mongo 2.20.0 → 2.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +40 -1
- data/Rakefile +59 -23
- data/lib/mongo/address.rb +22 -3
- data/lib/mongo/auth/aws/credentials_retriever.rb +70 -17
- data/lib/mongo/auth/base.rb +1 -1
- data/lib/mongo/bulk_write.rb +35 -2
- data/lib/mongo/client.rb +38 -6
- data/lib/mongo/client_encryption.rb +6 -3
- data/lib/mongo/cluster/reapers/cursor_reaper.rb +6 -1
- data/lib/mongo/cluster/sdam_flow.rb +20 -7
- data/lib/mongo/cluster.rb +14 -4
- data/lib/mongo/collection/helpers.rb +1 -1
- data/lib/mongo/collection/view/aggregation/behavior.rb +131 -0
- data/lib/mongo/collection/view/aggregation.rb +33 -99
- data/lib/mongo/collection/view/builder/aggregation.rb +1 -7
- data/lib/mongo/collection/view/change_stream.rb +80 -27
- data/lib/mongo/collection/view/iterable.rb +76 -60
- data/lib/mongo/collection/view/map_reduce.rb +25 -8
- data/lib/mongo/collection/view/readable.rb +79 -30
- data/lib/mongo/collection/view/writable.rb +109 -48
- data/lib/mongo/collection/view.rb +43 -3
- data/lib/mongo/collection.rb +158 -23
- data/lib/mongo/config.rb +2 -2
- data/lib/mongo/crypt/auto_encrypter.rb +4 -6
- data/lib/mongo/crypt/binding.rb +4 -4
- data/lib/mongo/crypt/context.rb +20 -14
- data/lib/mongo/crypt/encryption_io.rb +56 -26
- data/lib/mongo/crypt/explicit_encrypter.rb +49 -20
- data/lib/mongo/crypt/explicit_encryption_context.rb +17 -11
- data/lib/mongo/crypt/kms/azure/credentials_retriever.rb +22 -6
- data/lib/mongo/crypt/kms/gcp/credentials_retriever.rb +29 -4
- data/lib/mongo/csot_timeout_holder.rb +119 -0
- data/lib/mongo/cursor/kill_spec.rb +5 -2
- data/lib/mongo/cursor/nontailable.rb +27 -0
- data/lib/mongo/cursor.rb +86 -24
- data/lib/mongo/cursor_host.rb +82 -0
- data/lib/mongo/database/view.rb +81 -14
- data/lib/mongo/database.rb +88 -18
- data/lib/mongo/error/operation_failure.rb +209 -204
- data/lib/mongo/error/server_timeout_error.rb +12 -0
- data/lib/mongo/error/socket_timeout_error.rb +3 -1
- data/lib/mongo/error/timeout_error.rb +23 -0
- data/lib/mongo/error.rb +2 -0
- data/lib/mongo/grid/fs_bucket.rb +45 -12
- data/lib/mongo/grid/stream/read.rb +15 -1
- data/lib/mongo/grid/stream/write.rb +21 -4
- data/lib/mongo/index/view.rb +77 -16
- data/lib/mongo/operation/context.rb +40 -2
- data/lib/mongo/operation/create_search_indexes/op_msg.rb +2 -2
- data/lib/mongo/operation/delete/op_msg.rb +2 -1
- data/lib/mongo/operation/drop_search_index/op_msg.rb +2 -2
- data/lib/mongo/operation/find/op_msg.rb +45 -0
- data/lib/mongo/operation/get_more/op_msg.rb +33 -0
- data/lib/mongo/operation/insert/op_msg.rb +3 -2
- data/lib/mongo/operation/insert/result.rb +4 -2
- data/lib/mongo/operation/list_collections/result.rb +1 -1
- data/lib/mongo/operation/map_reduce/result.rb +1 -1
- data/lib/mongo/operation/op_msg_base.rb +3 -1
- data/lib/mongo/operation/result.rb +26 -5
- data/lib/mongo/operation/shared/executable.rb +12 -1
- data/lib/mongo/operation/shared/op_msg_executable.rb +4 -1
- data/lib/mongo/operation/shared/response_handling.rb +3 -3
- data/lib/mongo/operation/shared/sessions_supported.rb +1 -1
- data/lib/mongo/operation/shared/timed.rb +52 -0
- data/lib/mongo/operation/shared/write.rb +4 -1
- data/lib/mongo/operation/update/op_msg.rb +2 -1
- data/lib/mongo/operation/update_search_index/op_msg.rb +2 -2
- data/lib/mongo/operation.rb +1 -0
- data/lib/mongo/protocol/message.rb +1 -4
- data/lib/mongo/protocol/msg.rb +2 -2
- data/lib/mongo/retryable/base_worker.rb +28 -3
- data/lib/mongo/retryable/read_worker.rb +76 -35
- data/lib/mongo/retryable/write_worker.rb +53 -22
- data/lib/mongo/retryable.rb +8 -2
- data/lib/mongo/server/connection.rb +11 -5
- data/lib/mongo/server/connection_base.rb +22 -2
- data/lib/mongo/server/connection_pool.rb +32 -14
- data/lib/mongo/server/description/features.rb +1 -1
- data/lib/mongo/server/description.rb +18 -5
- data/lib/mongo/server/monitor.rb +7 -4
- data/lib/mongo/server/pending_connection.rb +25 -8
- data/lib/mongo/server/{round_trip_time_averager.rb → round_trip_time_calculator.rb} +25 -7
- data/lib/mongo/server.rb +11 -6
- data/lib/mongo/server_selector/base.rb +25 -9
- data/lib/mongo/session.rb +78 -9
- data/lib/mongo/socket/ssl.rb +131 -18
- data/lib/mongo/socket/tcp.rb +40 -6
- data/lib/mongo/socket.rb +154 -25
- data/lib/mongo/uri/options_mapper.rb +1 -0
- data/lib/mongo/version.rb +1 -5
- data/lib/mongo.rb +1 -0
- data/mongo.gemspec +8 -11
- data/spec/atlas/atlas_connectivity_spec.rb +4 -0
- data/spec/atlas/operations_spec.rb +4 -0
- data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +2 -1
- data/spec/integration/client_side_encryption/auto_encryption_spec.rb +494 -487
- data/spec/integration/client_side_encryption/on_demand_aws_credentials_spec.rb +1 -1
- data/spec/integration/client_side_encryption/range_explicit_encryption_prose_spec.rb +67 -20
- data/spec/integration/client_side_operations_timeout/encryption_prose_spec.rb +131 -0
- data/spec/integration/connection_pool_populator_spec.rb +2 -0
- data/spec/integration/cursor_pinning_spec.rb +15 -60
- data/spec/integration/cursor_reaping_spec.rb +1 -1
- data/spec/integration/docs_examples_spec.rb +1 -1
- data/spec/integration/operation_failure_code_spec.rb +1 -1
- data/spec/integration/operation_failure_message_spec.rb +3 -3
- data/spec/integration/retryable_errors_spec.rb +2 -2
- data/spec/integration/retryable_reads_errors_spec.rb +35 -23
- data/spec/integration/sdam_error_handling_spec.rb +4 -1
- data/spec/integration/search_indexes_prose_spec.rb +4 -0
- data/spec/integration/server_spec.rb +4 -3
- data/spec/integration/transactions_api_examples_spec.rb +2 -0
- data/spec/kerberos/kerberos_spec.rb +4 -0
- data/spec/lite_spec_helper.rb +3 -11
- data/spec/mongo/auth/user/view_spec.rb +1 -1
- data/spec/mongo/caching_cursor_spec.rb +1 -1
- data/spec/mongo/client_encryption_spec.rb +1 -0
- data/spec/mongo/client_spec.rb +158 -4
- data/spec/mongo/collection/view/aggregation_spec.rb +14 -39
- data/spec/mongo/collection/view/change_stream_spec.rb +3 -3
- data/spec/mongo/collection_crud_spec.rb +1 -0
- data/spec/mongo/collection_spec.rb +5 -6
- data/spec/mongo/crypt/auto_encrypter_spec.rb +14 -12
- data/spec/mongo/crypt/data_key_context_spec.rb +3 -1
- data/spec/mongo/crypt/explicit_encryption_context_spec.rb +2 -2
- data/spec/mongo/crypt/handle_spec.rb +1 -1
- data/spec/mongo/cursor_spec.rb +26 -9
- data/spec/mongo/error/operation_failure_heavy_spec.rb +2 -2
- data/spec/mongo/operation/context_spec.rb +79 -0
- data/spec/mongo/operation/create/op_msg_spec.rb +106 -110
- data/spec/mongo/operation/delete/op_msg_spec.rb +6 -5
- data/spec/mongo/operation/find/op_msg_spec.rb +66 -0
- data/spec/mongo/operation/get_more/op_msg_spec.rb +65 -0
- data/spec/mongo/operation/insert/op_msg_spec.rb +128 -131
- data/spec/mongo/operation/shared/csot/examples.rb +113 -0
- data/spec/mongo/query_cache_spec.rb +243 -225
- data/spec/mongo/retryable_spec.rb +1 -0
- data/spec/mongo/server/connection_spec.rb +22 -0
- data/spec/mongo/server/round_trip_time_calculator_spec.rb +120 -0
- data/spec/mongo/socket/ssl_spec.rb +0 -10
- data/spec/runners/change_streams/test.rb +2 -2
- data/spec/runners/crud/operation.rb +1 -1
- data/spec/runners/crud/verifier.rb +3 -1
- data/spec/runners/transactions/operation.rb +4 -6
- data/spec/runners/unified/ambiguous_operations.rb +13 -0
- data/spec/runners/unified/assertions.rb +4 -0
- data/spec/runners/unified/change_stream_operations.rb +14 -24
- data/spec/runners/unified/crud_operations.rb +82 -59
- data/spec/runners/unified/ddl_operations.rb +38 -7
- data/spec/runners/unified/grid_fs_operations.rb +37 -2
- data/spec/runners/unified/support_operations.rb +43 -4
- data/spec/runners/unified/test.rb +22 -10
- data/spec/runners/unified.rb +1 -1
- data/spec/solo/clean_exit_spec.rb +2 -0
- data/spec/spec_tests/client_side_operations_timeout_spec.rb +15 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-clusterTime.yml +3 -1
- data/spec/spec_tests/data/change_streams_unified/change-streams-disambiguatedPaths.yml +3 -1
- data/spec/spec_tests/data/change_streams_unified/change-streams-errors.yml +3 -1
- data/spec/spec_tests/data/change_streams_unified/change-streams-pre_and_post_images.yml +1 -1
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-allowlist.yml +1 -1
- data/spec/spec_tests/data/change_streams_unified/change-streams-resume-errorLabels.yml +1 -1
- data/spec/spec_tests/data/change_streams_unified/change-streams-showExpandedEvents.yml +1 -1
- data/spec/spec_tests/data/client_side_encryption/badQueries.yml +2 -1
- data/spec/spec_tests/data/client_side_encryption/fle2v2-BypassQueryAnalysis.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Compact.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-CreateCollection.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-DecryptExistingData.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Delete.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-EncryptedFields-vs-jsonSchema.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-EncryptedFieldsMap-defaults.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-FindOneAndUpdate.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-InsertFind-Indexed.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-InsertFind-Unindexed.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-MissingKey.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-NoEncryption.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Update.yml +1 -0
- data/spec/spec_tests/data/client_side_encryption/fle2v2-validatorAndPartialFieldExpression.yml +2 -1
- data/spec/spec_tests/data/client_side_encryption/timeoutMS.yml +67 -0
- data/spec/spec_tests/data/client_side_operations_timeout/bulkWrite.yml +87 -0
- data/spec/spec_tests/data/client_side_operations_timeout/change-streams.yml +358 -0
- data/spec/spec_tests/data/client_side_operations_timeout/close-cursors.yml +129 -0
- data/spec/spec_tests/data/client_side_operations_timeout/command-execution.yml +250 -0
- data/spec/spec_tests/data/client_side_operations_timeout/convenient-transactions.yml +113 -0
- data/spec/spec_tests/data/client_side_operations_timeout/cursors.yml +70 -0
- data/spec/spec_tests/data/client_side_operations_timeout/deprecated-options.yml +3982 -0
- data/spec/spec_tests/data/client_side_operations_timeout/error-transformations.yml +96 -0
- data/spec/spec_tests/data/client_side_operations_timeout/global-timeoutMS.yml +3236 -0
- data/spec/spec_tests/data/client_side_operations_timeout/gridfs-advanced.yml +207 -0
- data/spec/spec_tests/data/client_side_operations_timeout/gridfs-delete.yml +152 -0
- data/spec/spec_tests/data/client_side_operations_timeout/gridfs-download.yml +182 -0
- data/spec/spec_tests/data/client_side_operations_timeout/gridfs-find.yml +100 -0
- data/spec/spec_tests/data/client_side_operations_timeout/gridfs-upload.yml +249 -0
- data/spec/spec_tests/data/client_side_operations_timeout/legacy-timeouts.yml +204 -0
- data/spec/spec_tests/data/client_side_operations_timeout/non-tailable-cursors.yml +307 -0
- data/spec/spec_tests/data/client_side_operations_timeout/override-collection-timeoutMS.yml +1877 -0
- data/spec/spec_tests/data/client_side_operations_timeout/override-operation-timeoutMS.yml +1918 -0
- data/spec/spec_tests/data/client_side_operations_timeout/retryability-legacy-timeouts.yml +1676 -0
- data/spec/spec_tests/data/client_side_operations_timeout/retryability-timeoutMS.yml +2824 -0
- data/spec/spec_tests/data/client_side_operations_timeout/sessions-inherit-timeoutMS.yml +168 -0
- data/spec/spec_tests/data/client_side_operations_timeout/sessions-override-operation-timeoutMS.yml +171 -0
- data/spec/spec_tests/data/client_side_operations_timeout/sessions-override-timeoutMS.yml +168 -0
- data/spec/spec_tests/data/client_side_operations_timeout/tailable-awaitData.yml +247 -0
- data/spec/spec_tests/data/client_side_operations_timeout/tailable-non-awaitData.yml +181 -0
- data/spec/spec_tests/data/crud_unified/aggregate-write-readPreference.yml +6 -0
- data/spec/spec_tests/data/crud_unified/db-aggregate-write-readPreference.yml +6 -0
- data/spec/spec_tests/data/crud_unified/find-test-all-options.yml +29 -0
- data/spec/spec_tests/server_selection_rtt_spec.rb +6 -6
- data/spec/spec_tests/transactions_unified_spec.rb +2 -1
- data/spec/support/certificates/atlas-ocsp-ca.crt +89 -79
- data/spec/support/certificates/atlas-ocsp.crt +117 -122
- data/spec/support/certificates/retrieve-atlas-cert +1 -1
- data/spec/support/cluster_tools.rb +3 -3
- data/spec/support/common_shortcuts.rb +2 -2
- data/spec/support/crypt/encrypted_fields/range-encryptedFields-Date.json +1 -1
- data/spec/support/crypt/encrypted_fields/range-encryptedFields-DecimalNoPrecision.json +1 -1
- data/spec/support/crypt/encrypted_fields/range-encryptedFields-DecimalPrecision.json +1 -1
- data/spec/support/crypt/encrypted_fields/range-encryptedFields-DoubleNoPrecision.json +1 -1
- data/spec/support/crypt/encrypted_fields/range-encryptedFields-DoublePrecision.json +1 -1
- data/spec/support/crypt/encrypted_fields/range-encryptedFields-Int.json +1 -1
- data/spec/support/crypt/encrypted_fields/range-encryptedFields-Long.json +1 -1
- data/spec/support/shared/session.rb +2 -2
- data/spec/support/spec_setup.rb +2 -2
- data/spec/support/utils.rb +3 -1
- metadata +88 -173
- checksums.yaml.gz.sig +0 -0
- data/spec/mongo/server/round_trip_time_averager_spec.rb +0 -48
- data/spec/shared/LICENSE +0 -20
- data/spec/shared/bin/get-mongodb-download-url +0 -17
- data/spec/shared/bin/s3-copy +0 -45
- data/spec/shared/bin/s3-upload +0 -69
- data/spec/shared/lib/mrss/child_process_helper.rb +0 -80
- data/spec/shared/lib/mrss/cluster_config.rb +0 -231
- data/spec/shared/lib/mrss/constraints.rb +0 -378
- data/spec/shared/lib/mrss/docker_runner.rb +0 -298
- data/spec/shared/lib/mrss/eg_config_utils.rb +0 -51
- data/spec/shared/lib/mrss/event_subscriber.rb +0 -210
- data/spec/shared/lib/mrss/lite_constraints.rb +0 -238
- data/spec/shared/lib/mrss/server_version_registry.rb +0 -113
- data/spec/shared/lib/mrss/session_registry.rb +0 -69
- data/spec/shared/lib/mrss/session_registry_legacy.rb +0 -60
- data/spec/shared/lib/mrss/spec_organizer.rb +0 -179
- data/spec/shared/lib/mrss/utils.rb +0 -37
- data/spec/shared/share/Dockerfile.erb +0 -281
- data/spec/shared/share/haproxy-1.conf +0 -16
- data/spec/shared/share/haproxy-2.conf +0 -17
- data/spec/shared/shlib/config.sh +0 -27
- data/spec/shared/shlib/distro.sh +0 -74
- data/spec/shared/shlib/server.sh +0 -417
- data/spec/shared/shlib/set_env.sh +0 -146
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Aggregate.yml +0 -241
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Correctness.yml +0 -422
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Delete.yml +0 -182
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-FindOneAndUpdate.yml +0 -239
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-InsertFind.yml +0 -235
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Update.yml +0 -252
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Aggregate.yml +0 -1687
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Correctness.yml +0 -293
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Delete.yml +0 -905
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-FindOneAndUpdate.yml +0 -1684
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-InsertFind.yml +0 -1680
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Update.yml +0 -1697
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Aggregate.yml +0 -329
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Correctness.yml +0 -424
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Delete.yml +0 -226
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.yml +0 -327
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-InsertFind.yml +0 -319
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Update.yml +0 -336
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Aggregate.yml +0 -913
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Correctness.yml +0 -292
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Delete.yml +0 -518
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-FindOneAndUpdate.yml +0 -911
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-InsertFind.yml +0 -907
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Update.yml +0 -924
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Aggregate.yml +0 -325
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Correctness.yml +0 -424
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Delete.yml +0 -224
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-FindOneAndUpdate.yml +0 -323
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-InsertFind.yml +0 -319
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Update.yml +0 -338
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Aggregate.yml +0 -241
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Correctness.yml +0 -423
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Delete.yml +0 -182
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-FindOneAndUpdate.yml +0 -239
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-InsertFind.yml +0 -235
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Update.yml +0 -254
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Aggregate.yml +0 -241
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Correctness.yml +0 -422
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Delete.yml +0 -182
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-FindOneAndUpdate.yml +0 -239
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-InsertFind.yml +0 -235
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Update.yml +0 -254
- data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-WrongType.yml +0 -43
- data/spec/support/faas/app/aws_lambda/mongodb/Gemfile.lock +0 -19
- data.tar.gz.sig +0 -0
- metadata.gz.sig +0 -3
@@ -30,7 +30,8 @@ describe 'Auto Encryption' do
|
|
30
30
|
extra_options: extra_options,
|
31
31
|
},
|
32
32
|
database: 'auto_encryption',
|
33
|
-
max_pool_size: max_pool_size
|
33
|
+
max_pool_size: max_pool_size,
|
34
|
+
timeout_ms: timeout_ms
|
34
35
|
),
|
35
36
|
)
|
36
37
|
end
|
@@ -97,27 +98,84 @@ describe 'Auto Encryption' do
|
|
97
98
|
end
|
98
99
|
|
99
100
|
shared_examples 'an encrypted command' do
|
100
|
-
context 'with AWS KMS provider' do
|
101
|
-
|
101
|
+
# context 'with AWS KMS provider' do
|
102
|
+
# include_context 'with AWS kms_providers'
|
103
|
+
|
104
|
+
# context 'with validator' do
|
105
|
+
# include_context 'jsonSchema validator on collection'
|
106
|
+
# it_behaves_like 'it performs an encrypted command'
|
107
|
+
# end
|
108
|
+
|
109
|
+
# context 'with schema map' do
|
110
|
+
# include_context 'schema map in client options'
|
111
|
+
# it_behaves_like 'it performs an encrypted command'
|
112
|
+
|
113
|
+
# context 'with limited connection pool' do
|
114
|
+
# include_context 'limited connection pool'
|
115
|
+
# it_behaves_like 'it performs an encrypted command'
|
116
|
+
# end
|
117
|
+
# end
|
118
|
+
# end
|
119
|
+
|
120
|
+
# context 'with Azure KMS provider' do
|
121
|
+
# include_context 'with Azure kms_providers'
|
122
|
+
|
123
|
+
# context 'with validator' do
|
124
|
+
# include_context 'jsonSchema validator on collection'
|
125
|
+
# it_behaves_like 'it performs an encrypted command'
|
126
|
+
# end
|
127
|
+
|
128
|
+
# context 'with schema map' do
|
129
|
+
# include_context 'schema map in client options'
|
130
|
+
# it_behaves_like 'it performs an encrypted command'
|
131
|
+
|
132
|
+
# context 'with limited connection pool' do
|
133
|
+
# include_context 'limited connection pool'
|
134
|
+
# it_behaves_like 'it performs an encrypted command'
|
135
|
+
# end
|
136
|
+
# end
|
137
|
+
# end
|
138
|
+
|
139
|
+
# context 'with GCP KMS provider' do
|
140
|
+
# include_context 'with GCP kms_providers'
|
141
|
+
|
142
|
+
# context 'with validator' do
|
143
|
+
# include_context 'jsonSchema validator on collection'
|
144
|
+
# it_behaves_like 'it performs an encrypted command'
|
145
|
+
# end
|
146
|
+
|
147
|
+
# context 'with schema map' do
|
148
|
+
# include_context 'schema map in client options'
|
149
|
+
# it_behaves_like 'it performs an encrypted command'
|
150
|
+
|
151
|
+
# context 'with limited connection pool' do
|
152
|
+
# include_context 'limited connection pool'
|
153
|
+
# it_behaves_like 'it performs an encrypted command'
|
154
|
+
# end
|
155
|
+
# end
|
156
|
+
# end
|
157
|
+
|
158
|
+
# context 'with KMIP KMS provider' do
|
159
|
+
# include_context 'with KMIP kms_providers'
|
160
|
+
|
161
|
+
# context 'with validator' do
|
162
|
+
# include_context 'jsonSchema validator on collection'
|
163
|
+
# it_behaves_like 'it performs an encrypted command'
|
164
|
+
# end
|
165
|
+
|
166
|
+
# context 'with schema map' do
|
167
|
+
# include_context 'schema map in client options'
|
168
|
+
# it_behaves_like 'it performs an encrypted command'
|
169
|
+
|
170
|
+
# context 'with limited connection pool' do
|
171
|
+
# include_context 'limited connection pool'
|
172
|
+
# it_behaves_like 'it performs an encrypted command'
|
173
|
+
# end
|
174
|
+
# end
|
175
|
+
# end
|
102
176
|
|
103
|
-
|
104
|
-
|
105
|
-
it_behaves_like 'it performs an encrypted command'
|
106
|
-
end
|
107
|
-
|
108
|
-
context 'with schema map' do
|
109
|
-
include_context 'schema map in client options'
|
110
|
-
it_behaves_like 'it performs an encrypted command'
|
111
|
-
|
112
|
-
context 'with limited connection pool' do
|
113
|
-
include_context 'limited connection pool'
|
114
|
-
it_behaves_like 'it performs an encrypted command'
|
115
|
-
end
|
116
|
-
end
|
117
|
-
end
|
118
|
-
|
119
|
-
context 'with Azure KMS provider' do
|
120
|
-
include_context 'with Azure kms_providers'
|
177
|
+
context 'with local KMS provider' do
|
178
|
+
include_context 'with local kms_providers'
|
121
179
|
|
122
180
|
context 'with validator' do
|
123
181
|
include_context 'jsonSchema validator on collection'
|
@@ -134,614 +192,563 @@ describe 'Auto Encryption' do
|
|
134
192
|
end
|
135
193
|
end
|
136
194
|
end
|
195
|
+
end
|
137
196
|
|
138
|
-
|
139
|
-
|
197
|
+
[nil, 0].each do |timeout_ms|
|
198
|
+
context "with timeout_ms #{timeout_ms}" do
|
199
|
+
let(:timeout_ms) { timeout_ms }
|
140
200
|
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
end
|
201
|
+
describe '#aggregate' do
|
202
|
+
shared_examples 'it performs an encrypted command' do
|
203
|
+
include_context 'encrypted document in collection'
|
145
204
|
|
146
|
-
|
147
|
-
|
148
|
-
|
205
|
+
let(:result) do
|
206
|
+
encryption_client['users'].aggregate([
|
207
|
+
{ '$match' => { 'ssn' => ssn } }
|
208
|
+
]).first
|
209
|
+
end
|
149
210
|
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
end
|
155
|
-
end
|
211
|
+
it 'encrypts the command and decrypts the response' do
|
212
|
+
result.should_not be_nil
|
213
|
+
result['ssn'].should == ssn
|
214
|
+
end
|
156
215
|
|
157
|
-
|
158
|
-
|
216
|
+
context 'when bypass_auto_encryption=true' do
|
217
|
+
include_context 'bypass auto encryption'
|
159
218
|
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
end
|
219
|
+
it 'does not encrypt the command' do
|
220
|
+
result.should be_nil
|
221
|
+
end
|
164
222
|
|
165
|
-
|
166
|
-
|
167
|
-
|
223
|
+
it 'does auto decrypt the response' do
|
224
|
+
result = encryption_client['users'].aggregate([
|
225
|
+
{ '$match' => { 'ssn' => encrypted_ssn_binary } }
|
226
|
+
]).first
|
168
227
|
|
169
|
-
|
170
|
-
|
171
|
-
|
228
|
+
result.should_not be_nil
|
229
|
+
result['ssn'].should == ssn
|
230
|
+
end
|
231
|
+
end
|
172
232
|
end
|
173
|
-
end
|
174
|
-
end
|
175
233
|
|
176
|
-
|
177
|
-
include_context 'with local kms_providers'
|
178
|
-
|
179
|
-
context 'with validator' do
|
180
|
-
include_context 'jsonSchema validator on collection'
|
181
|
-
it_behaves_like 'it performs an encrypted command'
|
234
|
+
it_behaves_like 'an encrypted command'
|
182
235
|
end
|
183
236
|
|
184
|
-
|
185
|
-
|
186
|
-
|
237
|
+
describe '#count' do
|
238
|
+
shared_examples 'it performs an encrypted command' do
|
239
|
+
include_context 'multiple encrypted documents in collection'
|
187
240
|
|
188
|
-
|
189
|
-
include_context 'limited connection pool'
|
190
|
-
it_behaves_like 'it performs an encrypted command'
|
191
|
-
end
|
192
|
-
end
|
193
|
-
end
|
194
|
-
end
|
241
|
+
let(:result) { encryption_client['users'].count(ssn: ssn) }
|
195
242
|
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
let(:result) do
|
201
|
-
encryption_client['users'].aggregate([
|
202
|
-
{ '$match' => { 'ssn' => ssn } }
|
203
|
-
]).first
|
204
|
-
end
|
205
|
-
|
206
|
-
it 'encrypts the command and decrypts the response' do
|
207
|
-
result.should_not be_nil
|
208
|
-
result['ssn'].should == ssn
|
209
|
-
end
|
243
|
+
it 'encrypts the command and finds the documents' do
|
244
|
+
expect(result).to eq(2)
|
245
|
+
end
|
210
246
|
|
211
|
-
|
212
|
-
|
247
|
+
context 'with bypass_auto_encryption=true' do
|
248
|
+
include_context 'bypass auto encryption'
|
213
249
|
|
214
|
-
|
215
|
-
|
250
|
+
it 'does not encrypt the command' do
|
251
|
+
expect(result).to eq(0)
|
252
|
+
end
|
253
|
+
end
|
216
254
|
end
|
217
255
|
|
218
|
-
|
219
|
-
result = encryption_client['users'].aggregate([
|
220
|
-
{ '$match' => { 'ssn' => encrypted_ssn_binary } }
|
221
|
-
]).first
|
222
|
-
|
223
|
-
result.should_not be_nil
|
224
|
-
result['ssn'].should == ssn
|
225
|
-
end
|
256
|
+
it_behaves_like 'an encrypted command'
|
226
257
|
end
|
227
|
-
end
|
228
|
-
|
229
|
-
it_behaves_like 'an encrypted command'
|
230
|
-
end
|
231
258
|
|
232
|
-
|
233
|
-
|
234
|
-
|
259
|
+
describe '#distinct' do
|
260
|
+
shared_examples 'it performs an encrypted command' do
|
261
|
+
include_context 'encrypted document in collection'
|
235
262
|
|
236
|
-
|
263
|
+
let(:result) { encryption_client['users'].distinct(:ssn) }
|
237
264
|
|
238
|
-
|
239
|
-
|
240
|
-
|
265
|
+
it 'decrypts the SSN field' do
|
266
|
+
expect(result.length).to eq(1)
|
267
|
+
expect(result).to include(ssn)
|
268
|
+
end
|
241
269
|
|
242
|
-
|
243
|
-
|
270
|
+
context 'with bypass_auto_encryption=true' do
|
271
|
+
include_context 'bypass auto encryption'
|
244
272
|
|
245
|
-
|
246
|
-
|
273
|
+
it 'still decrypts the SSN field' do
|
274
|
+
expect(result.length).to eq(1)
|
275
|
+
expect(result).to include(ssn)
|
276
|
+
end
|
277
|
+
end
|
247
278
|
end
|
248
|
-
end
|
249
|
-
end
|
250
|
-
|
251
|
-
it_behaves_like 'an encrypted command'
|
252
|
-
end
|
253
279
|
|
254
|
-
|
255
|
-
shared_examples 'it performs an encrypted command' do
|
256
|
-
include_context 'encrypted document in collection'
|
257
|
-
|
258
|
-
let(:result) { encryption_client['users'].distinct(:ssn) }
|
259
|
-
|
260
|
-
it 'decrypts the SSN field' do
|
261
|
-
expect(result.length).to eq(1)
|
262
|
-
expect(result).to include(ssn)
|
280
|
+
it_behaves_like 'an encrypted command'
|
263
281
|
end
|
264
282
|
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
it 'still decrypts the SSN field' do
|
269
|
-
expect(result.length).to eq(1)
|
270
|
-
expect(result).to include(ssn)
|
271
|
-
end
|
272
|
-
end
|
273
|
-
end
|
274
|
-
|
275
|
-
it_behaves_like 'an encrypted command'
|
276
|
-
end
|
277
|
-
|
278
|
-
describe '#delete_one' do
|
279
|
-
shared_examples 'it performs an encrypted command' do
|
280
|
-
include_context 'encrypted document in collection'
|
283
|
+
describe '#delete_one' do
|
284
|
+
shared_examples 'it performs an encrypted command' do
|
285
|
+
include_context 'encrypted document in collection'
|
281
286
|
|
282
|
-
|
287
|
+
let(:result) { encryption_client['users'].delete_one(ssn: ssn) }
|
283
288
|
|
284
|
-
|
285
|
-
|
286
|
-
|
289
|
+
it 'encrypts the SSN field' do
|
290
|
+
expect(result.deleted_count).to eq(1)
|
291
|
+
end
|
287
292
|
|
288
|
-
|
289
|
-
|
293
|
+
context 'with bypass_auto_encryption=true' do
|
294
|
+
include_context 'bypass auto encryption'
|
290
295
|
|
291
|
-
|
292
|
-
|
296
|
+
it 'does not encrypt the SSN field' do
|
297
|
+
expect(result.deleted_count).to eq(0)
|
298
|
+
end
|
299
|
+
end
|
293
300
|
end
|
294
|
-
end
|
295
|
-
end
|
296
301
|
|
297
|
-
|
298
|
-
end
|
299
|
-
|
300
|
-
describe '#delete_many' do
|
301
|
-
shared_examples 'it performs an encrypted command' do
|
302
|
-
include_context 'multiple encrypted documents in collection'
|
303
|
-
|
304
|
-
let(:result) { encryption_client['users'].delete_many(ssn: ssn) }
|
305
|
-
|
306
|
-
it 'decrypts the SSN field' do
|
307
|
-
expect(result.deleted_count).to eq(2)
|
302
|
+
it_behaves_like 'an encrypted command'
|
308
303
|
end
|
309
304
|
|
310
|
-
|
311
|
-
|
305
|
+
describe '#delete_many' do
|
306
|
+
shared_examples 'it performs an encrypted command' do
|
307
|
+
include_context 'multiple encrypted documents in collection'
|
312
308
|
|
313
|
-
|
314
|
-
expect(result.deleted_count).to eq(0)
|
315
|
-
end
|
316
|
-
end
|
317
|
-
end
|
309
|
+
let(:result) { encryption_client['users'].delete_many(ssn: ssn) }
|
318
310
|
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
describe '#find' do
|
323
|
-
shared_examples 'it performs an encrypted command' do
|
324
|
-
include_context 'encrypted document in collection'
|
325
|
-
|
326
|
-
let(:result) { encryption_client['users'].find(ssn: ssn).first }
|
327
|
-
|
328
|
-
it 'encrypts the command and decrypts the response' do
|
329
|
-
result.should_not be_nil
|
330
|
-
expect(result['ssn']).to eq(ssn)
|
331
|
-
end
|
311
|
+
it 'decrypts the SSN field' do
|
312
|
+
expect(result.deleted_count).to eq(2)
|
313
|
+
end
|
332
314
|
|
333
|
-
|
334
|
-
|
315
|
+
context 'with bypass_auto_encryption=true' do
|
316
|
+
include_context 'bypass auto encryption'
|
335
317
|
|
336
|
-
|
337
|
-
|
318
|
+
it 'does not encrypt the SSN field' do
|
319
|
+
expect(result.deleted_count).to eq(0)
|
320
|
+
end
|
321
|
+
end
|
338
322
|
end
|
339
|
-
end
|
340
|
-
end
|
341
|
-
|
342
|
-
it_behaves_like 'an encrypted command'
|
343
|
-
end
|
344
|
-
|
345
|
-
describe '#find_one_and_delete' do
|
346
|
-
shared_examples 'it performs an encrypted command' do
|
347
|
-
include_context 'encrypted document in collection'
|
348
323
|
|
349
|
-
|
350
|
-
|
351
|
-
it 'encrypts the command and decrypts the response' do
|
352
|
-
expect(result['ssn']).to eq(ssn)
|
324
|
+
it_behaves_like 'an encrypted command'
|
353
325
|
end
|
354
326
|
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
it 'does not encrypt the command' do
|
359
|
-
expect(result).to be_nil
|
360
|
-
end
|
361
|
-
|
362
|
-
it 'still decrypts the command' do
|
363
|
-
result = encryption_client['users'].find_one_and_delete(ssn: encrypted_ssn_binary)
|
364
|
-
expect(result['ssn']).to eq(ssn)
|
365
|
-
end
|
366
|
-
end
|
367
|
-
end
|
327
|
+
describe '#find' do
|
328
|
+
shared_examples 'it performs an encrypted command' do
|
329
|
+
include_context 'encrypted document in collection'
|
368
330
|
|
369
|
-
|
370
|
-
end
|
331
|
+
let(:result) { encryption_client['users'].find(ssn: ssn).first }
|
371
332
|
|
372
|
-
|
373
|
-
|
374
|
-
|
333
|
+
it 'encrypts the command and decrypts the response' do
|
334
|
+
result.should_not be_nil
|
335
|
+
expect(result['ssn']).to eq(ssn)
|
336
|
+
end
|
375
337
|
|
376
|
-
|
377
|
-
|
338
|
+
context 'when bypass_auto_encryption=true' do
|
339
|
+
include_context 'bypass auto encryption'
|
378
340
|
|
379
|
-
|
380
|
-
|
381
|
-
|
382
|
-
|
383
|
-
return_document: :before
|
384
|
-
)
|
341
|
+
it 'does not encrypt the command' do
|
342
|
+
expect(result).to be_nil
|
343
|
+
end
|
344
|
+
end
|
385
345
|
end
|
386
346
|
|
387
|
-
|
388
|
-
expect(result['ssn']).to eq(ssn)
|
389
|
-
|
390
|
-
documents = client['users'].find
|
391
|
-
expect(documents.count).to eq(1)
|
392
|
-
expect(documents.first['ssn']).to be_nil
|
393
|
-
end
|
347
|
+
it_behaves_like 'an encrypted command'
|
394
348
|
end
|
395
349
|
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
end
|
350
|
+
describe '#find_one_and_delete' do
|
351
|
+
shared_examples 'it performs an encrypted command' do
|
352
|
+
include_context 'encrypted document in collection'
|
400
353
|
|
401
|
-
|
402
|
-
encryption_client['users'].find_one_and_replace(
|
403
|
-
{ name: name },
|
404
|
-
{ ssn: ssn },
|
405
|
-
return_document: :after
|
406
|
-
)
|
407
|
-
end
|
354
|
+
let(:result) { encryption_client['users'].find_one_and_delete(ssn: ssn) }
|
408
355
|
|
409
|
-
|
410
|
-
|
356
|
+
it 'encrypts the command and decrypts the response' do
|
357
|
+
expect(result['ssn']).to eq(ssn)
|
358
|
+
end
|
411
359
|
|
412
|
-
|
413
|
-
|
414
|
-
expect(documents.first['ssn']).to eq(encrypted_ssn_binary)
|
415
|
-
end
|
416
|
-
end
|
360
|
+
context 'when bypass_auto_encryption=true' do
|
361
|
+
include_context 'bypass auto encryption'
|
417
362
|
|
418
|
-
|
419
|
-
|
420
|
-
|
363
|
+
it 'does not encrypt the command' do
|
364
|
+
expect(result).to be_nil
|
365
|
+
end
|
421
366
|
|
422
|
-
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
)
|
367
|
+
it 'still decrypts the command' do
|
368
|
+
result = encryption_client['users'].find_one_and_delete(ssn: encrypted_ssn_binary)
|
369
|
+
expect(result['ssn']).to eq(ssn)
|
370
|
+
end
|
371
|
+
end
|
428
372
|
end
|
429
373
|
|
430
|
-
|
431
|
-
expect(result['ssn']).to eq(ssn)
|
432
|
-
|
433
|
-
documents = client['users'].find
|
434
|
-
expect(documents.count).to eq(1)
|
435
|
-
expect(documents.first['ssn']).to be_nil
|
436
|
-
end
|
374
|
+
it_behaves_like 'an encrypted command'
|
437
375
|
end
|
438
|
-
end
|
439
|
-
|
440
|
-
it_behaves_like 'an encrypted command'
|
441
|
-
end
|
442
376
|
|
443
|
-
|
444
|
-
|
445
|
-
|
377
|
+
describe '#find_one_and_replace' do
|
378
|
+
shared_examples 'it performs an encrypted command' do
|
379
|
+
let(:name) { 'Alan Turing' }
|
446
380
|
|
447
|
-
|
381
|
+
context 'with :return_document => :before' do
|
382
|
+
include_context 'encrypted document in collection'
|
448
383
|
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
|
453
|
-
|
454
|
-
|
384
|
+
let(:result) do
|
385
|
+
encryption_client['users'].find_one_and_replace(
|
386
|
+
{ ssn: ssn },
|
387
|
+
{ name: name },
|
388
|
+
return_document: :before
|
389
|
+
)
|
390
|
+
end
|
455
391
|
|
456
|
-
|
457
|
-
|
392
|
+
it 'encrypts the command and decrypts the response, returning original document' do
|
393
|
+
expect(result['ssn']).to eq(ssn)
|
458
394
|
|
459
|
-
|
460
|
-
|
461
|
-
|
462
|
-
|
395
|
+
documents = client['users'].find
|
396
|
+
expect(documents.count).to eq(1)
|
397
|
+
expect(documents.first['ssn']).to be_nil
|
398
|
+
end
|
399
|
+
end
|
463
400
|
|
464
|
-
|
465
|
-
|
401
|
+
context 'with :return_document => :after' do
|
402
|
+
before do
|
403
|
+
client['users'].insert_one(name: name)
|
404
|
+
end
|
405
|
+
|
406
|
+
let(:result) do
|
407
|
+
encryption_client['users'].find_one_and_replace(
|
408
|
+
{ name: name },
|
409
|
+
{ ssn: ssn },
|
410
|
+
return_document: :after
|
411
|
+
)
|
412
|
+
end
|
413
|
+
|
414
|
+
it 'encrypts the command and decrypts the response, returning new document' do
|
415
|
+
expect(result['ssn']).to eq(ssn)
|
416
|
+
|
417
|
+
documents = client['users'].find
|
418
|
+
expect(documents.count).to eq(1)
|
419
|
+
expect(documents.first['ssn']).to eq(encrypted_ssn_binary)
|
420
|
+
end
|
421
|
+
end
|
466
422
|
|
467
|
-
|
468
|
-
|
423
|
+
context 'when bypass_auto_encryption=true' do
|
424
|
+
include_context 'bypass auto encryption'
|
425
|
+
include_context 'encrypted document in collection'
|
426
|
+
|
427
|
+
let(:result) do
|
428
|
+
encryption_client['users'].find_one_and_replace(
|
429
|
+
{ ssn: encrypted_ssn_binary },
|
430
|
+
{ name: name },
|
431
|
+
:return_document => :before
|
432
|
+
)
|
433
|
+
end
|
434
|
+
|
435
|
+
it 'does not encrypt the command but still decrypts the response, returning original document' do
|
436
|
+
expect(result['ssn']).to eq(ssn)
|
437
|
+
|
438
|
+
documents = client['users'].find
|
439
|
+
expect(documents.count).to eq(1)
|
440
|
+
expect(documents.first['ssn']).to be_nil
|
441
|
+
end
|
442
|
+
end
|
469
443
|
end
|
470
444
|
|
471
|
-
|
472
|
-
# Query using the encrypted ssn value so the find will succeed
|
473
|
-
result = encryption_client['users'].find_one_and_update(
|
474
|
-
{ ssn: encrypted_ssn_binary },
|
475
|
-
{ name: name }
|
476
|
-
)
|
477
|
-
|
478
|
-
expect(result['ssn']).to eq(ssn)
|
479
|
-
end
|
445
|
+
it_behaves_like 'an encrypted command'
|
480
446
|
end
|
481
|
-
end
|
482
|
-
|
483
|
-
it_behaves_like 'an encrypted command'
|
484
|
-
end
|
485
447
|
|
486
|
-
|
487
|
-
|
488
|
-
|
448
|
+
describe '#find_one_and_update' do
|
449
|
+
shared_examples 'it performs an encrypted command' do
|
450
|
+
include_context 'encrypted document in collection'
|
489
451
|
|
490
|
-
|
491
|
-
it 'encrypts the ssn field' do
|
492
|
-
expect(result).to be_ok
|
493
|
-
expect(result.inserted_ids.length).to eq(1)
|
452
|
+
let(:name) { 'Alan Turing' }
|
494
453
|
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
end
|
454
|
+
let(:result) do
|
455
|
+
encryption_client['users'].find_one_and_update(
|
456
|
+
{ ssn: ssn },
|
457
|
+
{ name: name }
|
458
|
+
)
|
459
|
+
end
|
502
460
|
|
503
|
-
|
504
|
-
|
461
|
+
it 'encrypts the command and decrypts the response' do
|
462
|
+
expect(result['ssn']).to eq(ssn)
|
505
463
|
|
506
|
-
|
507
|
-
|
508
|
-
|
509
|
-
|
464
|
+
documents = client['users'].find
|
465
|
+
expect(documents.count).to eq(1)
|
466
|
+
expect(documents.first['ssn']).to be_nil
|
467
|
+
end
|
510
468
|
|
511
|
-
|
469
|
+
context 'with bypass_auto_encryption=true' do
|
470
|
+
include_context 'bypass auto encryption'
|
512
471
|
|
513
|
-
|
514
|
-
|
515
|
-
|
516
|
-
end
|
472
|
+
it 'does not encrypt the command' do
|
473
|
+
expect(result).to be_nil
|
474
|
+
end
|
517
475
|
|
518
|
-
|
476
|
+
it 'still decrypts the response' do
|
477
|
+
# Query using the encrypted ssn value so the find will succeed
|
478
|
+
result = encryption_client['users'].find_one_and_update(
|
479
|
+
{ ssn: encrypted_ssn_binary },
|
480
|
+
{ name: name }
|
481
|
+
)
|
519
482
|
|
520
|
-
|
521
|
-
|
483
|
+
expect(result['ssn']).to eq(ssn)
|
484
|
+
end
|
485
|
+
end
|
486
|
+
end
|
522
487
|
|
523
|
-
|
524
|
-
include_context 'with AWS kms_providers'
|
525
|
-
it_behaves_like 'it obeys bypass_auto_encryption option'
|
488
|
+
it_behaves_like 'an encrypted command'
|
526
489
|
end
|
527
490
|
|
528
|
-
|
529
|
-
|
530
|
-
|
531
|
-
end
|
491
|
+
describe '#insert_one' do
|
492
|
+
let(:query) { { ssn: ssn } }
|
493
|
+
let(:result) { encryption_client['users'].insert_one(query) }
|
532
494
|
|
533
|
-
|
534
|
-
|
535
|
-
|
536
|
-
|
495
|
+
shared_examples 'it performs an encrypted command' do
|
496
|
+
it 'encrypts the ssn field' do
|
497
|
+
expect(result).to be_ok
|
498
|
+
expect(result.inserted_ids.length).to eq(1)
|
537
499
|
|
538
|
-
|
539
|
-
include_context 'with KMIP kms_providers'
|
540
|
-
it_behaves_like 'it obeys bypass_auto_encryption option'
|
541
|
-
end
|
500
|
+
id = result.inserted_ids.first
|
542
501
|
|
502
|
+
document = client['users'].find(_id: id).first
|
503
|
+
document.should_not be_nil
|
504
|
+
expect(document['ssn']).to eq(encrypted_ssn_binary)
|
505
|
+
end
|
506
|
+
end
|
543
507
|
|
544
|
-
|
545
|
-
|
546
|
-
it_behaves_like 'it obeys bypass_auto_encryption option'
|
547
|
-
end
|
548
|
-
end
|
508
|
+
shared_examples 'it obeys bypass_auto_encryption option' do
|
509
|
+
include_context 'bypass auto encryption'
|
549
510
|
|
550
|
-
|
551
|
-
|
511
|
+
it 'does not encrypt the command' do
|
512
|
+
result = encryption_client['users'].insert_one(ssn: ssn)
|
513
|
+
expect(result).to be_ok
|
514
|
+
expect(result.inserted_ids.length).to eq(1)
|
552
515
|
|
553
|
-
|
516
|
+
id = result.inserted_ids.first
|
554
517
|
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
end
|
518
|
+
document = client['users'].find(_id: id).first
|
519
|
+
expect(document['ssn']).to eq(ssn)
|
520
|
+
end
|
521
|
+
end
|
559
522
|
|
560
|
-
|
561
|
-
id = result.inserted_ids.first
|
523
|
+
it_behaves_like 'an encrypted command'
|
562
524
|
|
563
|
-
|
564
|
-
|
565
|
-
|
566
|
-
|
567
|
-
|
568
|
-
|
525
|
+
context 'with jsonSchema in schema_map option' do
|
526
|
+
include_context 'schema map in client options'
|
527
|
+
|
528
|
+
context 'with AWS KMS provider' do
|
529
|
+
include_context 'with AWS kms_providers'
|
530
|
+
it_behaves_like 'it obeys bypass_auto_encryption option'
|
531
|
+
end
|
569
532
|
|
570
|
-
|
571
|
-
|
533
|
+
context 'with Azure KMS provider' do
|
534
|
+
include_context 'with Azure kms_providers'
|
535
|
+
it_behaves_like 'it obeys bypass_auto_encryption option'
|
536
|
+
end
|
572
537
|
|
573
|
-
|
538
|
+
context 'with GCP KMS provider' do
|
539
|
+
include_context 'with GCP kms_providers'
|
540
|
+
it_behaves_like 'it obeys bypass_auto_encryption option'
|
541
|
+
end
|
574
542
|
|
575
|
-
|
576
|
-
|
577
|
-
|
578
|
-
|
579
|
-
expect(result.inserted_ids.length).to eq(1)
|
543
|
+
context 'with KMIP KMS provider' do
|
544
|
+
include_context 'with KMIP kms_providers'
|
545
|
+
it_behaves_like 'it obeys bypass_auto_encryption option'
|
546
|
+
end
|
580
547
|
|
581
|
-
id = result.inserted_ids.first
|
582
548
|
|
583
|
-
|
584
|
-
|
585
|
-
|
586
|
-
|
587
|
-
expect(document['ssn']).to be_ciphertext
|
549
|
+
context 'with local KMS provider and ' do
|
550
|
+
include_context 'with local kms_providers'
|
551
|
+
it_behaves_like 'it obeys bypass_auto_encryption option'
|
552
|
+
end
|
588
553
|
end
|
589
|
-
end
|
590
554
|
|
591
|
-
|
592
|
-
|
593
|
-
it 'encrypts the ssn field' do
|
594
|
-
expect(result).to be_ok
|
595
|
-
expect(result.inserted_ids.length).to eq(1)
|
555
|
+
context 'with schema_map client option pointing to wrong collection' do
|
556
|
+
let(:local_schema) { { 'wrong_db.wrong_coll' => schema_map } }
|
596
557
|
|
597
|
-
|
558
|
+
include_context 'with local kms_providers'
|
598
559
|
|
599
|
-
|
600
|
-
|
601
|
-
|
602
|
-
|
603
|
-
expect(document['ssn']).to be_ciphertext
|
604
|
-
end
|
560
|
+
it 'does not raise an exception but doesn\'t encrypt either' do
|
561
|
+
expect do
|
562
|
+
result
|
563
|
+
end.not_to raise_error
|
605
564
|
|
606
|
-
context 'with GCP KMS provider' do
|
607
|
-
include_context 'with GCP kms_providers and key alt names'
|
608
|
-
it 'encrypts the ssn field' do
|
609
565
|
expect(result).to be_ok
|
610
|
-
expect(result.inserted_ids.length).to eq(1)
|
611
|
-
|
612
566
|
id = result.inserted_ids.first
|
613
567
|
|
614
568
|
document = client['users'].find(_id: id).first
|
615
569
|
document.should_not be_nil
|
616
|
-
#
|
617
|
-
|
618
|
-
expect(document['ssn']).to be_ciphertext
|
570
|
+
# Document was not encrypted
|
571
|
+
expect(document['ssn']).to eq(ssn)
|
619
572
|
end
|
620
573
|
end
|
621
574
|
|
622
|
-
context '
|
623
|
-
include_context '
|
624
|
-
it 'encrypts the ssn field' do
|
625
|
-
expect(result).to be_ok
|
626
|
-
expect(result.inserted_ids.length).to eq(1)
|
575
|
+
context 'encrypting using key alt name' do
|
576
|
+
include_context 'schema map in client options'
|
627
577
|
|
628
|
-
|
578
|
+
let(:query) { { ssn: ssn, altname: key_alt_name } }
|
629
579
|
|
630
|
-
|
631
|
-
|
632
|
-
|
633
|
-
|
634
|
-
|
580
|
+
context 'with AWS KMS provider' do
|
581
|
+
include_context 'with AWS kms_providers and key alt names'
|
582
|
+
it 'encrypts the ssn field' do
|
583
|
+
expect(result).to be_ok
|
584
|
+
expect(result.inserted_ids.length).to eq(1)
|
585
|
+
|
586
|
+
id = result.inserted_ids.first
|
587
|
+
|
588
|
+
document = client['users'].find(_id: id).first
|
589
|
+
document.should_not be_nil
|
590
|
+
# Auto-encryption with key alt names only works with random encryption,
|
591
|
+
# so it will not generate the same result on every test run.
|
592
|
+
expect(document['ssn']).to be_ciphertext
|
593
|
+
end
|
594
|
+
end
|
595
|
+
|
596
|
+
context 'with Azure KMS provider' do
|
597
|
+
include_context 'with Azure kms_providers and key alt names'
|
598
|
+
it 'encrypts the ssn field' do
|
599
|
+
expect(result).to be_ok
|
600
|
+
expect(result.inserted_ids.length).to eq(1)
|
601
|
+
|
602
|
+
id = result.inserted_ids.first
|
603
|
+
|
604
|
+
document = client['users'].find(_id: id).first
|
605
|
+
document.should_not be_nil
|
606
|
+
# Auto-encryption with key alt names only works with random encryption,
|
607
|
+
# so it will not generate the same result on every test run.
|
608
|
+
expect(document['ssn']).to be_ciphertext
|
609
|
+
end
|
610
|
+
|
611
|
+
context 'with GCP KMS provider' do
|
612
|
+
include_context 'with GCP kms_providers and key alt names'
|
613
|
+
it 'encrypts the ssn field' do
|
614
|
+
expect(result).to be_ok
|
615
|
+
expect(result.inserted_ids.length).to eq(1)
|
616
|
+
|
617
|
+
id = result.inserted_ids.first
|
618
|
+
|
619
|
+
document = client['users'].find(_id: id).first
|
620
|
+
document.should_not be_nil
|
621
|
+
# Auto-encryption with key alt names only works with random encryption,
|
622
|
+
# so it will not generate the same result on every test run.
|
623
|
+
expect(document['ssn']).to be_ciphertext
|
624
|
+
end
|
625
|
+
end
|
626
|
+
|
627
|
+
context 'with KMIP KMS provider' do
|
628
|
+
include_context 'with KMIP kms_providers and key alt names'
|
629
|
+
it 'encrypts the ssn field' do
|
630
|
+
expect(result).to be_ok
|
631
|
+
expect(result.inserted_ids.length).to eq(1)
|
632
|
+
|
633
|
+
id = result.inserted_ids.first
|
634
|
+
|
635
|
+
document = client['users'].find(_id: id).first
|
636
|
+
document.should_not be_nil
|
637
|
+
# Auto-encryption with key alt names only works with random encryption,
|
638
|
+
# so it will not generate the same result on every test run.
|
639
|
+
expect(document['ssn']).to be_ciphertext
|
640
|
+
end
|
641
|
+
end
|
635
642
|
end
|
636
|
-
end
|
637
|
-
end
|
638
643
|
|
639
|
-
|
640
|
-
|
641
|
-
|
642
|
-
|
643
|
-
|
644
|
+
context 'with local KMS provider' do
|
645
|
+
include_context 'with local kms_providers and key alt names'
|
646
|
+
it 'encrypts the ssn field' do
|
647
|
+
expect(result).to be_ok
|
648
|
+
expect(result.inserted_ids.length).to eq(1)
|
644
649
|
|
645
|
-
|
650
|
+
id = result.inserted_ids.first
|
646
651
|
|
647
|
-
|
648
|
-
|
649
|
-
|
650
|
-
|
651
|
-
|
652
|
+
document = client['users'].find(_id: id).first
|
653
|
+
document.should_not be_nil
|
654
|
+
# Auto-encryption with key alt names only works with random encryption,
|
655
|
+
# so it will not generate the same result on every test run.
|
656
|
+
expect(document['ssn']).to be_a_kind_of(BSON::Binary)
|
657
|
+
end
|
658
|
+
end
|
652
659
|
end
|
653
660
|
end
|
654
|
-
end
|
655
|
-
end
|
656
661
|
|
657
|
-
|
658
|
-
|
659
|
-
|
662
|
+
describe '#replace_one' do
|
663
|
+
shared_examples 'it performs an encrypted command' do
|
664
|
+
include_context 'encrypted document in collection'
|
660
665
|
|
661
|
-
|
666
|
+
let(:replacement_ssn) { '098-765-4321' }
|
662
667
|
|
663
|
-
|
664
|
-
|
665
|
-
|
666
|
-
|
667
|
-
|
668
|
-
|
668
|
+
let(:result) do
|
669
|
+
encryption_client['users'].replace_one(
|
670
|
+
{ ssn: ssn },
|
671
|
+
{ ssn: replacement_ssn }
|
672
|
+
)
|
673
|
+
end
|
669
674
|
|
670
|
-
|
671
|
-
|
675
|
+
it 'encrypts the ssn field' do
|
676
|
+
expect(result.modified_count).to eq(1)
|
672
677
|
|
673
|
-
|
674
|
-
|
675
|
-
|
678
|
+
find_result = encryption_client['users'].find(ssn: '098-765-4321')
|
679
|
+
expect(find_result.count).to eq(1)
|
680
|
+
end
|
676
681
|
|
677
|
-
|
678
|
-
|
682
|
+
context 'with bypass_auto_encryption=true' do
|
683
|
+
include_context 'bypass auto encryption'
|
679
684
|
|
680
|
-
|
681
|
-
|
685
|
+
it 'does not encrypt the command' do
|
686
|
+
expect(result.modified_count).to eq(0)
|
687
|
+
end
|
688
|
+
end
|
682
689
|
end
|
683
|
-
end
|
684
|
-
end
|
685
690
|
|
686
|
-
|
687
|
-
|
691
|
+
it_behaves_like 'an encrypted command'
|
692
|
+
end
|
688
693
|
|
689
|
-
|
690
|
-
|
691
|
-
|
694
|
+
describe '#update_one' do
|
695
|
+
shared_examples 'it performs an encrypted command' do
|
696
|
+
include_context 'encrypted document in collection'
|
692
697
|
|
693
|
-
|
694
|
-
|
695
|
-
|
698
|
+
let(:result) do
|
699
|
+
encryption_client['users'].replace_one({ ssn: ssn }, { ssn: '098-765-4321' })
|
700
|
+
end
|
696
701
|
|
697
|
-
|
698
|
-
|
702
|
+
it 'encrypts the ssn field' do
|
703
|
+
expect(result.n).to eq(1)
|
699
704
|
|
700
|
-
|
701
|
-
|
702
|
-
|
705
|
+
find_result = encryption_client['users'].find(ssn: '098-765-4321')
|
706
|
+
expect(find_result.count).to eq(1)
|
707
|
+
end
|
703
708
|
|
704
|
-
|
705
|
-
|
709
|
+
context 'with bypass_auto_encryption=true' do
|
710
|
+
include_context 'bypass auto encryption'
|
706
711
|
|
707
|
-
|
708
|
-
|
712
|
+
it 'does not encrypt the command' do
|
713
|
+
expect(result.n).to eq(0)
|
714
|
+
end
|
715
|
+
end
|
709
716
|
end
|
710
|
-
end
|
711
|
-
end
|
712
|
-
|
713
|
-
it_behaves_like 'an encrypted command'
|
714
|
-
end
|
715
717
|
|
716
|
-
|
717
|
-
shared_examples 'it performs an encrypted command' do
|
718
|
-
before do
|
719
|
-
client['users'].insert_one(ssn: encrypted_ssn_binary, age: 25)
|
720
|
-
client['users'].insert_one(ssn: encrypted_ssn_binary, age: 43)
|
718
|
+
it_behaves_like 'an encrypted command'
|
721
719
|
end
|
722
720
|
|
723
|
-
|
724
|
-
|
725
|
-
|
721
|
+
describe '#update_many' do
|
722
|
+
shared_examples 'it performs an encrypted command' do
|
723
|
+
before do
|
724
|
+
client['users'].insert_one(ssn: encrypted_ssn_binary, age: 25)
|
725
|
+
client['users'].insert_one(ssn: encrypted_ssn_binary, age: 43)
|
726
|
+
end
|
727
|
+
|
728
|
+
let(:result) do
|
729
|
+
encryption_client['users'].update_many({ ssn: ssn }, { "$inc" => { :age => 1 } })
|
730
|
+
end
|
726
731
|
|
727
|
-
|
728
|
-
|
732
|
+
it 'encrypts the ssn field' do
|
733
|
+
expect(result.n).to eq(2)
|
729
734
|
|
730
|
-
|
731
|
-
|
732
|
-
|
733
|
-
|
734
|
-
|
735
|
+
updated_documents = encryption_client['users'].find(ssn: ssn)
|
736
|
+
ages = updated_documents.map { |doc| doc['age'] }
|
737
|
+
expect(ages).to include(26)
|
738
|
+
expect(ages).to include(44)
|
739
|
+
end
|
735
740
|
|
736
|
-
|
737
|
-
|
741
|
+
context 'with bypass_auto_encryption=true' do
|
742
|
+
include_context 'bypass auto encryption'
|
738
743
|
|
739
|
-
|
740
|
-
|
744
|
+
it 'does not encrypt the command' do
|
745
|
+
expect(result.n).to eq(0)
|
746
|
+
end
|
747
|
+
end
|
741
748
|
end
|
749
|
+
|
750
|
+
it_behaves_like 'an encrypted command'
|
742
751
|
end
|
743
752
|
end
|
744
|
-
|
745
|
-
it_behaves_like 'an encrypted command'
|
746
753
|
end
|
747
754
|
end
|