mongo 2.19.1 → 2.21.0

data/spec/integration/client_side_encryption/corpus_spec.rb

@@ -188,6 +188,15 @@ describe 'Client-Side Encryption' do
       key_vault_collection.insert_one(kmip_data_key)
     end
 
+    # This method compensates for an API change between BSON 4 and
+    # BSON 5.
+    def normalize_cse_value(a)
+      case a
+      when BSON::Decimal128 then a.to_d
+      else a
+      end
+    end
+
     shared_context 'with jsonSchema collection validator' do
       let(:local_schema_map) { nil }
 
@@ -228,12 +237,11 @@ describe 'Client-Side Encryption' do
           .find(_id: corpus_encrypted_id)
           .first
 
-
         corpus_encrypted_actual.each do |key, value|
           # If it was deterministically encrypted, test the encrypted values
           # for equality.
           if value['algo'] == 'det'
-            expect(value['value']).to eq(corpus_encrypted_expected[key]['value'])
+            expect(normalize_cse_value(value['value'])).to eq(normalize_cse_value(corpus_encrypted_expected[key]['value']))
           else
             # If the document was randomly encrypted, the two encrypted values
             # will not be equal. Ensure that they are equal when decrypted.

data/spec/integration/client_side_encryption/on_demand_aws_credentials_spec.rb

@@ -37,7 +37,7 @@ describe 'On-demand AWS Credentials' do
     it 'raises an error' do
       expect_any_instance_of(
         Mongo::Auth::Aws::CredentialsRetriever
-      ).to receive(:credentials).with(no_args).once.and_raise(
+      ).to receive(:credentials).with(kind_of(Mongo::CsotTimeoutHolder)).once.and_raise(
         Mongo::Auth::Aws::CredentialsNotFound
       )
 

data/spec/integration/client_side_encryption/range_explicit_encryption_prose_spec.rb

@@ -6,7 +6,8 @@ require 'spec_helper'
 # be revisited if these tests ever need to be significantly modified.
 # rubocop:disable RSpec/ExampleLength
 describe 'Range Explicit Encryption' do
-  min_server_version '7.0.0-rc0'
+  min_server_version '8.0.0-rc18'
+
   require_libmongocrypt
   include_context 'define shared FLE helpers'
 
@@ -53,7 +54,7 @@ describe 'Range Explicit Encryption' do
         value,
         {
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         }
@@ -73,8 +74,8 @@ describe 'Range Explicit Encryption' do
         expr,
         {
           key_id: key1_id,
-          algorithm: 'RangePreview',
-          query_type: 'rangePreview',
+          algorithm: 'Range',
+          query_type: 'range',
           contention_factor: 0,
           range_opts: range_opts
         }
@@ -97,8 +98,8 @@ describe 'Range Explicit Encryption' do
         expr,
         {
           key_id: key1_id,
-          algorithm: 'RangePreview',
-          query_type: 'rangePreview',
+          algorithm: 'Range',
+          query_type: 'range',
           contention_factor: 0,
           range_opts: range_opts
         }
@@ -120,8 +121,8 @@ describe 'Range Explicit Encryption' do
         expr,
         {
           key_id: key1_id,
-          algorithm: 'RangePreview',
-          query_type: 'rangePreview',
+          algorithm: 'Range',
+          query_type: 'range',
           contention_factor: 0,
           range_opts: range_opts
         }
@@ -137,8 +138,8 @@ describe 'Range Explicit Encryption' do
         expr,
         {
           key_id: key1_id,
-          algorithm: 'RangePreview',
-          query_type: 'rangePreview',
+          algorithm: 'Range',
+          query_type: 'range',
           contention_factor: 0,
           range_opts: range_opts
         }
@@ -160,7 +161,7 @@ describe 'Range Explicit Encryption' do
           value_converter.call(201),
           {
             key_id: key1_id,
-            algorithm: 'RangePreview',
+            algorithm: 'Range',
             contention_factor: 0,
             range_opts: range_opts
           }
@@ -180,7 +181,7 @@ describe 'Range Explicit Encryption' do
           value,
           {
             key_id: key1_id,
-            algorithm: 'RangePreview',
+            algorithm: 'Range',
             contention_factor: 0,
             range_opts: range_opts
           }
@@ -195,7 +196,7 @@ describe 'Range Explicit Encryption' do
           value_converter.call(6),
           {
             key_id: key1_id,
-            algorithm: 'RangePreview',
+            algorithm: 'Range',
             contention_factor: 0,
             range_opts: {
               min: value_converter.call(0),
@@ -241,7 +242,7 @@ describe 'Range Explicit Encryption' do
         insert_payload = client_encryption.encrypt(
           num,
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         )
@@ -287,7 +288,7 @@ describe 'Range Explicit Encryption' do
         insert_payload = client_encryption.encrypt(
           BSON::Int64.new(num),
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         )
@@ -334,7 +335,7 @@ describe 'Range Explicit Encryption' do
         insert_payload = client_encryption.encrypt(
           num,
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         )
@@ -378,7 +379,7 @@ describe 'Range Explicit Encryption' do
         insert_payload = client_encryption.encrypt(
           num,
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         )
@@ -424,7 +425,7 @@ describe 'Range Explicit Encryption' do
         insert_payload = client_encryption.encrypt(
           Time.new(num),
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         )
@@ -473,7 +474,7 @@ describe 'Range Explicit Encryption' do
         insert_payload = client_encryption.encrypt(
           BSON::Decimal128.new(num),
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         )
@@ -519,7 +520,7 @@ describe 'Range Explicit Encryption' do
         insert_payload = client_encryption.encrypt(
           BSON::Decimal128.new(num),
           key_id: key1_id,
-          algorithm: 'RangePreview',
+          algorithm: 'Range',
           contention_factor: 0,
           range_opts: range_opts
         )
@@ -532,5 +533,51 @@ describe 'Range Explicit Encryption' do
 
     include_examples 'common cases'
   end
+
+  describe 'Range Explicit Encryption applies defaults' do
+    let(:payload_defaults) do
+      client_encryption.encrypt(
+        123,
+        key_id: key1_id,
+        algorithm: 'Range',
+        contention_factor: 0,
+        range_opts: {
+          min: 0,
+          max: 1000
+        }
+      )
+    end
+
+    it 'uses libmongocrypt default' do
+      payload = client_encryption.encrypt(
+        123,
+        key_id: key1_id,
+        algorithm: 'Range',
+        contention_factor: 0,
+        range_opts: {
+          min: 0,
+          max: 1000,
+          sparsity: 2,
+          trim_factor: 6
+        }
+      )
+      expect(payload.to_s.size).to eq(payload_defaults.to_s.size)
+    end
+
+    it 'accepts trim_factor 0' do
+      payload = client_encryption.encrypt(
+        123,
+        key_id: key1_id,
+        algorithm: 'Range',
+        contention_factor: 0,
+        range_opts: {
+          min: 0,
+          max: 1000,
+          trim_factor: 0
+        }
+      )
+      expect(payload.to_s.size).to eq(payload_defaults.to_s.size)
+    end
+  end
 end
 # rubocop:enable RSpec/ExampleLength

data/spec/integration/client_side_operations_timeout/encryption_prose_spec.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'CSOT for encryption' do
+  require_libmongocrypt
+  require_no_multi_mongos
+  min_server_fcv '4.2'
+
+  include_context 'define shared FLE helpers'
+  include_context 'with local kms_providers'
+
+  let(:subscriber) { Mrss::EventSubscriber.new }
+
+  describe 'mongocryptd' do
+    before do
+      Process.spawn(
+        'mongocryptd',
+        '--pidfilepath=bypass-spawning-mongocryptd.pid', '--port=23000', '--idleShutdownTimeoutSecs=60',
+        %i[ out err ] => '/dev/null'
+      )
+    end
+
+    let(:client) do
+      Mongo::Client.new('mongodb://localhost:23000/?timeoutMS=1000').tap do |client|
+        client.subscribe(Mongo::Monitoring::COMMAND, subscriber)
+      end
+    end
+
+    let(:ping_command) do
+      subscriber.started_events.find do |event|
+        event.command_name == 'ping'
+      end&.command
+    end
+
+    after do
+      client.close
+    end
+
+    it 'does not set maxTimeMS for commands sent to mongocryptd' do
+      expect do
+        client.use('admin').command(ping: 1)
+      end.to raise_error(Mongo::Error::OperationFailure)
+
+      expect(ping_command).not_to have_key('maxTimeMS')
+    end
+  end
+
+  describe 'ClientEncryption' do
+    let(:key_vault_client) do
+      ClientRegistry.instance.new_local_client(
+        SpecConfig.instance.addresses,
+        SpecConfig.instance.test_options.merge(timeout_ms: 20)
+      )
+    end
+
+    let(:client_encryption) do
+      Mongo::ClientEncryption.new(
+        key_vault_client,
+        key_vault_namespace: key_vault_namespace,
+        kms_providers: local_kms_providers
+      )
+    end
+
+    describe '#createDataKey' do
+      before do
+        authorized_client.use(key_vault_db)[key_vault_coll].drop
+        authorized_client.use(key_vault_db)[key_vault_coll].create
+        authorized_client.use(:admin).command({
+                                                configureFailPoint: 'failCommand',
+                                                mode: {
+                                                  times: 1
+                                                },
+                                                data: {
+                                                  failCommands: [ 'insert' ],
+                                                  blockConnection: true,
+                                                  blockTimeMS: 30
+                                                }
+                                              })
+      end
+
+      after do
+        authorized_client.use(:admin).command({
+                                                configureFailPoint: 'failCommand',
+                                                mode: 'off',
+                                              })
+        key_vault_client.close
+      end
+
+      it 'fails with timeout error' do
+        expect do
+          client_encryption.create_data_key('local')
+        end.to raise_error(Mongo::Error::TimeoutError)
+      end
+    end
+
+    describe '#encrypt' do
+      let!(:data_key_id) do
+        client_encryption.create_data_key('local')
+      end
+
+      before do
+        authorized_client.use(:admin).command({
+                                                configureFailPoint: 'failCommand',
+                                                mode: {
+                                                  times: 1
+                                                },
+                                                data: {
+                                                  failCommands: [ 'find' ],
+                                                  blockConnection: true,
+                                                  blockTimeMS: 30
+                                                }
+                                              })
+      end
+
+      after do
+        authorized_client.use(:admin).command({
+                                                configureFailPoint: 'failCommand',
+                                                mode: 'off',
+                                              })
+      end
+
+      it 'fails with timeout error' do
+        expect do
+          client_encryption.encrypt('hello', key_id: data_key_id,
+                                             algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic')
+        end.to raise_error(Mongo::Error::TimeoutError)
+      end
+    end
+  end
+end

data/spec/integration/connection_pool_populator_spec.rb

@@ -26,6 +26,8 @@ describe 'Connection pool populator integration' do
 
   declare_topology_double
 
+  retry_test
+
   let(:app_metadata) do
     Mongo::Server::AppMetadata.new(options)
   end

data/spec/integration/cursor_pinning_spec.rb

@@ -52,73 +52,28 @@ describe 'Cursor pinning' do
   context 'lb' do
     require_topology :load_balanced
 
-    # In load-balanced topology, we cannot create new connections to a
-    # particular service.
+    # In load-balanced topology, a cursor retains the connection used to create
+    # it until the cursor is closed.
 
-    context 'when no connection is available' do
+    context 'when connection is available' do
+      require_multi_mongos
 
-      it 'raises ConnectionCheckOutTimeout' do
-        server.pool.size.should == 0
+      let(:client) { authorized_client.with(max_pool_size: 2) }
 
+      it 'does not return connection to the pool if cursor not drained' do
+        expect(server.pool).not_to receive(:check_in)
         enum = collection.find({}, batch_size: 1).to_enum
-        # Still zero because we haven't iterated
-        server.pool.size.should == 0
-
+        # Get the first element only; cursor is not drained, so there should
+        # be no check_in of the connection.
         enum.next
-        server.pool.size.should == 1
-
-        # Grab the connection that was used
-        server.with_connection do
-          # This requires a new connection, but we cannot make one.
-          lambda do
-            enum.next
-          end.should raise_error(Mongo::Error::ConnectionCheckOutTimeout)
-
-          server.pool.size.should == 1
-        end
       end
-    end
-
-    context 'when connection is available' do
-      require_multi_mongos
-
-      let(:client) { authorized_client.with(max_pool_size: 4) }
-
-      it 'uses the available connection' do
-        server.pool.size.should == 0
-
-        # Create 4 connections.
-
-        enums = []
-        connections = []
-        connection_ids = []
-
-        4.times do
-          view = collection.find({}, batch_size: 1)
-          enum = view.to_enum
-
-          enum.next
-
-          enums << enum
-          connection_ids << view.cursor.initial_result.connection_global_id
-          connections << server.pool.check_out
-        end
-
-        connection_ids.uniq.length.should be > 1
-
-        server.pool.size.should == 4
-
-        connections.each do |c|
-          server.pool.check_in(c)
-        end
 
-        # At this point, in theory, all connections are equally likely to
-        # be chosen, but we have cursors referencing more than one
-        # distinct service.
-        # Iterate each cursor to ensure they all continue to work.
-        enums.each do |enum|
-          enum.next
-        end
+      it 'returns connection to the pool when cursor is drained' do
+        view = collection.find({}, batch_size: 1)
+        enum = view.to_enum
+        expect_any_instance_of(Mongo::Cursor).to receive(:check_in_connection)
+        # Drain the cursor
+        enum.each { |it| it.nil? }
       end
     end
   end

data/spec/integration/cursor_reaping_spec.rb

@@ -24,7 +24,7 @@ describe 'Cursor reaping' do
   let(:subscriber) { Mrss::EventSubscriber.new }
 
   let(:client) do
-    authorized_client.tap do |client|
+    authorized_client.with(max_pool_size: 10).tap do |client|
       client.subscribe(Mongo::Monitoring::COMMAND, subscriber)
     end
   end

data/spec/integration/docs_examples_spec.rb

@@ -9,7 +9,7 @@ describe 'aggregation examples in Ruby' do
     # the tests in this file.
     begin
       ClientRegistry.instance.global_client('authorized')['_placeholder'].create
-    rescue Mongo::Error::OperationFailure => e
+    rescue Mongo::Error::OperationFailure::Family => e
       # Collection already exists
       if e.code != 48
         raise