mongo 2.18.0 → 2.18.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1a032a8e48c1bc78d55d09cf8b607ec98402fb5f5e4a9a3fd11c566ee74b84f
-  data.tar.gz: 4ed2f33af97f4e5ab3da1b6acad5c90f3d7bfd0baee576d8e1df1b246b60637e
+  metadata.gz: 664d381d4746fb4ff6282069f909a91a58f497220bae57656c265f52c5d99040
+  data.tar.gz: 85fa7fbf071c3e8fc4c1beb2215b3297a3af560130204dbd0f916adb272987f7
 SHA512:
-  metadata.gz: 148a1228124e7895b96ef7931d7ba480748464f730e42c384da5ee64806bc173691db11d278cf7f189fefb4b06c1fe6999ac7cad1934f9dfdbd84a4cb89427a8
-  data.tar.gz: e9d7cc2c3dd95b8e2cdbc0017d12fcf7d10df4416999356709029c466f74f8ac07cbe5a868a3bd0392ea6a9d380f8cdba73ad0970fe249048832ad0a11983f47
+  metadata.gz: 2dcf66e773da4e2bdaf0a22d15a06eadbc5ab2bccffc29f012e2ae863e8148b597550ee680dc2556b40408f4c759b78b159b678cf494cf619c0975044d72d662
+  data.tar.gz: c120607792132931a54511db0a4ef62653393138e9da3fcf0ca0f0a85fde3aefe6b04782fd09125b0fe3085e50c66b1cd2f6e0c4743ae40e7094dc8e7892587a

data/lib/mongo/bulk_write.rb

@@ -221,7 +221,7 @@ module Mongo
     def split_execute(name, values, connection, context, operation_id, result_combiner, session, txn_num)
       execute_operation(name, values.shift(values.size / 2), connection, context, operation_id, result_combiner, session, txn_num)
 
-      txn_num = session.next_txn_num if txn_num
+      txn_num = session.next_txn_num if txn_num && !session.in_transaction?
       execute_operation(name, values, connection, context, operation_id, result_combiner, session, txn_num)
     end
 

data/lib/mongo/crypt/auto_encrypter.rb

@@ -81,6 +81,12 @@ module Mongo
       #     and schemaMap, an error will be raised.
       # @option options [ Boolean | nil ] :bypass_query_analysis When true
       #   disables automatic analysis of outgoing commands.
+      # @option options [ String | nil ] :crypt_shared_lib_path Path that should
+      #   be  the used to load the crypt shared library. Providing this option
+      #   overrides default crypt shared library load paths for libmongocrypt.
+      # @option options [ Boolean | nil ] :crypt_shared_lib_required Whether
+      #   crypt shared library is required. If 'true', an error will be raised
+      #   if a crypt_shared library cannot be loaded by libmongocrypt.
       #
       # @raise [ ArgumentError ] If required options are missing or incorrectly
       #   formatted.
@@ -95,17 +101,32 @@ module Mongo
           schema_map: @options[:schema_map],
           schema_map_path: @options[:schema_map_path],
           encrypted_fields_map: @options[:encrypted_fields_map],
-          bypass_query_analysis: @options[:bypass_query_analysis]
+          bypass_query_analysis: @options[:bypass_query_analysis],
+          crypt_shared_lib_path: @options[:extra_options][:crypt_shared_lib_path],
+          crypt_shared_lib_required: @options[:extra_options][:crypt_shared_lib_required],
         )
 
-        # Set server selection timeout to 1 to prevent the client waiting for a
-        # long timeout before spawning mongocryptd
-        @mongocryptd_client = Client.new(
-          @options[:extra_options][:mongocryptd_uri],
-          monitoring_io: @options[:client].options[:monitoring_io],
-          server_selection_timeout: 10,
-          database: @options[:client].options[:database]
+        @mongocryptd_options = @options[:extra_options].slice(
+          :mongocryptd_uri,
+          :mongocryptd_bypass_spawn,
+          :mongocryptd_spawn_path,
+          :mongocryptd_spawn_args
         )
+        @mongocryptd_options[:mongocryptd_bypass_spawn] = @options[:bypass_auto_encryption] ||
+          @options[:extra_options][:mongocryptd_bypass_spawn] ||
+          @crypt_handle.crypt_shared_lib_available? ||
+          @options[:extra_options][:crypt_shared_lib_required]
+
+        if !@options[:extra_options][:crypt_shared_lib_required]
+          # Set server selection timeout to 1 to prevent the client waiting for a
+          # long timeout before spawning mongocryptd
+          @mongocryptd_client = Client.new(
+            @options[:extra_options][:mongocryptd_uri],
+            monitoring_io: @options[:client].options[:monitoring_io],
+            server_selection_timeout: 10,
+            database: @options[:client].options[:database]
+          )
+        end
 
         begin
           @encryption_io = EncryptionIO.new(
@@ -118,7 +139,7 @@ module Mongo
           )
         rescue
           begin
-            @mongocryptd_client.close
+            @mongocryptd_client&.close
           rescue => e
             log_warn("Error closing mongocryptd client in auto encrypter's constructor: #{e.class}: #{e}")
             # Drop this exception so that the original exception is raised

data/lib/mongo/crypt/binding.rb

@@ -83,7 +83,7 @@ module Mongo
       # will cause a `LoadError`.
       #
       # @api private
-      MIN_LIBMONGOCRYPT_VERSION = Gem::Version.new("1.5.0.alpha")
+      MIN_LIBMONGOCRYPT_VERSION = Gem::Version.new("1.5.2")
 
       # @!method self.mongocrypt_version(len)
       #   @api private
@@ -107,6 +107,24 @@ module Mongo
           raise LoadError, "libmongocrypt version #{MIN_LIBMONGOCRYPT_VERSION} or above is required, " +
             "but version #{actual_version} was found."
         end
+      rescue ArgumentError => e
+        # Some lmc versions cannot be parsed with Gem::Version class,
+        # so we fall back to regex.
+        match = lmc_version.match(/\A(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?(-[A-Za-z\+\d]+)?\z/)
+        if match.nil?
+          raise ArgumentError.new("Malformed version number string #{lmc_version}")
+        end
+        actual_version = Gem::Version.new(
+          [
+            match[:major],
+            match[:minor],
+            match[:patch]
+          ].join('.')
+        )
+        if actual_version < MIN_LIBMONGOCRYPT_VERSION
+          raise LoadError, "libmongocrypt version #{MIN_LIBMONGOCRYPT_VERSION} or above is required, " +
+            "but version #{actual_version} was found."
+        end
       end
 
       validate_version(mongocrypt_version(nil))
@@ -1385,6 +1403,80 @@ module Mongo
         end
       end
 
+      # @!method self.mongocrypt_setopt_append_crypt_shared_lib_search_path(crypt, path)
+      #   @api private
+      #
+      # Append an additional search directory to the search path for loading
+      #   the crypt_shared dynamic library.
+      #
+      # @param [ FFI::Pointer ] crypt A pointer to a mongocrypt_t object.
+      # @param [ String ] path A path to search for the crypt shared library. If the leading element of
+      #   the path is the literal string "$ORIGIN", that substring will be replaced
+      #   with the directory path containing the executable libmongocrypt module. If
+      #   the path string is literal "$SYSTEM", then libmongocrypt will defer to the
+      #   system's library resolution mechanism to find the crypt_shared library.
+      attach_function(
+        :mongocrypt_setopt_append_crypt_shared_lib_search_path,
+        [
+          :pointer,
+          :string,
+        ],
+        :void
+      )
+
+      # Append an additional search directory to the search path for loading
+      #   the crypt_shared dynamic library.
+      #
+      # @param [ Mongo::Crypt::Handle ] handle
+      # @param [ String ] path A search path for the crypt shared library.
+      def self.setopt_append_crypt_shared_lib_search_path(handle, path)
+        check_status(handle) do
+          mongocrypt_setopt_append_crypt_shared_lib_search_path(handle.ref, path)
+        end
+      end
+
+      # @!method self.mongocrypt_setopt_set_crypt_shared_lib_path_override(crypt, path)
+      #   @api private
+      #
+      # Set a single override path for loading the crypt shared library.
+      #
+      # @param [ FFI::Pointer ] crypt A pointer to a mongocrypt_t object.
+      # @param [ String ] path A path to crypt shared library file. If the leading element of
+      #   the path is the literal string "$ORIGIN", that substring will be replaced
+      #   with the directory path containing the executable libmongocrypt module.
+      attach_function(
+        :mongocrypt_setopt_set_crypt_shared_lib_path_override,
+        [
+          :pointer,
+          :string,
+        ],
+        :void
+      )
+
+      # Set a single override path for loading the crypt shared library.
+      #
+      # @param [ Mongo::Crypt::Handle ] handle
+      # @param [ String ] path A path to crypt shared library file.
+      def self.setopt_set_crypt_shared_lib_path_override(handle, path)
+        check_status(handle) do
+          mongocrypt_setopt_set_crypt_shared_lib_path_override(handle.ref, path)
+        end
+      end
+
+      # MONGOCRYPT_EXPORT
+      # uint64_t
+      # mongocrypt_crypt_shared_lib_version (const mongocrypt_t *crypt);
+      attach_function(
+        :mongocrypt_crypt_shared_lib_version,
+        [ :pointer ],
+        :uint64
+      )
+
+      def self.crypt_shared_lib_version(handle)
+        mongocrypt_crypt_shared_lib_version(handle.ref)
+      end
+
+
       # @!method self.mongocrypt_ctx_setopt_query_type(ctx, mongocrypt_query_type)
       #   @api private
       #

data/lib/mongo/crypt/explicit_encrypter.rb

@@ -36,7 +36,11 @@ module Mongo
       #   should be hashes of TLS connection options. The options are equivalent
       #   to TLS connection options of Mongo::Client.
       def initialize(key_vault_client, key_vault_namespace, kms_providers, kms_tls_options)
-        @crypt_handle = Handle.new(kms_providers, kms_tls_options)
+        @crypt_handle = Handle.new(
+          kms_providers,
+          kms_tls_options,
+          explicit_encryption_only: true
+        )
         @encryption_io = EncryptionIO.new(
           key_vault_client: key_vault_client,
           metadata_client: nil,

data/lib/mongo/crypt/handle.rb

@@ -50,6 +50,15 @@ module Mongo
       #     and schemaMap, an error will be raised.
       # @option options [ Boolean | nil ] :bypass_query_analysis When true
       #   disables automatic analysis of outgoing commands.
+      # @option options [ String | nil ] :crypt_shared_lib_path Path that should
+      #   be  the used to load the crypt shared library. Providing this option
+      #   overrides default crypt shared library load paths for libmongocrypt.
+      # @option options [ Boolean | nil ] :crypt_shared_lib_required Whether
+      #   crypt_shared library is required. If 'true', an error will be raised
+      #   if a crypt_shared library cannot be loaded by libmongocrypt.
+      # @option options [ Boolean | nil ] :explicit_encryption_only Whether this
+      #   handle is going to be used only for explicit encryption. If true,
+      #   libmongocrypt is instructed not to load crypt shared library.
       # @option options [ Logger ] :logger A Logger object to which libmongocrypt logs
       #   will be sent
       def initialize(kms_providers, kms_tls_options, options={})
@@ -70,13 +79,29 @@ module Mongo
         @bypass_query_analysis = options[:bypass_query_analysis]
         set_bypass_query_analysis if @bypass_query_analysis
 
+        @crypt_shared_lib_path = options[:crypt_shared_lib_path]
+        @explicit_encryption_only = options[:explicit_encryption_only]
+        if @crypt_shared_lib_path
+          Binding.setopt_set_crypt_shared_lib_path_override(self, @crypt_shared_lib_path)
+        elsif !@bypass_query_analysis && !@explicit_encryption_only
+          Binding.setopt_append_crypt_shared_lib_search_path(self, "$SYSTEM")
+        end
+
         @logger = options[:logger]
         set_logger_callback if @logger
 
         set_crypto_hooks
 
         Binding.setopt_kms_providers(self, kms_providers.to_document)
+
         initialize_mongocrypt
+
+        @crypt_shared_lib_required = !!options[:crypt_shared_lib_required]
+        if @crypt_shared_lib_required && crypt_shared_lib_version == 0
+          raise Mongo::Error::CryptError.new(
+            "Crypt shared library is required, but cannot be loaded  according to libmongocrypt"
+          )
+        end
       end
 
       # Return the reference to the underlying @mongocrypt object
@@ -96,6 +121,14 @@ module Mongo
         @kms_tls_options.fetch(provider, {})
       end
 
+      def crypt_shared_lib_version
+        Binding.crypt_shared_lib_version(self)
+      end
+
+      def crypt_shared_lib_available?
+        crypt_shared_lib_version != 0
+      end
+
       private
 
       # Set the schema map option on the underlying mongocrypt_t object

data/lib/mongo/cursor.rb

@@ -251,7 +251,12 @@ module Mongo
     #
     # @since 2.2.0
     def batch_size
-      @view.batch_size && @view.batch_size > 0 ? @view.batch_size : limit
+      value = @view.batch_size && @view.batch_size > 0 ? @view.batch_size : limit
+      if value == 0
+        nil
+      else
+        value
+      end
     end
 
     # Is the cursor closed?

data/lib/mongo/operation/shared/sessions_supported.rb

@@ -257,10 +257,14 @@ module Mongo
         super.tap do |message|
           if session = context.session
             # Serialize the message to detect client-side problems,
-            # such as invalid BSON keys. The message will be serialized again
+            # such as invalid BSON keys or too large messages.
+            # The message will be serialized again
             # later prior to being sent to the connection.
-            message.serialize(BSON::ByteBuffer.new)
-
+            buf = BSON::ByteBuffer.new
+            message.serialize(buf)
+            if buf.length > connection.max_message_size
+              raise Error::MaxMessageSize.new(connection.max_message_size)
+            end
             session.update_state!
           end
         end

data/lib/mongo/version.rb

@@ -20,5 +20,5 @@ module Mongo
   # The current version of the driver.
   #
   # @since 2.0.0
-  VERSION = '2.18.0'.freeze
+  VERSION = '2.18.1'.freeze
 end

data/spec/README.md

@@ -408,7 +408,8 @@ The client-side encryption tests require the mongocryptd binary to be in the
 system path.
 
 Download enterprise versions of MongoDB here: https://www.mongodb.com/download-center/enterprise
-Read more about installing mongocryptd here: https://mongodb.com/docs/manual/reference/security-client-side-encryption-appendix/#mongocryptd
+Download the Automatic Encryption Shared Library https://www.mongodb.com/docs/manual/core/queryable-encryption/reference/shared-library/#std-label-qe-reference-shared-library-download
+Install and Configure mongocryptd: https://www.mongodb.com/docs/manual/core/queryable-encryption/reference/mongocryptd/
 
 Install libmongocrypt on your machine:
 
@@ -426,6 +427,9 @@ Option 1: Download a pre-built binary
 Option 2: Build from source
 - To build libmongocrypt from source, follow the instructions in the README on the libmongocrypt GitHub repo: https://github.com/mongodb/libmongocrypt
 
+Option 3: Use libmongocrypt-helper gem (Linux only)
+- Run command `FLE=helper bundle install`
+
 Create AWS KMS keys
 Many of the Client-Side Encryption tests require that you have an encryption
 master key hosted on AWS's Key Management Service. Set up a master key by following

data/spec/integration/bulk_write_spec.rb

@@ -18,6 +18,22 @@ describe 'Bulk writes' do
         authorized_collection.bulk_write(operations)
       end.not_to raise_error
     end
+
+    context 'in transaction' do
+      require_transaction_support
+      min_server_version "4.4"
+
+      it 'succeeds' do
+        authorized_collection.create
+        expect do
+          authorized_collection.client.start_session do |session|
+            session.with_transaction do
+              authorized_collection.bulk_write(operations, { session: session })
+            end
+          end
+        end.not_to raise_error
+      end
+    end
   end
 
   context 'when bulk write needs to be split' do

data/spec/integration/ocsp_verifier_spec.rb

@@ -335,6 +335,8 @@ describe Mongo::Socket::OcspVerifier do
     # have a path in the OCSP URI (which the test also asserts).
     # Note that these certificates expire in 3 months and need to be replaced
     # with a more permanent solution.
+    # Use the spec/support/certificates/retrieve-atlas-cert script to retrieve
+    # current certificates from Atlas.
     let(:cert_path) { File.join(File.dirname(__FILE__), '../support/certificates/atlas-ocsp.crt') }
     let(:ca_cert_path) { File.join(File.dirname(__FILE__), '../support/certificates/atlas-ocsp-ca.crt') }
     let(:cert_store) do

data/spec/mongo/crypt/auto_encrypter_spec.rb

@@ -16,12 +16,16 @@ describe Mongo::Crypt::AutoEncrypter do
     described_class.new(
       auto_encryption_options.merge(
         client: authorized_client.use(:auto_encryption),
-        # Spawn mongocryptd on non-default port for sharded cluster tests
-        extra_options: extra_options
+        extra_options: auto_encrypter_extra_options
       )
     )
   end
 
+  let(:auto_encrypter_extra_options) do
+    # Spawn mongocryptd on non-default port for sharded cluster tests
+    extra_options
+  end
+
   let(:client) { authorized_client }
 
   let(:db_name) { 'auto_encryption' }
@@ -155,7 +159,7 @@ describe Mongo::Crypt::AutoEncrypter do
     end
   end
 
-  context 'with schema map in auto encryption commands' do
+  shared_examples 'with schema map in auto encryption commands' do
     include_context 'without jsonSchema validator'
 
     let(:auto_encryption_options) do
@@ -193,7 +197,7 @@ describe Mongo::Crypt::AutoEncrypter do
     end
   end
 
-  context 'with schema map file in auto encryption commands' do
+  shared_examples 'with schema map file in auto encryption commands' do
     include_context 'without jsonSchema validator'
 
     let(:schema_map_file) do
@@ -246,7 +250,7 @@ describe Mongo::Crypt::AutoEncrypter do
     end
   end
 
-  context 'with schema map collection validator' do
+  shared_examples 'with schema map collection validator' do
     include_context 'with jsonSchema validator'
 
     let(:auto_encryption_options) do
@@ -302,7 +306,7 @@ describe Mongo::Crypt::AutoEncrypter do
     end
   end
 
-  context 'with no validator or client option' do
+  shared_examples 'with no validator or client option' do
     include_context 'without jsonSchema validator'
 
     let(:auto_encryption_options) do
@@ -403,4 +407,35 @@ describe Mongo::Crypt::AutoEncrypter do
       end
     end
   end
+
+  context 'when using crypt shared library' do
+    min_server_version '6.0.0'
+
+    let(:auto_encrypter_extra_options) do
+      {
+        crypt_shared_lib_path: SpecConfig.instance.crypt_shared_lib_path
+      }
+    end
+
+    let(:auto_encryption_options) do
+      {
+        kms_providers: kms_providers,
+        kms_tls_options: kms_tls_options,
+        key_vault_namespace: key_vault_namespace,
+        schema_map: { "#{db_name}.#{collection_name}": schema_map },
+      }
+    end
+
+    it_behaves_like 'with schema map in auto encryption commands'
+    it_behaves_like 'with schema map file in auto encryption commands'
+    it_behaves_like 'with schema map collection validator'
+    it_behaves_like 'with no validator or client option'
+  end
+
+  context 'when using mongocryptd' do
+    it_behaves_like 'with schema map in auto encryption commands'
+    it_behaves_like 'with schema map file in auto encryption commands'
+    it_behaves_like 'with schema map collection validator'
+    it_behaves_like 'with no validator or client option'
+  end
 end

data/spec/mongo/crypt/binding/version_spec.rb

@@ -41,5 +41,13 @@ describe 'Mongo::Crypt::Binding' do
         end.not_to raise_error(LoadError, /libmongocrypt version .* or above is required, but version .* was found./)
       end
     end
+
+    context 'when in a non-parsable format' do
+      it 'does not raise ArgumentError' do
+        expect do
+          Mongo::Crypt::Binding.validate_version("1.5.3-dev+20220730git8f8675fa11")
+        end.not_to raise_error(ArgumentError, /Malformed version number string/)
+      end
+    end
   end
 end

data/spec/mongo/crypt/handle_spec.rb

@@ -18,6 +18,10 @@ describe Mongo::Crypt::Handle do
         kms_tls_options,
         schema_map: schema_map,
         schema_map_path: schema_map_path,
+        bypass_query_analysis: bypass_query_analysis,
+        crypt_shared_lib_path: crypt_shared_lib_path,
+        crypt_shared_lib_required: crypt_shared_lib_required,
+        explicit_encryption_only: explicit_encryption_only,
       )
     end
 
@@ -29,6 +33,22 @@ describe Mongo::Crypt::Handle do
       nil
     end
 
+    let(:bypass_query_analysis) do
+      nil
+    end
+
+    let(:crypt_shared_lib_path) do
+      nil
+    end
+
+    let(:crypt_shared_lib_required) do
+      nil
+    end
+
+    let(:explicit_encryption_only) do
+      nil
+    end
+
     shared_examples 'a functioning Mongo::Crypt::Handle' do
       context 'with valid schema map' do
         it 'does not raise an exception' do
@@ -73,6 +93,88 @@ describe Mongo::Crypt::Handle do
           expect { handle }.not_to raise_error
         end
       end
+
+      context 'with crypt_shared_lib_path' do
+        min_server_version '6.0.0'
+
+        context 'with correct path' do
+          let(:crypt_shared_lib_path) do
+            SpecConfig.instance.crypt_shared_lib_path
+          end
+
+          it 'loads the crypt shared lib' do
+            expect(handle.crypt_shared_lib_version).not_to eq(0)
+          end
+        end
+
+        context 'with incorrect path' do
+          let(:crypt_shared_lib_path) do
+            '/some/bad/path/mongo_crypt_v1.so'
+          end
+
+          it 'raises an exception' do
+            expect { handle }.to raise_error(Mongo::Error::CryptError)
+          end
+        end
+      end
+
+      context 'with crypt_shared_lib_required' do
+        min_server_version '6.0.0'
+
+        context 'set to true' do
+          let(:crypt_shared_lib_required) do
+            true
+          end
+
+          context 'when shared lib is available' do
+            let(:crypt_shared_lib_path) do
+              SpecConfig.instance.crypt_shared_lib_path
+            end
+
+            it 'does not raise an exception' do
+              expect { handle }.not_to raise_error
+            end
+          end
+
+          context 'when shared lib is not available' do
+            let(:crypt_shared_lib_path) do
+              '/some/bad/path/mongo_crypt_v1.so'
+            end
+
+            it 'raises an exception' do
+              expect { handle }.to raise_error(Mongo::Error::CryptError)
+            end
+          end
+        end
+      end
+
+      context 'if bypass_query_analysis is true' do
+        min_server_version '6.0.0'
+
+        let(:bypass_query_analysis) do
+          true
+        end
+
+        it 'does not load the crypt shared lib' do
+          expect_any_instance_of(Binding).not_to receive(:setopt_append_crypt_shared_lib_search_path)
+
+          expect(handle.crypt_shared_lib_version).to eq(0)
+        end
+      end
+
+      context 'if explicit_encryption_only is true' do
+        min_server_version '6.0.0'
+
+        let(:explicit_encryption_only) do
+          true
+        end
+
+        it 'does not load the crypt shared lib' do
+          expect_any_instance_of(Binding).not_to receive(:setopt_append_crypt_shared_lib_search_path)
+
+          expect(handle.crypt_shared_lib_version).to eq(0)
+        end
+      end
     end
 
     context 'local' do

data/spec/mongo/cursor_spec.rb

@@ -734,4 +734,54 @@ describe Mongo::Cursor do
       end
     end
   end
+
+  describe '#batch_size' do
+    let(:subscriber) { Mrss::EventSubscriber.new }
+
+    let(:subscribed_client) do
+      authorized_client.tap do |client|
+        client.subscribe(Mongo::Monitoring::COMMAND, subscriber)
+      end
+    end
+
+    let(:collection) do
+      subscribed_client[TEST_COLL]
+    end
+
+    let(:view) do
+      collection.find({}, limit: limit)
+    end
+
+    before do
+      collection.drop
+      collection.insert_many([].fill({ "bar": "baz" }, 0, 102))
+    end
+
+    context 'when limit is 0 and batch_size is not set' do
+      let(:limit) do
+        0
+      end
+
+      it 'does not set batch_size' do
+        view.to_a
+        get_more_commands = subscriber.started_events.select { |e| e.command_name == 'getMore' }
+        expect(get_more_commands.length).to eq(1)
+        expect(get_more_commands.first.command.keys).not_to include('batchSize')
+      end
+    end
+
+    context 'when limit is not zero and batch_size is not set' do
+      let(:limit) do
+        1000
+      end
+
+      it 'sets batch_size' do
+        view.to_a
+        get_more_commands = subscriber.started_events.select { |e| e.command_name == 'getMore' }
+
+        expect(get_more_commands.length).to eq(1)
+        expect(get_more_commands.first.command.keys).to include('batchSize')
+      end
+    end
+  end
 end

data/spec/shared/lib/mrss/event_subscriber.rb

@@ -84,22 +84,32 @@ module Mrss
 
     # Locates command stated events for the specified command name,
     # asserts that there is exactly one such event, and returns it.
-    def single_command_started_event(command_name, include_auth: false)
+    def single_command_started_event(command_name, include_auth: false, database_name: nil)
       events = if include_auth
                  started_events
                else
                  non_auth_command_started_events
                end
-      events.select! do |event|
-        event.command[command_name]
+      get_one_event(events, command_name, 'started', database_name: database_name)
+    end
+
+    # Locates command succeeded events for the specified command name,
+    # asserts that there is exactly one such event, and returns it.
+    def single_command_succeeded_event(command_name, database_name: nil)
+      get_one_event(succeeded_events, command_name, 'succeeded', database_name: database_name)
+    end
+
+    def get_one_event(events, command_name, kind, database_name: nil)
+      events = events.select do |event|
+        event.command_name == command_name and
+        database_name.nil? || database_name == event.database_name
       end
       if events.length != 1
-        raise "Expected a single #{command_name} event but we have #{events.length}"
+        raise "Expected a single '#{command_name}' #{kind} event#{database_name ? " for '#{database_name}'" : ''} but we have #{events.length}"
       end
       events.first
     end
 
-
     # Get the first succeeded event published for the name, and then delete it.
     #
     # @param [ String ] name The event name.

data/spec/spec_tests/data/change_streams_unified/change-streams-resume-errorLabels.yml

@@ -745,6 +745,9 @@ tests:
               databaseName: *database0
 
   - description: change stream resumes after StaleShardVersion
+    runOnRequirements:
+      # StaleShardVersion is obsolete as of 6.1 and is no longer marked as resumable.
+      - maxServerVersion: "6.0.99"
     operations:
       - name: failPoint
         object: testRunner

data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey.yml

@@ -2,7 +2,7 @@
 # commands sort the resulting documents in ascending order by the single-element
 # keyAltNames array to ensure alphabetic order by original KMS provider as
 # defined in initialData.
-description: rewrapManyDataKey-kms_providers
+description: rewrapManyDataKey
 
 schemaVersion: "1.8"
 
@@ -50,7 +50,7 @@ initialData:
           region: us-east-1
       - _id: &azure_key_id { $binary: { base64: YXp1cmVhenVyZWF6dXJlYQ==, subType: "04" } }
         keyAltNames: ["azure_key"]
-        keyMaterial: { $binary: { base64: AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEGkNTybTc7Eyif0f+qqE0lAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDB2j78AeuIQxcRh8cQIBEIB7vj9buHEaT7XHFIsKBJiyzZRmNnjvqMK5LSdzonKdx97jlqauvPvTDXSsdQDcspUs5oLrGmAXpbFResscxmbwZoKgUtWiuIOpeAcYuszCiMKt15s1WIMLDXUhYtfCmhRhekvgHnRAaK4HJMlGE+lKJXYI84E0b86Cd/g+, subType: "00" } }
+        keyMaterial: { $binary: { base64: pr01l7qDygUkFE/0peFwpnNlv3iIy8zrQK38Q9i12UCN2jwZHDmfyx8wokiIKMb9kAleeY+vnt3Cf1MKu9kcDmI+KxbNDd+V3ytAAGzOVLDJr77CiWjF9f8ntkXRHrAY9WwnVDANYkDwXlyU0Y2GQFTiW65jiQhUtYLYH63Tk48SsJuQvnWw1Q+PzY8ga+QeVec8wbcThwtm+r2IHsCFnc72Gv73qq7weISw+O4mN08z3wOp5FOS2ZM3MK7tBGmPdBcktW7F8ODGsOQ1FU53OrWUnyX2aTi2ftFFFMWVHqQo7EYuBZHru8RRODNKMyQk0BFfKovAeTAVRv9WH9QU7g==, subType: "00" } }
         creationDate: { $date: { $numberLong: "1641024000000" } }
         updateDate: { $date: { $numberLong: "1641024000000" } }
         status: 1
@@ -72,7 +72,7 @@ initialData:
           keyName: key-name-csfle
       - _id: &kmip_key_id { $binary: { base64: a21pcGttaXBrbWlwa21pcA==, subType: "04" } }
         keyAltNames: ["kmip_key"]
-        keyMaterial: { $binary: { base64: VoI9J8HusQ3u2gT9i8Awgg/6W4/igvLwRzn3SRDGx0Dl/1ayDMubphOw0ONPVKfuvS6HL3e4gAoCJ/uEz2KLFTVsEqYCpMhfAhgXxm8Ena8vDcOkCzFX+euvN/N2ES3wpzAD18b3qIH0MbBwKJP82d5GQ4pVfGnPW8Ujp9aO1qC/s0EqNqYyzJ1SyzhV9lAjHHGIENYJx+bBrekg2EeZBA==, subType: "00" } }
+        keyMaterial: { $binary: { base64: CklVctHzke4mcytd0TxGqvepkdkQN8NUF4+jV7aZQITAKdz6WjdDpq3lMt9nSzWGG2vAEfvRb3mFEVjV57qqGqxjq2751gmiMRHXz0btStbIK3mQ5xbY9kdye4tsixlCryEwQONr96gwlwKKI9Nubl9/8+uRF6tgYjje7Q7OjauEf1SrJwKcoQ3WwnjZmEqAug0kImCpJ/irhdqPzivRiA==, subType: "00" } }
         creationDate: { $date: { $numberLong: "1641024000000" } }
         updateDate: { $date: { $numberLong: "1641024000000" } }
         status: 1

data/spec/spec_tests/data/sdam_integration/hello-command-error.yml

@@ -86,9 +86,9 @@ tests:
           documents:
             - _id: 1
             - _id: 2
-      # Configure the next streaming hello check to fail with a command
-      # error.
-      # Use times: 2 so that the RTT hello is blocked as well.
+      # Configure the next streaming hello check to fail with a command error.
+      # Must use "times: 2" here. For a longer on explanation on why, check out
+      # https://jira.mongodb.org/browse/RUBY-3050.
       - name: configureFailPoint
         object: testRunner
         arguments:
@@ -121,17 +121,9 @@ tests:
           documents:
             - _id: 3
             - _id: 4
-      # Assert the server was marked Unknown and pool was cleared exactly once.
-      - name: assertEventCount
-        object: testRunner
-        arguments:
-          event: ServerMarkedUnknownEvent
-          count: 1
-      - name: assertEventCount
-        object: testRunner
-        arguments:
-          event: PoolClearedEvent
-          count: 1
+      # We cannot assert the server was marked Unknown and pool was cleared an
+      # exact number of times because the RTT hello may have triggered this
+      # failpoint one or many times as well.
 
     expectations:
       - command_started_event:

data/spec/spec_tests/data/sdam_integration/hello-network-error.yml

@@ -44,16 +44,6 @@ tests:
       # We cannot assert the server was marked Unknown and pool was cleared an
       # exact number of times because the RTT hello may or may not have
       # triggered this failpoint as well.
-      # - name: assertEventCount
-      #   object: testRunner
-      #   arguments:
-      #     event: ServerMarkedUnknownEvent
-      #     count: 1
-      # - name: assertEventCount
-      #   object: testRunner
-      #   arguments:
-      #     event: PoolClearedEvent
-      #     count: 1
 
     expectations:
       - command_started_event:
@@ -86,8 +76,8 @@ tests:
             - _id: 1
             - _id: 2
       # Configure the next streaming hello check to fail with a non-timeout
-      # network error. Use times: 2 to ensure that the the Monitor check fails
-      # since the RTT hello may trigger this failpoint as well.
+      # network error. Must use "times: 2" here. For a longer on explanation
+      # on why, check out https://jira.mongodb.org/browse/RUBY-3050.
       - name: configureFailPoint
         object: testRunner
         arguments:
@@ -118,8 +108,8 @@ tests:
             - _id: 3
             - _id: 4
       # We cannot assert the server was marked Unknown and pool was cleared an
-      # exact number of times because the RTT hello may or may not have
-      # triggered this failpoint as well.
+      # exact number of times because the RTT hello may have triggered this
+      # failpoint one or many times as well.
       # - name: assertEventCount
       #   object: testRunner
       #   arguments:

data/spec/spec_tests/data/sdam_integration/hello-timeout.yml

@@ -86,14 +86,16 @@ tests:
           documents:
             - _id: 1
             - _id: 2
-      # Configure the next streaming hello check to fail with a timeout
-      # Use times: 2 so that the RTT hello is blocked as well.
+      # Configure the next streaming hello check to fail with a timeout.
+      # Use "times: 4" to increase the probability that the Monitor check times
+      # out since the RTT hello may trigger this failpoint one or many times as
+      # well.
       - name: configureFailPoint
         object: testRunner
         arguments:
           failPoint:
             configureFailPoint: failCommand
-            mode: { times: 2 }
+            mode: { times: 4 }
             data:
                 failCommands: ["hello", "isMaster"]
                 appName: timeoutMonitorCheckTest
@@ -121,17 +123,9 @@ tests:
           documents:
             - _id: 3
             - _id: 4
-      # Assert the server was marked Unknown and pool was cleared exactly once.
-      - name: assertEventCount
-        object: testRunner
-        arguments:
-          event: ServerMarkedUnknownEvent
-          count: 1
-      - name: assertEventCount
-        object: testRunner
-        arguments:
-          event: PoolClearedEvent
-          count: 1
+      # We cannot assert the server was marked Unknown and pool was cleared an
+      # exact number of times because the RTT hello may have triggered this
+      # failpoint one or many times as well.
 
     expectations:
       - command_started_event:

data/spec/spec_tests/data/transactions_unified/do-not-retry-read-in-transaction.yml

@@ -0,0 +1,64 @@
+description: "do not retry read in a transaction"
+
+schemaVersion: "1.4"
+
+runOnRequirements:
+  - minServerVersion: "4.0.0"
+    topologies: [ replicaset ]
+  - minServerVersion: "4.2.0"
+    topologies: [ sharded, load-balanced ]
+
+createEntities:
+  - client:
+      id: &client0 client0
+      useMultipleMongoses: false
+      observeEvents: [commandStartedEvent]
+      uriOptions: { retryReads: true }
+  - database:
+      id: &database0 database0
+      client: *client0
+      databaseName: &databaseName retryable-read-in-transaction-test
+  - collection:
+      id: &collection0 collection0
+      database: *database0
+      collectionName: &collectionName coll
+  - session:
+      id: &session0 session0
+      client: *client0
+
+tests:
+  - description: "find does not retry in a transaction"
+    operations:
+
+      - name: startTransaction
+        object: *session0
+
+      - name: failPoint # fail the following find command
+        object: testRunner
+        arguments:
+          client: *client0
+          failPoint:
+            configureFailPoint: failCommand
+            mode: { times: 1 }
+            data:
+              failCommands: [find]
+              closeConnection: true
+
+      - name: find
+        object: *collection0
+        arguments:
+          filter: {}
+          session: *session0
+        expectError:
+          isError: true
+          errorLabelsContain: ["TransientTransactionError"]
+    expectEvents:
+      - client: *client0
+        events:
+          - commandStartedEvent:
+              command:
+                find: *collectionName
+                filter: {}
+                startTransaction: true
+              commandName: find
+              databaseName: *databaseName

data/spec/spec_tests/data/transactions_unified/retryable-abort-handshake.yml

@@ -0,0 +1,118 @@
+description: "retryable abortTransaction on handshake errors"
+
+schemaVersion: "1.4"
+
+runOnRequirements:
+  - minServerVersion: "4.2"
+    topologies: [replicaset, sharded, load-balanced]
+    serverless: "forbid"
+    auth: true
+
+createEntities:
+  - client:
+      id: &client0 client0
+      useMultipleMongoses: false
+      observeEvents: [commandStartedEvent, connectionCheckOutStartedEvent]
+  - database:
+      id: &database0 database0
+      client: *client0
+      databaseName: &databaseName retryable-handshake-tests
+  - collection:
+      id: &collection0 collection0
+      database: *database0
+      collectionName: &collectionName coll
+  - session:
+      # This session will be used to execute the transaction
+      id: &session0 session0
+      client: *client0
+  - session:
+      # This session will be used to create the failPoint, and empty the pool
+      id: &session1 session1
+      client: *client0
+
+initialData:
+  - collectionName: *collectionName
+    databaseName: *databaseName
+    documents:
+      - { _id: 1, x: 11 }
+
+tests:
+  - description: "AbortTransaction succeeds after handshake network error"
+    skipReason: "DRIVERS-2032: Pinned servers need to be checked if they are still selectable"
+    operations:
+
+      - name: startTransaction
+        object: *session0
+
+      - name: insertOne
+        object: *collection0
+        arguments:
+          session: *session0
+          document: { _id: 2, x: 22 }
+
+      # The following failPoint and ping utilize session1 so that
+      # the transaction won't be failed by the intentional erroring of ping
+      # and it will have an empty pool when it goes to run abortTransaction
+      - name: failPoint # fail the next connection establishment
+        object: testRunner
+        arguments:
+          client: *client0
+          session: *session1
+          failPoint:
+            configureFailPoint: failCommand
+            mode: { times: 2 }
+            data:
+              # use saslContinue here to avoid SDAM errors
+              # this failPoint itself will create a usable connection in the connection pool
+              # so we run a ping (with closeConnection: true) in order to discard the connection
+              # before testing that abortTransaction will fail a handshake but will get retried
+              failCommands: [saslContinue, ping]
+              closeConnection: true
+
+      - name: runCommand
+        object: *database0
+        arguments:
+          commandName: ping
+          command: { ping: 1 }
+          session: *session1
+        expectError:
+          isError: true
+
+      - name: abortTransaction
+        object: *session0
+
+    expectEvents:
+      - client: *client0
+        eventType: cmap
+        events:
+          - { connectionCheckOutStartedEvent: {} } # startTransaction
+          - { connectionCheckOutStartedEvent: {} } # insertOne
+          - { connectionCheckOutStartedEvent: {} } # failPoint
+          - { connectionCheckOutStartedEvent: {} } # abortTransaction
+          - { connectionCheckOutStartedEvent: {} } # abortTransaction retry
+      - client: *client0
+        events:
+          - commandStartedEvent:
+              command:
+                insert: *collectionName
+                documents: [{ _id: 2, x: 22 }]
+                startTransaction: true
+              commandName: insert
+              databaseName: *databaseName
+          - commandStartedEvent:
+              command:
+                ping: 1
+              databaseName: *databaseName
+          - commandStartedEvent:
+              command:
+                abortTransaction: 1
+                lsid:
+                  $$sessionLsid: *session0
+              commandName: abortTransaction
+              databaseName: admin
+
+    outcome:
+      - collectionName: *collectionName
+        databaseName: *databaseName
+        documents:
+          - { _id: 1, x: 11 }

data/spec/spec_tests/data/transactions_unified/retryable-commit-handshake.yml

@@ -0,0 +1,118 @@
+description: "retryable commitTransaction on handshake errors"
+
+schemaVersion: "1.4"
+
+runOnRequirements:
+  - minServerVersion: "4.2"
+    topologies: [replicaset, sharded, load-balanced]
+    serverless: "forbid"
+    auth: true
+
+createEntities:
+  - client:
+      id: &client0 client0
+      useMultipleMongoses: false
+      observeEvents: [commandStartedEvent, connectionCheckOutStartedEvent]
+      uriOptions: { retryWrites: false } # commitTransaction is retryable regardless of this option being set
+  - database:
+      id: &database0 database0
+      client: *client0
+      databaseName: &databaseName retryable-handshake-tests
+  - collection:
+      id: &collection0 collection0
+      database: *database0
+      collectionName: &collectionName coll
+  - session:
+      id: &session0 session0
+      client: *client0
+  - session:
+      id: &session1 session1
+      client: *client0
+
+initialData:
+  - collectionName: *collectionName
+    databaseName: *databaseName
+    documents:
+      - { _id: 1, x: 11 }
+
+tests:
+  - description: "CommitTransaction succeeds after handshake network error"
+    skipReason: "DRIVERS-2032: Pinned servers need to be checked if they are still selectable"
+    operations:
+
+      - name: startTransaction
+        object: *session0
+
+      - name: insertOne
+        object: *collection0
+        arguments:
+          session: *session0
+          document: { _id: 2, x: 22 }
+
+      # The following failPoint and ping utilize session1 so that
+      # the transaction won't be failed by the intentional erroring of ping
+      # and it will have an empty pool when it goes to run commitTransaction
+      - name: failPoint # fail the next connection establishment
+        object: testRunner
+        arguments:
+          client: *client0
+          session: *session1
+          failPoint:
+            configureFailPoint: failCommand
+            mode: { times: 2 }
+            data:
+              # use saslContinue here to avoid SDAM errors
+              # this failPoint itself will create a usable connection in the connection pool
+              # so we run a ping (that also fails) in order to discard the connection
+              # before testing that commitTransaction gets retried
+              failCommands: [saslContinue, ping]
+              closeConnection: true
+
+      - name: runCommand
+        object: *database0
+        arguments:
+          commandName: ping
+          command: { ping: 1 }
+          session: *session1
+        expectError:
+          isError: true
+
+      - name: commitTransaction
+        object: *session0
+
+    expectEvents:
+      - client: *client0
+        eventType: cmap
+        events:
+          - { connectionCheckOutStartedEvent: {} } # startTransaction
+          - { connectionCheckOutStartedEvent: {} } # insertOne
+          - { connectionCheckOutStartedEvent: {} } # failPoint
+          - { connectionCheckOutStartedEvent: {} } # commitTransaction
+          - { connectionCheckOutStartedEvent: {} } # commitTransaction retry
+      - client: *client0
+        events:
+          - commandStartedEvent:
+              command:
+                insert: *collectionName
+                documents: [{ _id: 2, x: 22 }]
+                startTransaction: true
+              commandName: insert
+              databaseName: *databaseName
+          - commandStartedEvent:
+              command:
+                ping: 1
+              databaseName: *databaseName
+          - commandStartedEvent:
+              command:
+                commitTransaction: 1
+                lsid:
+                  $$sessionLsid: *session0
+              commandName: commitTransaction
+              databaseName: admin
+
+    outcome:
+      - collectionName: *collectionName
+        databaseName: *databaseName
+        documents:
+          - { _id: 1, x: 11 }
+          - { _id: 2, x: 22 } # The write was still applied

data/spec/support/certificates/retrieve-atlas-cert

@@ -0,0 +1,38 @@
+#!/usr/bin/env ruby
+
+require 'tmpdir'
+
+host = 'freecluster-shard-00-00-oztdp.mongodb-dev.net'
+
+output = `openssl s_client -showcerts -servername #{host} -connect #{host}:27017 </dev/null`
+
+if output.empty?
+  raise 'Something bad happened'
+end
+
+certs = output.scan(/(-----BEGIN CERTIFICATE(.|\n)+?END CERTIFICATE-----)/)
+cert, ca_cert = certs.map { |g| g.first }
+
+Dir.mktmpdir do |path|
+  cert_path = File.join(path, 'cert.pem')
+  File.open(cert_path, 'w') do |f|
+    f << cert
+  end
+  output = `openssl x509 -noout -text -in #{cert_path}`
+  File.open('atlas-ocsp.crt', 'w') do |f|
+    f << output
+    f << "\n"
+    f << cert
+  end
+
+  cert_path = File.join(path, 'cert.pem')
+  File.open(cert_path, 'w') do |f|
+    f << ca_cert
+  end
+  output = `openssl x509 -noout -text -in #{cert_path}`
+  File.open('atlas-ocsp-ca.crt', 'w') do |f|
+    f << output
+    f << "\n"
+    f << ca_cert
+  end
+end

data/spec/support/spec_config.rb

@@ -471,6 +471,10 @@ EOT
     end
   end
 
+  def crypt_shared_lib_path
+    ENV['MONGO_RUBY_DRIVER_CRYPT_SHARED_LIB_PATH']
+  end
+
   def auth?
     x509_auth? || user
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongo
 version: !ruby/object:Gem::Version
-  version: 2.18.0
+  version: 2.18.1
 platform: ruby
 authors:
 - Tyler Brock
@@ -32,7 +32,7 @@ cert_chain:
   +WyKQ+QTIdtDiyf2LQmxWnxt/W1CmScjdLS7/yXGkkB/D9Uy+sJD747O/B9P238Q
   XnerrtyOu04RsWDvaZkCwSDVzoqfICh4CP1mlde73Ts=
   -----END CERTIFICATE-----
-date: 2022-07-19 00:00:00.000000000 Z
+date: 2022-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bson
@@ -1667,7 +1667,10 @@ files:
 - spec/spec_tests/data/transactions_api/commit-writeconcernerror.yml
 - spec/spec_tests/data/transactions_api/commit.yml
 - spec/spec_tests/data/transactions_api/transaction-options.yml
+- spec/spec_tests/data/transactions_unified/do-not-retry-read-in-transaction.yml
 - spec/spec_tests/data/transactions_unified/mongos-unpin.yml
+- spec/spec_tests/data/transactions_unified/retryable-abort-handshake.yml
+- spec/spec_tests/data/transactions_unified/retryable-commit-handshake.yml
 - spec/spec_tests/data/unified/invalid/expectedEventsForClient-ignoreExtraEvents-type.yml
 - spec/spec_tests/data/unified/valid-fail/operation-failure.yml
 - spec/spec_tests/data/unified/valid-fail/operation-unsupported.yml
@@ -1754,6 +1757,7 @@ files:
 - spec/support/certificates/crl_client_revoked.pem
 - spec/support/certificates/multi-ca.crt
 - spec/support/certificates/python-ca.crt
+- spec/support/certificates/retrieve-atlas-cert
 - spec/support/certificates/server-int.crt
 - spec/support/certificates/server-second-level-bundle.pem
 - spec/support/certificates/server-second-level.crt
@@ -2816,6 +2820,9 @@ test_files:
 - spec/spec_tests/data/unified/valid-fail/operation-unsupported.yml
 - spec/spec_tests/data/unified/valid-fail/operation-failure.yml
 - spec/spec_tests/data/unified/invalid/expectedEventsForClient-ignoreExtraEvents-type.yml
+- spec/spec_tests/data/transactions_unified/retryable-commit-handshake.yml
+- spec/spec_tests/data/transactions_unified/retryable-abort-handshake.yml
+- spec/spec_tests/data/transactions_unified/do-not-retry-read-in-transaction.yml
 - spec/spec_tests/data/transactions_unified/mongos-unpin.yml
 - spec/spec_tests/data/collection_management/createCollection-pre_and_post_images.yml
 - spec/spec_tests/data/collection_management/clustered-indexes.yml
@@ -3084,6 +3091,7 @@ test_files:
 - spec/support/certificates/multi-ca.crt
 - spec/support/certificates/crl.pem
 - spec/support/certificates/client-encrypted.key
+- spec/support/certificates/retrieve-atlas-cert
 - spec/support/certificates/client-int.crt
 - spec/support/certificates/client-x509.pem
 - spec/support/certificates/server-second-level-bundle.pem