private_key: 'PRIVATE-KEY' }"
40
+
41
+ # Creates an GCP KMS credentials object form a parameters hash.
42
+ #
43
+ # @param [ Hash ] opts A hash that contains credentials for
44
+ # GCP KMS provider
45
+ # @option opts [ String ] :email GCP email.
46
+ # @option opts [ String ] :private_key GCP private key. This method accepts
47
+ # private key in either base64 encoded DER format, or PEM format.
48
+ # @option opts [ String | nil ] :endpoint GCP endpoint, optional.
49
+ #
50
+ # @raise [ ArgumentError ] If required options are missing or incorrectly
51
+ # formatted.
52
+ def initialize(opts)
53
+ @email = validate_param(:email, opts, FORMAT_HINT)
54
+
55
+ @private_key = begin
56
+ private_key_opt = validate_param(:private_key, opts, FORMAT_HINT)
57
+ if BSON::Environment.jruby?
58
+ # We cannot really validate private key on JRuby, so we assume
59
+ # it is in base64 encoded DER format.
60
+ private_key_opt
61
+ else
62
+ # Check if private key is in PEM format.
63
+ pkey = OpenSSL::PKey::RSA.new(private_key_opt)
64
+ # PEM it is, need to be converted to base64 encoded DER.
65
+ der = if pkey.respond_to?(:private_to_der)
66
+ pkey.private_to_der
67
+ else
68
+ pkey.to_der
69
+ end
70
+ Base64.encode64(der)
71
+ end
72
+ rescue OpenSSL::PKey::RSAError
73
+ # Check if private key is in DER.
74
+ begin
75
+ OpenSSL::PKey.read(Base64.decode64(private_key_opt))
76
+ # Private key is fine, use it.
77
+ private_key_opt
78
+ rescue OpenSSL::PKey::PKeyError
79
+ raise ArgumentError.new(
80
+ "The private_key option must be either either base64 encoded DER format, or PEM format."
81
+ )
82
+ end
83
+ end
84
+
85
+ @endpoint = validate_param(
86
+ :endpoint, opts, FORMAT_HINT, required: false
87
+ )
88
+ end
89
+
90
+ # Convert credentials object to a BSON document in libmongocrypt format.
91
+ #
92
+ # @return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
93
+ def to_document
94
+ BSON::Document.new({
95
+ email: email,
96
+ privateKey: BSON::Binary.new(private_key, :generic),
97
+ }).tap do |bson|
98
+ unless endpoint.nil?
99
+ bson.update({ endpoint: endpoint })
100
+ end
101
+ end
102
+ end
103
+ end
104
+
105
+ # GCP KMS master key document object contains KMS master key parameters.
106
+ #
107
+ # @api private
108
+ class MasterKeyDocument
109
+ include KMS::Validations
110
+
111
+ # @return [ String ] GCP project id.
112
+ attr_reader :project_id
113
+
114
+ # @return [ String ] GCP location.
115
+ attr_reader :location
116
+
117
+ # @return [ String ] GCP KMS key ring.
118
+ attr_reader :key_ring
119
+
120
+ # @return [ String ] GCP KMS key name.
121
+ attr_reader :key_name
122
+
123
+ # @return [ String | nil ] GCP KMS key version.
124
+ attr_reader :key_version
125
+
126
+ # @return [ String | nil ] GCP KMS endpoint.
127
+ attr_reader :endpoint
128
+
129
+ FORMAT_HINT = "GCP key document must be in the format: " +
130
+ "{ project_id: 'PROJECT_ID', location: 'LOCATION', " +
131
+ "key_ring: 'KEY-RING', key_name: 'KEY-NAME' }"
132
+
133
+ # Creates a master key document object form a parameters hash.
134
+ #
135
+ # @param [ Hash ] opts A hash that contains master key options for
136
+ # the GCP KMS provider.
137
+ # @option opts [ String ] :project_id GCP project id.
138
+ # @option opts [ String ] :location GCP location.
139
+ # @option opts [ String ] :key_ring GCP KMS key ring.
140
+ # @option opts [ String ] :key_name GCP KMS key name.
141
+ # @option opts [ String | nil ] :key_version GCP KMS key version, optional.
142
+ # @option opts [ String | nil ] :endpoint GCP KMS key endpoint, optional.
143
+ #
144
+ # @raise [ ArgumentError ] If required options are missing or incorrectly.
145
+ def initialize(opts)
146
+ unless opts.is_a?(Hash)
147
+ raise ArgumentError.new(
148
+ 'Key document options must contain a key named :master_key with a Hash value'
149
+ )
150
+ end
151
+ @project_id = validate_param(:project_id, opts, FORMAT_HINT)
152
+ @location = validate_param(:location, opts, FORMAT_HINT)
153
+ @key_ring = validate_param(:key_ring, opts, FORMAT_HINT)
154
+ @key_name = validate_param(:key_name, opts, FORMAT_HINT)
155
+ @key_version = validate_param(:key_version, opts, FORMAT_HINT, required: false)
156
+ @endpoint = validate_param(:endpoint, opts, FORMAT_HINT, required: false)
157
+ end
158
+
159
+ # Convert master key document object to a BSON document in libmongocrypt format.
160
+ #
161
+ # @return [ BSON::Document ] GCP KMS credentials in libmongocrypt format.
162
+ def to_document
163
+ BSON::Document.new({
164
+ provider: 'gcp',
165
+ projectId: project_id,
166
+ location: location,
167
+ keyRing: key_ring,
168
+ keyName: key_name
169
+ }).tap do |bson|
170
+ unless key_version.nil?
171
+ bson.update({ keyVersion: key_version })
172
+ end
173
+ unless endpoint.nil?
174
+ bson.update({ endpoint: endpoint })
175
+ end
176
+ end
177
+ end
178
+ end
179
+ end
180
+ end
181
+ end
182
+ end
@@ -0,0 +1,110 @@
1
+ # frozen_string_literal: true
2
+ # encoding: utf-8
3
+
4
+ # Copyright (C) 2019-2021 MongoDB Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ module Mongo
19
+ module Crypt
20
+ module KMS
21
+ module KMIP
22
+ # KMIP KMS Credentials object contains credentials for a
23
+ # remote KMIP KMS provider.
24
+ #
25
+ # @api private
26
+ class Credentials
27
+ include KMS::Validations
28
+
29
+ # @return [ String ] KMIP KMS endpoint with optional port.
30
+ attr_reader :endpoint
31
+
32
+ FORMAT_HINT = "KMIP KMS provider options must be in the format: " +
33
+ "{ endpoint: 'ENDPOINT' }"
34
+
35
+ # Creates a KMIP KMS credentials object form a parameters hash.
36
+ #
37
+ # @param [ Hash ] opts A hash that contains credentials for
38
+ # KMIP KMS provider.
39
+ # @option opts [ String ] :endpoint KMIP endpoint.
40
+ #
41
+ # @raise [ ArgumentError ] If required options are missing or incorrectly
42
+ # formatted.
43
+ def initialize(opts)
44
+ @endpoint = validate_param(:endpoint, opts, FORMAT_HINT)
45
+ end
46
+
47
+ # Convert credentials object to a BSON document in libmongocrypt format.
48
+ #
49
+ # @return [ BSON::Document ] Local KMS credentials in libmongocrypt format.
50
+ def to_document
51
+ BSON::Document.new({
52
+ endpoint: endpoint,
53
+ })
54
+ end
55
+ end
56
+
57
+ # KMIP KMS master key document object contains KMS master key parameters.
58
+ #
59
+ # @api private
60
+ class MasterKeyDocument
61
+ include KMS::Validations
62
+
63
+ # @return [ String | nil ] The KMIP Unique Identifier to a 96 byte
64
+ # KMIP Secret Data managed object.
65
+ attr_reader :key_id
66
+
67
+ # @return [ String | nil ] KMIP KMS endpoint with optional port.
68
+ attr_reader :endpoint
69
+
70
+ FORMAT_HINT = "KMIP KMS key document must be in the format: " +
71
+ "{ key_id: 'KEY-ID', endpoint: 'ENDPOINT' }"
72
+
73
+ # Creates a master key document object form a parameters hash.
74
+ #
75
+ # @param [ Hash ] opts A hash that contains master key options for
76
+ # KMIP KMS provider
77
+ # @option opts [ String ] :key_id KMIP Unique Identifier to
78
+ # a 96 byte KMIP Secret Data managed object, optional. If key_id
79
+ # is omitted, the driver creates a random 96 byte identifier.
80
+ # @option opts [ String ] :endpoint KMIP endpoint, optional.
81
+ #
82
+ # @raise [ ArgumentError ] If required options are missing or incorrectly
83
+ # formatted.
84
+ def initialize(opts)
85
+ @key_id = validate_param(
86
+ :key_id, opts, FORMAT_HINT, required: false
87
+ ) || SecureRandom.alphanumeric(96)
88
+ @endpoint = validate_param(
89
+ :endpoint, opts, FORMAT_HINT, required: false
90
+ )
91
+ end
92
+
93
+ # Convert master key document object to a BSON document in libmongocrypt format.
94
+ #
95
+ # @return [ BSON::Document ] KMIP KMS credentials in libmongocrypt format.
96
+ def to_document
97
+ BSON::Document.new({
98
+ provider: 'kmip',
99
+ keyId: key_id
100
+ }).tap do |bson|
101
+ unless endpoint.nil?
102
+ bson.update({ endpoint: endpoint })
103
+ end
104
+ end
105
+ end
106
+ end
107
+ end
108
+ end
109
+ end
110
+ end