mongo 2.18.0.beta1 → 2.18.0

data/spec/spec_tests/data/change_streams_unified/change-streams-showExpandedEvents.yml

@@ -0,0 +1,298 @@
+description: "change-streams-showExpandedEvents"
+schemaVersion: "1.7"
+runOnRequirements:
+  - minServerVersion: "6.0.0"
+    topologies: [ replicaset, sharded-replicaset, sharded ]
+createEntities:
+  - client:
+      id: &client0 client0
+      observeEvents: [ commandStartedEvent ]
+      ignoreCommandMonitoringEvents: [ killCursors ]
+      useMultipleMongoses: false
+  - database:
+      id: &database0 database0
+      client: *client0
+      databaseName: *database0
+  - collection:
+      id: &collection0 collection0
+      database: *database0
+      collectionName: *collection0
+  - database:
+      id: &database1 database1
+      client: *client0
+      databaseName: *database1
+  - collection:
+      id: &collection1 collection1
+      database: *database1
+      collectionName: *collection1
+  - database:
+      id: &shardedDb shardedDb
+      client: *client0
+      databaseName: *shardedDb
+  - database:
+      id: &adminDb adminDb
+      client: *client0
+      databaseName: admin
+  - collection:
+      id: &shardedCollection shardedCollection
+      database: *shardedDb
+      collectionName: *shardedCollection
+
+initialData:
+  - collectionName: *collection0
+    databaseName: *database0
+    documents: []
+
+tests:
+  - description: "when provided, showExpandedEvents is sent as a part of the aggregate command"
+    operations:
+      - name: createChangeStream
+        object: *collection0
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+    expectEvents:
+      - client: *client0
+        ignoreExtraEvents: true
+        events:
+          - commandStartedEvent:
+              command:
+                aggregate: *collection0
+                cursor: {}
+                pipeline:
+                  - $changeStream:
+                      showExpandedEvents: true
+              commandName: aggregate
+              databaseName: *database0
+
+  - description: "when omitted, showExpandedEvents is not sent as a part of the aggregate command"
+    operations:
+      - name: createChangeStream
+        object: *collection0
+        arguments:
+          pipeline: []
+        saveResultAsEntity: &changeStream0 changeStream0
+    expectEvents:
+      - client: *client0
+        ignoreExtraEvents: true
+        events:
+          - commandStartedEvent:
+              command:
+                aggregate: *collection0
+                cursor: {}
+                pipeline:
+                  - $changeStream:
+                      showExpandedEvents:
+                        $$exists: false
+              commandName: aggregate
+              databaseName: *database0
+
+  - description: "when showExpandedEvents is true, new fields on change stream events are handled appropriately"
+    operations:
+      - name: dropCollection
+        object: *database0
+        arguments:
+          collection: &existing-collection foo
+      - name: createCollection
+        object: *database0
+        arguments:
+          collection: *existing-collection
+      - name: createChangeStream
+        object: *collection0
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+      - name: insertOne
+        object: *collection0
+        arguments:
+          document:
+            a: 1
+      - name: createIndex
+        object: *collection0
+        arguments:
+          keys:
+            x: 1
+          name: x_1
+      - name: rename
+        object: *collection0
+        arguments:
+          to: *existing-collection
+          dropTarget: true
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: insert
+          ns:
+            db: *database0
+            coll: *collection0
+          collectionUUID:
+            $$exists: true
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: createIndexes
+          ns:
+            db: *database0
+            coll: *collection0
+          operationDescription:
+            $$exists: true
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: rename
+          ns:
+            db: *database0
+            coll: *collection0
+          to:
+            db: *database0
+            coll: *existing-collection
+          operationDescription:
+            dropTarget:
+              $$exists: true
+            to:
+              db: *database0
+              coll: *existing-collection
+
+  - description: "when showExpandedEvents is true, createIndex events are reported"
+    operations:
+      - name: createChangeStream
+        object: *collection0
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+      - name: createIndex
+        object: *collection0
+        arguments:
+          keys:
+            x: 1
+          name: x_1
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: createIndexes
+
+  - description: "when showExpandedEvents is true, dropIndexes events are reported"
+    operations:
+      - name: createIndex
+        object: *collection0
+        arguments:
+          keys:
+            x: 1
+          name: &index1 x_1
+      - name: createChangeStream
+        object: *collection0
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+      - name: dropIndex
+        object: *collection0
+        arguments:
+          name: *index1
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: dropIndexes
+
+  - description: "when showExpandedEvents is true, create events are reported"
+    operations:
+      - name: dropCollection
+        object: *database0
+        arguments:
+          collection: &collection1 foo
+      - name: createChangeStream
+        object: *database0
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+      - name: createCollection
+        object: *database0
+        arguments:
+          collection: *collection1
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: create
+
+  - description: "when showExpandedEvents is true, create events on views are reported"
+    operations:
+      - name: dropCollection
+        object: *database0
+        arguments:
+          collection: &collection1 foo
+      - name: createChangeStream
+        object: *database0
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+      - name: createCollection
+        object: *database0
+        arguments:
+          collection: *collection1
+          viewOn: testName
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: create
+
+  - description: "when showExpandedEvents is true, modify events are reported"
+    operations:
+      - name: createIndex
+        object: *collection0
+        arguments:
+          keys:
+            x: 1
+          name: &index2 x_2
+      - name: createChangeStream
+        object: *collection0
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+      - name: runCommand
+        object: *database0
+        arguments:
+          command:
+            collMod: *collection0
+          # Added here to fix our tests as we require a commandName but don't
+          # do anything with it.
+          commandName: modify_collection
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: modify
+
+  - description: "when showExpandedEvents is true, shardCollection events are reported"
+    runOnRequirements:
+      - topologies: [ sharded-replicaset, sharded ]
+    operations:
+      - name: dropCollection
+        object: *shardedDb
+        arguments:
+          collection: *shardedCollection
+      - name: createCollection
+        object: *shardedDb
+        arguments:
+          collection: *shardedCollection
+      - name: createChangeStream
+        object: *shardedCollection
+        arguments:
+          pipeline: []
+          showExpandedEvents: true
+        saveResultAsEntity: &changeStream0 changeStream0
+      - name: runCommand
+        object: *adminDb
+        arguments:
+          command:
+            shardCollection: shardedDb.shardedCollection
+            key:
+              _id: 1
+      - name: iterateUntilDocumentOrError
+        object: *changeStream0
+        expectResult:
+          operationType: shardCollection

data/spec/spec_tests/data/client_side_encryption/create-and-createIndexes.yml

@@ -0,0 +1,58 @@
+runOn:
+  - minServerVersion: "4.1.10"
+database_name: &database_name "default"
+collection_name: &collection_name "default"
+
+data: []
+tests:
+  - description: "create is OK"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
+    operations:
+    # Drop to remove a collection that may exist from previous test runs.
+    - name: dropCollection
+      object: database
+      arguments:
+        collection: "unencryptedCollection"
+    - name: createCollection
+      object: database
+      arguments:
+        collection: "unencryptedCollection"
+        validator:
+          unencrypted_string: "foo"
+    - name: assertCollectionExists
+      object: testRunner
+      arguments:
+        database: *database_name
+        collection: "unencryptedCollection"
+  - description: "createIndexes is OK"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
+    operations:
+    # Drop to remove a collection that may exist from previous test runs.
+    - name: dropCollection
+      object: database
+      arguments:
+        collection: "unencryptedCollection"
+    - name: createCollection
+      object: database
+      arguments:
+        collection: "unencryptedCollection"
+    - name: runCommand
+      object: database
+      arguments:
+        command:
+          createIndexes: "unencryptedCollection"
+          indexes:
+            - name: "name"
+              key: { name: 1 }
+    - name: assertIndexExists
+      object: testRunner
+      arguments:
+        database: *database_name
+        collection: "unencryptedCollection"
+        index: name

data/spec/spec_tests/data/client_side_encryption/fle2-Delete.yml

@@ -71,7 +71,7 @@ tests:
                     "encryptedIndexed": { 
                       "$eq": {
                         "$binary": {
-                            "base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
+                            "base64": "BbEAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsEmNtAAAAAAAAAAAAAA==",
                             "subType": "06"
                         }
                       }

data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-jsonSchema.yml

@@ -72,7 +72,7 @@ tests:
                 "encryptedIndexed": {
                   "$eq": {
                     "$binary": {
-                      "base64": "BYkAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVjACAAAAAAWuidNu47c9A4Clic3DvFhn1AQJVC+FJtoE5bGZuz6PsSY20AAAAAAAAAAAAA",
+                      "base64": "BbEAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVjACAAAAAAWuidNu47c9A4Clic3DvFhn1AQJVC+FJtoE5bGZuz6PsFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsEmNtAAAAAAAAAAAAAA==",
                       "subType": "06"
                     }
                   }

data/spec/spec_tests/data/client_side_encryption/fle2-FindOneAndUpdate.yml

@@ -70,7 +70,7 @@ tests:
                 "encryptedIndexed": { 
                   "$eq": {
                     "$binary": {
-                        "base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
+                        "base64": "BbEAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsEmNtAAAAAAAAAAAAAA==",
                         "subType": "06"
                     }
                   }
@@ -172,7 +172,7 @@ tests:
                     "encryptedIndexed": { 
                       "$eq": {
                         "$binary": {
-                            "base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
+                            "base64": "BbEAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsEmNtAAAAAAAAAAAAAA==",
                             "subType": "06"
                         }
                       }

data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Indexed.yml

@@ -68,7 +68,7 @@ tests:
                 "encryptedIndexed": {
                   "$eq": {
                     "$binary": {
-                      "base64": "BYkAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVjACAAAAAAWuidNu47c9A4Clic3DvFhn1AQJVC+FJtoE5bGZuz6PsSY20AAAAAAAAAAAAA",
+                      "base64": "BbEAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVjACAAAAAAWuidNu47c9A4Clic3DvFhn1AQJVC+FJtoE5bGZuz6PsFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsEmNtAAAAAAAAAAAAAA==",
                       "subType": "06"
                     }
                   }

data/spec/spec_tests/data/client_side_encryption/fle2-Update.yml

@@ -74,7 +74,7 @@ tests:
                     "encryptedIndexed": { 
                       "$eq": {
                         "$binary": {
-                            "base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
+                            "base64": "BbEAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsEmNtAAAAAAAAAAAAAA==",
                             "subType": "06"
                         }
                       }
@@ -179,7 +179,7 @@ tests:
                     "encryptedIndexed": { 
                       "$eq": {
                         "$binary": {
-                            "base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
+                            "base64": "BbEAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsEmNtAAAAAAAAAAAAAA==",
                             "subType": "06"
                         }
                       }

data/spec/spec_tests/data/client_side_encryption/unified/addKeyAltName.yml

@@ -0,0 +1,194 @@
+description: addKeyAltName
+
+schemaVersion: "1.8"
+
+runOnRequirements:
+  - csfle: true
+
+createEntities:
+  - client:
+      id: &client0 client0
+      observeEvents:
+        - commandStartedEvent
+  - clientEncryption:
+      id: &clientEncryption0 clientEncryption0
+      clientEncryptionOpts:
+        keyVaultClient: *client0
+        keyVaultNamespace: keyvault.datakeys
+        kmsProviders:
+          local: { key: { $$placeholder: 1 } }
+  - database:
+      id: &database0 database0
+      client: *client0
+      databaseName: &database0Name keyvault
+  - collection:
+      id: &collection0 collection0
+      database: *database0
+      collectionName: &collection0Name datakeys
+
+initialData:
+  - databaseName: *database0Name
+    collectionName: *collection0Name
+    documents:
+      - &local_key_doc
+        _id: &local_key_id { $binary: { base64: bG9jYWxrZXlsb2NhbGtleQ==, subType: "04" } }
+        keyMaterial: { $binary: { base64: ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==, subType: "00" } }
+        creationDate: { $date: { $numberLong: "1641024000000" } }
+        updateDate: { $date: { $numberLong: "1641024000000" } }
+        status: 1
+        masterKey:
+          provider: local
+
+tests:
+  - description: add keyAltName to non-existent data key
+    operations:
+      - name: addKeyAltName
+        object: *clientEncryption0
+        arguments:
+          # First 3 letters of local_key_id replaced with 'A' (value: "#alkeylocalkey").
+          id: &non_existent_id { $binary: { base64: AAAjYWxrZXlsb2NhbGtleQ==, subType: "04" } }
+          keyAltName: new_key_alt_name
+        expectResult: { $$unsetOrMatches: null }
+    expectEvents:
+      - client: *client0
+        events:
+          - commandStartedEvent:
+              databaseName: *database0Name
+              command:
+                findAndModify: *collection0Name
+                query: { _id: *non_existent_id }
+                update: { $addToSet: { keyAltNames: new_key_alt_name } }
+                writeConcern: { w: majority }
+    outcome:
+      - collectionName: *collection0Name
+        databaseName: *database0Name
+        documents:
+          - *local_key_doc
+
+  - description: add new keyAltName to data key with no keyAltNames
+    operations:
+      - name: addKeyAltName
+        object: *clientEncryption0
+        arguments:
+          id: *local_key_id
+          keyAltName: local_key
+        expectResult: *local_key_doc
+      - name: find
+        object: *collection0
+        arguments:
+          filter: {}
+          projection: { _id: 0, keyAltNames: 1 }
+        expectResult:
+          - keyAltNames: [local_key]
+    expectEvents:
+      - client: *client0
+        events:
+          - commandStartedEvent:
+              databaseName: *database0Name
+              command:
+                findAndModify: *collection0Name
+                query: { _id: *local_key_id }
+                update: { $addToSet: { keyAltNames: local_key } }
+                writeConcern: { w: majority }
+          - commandStartedEvent: { commandName: find }
+
+  - description: add existing keyAltName to existing data key
+    operations:
+      - name: addKeyAltName
+        object: *clientEncryption0
+        arguments:
+          id: *local_key_id
+          keyAltName: local_key
+        expectResult: *local_key_doc
+      - name: addKeyAltName
+        # Attempting to add a duplicate keyAltName to the data key should not be an error.
+        object: *clientEncryption0
+        arguments:
+          id: *local_key_id
+          keyAltName: local_key
+        expectResult:
+          _id: *local_key_id
+          keyAltNames: [local_key]
+          keyMaterial: { $$type: binData }
+          creationDate: { $$type: date }
+          updateDate: { $$type: date }
+          status: 1
+          masterKey:
+            provider: local
+      - name: find
+        object: *collection0
+        arguments:
+          filter: {}
+          projection: { _id: 0, keyAltNames: 1 }
+        expectResult:
+          - keyAltNames: [local_key]
+    expectEvents:
+      - client: *client0
+        events:
+          - commandStartedEvent:
+              databaseName: *database0Name
+              command:
+                findAndModify: *collection0Name
+                query: { _id: *local_key_id }
+                update: { $addToSet: { keyAltNames: local_key } }
+                writeConcern: { w: majority }
+          - commandStartedEvent:
+              databaseName: *database0Name
+              command:
+                findAndModify: *collection0Name
+                query: { _id: *local_key_id }
+                update: { $addToSet: { keyAltNames: local_key } }
+                writeConcern: { w: majority }
+          - commandStartedEvent: { commandName: find }
+
+  - description: add new keyAltName to data key with keyAltNames
+    operations:
+      - name: addKeyAltName
+        object: *clientEncryption0
+        arguments:
+          id: *local_key_id
+          keyAltName: local_key
+        expectResult: *local_key_doc
+      - name: addKeyAltName
+        object: *clientEncryption0
+        arguments:
+          id: *local_key_id
+          keyAltName: another_name
+        expectResult:
+          _id: *local_key_id
+          keyAltNames: [local_key]
+          keyMaterial: { $$type: binData }
+          creationDate: { $$type: date }
+          updateDate: { $$type: date }
+          status: 1
+          masterKey:
+            provider: local
+      - name: aggregate
+        object: *collection0
+        arguments:
+          pipeline:
+            # Ensure keyAltNames are in deterministically sorted order.
+            - $project: { _id: 0, keyAltNames: $keyAltNames }
+            - $unwind: $keyAltNames
+            - $sort: { keyAltNames: 1 }
+        expectResult:
+          - keyAltNames: another_name
+          - keyAltNames: local_key
+    expectEvents:
+      - client: *client0
+        events:
+          - commandStartedEvent:
+              databaseName: *database0Name
+              command:
+                findAndModify: *collection0Name
+                query: { _id: *local_key_id }
+                update: { $addToSet: { keyAltNames: local_key } }
+                writeConcern: { w: majority }
+          - commandStartedEvent:
+              databaseName: *database0Name
+              command:
+                findAndModify: *collection0Name
+                query: { _id: *local_key_id }
+                update: { $addToSet: { keyAltNames: another_name } }
+                writeConcern: { w: majority }
+          - commandStartedEvent: { commandName: aggregate }

data/spec/spec_tests/data/client_side_encryption/unified/createDataKey-kms_providers-invalid.yml

@@ -0,0 +1,67 @@
+description: createDataKey-provider-invalid
+
+schemaVersion: "1.8"
+
+runOnRequirements:
+  - csfle: true
+
+createEntities:
+  - client:
+      id: &client0 client0
+      observeEvents:
+        - commandStartedEvent
+        - commandSucceededEvent
+        - commandFailedEvent
+  - clientEncryption:
+      id: &clientEncryption0 clientEncryption0
+      clientEncryptionOpts:
+        keyVaultClient: *client0
+        keyVaultNamespace: keyvault.datakeys
+        kmsProviders:
+          aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 } }
+
+tests:
+  - description: create data key without required master key fields
+    operations:
+      - name: createDataKey
+        object: *clientEncryption0
+        arguments:
+          kmsProvider: aws
+          opts:
+            masterKey: {}
+        expectError:
+          isClientError: true
+    expectEvents:
+      - client: *client0
+        events: []
+
+  - description: create data key with invalid master key field
+    operations:
+      - name: createDataKey
+        object: *clientEncryption0
+        arguments:
+          kmsProvider: local
+          opts:
+            masterKey:
+              invalid: 1
+        expectError:
+          isClientError: true
+    expectEvents:
+      - client: *client0
+        events: []
+
+  - description: create data key with invalid master key
+    operations:
+      - name: createDataKey
+        object: *clientEncryption0
+        arguments:
+          kmsProvider: aws
+          opts:
+            masterKey:
+              key: arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0
+              region: invalid
+        expectError:
+          isClientError: true
+    expectEvents:
+      - client: *client0
+        events: []