mongo 2.20.0 → 2.21.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (296) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +40 -1
  3. data/Rakefile +59 -23
  4. data/lib/mongo/address.rb +22 -3
  5. data/lib/mongo/auth/aws/credentials_retriever.rb +70 -17
  6. data/lib/mongo/auth/base.rb +1 -1
  7. data/lib/mongo/bulk_write.rb +35 -2
  8. data/lib/mongo/client.rb +38 -6
  9. data/lib/mongo/client_encryption.rb +6 -3
  10. data/lib/mongo/cluster/reapers/cursor_reaper.rb +6 -1
  11. data/lib/mongo/cluster/sdam_flow.rb +20 -7
  12. data/lib/mongo/cluster.rb +14 -4
  13. data/lib/mongo/collection/helpers.rb +1 -1
  14. data/lib/mongo/collection/view/aggregation/behavior.rb +131 -0
  15. data/lib/mongo/collection/view/aggregation.rb +33 -99
  16. data/lib/mongo/collection/view/builder/aggregation.rb +1 -7
  17. data/lib/mongo/collection/view/change_stream.rb +80 -27
  18. data/lib/mongo/collection/view/iterable.rb +76 -60
  19. data/lib/mongo/collection/view/map_reduce.rb +25 -8
  20. data/lib/mongo/collection/view/readable.rb +79 -30
  21. data/lib/mongo/collection/view/writable.rb +109 -48
  22. data/lib/mongo/collection/view.rb +43 -3
  23. data/lib/mongo/collection.rb +158 -23
  24. data/lib/mongo/config.rb +2 -2
  25. data/lib/mongo/crypt/auto_encrypter.rb +4 -6
  26. data/lib/mongo/crypt/binding.rb +4 -4
  27. data/lib/mongo/crypt/context.rb +20 -14
  28. data/lib/mongo/crypt/encryption_io.rb +56 -26
  29. data/lib/mongo/crypt/explicit_encrypter.rb +49 -20
  30. data/lib/mongo/crypt/explicit_encryption_context.rb +17 -11
  31. data/lib/mongo/crypt/kms/azure/credentials_retriever.rb +22 -6
  32. data/lib/mongo/crypt/kms/gcp/credentials_retriever.rb +29 -4
  33. data/lib/mongo/csot_timeout_holder.rb +119 -0
  34. data/lib/mongo/cursor/kill_spec.rb +5 -2
  35. data/lib/mongo/cursor/nontailable.rb +27 -0
  36. data/lib/mongo/cursor.rb +86 -24
  37. data/lib/mongo/cursor_host.rb +82 -0
  38. data/lib/mongo/database/view.rb +81 -14
  39. data/lib/mongo/database.rb +88 -18
  40. data/lib/mongo/error/operation_failure.rb +209 -204
  41. data/lib/mongo/error/server_timeout_error.rb +12 -0
  42. data/lib/mongo/error/socket_timeout_error.rb +3 -1
  43. data/lib/mongo/error/timeout_error.rb +23 -0
  44. data/lib/mongo/error.rb +2 -0
  45. data/lib/mongo/grid/fs_bucket.rb +45 -12
  46. data/lib/mongo/grid/stream/read.rb +15 -1
  47. data/lib/mongo/grid/stream/write.rb +21 -4
  48. data/lib/mongo/index/view.rb +77 -16
  49. data/lib/mongo/operation/context.rb +40 -2
  50. data/lib/mongo/operation/create_search_indexes/op_msg.rb +2 -2
  51. data/lib/mongo/operation/delete/op_msg.rb +2 -1
  52. data/lib/mongo/operation/drop_search_index/op_msg.rb +2 -2
  53. data/lib/mongo/operation/find/op_msg.rb +45 -0
  54. data/lib/mongo/operation/get_more/op_msg.rb +33 -0
  55. data/lib/mongo/operation/insert/op_msg.rb +3 -2
  56. data/lib/mongo/operation/insert/result.rb +4 -2
  57. data/lib/mongo/operation/list_collections/result.rb +1 -1
  58. data/lib/mongo/operation/map_reduce/result.rb +1 -1
  59. data/lib/mongo/operation/op_msg_base.rb +3 -1
  60. data/lib/mongo/operation/result.rb +26 -5
  61. data/lib/mongo/operation/shared/executable.rb +12 -1
  62. data/lib/mongo/operation/shared/op_msg_executable.rb +4 -1
  63. data/lib/mongo/operation/shared/response_handling.rb +3 -3
  64. data/lib/mongo/operation/shared/sessions_supported.rb +1 -1
  65. data/lib/mongo/operation/shared/timed.rb +52 -0
  66. data/lib/mongo/operation/shared/write.rb +4 -1
  67. data/lib/mongo/operation/update/op_msg.rb +2 -1
  68. data/lib/mongo/operation/update_search_index/op_msg.rb +2 -2
  69. data/lib/mongo/operation.rb +1 -0
  70. data/lib/mongo/protocol/message.rb +1 -4
  71. data/lib/mongo/protocol/msg.rb +2 -2
  72. data/lib/mongo/retryable/base_worker.rb +28 -3
  73. data/lib/mongo/retryable/read_worker.rb +76 -35
  74. data/lib/mongo/retryable/write_worker.rb +53 -22
  75. data/lib/mongo/retryable.rb +8 -2
  76. data/lib/mongo/server/connection.rb +11 -5
  77. data/lib/mongo/server/connection_base.rb +22 -2
  78. data/lib/mongo/server/connection_pool.rb +32 -14
  79. data/lib/mongo/server/description/features.rb +1 -1
  80. data/lib/mongo/server/description.rb +18 -5
  81. data/lib/mongo/server/monitor.rb +7 -4
  82. data/lib/mongo/server/pending_connection.rb +25 -8
  83. data/lib/mongo/server/{round_trip_time_averager.rb → round_trip_time_calculator.rb} +25 -7
  84. data/lib/mongo/server.rb +11 -6
  85. data/lib/mongo/server_selector/base.rb +25 -9
  86. data/lib/mongo/session.rb +78 -9
  87. data/lib/mongo/socket/ssl.rb +131 -18
  88. data/lib/mongo/socket/tcp.rb +40 -6
  89. data/lib/mongo/socket.rb +154 -25
  90. data/lib/mongo/uri/options_mapper.rb +1 -0
  91. data/lib/mongo/version.rb +1 -5
  92. data/lib/mongo.rb +1 -0
  93. data/mongo.gemspec +8 -11
  94. data/spec/atlas/atlas_connectivity_spec.rb +4 -0
  95. data/spec/atlas/operations_spec.rb +4 -0
  96. data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +2 -1
  97. data/spec/integration/client_side_encryption/auto_encryption_spec.rb +494 -487
  98. data/spec/integration/client_side_encryption/on_demand_aws_credentials_spec.rb +1 -1
  99. data/spec/integration/client_side_encryption/range_explicit_encryption_prose_spec.rb +67 -20
  100. data/spec/integration/client_side_operations_timeout/encryption_prose_spec.rb +131 -0
  101. data/spec/integration/connection_pool_populator_spec.rb +2 -0
  102. data/spec/integration/cursor_pinning_spec.rb +15 -60
  103. data/spec/integration/cursor_reaping_spec.rb +1 -1
  104. data/spec/integration/docs_examples_spec.rb +1 -1
  105. data/spec/integration/operation_failure_code_spec.rb +1 -1
  106. data/spec/integration/operation_failure_message_spec.rb +3 -3
  107. data/spec/integration/retryable_errors_spec.rb +2 -2
  108. data/spec/integration/retryable_reads_errors_spec.rb +35 -23
  109. data/spec/integration/sdam_error_handling_spec.rb +4 -1
  110. data/spec/integration/search_indexes_prose_spec.rb +4 -0
  111. data/spec/integration/server_spec.rb +4 -3
  112. data/spec/integration/transactions_api_examples_spec.rb +2 -0
  113. data/spec/kerberos/kerberos_spec.rb +4 -0
  114. data/spec/lite_spec_helper.rb +3 -11
  115. data/spec/mongo/auth/user/view_spec.rb +1 -1
  116. data/spec/mongo/caching_cursor_spec.rb +1 -1
  117. data/spec/mongo/client_encryption_spec.rb +1 -0
  118. data/spec/mongo/client_spec.rb +158 -4
  119. data/spec/mongo/collection/view/aggregation_spec.rb +14 -39
  120. data/spec/mongo/collection/view/change_stream_spec.rb +3 -3
  121. data/spec/mongo/collection_crud_spec.rb +1 -0
  122. data/spec/mongo/collection_spec.rb +5 -6
  123. data/spec/mongo/crypt/auto_encrypter_spec.rb +14 -12
  124. data/spec/mongo/crypt/data_key_context_spec.rb +3 -1
  125. data/spec/mongo/crypt/explicit_encryption_context_spec.rb +2 -2
  126. data/spec/mongo/crypt/handle_spec.rb +1 -1
  127. data/spec/mongo/cursor_spec.rb +26 -9
  128. data/spec/mongo/error/operation_failure_heavy_spec.rb +2 -2
  129. data/spec/mongo/operation/context_spec.rb +79 -0
  130. data/spec/mongo/operation/create/op_msg_spec.rb +106 -110
  131. data/spec/mongo/operation/delete/op_msg_spec.rb +6 -5
  132. data/spec/mongo/operation/find/op_msg_spec.rb +66 -0
  133. data/spec/mongo/operation/get_more/op_msg_spec.rb +65 -0
  134. data/spec/mongo/operation/insert/op_msg_spec.rb +128 -131
  135. data/spec/mongo/operation/shared/csot/examples.rb +113 -0
  136. data/spec/mongo/query_cache_spec.rb +243 -225
  137. data/spec/mongo/retryable_spec.rb +1 -0
  138. data/spec/mongo/server/connection_spec.rb +22 -0
  139. data/spec/mongo/server/round_trip_time_calculator_spec.rb +120 -0
  140. data/spec/mongo/socket/ssl_spec.rb +0 -10
  141. data/spec/runners/change_streams/test.rb +2 -2
  142. data/spec/runners/crud/operation.rb +1 -1
  143. data/spec/runners/crud/verifier.rb +3 -1
  144. data/spec/runners/transactions/operation.rb +4 -6
  145. data/spec/runners/unified/ambiguous_operations.rb +13 -0
  146. data/spec/runners/unified/assertions.rb +4 -0
  147. data/spec/runners/unified/change_stream_operations.rb +14 -24
  148. data/spec/runners/unified/crud_operations.rb +82 -59
  149. data/spec/runners/unified/ddl_operations.rb +38 -7
  150. data/spec/runners/unified/grid_fs_operations.rb +37 -2
  151. data/spec/runners/unified/support_operations.rb +43 -4
  152. data/spec/runners/unified/test.rb +22 -10
  153. data/spec/runners/unified.rb +1 -1
  154. data/spec/solo/clean_exit_spec.rb +2 -0
  155. data/spec/spec_tests/client_side_operations_timeout_spec.rb +15 -0
  156. data/spec/spec_tests/data/change_streams_unified/change-streams-clusterTime.yml +3 -1
  157. data/spec/spec_tests/data/change_streams_unified/change-streams-disambiguatedPaths.yml +3 -1
  158. data/spec/spec_tests/data/change_streams_unified/change-streams-errors.yml +3 -1
  159. data/spec/spec_tests/data/change_streams_unified/change-streams-pre_and_post_images.yml +1 -1
  160. data/spec/spec_tests/data/change_streams_unified/change-streams-resume-allowlist.yml +1 -1
  161. data/spec/spec_tests/data/change_streams_unified/change-streams-resume-errorLabels.yml +1 -1
  162. data/spec/spec_tests/data/change_streams_unified/change-streams-showExpandedEvents.yml +1 -1
  163. data/spec/spec_tests/data/client_side_encryption/badQueries.yml +2 -1
  164. data/spec/spec_tests/data/client_side_encryption/fle2v2-BypassQueryAnalysis.yml +1 -0
  165. data/spec/spec_tests/data/client_side_encryption/fle2v2-Compact.yml +1 -0
  166. data/spec/spec_tests/data/client_side_encryption/fle2v2-CreateCollection.yml +1 -0
  167. data/spec/spec_tests/data/client_side_encryption/fle2v2-DecryptExistingData.yml +1 -0
  168. data/spec/spec_tests/data/client_side_encryption/fle2v2-Delete.yml +1 -0
  169. data/spec/spec_tests/data/client_side_encryption/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml +1 -0
  170. data/spec/spec_tests/data/client_side_encryption/fle2v2-EncryptedFields-vs-jsonSchema.yml +1 -0
  171. data/spec/spec_tests/data/client_side_encryption/fle2v2-EncryptedFieldsMap-defaults.yml +1 -0
  172. data/spec/spec_tests/data/client_side_encryption/fle2v2-FindOneAndUpdate.yml +1 -0
  173. data/spec/spec_tests/data/client_side_encryption/fle2v2-InsertFind-Indexed.yml +1 -0
  174. data/spec/spec_tests/data/client_side_encryption/fle2v2-InsertFind-Unindexed.yml +1 -0
  175. data/spec/spec_tests/data/client_side_encryption/fle2v2-MissingKey.yml +1 -0
  176. data/spec/spec_tests/data/client_side_encryption/fle2v2-NoEncryption.yml +1 -0
  177. data/spec/spec_tests/data/client_side_encryption/fle2v2-Update.yml +1 -0
  178. data/spec/spec_tests/data/client_side_encryption/fle2v2-validatorAndPartialFieldExpression.yml +2 -1
  179. data/spec/spec_tests/data/client_side_encryption/timeoutMS.yml +67 -0
  180. data/spec/spec_tests/data/client_side_operations_timeout/bulkWrite.yml +87 -0
  181. data/spec/spec_tests/data/client_side_operations_timeout/change-streams.yml +358 -0
  182. data/spec/spec_tests/data/client_side_operations_timeout/close-cursors.yml +129 -0
  183. data/spec/spec_tests/data/client_side_operations_timeout/command-execution.yml +250 -0
  184. data/spec/spec_tests/data/client_side_operations_timeout/convenient-transactions.yml +113 -0
  185. data/spec/spec_tests/data/client_side_operations_timeout/cursors.yml +70 -0
  186. data/spec/spec_tests/data/client_side_operations_timeout/deprecated-options.yml +3982 -0
  187. data/spec/spec_tests/data/client_side_operations_timeout/error-transformations.yml +96 -0
  188. data/spec/spec_tests/data/client_side_operations_timeout/global-timeoutMS.yml +3236 -0
  189. data/spec/spec_tests/data/client_side_operations_timeout/gridfs-advanced.yml +207 -0
  190. data/spec/spec_tests/data/client_side_operations_timeout/gridfs-delete.yml +152 -0
  191. data/spec/spec_tests/data/client_side_operations_timeout/gridfs-download.yml +182 -0
  192. data/spec/spec_tests/data/client_side_operations_timeout/gridfs-find.yml +100 -0
  193. data/spec/spec_tests/data/client_side_operations_timeout/gridfs-upload.yml +249 -0
  194. data/spec/spec_tests/data/client_side_operations_timeout/legacy-timeouts.yml +204 -0
  195. data/spec/spec_tests/data/client_side_operations_timeout/non-tailable-cursors.yml +307 -0
  196. data/spec/spec_tests/data/client_side_operations_timeout/override-collection-timeoutMS.yml +1877 -0
  197. data/spec/spec_tests/data/client_side_operations_timeout/override-operation-timeoutMS.yml +1918 -0
  198. data/spec/spec_tests/data/client_side_operations_timeout/retryability-legacy-timeouts.yml +1676 -0
  199. data/spec/spec_tests/data/client_side_operations_timeout/retryability-timeoutMS.yml +2824 -0
  200. data/spec/spec_tests/data/client_side_operations_timeout/sessions-inherit-timeoutMS.yml +168 -0
  201. data/spec/spec_tests/data/client_side_operations_timeout/sessions-override-operation-timeoutMS.yml +171 -0
  202. data/spec/spec_tests/data/client_side_operations_timeout/sessions-override-timeoutMS.yml +168 -0
  203. data/spec/spec_tests/data/client_side_operations_timeout/tailable-awaitData.yml +247 -0
  204. data/spec/spec_tests/data/client_side_operations_timeout/tailable-non-awaitData.yml +181 -0
  205. data/spec/spec_tests/data/crud_unified/aggregate-write-readPreference.yml +6 -0
  206. data/spec/spec_tests/data/crud_unified/db-aggregate-write-readPreference.yml +6 -0
  207. data/spec/spec_tests/data/crud_unified/find-test-all-options.yml +29 -0
  208. data/spec/spec_tests/server_selection_rtt_spec.rb +6 -6
  209. data/spec/spec_tests/transactions_unified_spec.rb +2 -1
  210. data/spec/support/certificates/atlas-ocsp-ca.crt +89 -79
  211. data/spec/support/certificates/atlas-ocsp.crt +117 -122
  212. data/spec/support/certificates/retrieve-atlas-cert +1 -1
  213. data/spec/support/cluster_tools.rb +3 -3
  214. data/spec/support/common_shortcuts.rb +2 -2
  215. data/spec/support/crypt/encrypted_fields/range-encryptedFields-Date.json +1 -1
  216. data/spec/support/crypt/encrypted_fields/range-encryptedFields-DecimalNoPrecision.json +1 -1
  217. data/spec/support/crypt/encrypted_fields/range-encryptedFields-DecimalPrecision.json +1 -1
  218. data/spec/support/crypt/encrypted_fields/range-encryptedFields-DoubleNoPrecision.json +1 -1
  219. data/spec/support/crypt/encrypted_fields/range-encryptedFields-DoublePrecision.json +1 -1
  220. data/spec/support/crypt/encrypted_fields/range-encryptedFields-Int.json +1 -1
  221. data/spec/support/crypt/encrypted_fields/range-encryptedFields-Long.json +1 -1
  222. data/spec/support/shared/session.rb +2 -2
  223. data/spec/support/spec_setup.rb +2 -2
  224. data/spec/support/utils.rb +3 -1
  225. metadata +88 -173
  226. checksums.yaml.gz.sig +0 -0
  227. data/spec/mongo/server/round_trip_time_averager_spec.rb +0 -48
  228. data/spec/shared/LICENSE +0 -20
  229. data/spec/shared/bin/get-mongodb-download-url +0 -17
  230. data/spec/shared/bin/s3-copy +0 -45
  231. data/spec/shared/bin/s3-upload +0 -69
  232. data/spec/shared/lib/mrss/child_process_helper.rb +0 -80
  233. data/spec/shared/lib/mrss/cluster_config.rb +0 -231
  234. data/spec/shared/lib/mrss/constraints.rb +0 -378
  235. data/spec/shared/lib/mrss/docker_runner.rb +0 -298
  236. data/spec/shared/lib/mrss/eg_config_utils.rb +0 -51
  237. data/spec/shared/lib/mrss/event_subscriber.rb +0 -210
  238. data/spec/shared/lib/mrss/lite_constraints.rb +0 -238
  239. data/spec/shared/lib/mrss/server_version_registry.rb +0 -113
  240. data/spec/shared/lib/mrss/session_registry.rb +0 -69
  241. data/spec/shared/lib/mrss/session_registry_legacy.rb +0 -60
  242. data/spec/shared/lib/mrss/spec_organizer.rb +0 -179
  243. data/spec/shared/lib/mrss/utils.rb +0 -37
  244. data/spec/shared/share/Dockerfile.erb +0 -281
  245. data/spec/shared/share/haproxy-1.conf +0 -16
  246. data/spec/shared/share/haproxy-2.conf +0 -17
  247. data/spec/shared/shlib/config.sh +0 -27
  248. data/spec/shared/shlib/distro.sh +0 -74
  249. data/spec/shared/shlib/server.sh +0 -417
  250. data/spec/shared/shlib/set_env.sh +0 -146
  251. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Aggregate.yml +0 -241
  252. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Correctness.yml +0 -422
  253. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Delete.yml +0 -182
  254. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-FindOneAndUpdate.yml +0 -239
  255. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-InsertFind.yml +0 -235
  256. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Date-Update.yml +0 -252
  257. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Aggregate.yml +0 -1687
  258. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Correctness.yml +0 -293
  259. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Delete.yml +0 -905
  260. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-FindOneAndUpdate.yml +0 -1684
  261. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-InsertFind.yml +0 -1680
  262. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Decimal-Update.yml +0 -1697
  263. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Aggregate.yml +0 -329
  264. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Correctness.yml +0 -424
  265. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Delete.yml +0 -226
  266. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.yml +0 -327
  267. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-InsertFind.yml +0 -319
  268. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DecimalPrecision-Update.yml +0 -336
  269. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Aggregate.yml +0 -913
  270. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Correctness.yml +0 -292
  271. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Delete.yml +0 -518
  272. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-FindOneAndUpdate.yml +0 -911
  273. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-InsertFind.yml +0 -907
  274. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Double-Update.yml +0 -924
  275. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Aggregate.yml +0 -325
  276. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Correctness.yml +0 -424
  277. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Delete.yml +0 -224
  278. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-FindOneAndUpdate.yml +0 -323
  279. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-InsertFind.yml +0 -319
  280. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-DoublePrecision-Update.yml +0 -338
  281. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Aggregate.yml +0 -241
  282. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Correctness.yml +0 -423
  283. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Delete.yml +0 -182
  284. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-FindOneAndUpdate.yml +0 -239
  285. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-InsertFind.yml +0 -235
  286. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Int-Update.yml +0 -254
  287. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Aggregate.yml +0 -241
  288. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Correctness.yml +0 -422
  289. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Delete.yml +0 -182
  290. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-FindOneAndUpdate.yml +0 -239
  291. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-InsertFind.yml +0 -235
  292. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-Long-Update.yml +0 -254
  293. data/spec/spec_tests/data/client_side_encryption/fle2v2-Range-WrongType.yml +0 -43
  294. data/spec/support/faas/app/aws_lambda/mongodb/Gemfile.lock +0 -19
  295. data.tar.gz.sig +0 -0
  296. metadata.gz.sig +0 -3
@@ -30,7 +30,8 @@ describe 'Auto Encryption' do
30
30
  extra_options: extra_options,
31
31
  },
32
32
  database: 'auto_encryption',
33
- max_pool_size: max_pool_size
33
+ max_pool_size: max_pool_size,
34
+ timeout_ms: timeout_ms
34
35
  ),
35
36
  )
36
37
  end
@@ -97,27 +98,84 @@ describe 'Auto Encryption' do
97
98
  end
98
99
 
99
100
  shared_examples 'an encrypted command' do
100
- context 'with AWS KMS provider' do
101
- include_context 'with AWS kms_providers'
101
+ # context 'with AWS KMS provider' do
102
+ # include_context 'with AWS kms_providers'
103
+
104
+ # context 'with validator' do
105
+ # include_context 'jsonSchema validator on collection'
106
+ # it_behaves_like 'it performs an encrypted command'
107
+ # end
108
+
109
+ # context 'with schema map' do
110
+ # include_context 'schema map in client options'
111
+ # it_behaves_like 'it performs an encrypted command'
112
+
113
+ # context 'with limited connection pool' do
114
+ # include_context 'limited connection pool'
115
+ # it_behaves_like 'it performs an encrypted command'
116
+ # end
117
+ # end
118
+ # end
119
+
120
+ # context 'with Azure KMS provider' do
121
+ # include_context 'with Azure kms_providers'
122
+
123
+ # context 'with validator' do
124
+ # include_context 'jsonSchema validator on collection'
125
+ # it_behaves_like 'it performs an encrypted command'
126
+ # end
127
+
128
+ # context 'with schema map' do
129
+ # include_context 'schema map in client options'
130
+ # it_behaves_like 'it performs an encrypted command'
131
+
132
+ # context 'with limited connection pool' do
133
+ # include_context 'limited connection pool'
134
+ # it_behaves_like 'it performs an encrypted command'
135
+ # end
136
+ # end
137
+ # end
138
+
139
+ # context 'with GCP KMS provider' do
140
+ # include_context 'with GCP kms_providers'
141
+
142
+ # context 'with validator' do
143
+ # include_context 'jsonSchema validator on collection'
144
+ # it_behaves_like 'it performs an encrypted command'
145
+ # end
146
+
147
+ # context 'with schema map' do
148
+ # include_context 'schema map in client options'
149
+ # it_behaves_like 'it performs an encrypted command'
150
+
151
+ # context 'with limited connection pool' do
152
+ # include_context 'limited connection pool'
153
+ # it_behaves_like 'it performs an encrypted command'
154
+ # end
155
+ # end
156
+ # end
157
+
158
+ # context 'with KMIP KMS provider' do
159
+ # include_context 'with KMIP kms_providers'
160
+
161
+ # context 'with validator' do
162
+ # include_context 'jsonSchema validator on collection'
163
+ # it_behaves_like 'it performs an encrypted command'
164
+ # end
165
+
166
+ # context 'with schema map' do
167
+ # include_context 'schema map in client options'
168
+ # it_behaves_like 'it performs an encrypted command'
169
+
170
+ # context 'with limited connection pool' do
171
+ # include_context 'limited connection pool'
172
+ # it_behaves_like 'it performs an encrypted command'
173
+ # end
174
+ # end
175
+ # end
102
176
 
103
- context 'with validator' do
104
- include_context 'jsonSchema validator on collection'
105
- it_behaves_like 'it performs an encrypted command'
106
- end
107
-
108
- context 'with schema map' do
109
- include_context 'schema map in client options'
110
- it_behaves_like 'it performs an encrypted command'
111
-
112
- context 'with limited connection pool' do
113
- include_context 'limited connection pool'
114
- it_behaves_like 'it performs an encrypted command'
115
- end
116
- end
117
- end
118
-
119
- context 'with Azure KMS provider' do
120
- include_context 'with Azure kms_providers'
177
+ context 'with local KMS provider' do
178
+ include_context 'with local kms_providers'
121
179
 
122
180
  context 'with validator' do
123
181
  include_context 'jsonSchema validator on collection'
@@ -134,614 +192,563 @@ describe 'Auto Encryption' do
134
192
  end
135
193
  end
136
194
  end
195
+ end
137
196
 
138
- context 'with GCP KMS provider' do
139
- include_context 'with GCP kms_providers'
197
+ [nil, 0].each do |timeout_ms|
198
+ context "with timeout_ms #{timeout_ms}" do
199
+ let(:timeout_ms) { timeout_ms }
140
200
 
141
- context 'with validator' do
142
- include_context 'jsonSchema validator on collection'
143
- it_behaves_like 'it performs an encrypted command'
144
- end
201
+ describe '#aggregate' do
202
+ shared_examples 'it performs an encrypted command' do
203
+ include_context 'encrypted document in collection'
145
204
 
146
- context 'with schema map' do
147
- include_context 'schema map in client options'
148
- it_behaves_like 'it performs an encrypted command'
205
+ let(:result) do
206
+ encryption_client['users'].aggregate([
207
+ { '$match' => { 'ssn' => ssn } }
208
+ ]).first
209
+ end
149
210
 
150
- context 'with limited connection pool' do
151
- include_context 'limited connection pool'
152
- it_behaves_like 'it performs an encrypted command'
153
- end
154
- end
155
- end
211
+ it 'encrypts the command and decrypts the response' do
212
+ result.should_not be_nil
213
+ result['ssn'].should == ssn
214
+ end
156
215
 
157
- context 'with KMIP KMS provider' do
158
- include_context 'with KMIP kms_providers'
216
+ context 'when bypass_auto_encryption=true' do
217
+ include_context 'bypass auto encryption'
159
218
 
160
- context 'with validator' do
161
- include_context 'jsonSchema validator on collection'
162
- it_behaves_like 'it performs an encrypted command'
163
- end
219
+ it 'does not encrypt the command' do
220
+ result.should be_nil
221
+ end
164
222
 
165
- context 'with schema map' do
166
- include_context 'schema map in client options'
167
- it_behaves_like 'it performs an encrypted command'
223
+ it 'does auto decrypt the response' do
224
+ result = encryption_client['users'].aggregate([
225
+ { '$match' => { 'ssn' => encrypted_ssn_binary } }
226
+ ]).first
168
227
 
169
- context 'with limited connection pool' do
170
- include_context 'limited connection pool'
171
- it_behaves_like 'it performs an encrypted command'
228
+ result.should_not be_nil
229
+ result['ssn'].should == ssn
230
+ end
231
+ end
172
232
  end
173
- end
174
- end
175
233
 
176
- context 'with local KMS provider' do
177
- include_context 'with local kms_providers'
178
-
179
- context 'with validator' do
180
- include_context 'jsonSchema validator on collection'
181
- it_behaves_like 'it performs an encrypted command'
234
+ it_behaves_like 'an encrypted command'
182
235
  end
183
236
 
184
- context 'with schema map' do
185
- include_context 'schema map in client options'
186
- it_behaves_like 'it performs an encrypted command'
237
+ describe '#count' do
238
+ shared_examples 'it performs an encrypted command' do
239
+ include_context 'multiple encrypted documents in collection'
187
240
 
188
- context 'with limited connection pool' do
189
- include_context 'limited connection pool'
190
- it_behaves_like 'it performs an encrypted command'
191
- end
192
- end
193
- end
194
- end
241
+ let(:result) { encryption_client['users'].count(ssn: ssn) }
195
242
 
196
- describe '#aggregate' do
197
- shared_examples 'it performs an encrypted command' do
198
- include_context 'encrypted document in collection'
199
-
200
- let(:result) do
201
- encryption_client['users'].aggregate([
202
- { '$match' => { 'ssn' => ssn } }
203
- ]).first
204
- end
205
-
206
- it 'encrypts the command and decrypts the response' do
207
- result.should_not be_nil
208
- result['ssn'].should == ssn
209
- end
243
+ it 'encrypts the command and finds the documents' do
244
+ expect(result).to eq(2)
245
+ end
210
246
 
211
- context 'when bypass_auto_encryption=true' do
212
- include_context 'bypass auto encryption'
247
+ context 'with bypass_auto_encryption=true' do
248
+ include_context 'bypass auto encryption'
213
249
 
214
- it 'does not encrypt the command' do
215
- result.should be_nil
250
+ it 'does not encrypt the command' do
251
+ expect(result).to eq(0)
252
+ end
253
+ end
216
254
  end
217
255
 
218
- it 'does auto decrypt the response' do
219
- result = encryption_client['users'].aggregate([
220
- { '$match' => { 'ssn' => encrypted_ssn_binary } }
221
- ]).first
222
-
223
- result.should_not be_nil
224
- result['ssn'].should == ssn
225
- end
256
+ it_behaves_like 'an encrypted command'
226
257
  end
227
- end
228
-
229
- it_behaves_like 'an encrypted command'
230
- end
231
258
 
232
- describe '#count' do
233
- shared_examples 'it performs an encrypted command' do
234
- include_context 'multiple encrypted documents in collection'
259
+ describe '#distinct' do
260
+ shared_examples 'it performs an encrypted command' do
261
+ include_context 'encrypted document in collection'
235
262
 
236
- let(:result) { encryption_client['users'].count(ssn: ssn) }
263
+ let(:result) { encryption_client['users'].distinct(:ssn) }
237
264
 
238
- it 'encrypts the command and finds the documents' do
239
- expect(result).to eq(2)
240
- end
265
+ it 'decrypts the SSN field' do
266
+ expect(result.length).to eq(1)
267
+ expect(result).to include(ssn)
268
+ end
241
269
 
242
- context 'with bypass_auto_encryption=true' do
243
- include_context 'bypass auto encryption'
270
+ context 'with bypass_auto_encryption=true' do
271
+ include_context 'bypass auto encryption'
244
272
 
245
- it 'does not encrypt the command' do
246
- expect(result).to eq(0)
273
+ it 'still decrypts the SSN field' do
274
+ expect(result.length).to eq(1)
275
+ expect(result).to include(ssn)
276
+ end
277
+ end
247
278
  end
248
- end
249
- end
250
-
251
- it_behaves_like 'an encrypted command'
252
- end
253
279
 
254
- describe '#distinct' do
255
- shared_examples 'it performs an encrypted command' do
256
- include_context 'encrypted document in collection'
257
-
258
- let(:result) { encryption_client['users'].distinct(:ssn) }
259
-
260
- it 'decrypts the SSN field' do
261
- expect(result.length).to eq(1)
262
- expect(result).to include(ssn)
280
+ it_behaves_like 'an encrypted command'
263
281
  end
264
282
 
265
- context 'with bypass_auto_encryption=true' do
266
- include_context 'bypass auto encryption'
267
-
268
- it 'still decrypts the SSN field' do
269
- expect(result.length).to eq(1)
270
- expect(result).to include(ssn)
271
- end
272
- end
273
- end
274
-
275
- it_behaves_like 'an encrypted command'
276
- end
277
-
278
- describe '#delete_one' do
279
- shared_examples 'it performs an encrypted command' do
280
- include_context 'encrypted document in collection'
283
+ describe '#delete_one' do
284
+ shared_examples 'it performs an encrypted command' do
285
+ include_context 'encrypted document in collection'
281
286
 
282
- let(:result) { encryption_client['users'].delete_one(ssn: ssn) }
287
+ let(:result) { encryption_client['users'].delete_one(ssn: ssn) }
283
288
 
284
- it 'encrypts the SSN field' do
285
- expect(result.deleted_count).to eq(1)
286
- end
289
+ it 'encrypts the SSN field' do
290
+ expect(result.deleted_count).to eq(1)
291
+ end
287
292
 
288
- context 'with bypass_auto_encryption=true' do
289
- include_context 'bypass auto encryption'
293
+ context 'with bypass_auto_encryption=true' do
294
+ include_context 'bypass auto encryption'
290
295
 
291
- it 'does not encrypt the SSN field' do
292
- expect(result.deleted_count).to eq(0)
296
+ it 'does not encrypt the SSN field' do
297
+ expect(result.deleted_count).to eq(0)
298
+ end
299
+ end
293
300
  end
294
- end
295
- end
296
301
 
297
- it_behaves_like 'an encrypted command'
298
- end
299
-
300
- describe '#delete_many' do
301
- shared_examples 'it performs an encrypted command' do
302
- include_context 'multiple encrypted documents in collection'
303
-
304
- let(:result) { encryption_client['users'].delete_many(ssn: ssn) }
305
-
306
- it 'decrypts the SSN field' do
307
- expect(result.deleted_count).to eq(2)
302
+ it_behaves_like 'an encrypted command'
308
303
  end
309
304
 
310
- context 'with bypass_auto_encryption=true' do
311
- include_context 'bypass auto encryption'
305
+ describe '#delete_many' do
306
+ shared_examples 'it performs an encrypted command' do
307
+ include_context 'multiple encrypted documents in collection'
312
308
 
313
- it 'does not encrypt the SSN field' do
314
- expect(result.deleted_count).to eq(0)
315
- end
316
- end
317
- end
309
+ let(:result) { encryption_client['users'].delete_many(ssn: ssn) }
318
310
 
319
- it_behaves_like 'an encrypted command'
320
- end
321
-
322
- describe '#find' do
323
- shared_examples 'it performs an encrypted command' do
324
- include_context 'encrypted document in collection'
325
-
326
- let(:result) { encryption_client['users'].find(ssn: ssn).first }
327
-
328
- it 'encrypts the command and decrypts the response' do
329
- result.should_not be_nil
330
- expect(result['ssn']).to eq(ssn)
331
- end
311
+ it 'decrypts the SSN field' do
312
+ expect(result.deleted_count).to eq(2)
313
+ end
332
314
 
333
- context 'when bypass_auto_encryption=true' do
334
- include_context 'bypass auto encryption'
315
+ context 'with bypass_auto_encryption=true' do
316
+ include_context 'bypass auto encryption'
335
317
 
336
- it 'does not encrypt the command' do
337
- expect(result).to be_nil
318
+ it 'does not encrypt the SSN field' do
319
+ expect(result.deleted_count).to eq(0)
320
+ end
321
+ end
338
322
  end
339
- end
340
- end
341
-
342
- it_behaves_like 'an encrypted command'
343
- end
344
-
345
- describe '#find_one_and_delete' do
346
- shared_examples 'it performs an encrypted command' do
347
- include_context 'encrypted document in collection'
348
323
 
349
- let(:result) { encryption_client['users'].find_one_and_delete(ssn: ssn) }
350
-
351
- it 'encrypts the command and decrypts the response' do
352
- expect(result['ssn']).to eq(ssn)
324
+ it_behaves_like 'an encrypted command'
353
325
  end
354
326
 
355
- context 'when bypass_auto_encryption=true' do
356
- include_context 'bypass auto encryption'
357
-
358
- it 'does not encrypt the command' do
359
- expect(result).to be_nil
360
- end
361
-
362
- it 'still decrypts the command' do
363
- result = encryption_client['users'].find_one_and_delete(ssn: encrypted_ssn_binary)
364
- expect(result['ssn']).to eq(ssn)
365
- end
366
- end
367
- end
327
+ describe '#find' do
328
+ shared_examples 'it performs an encrypted command' do
329
+ include_context 'encrypted document in collection'
368
330
 
369
- it_behaves_like 'an encrypted command'
370
- end
331
+ let(:result) { encryption_client['users'].find(ssn: ssn).first }
371
332
 
372
- describe '#find_one_and_replace' do
373
- shared_examples 'it performs an encrypted command' do
374
- let(:name) { 'Alan Turing' }
333
+ it 'encrypts the command and decrypts the response' do
334
+ result.should_not be_nil
335
+ expect(result['ssn']).to eq(ssn)
336
+ end
375
337
 
376
- context 'with :return_document => :before' do
377
- include_context 'encrypted document in collection'
338
+ context 'when bypass_auto_encryption=true' do
339
+ include_context 'bypass auto encryption'
378
340
 
379
- let(:result) do
380
- encryption_client['users'].find_one_and_replace(
381
- { ssn: ssn },
382
- { name: name },
383
- return_document: :before
384
- )
341
+ it 'does not encrypt the command' do
342
+ expect(result).to be_nil
343
+ end
344
+ end
385
345
  end
386
346
 
387
- it 'encrypts the command and decrypts the response, returning original document' do
388
- expect(result['ssn']).to eq(ssn)
389
-
390
- documents = client['users'].find
391
- expect(documents.count).to eq(1)
392
- expect(documents.first['ssn']).to be_nil
393
- end
347
+ it_behaves_like 'an encrypted command'
394
348
  end
395
349
 
396
- context 'with :return_document => :after' do
397
- before do
398
- client['users'].insert_one(name: name)
399
- end
350
+ describe '#find_one_and_delete' do
351
+ shared_examples 'it performs an encrypted command' do
352
+ include_context 'encrypted document in collection'
400
353
 
401
- let(:result) do
402
- encryption_client['users'].find_one_and_replace(
403
- { name: name },
404
- { ssn: ssn },
405
- return_document: :after
406
- )
407
- end
354
+ let(:result) { encryption_client['users'].find_one_and_delete(ssn: ssn) }
408
355
 
409
- it 'encrypts the command and decrypts the response, returning new document' do
410
- expect(result['ssn']).to eq(ssn)
356
+ it 'encrypts the command and decrypts the response' do
357
+ expect(result['ssn']).to eq(ssn)
358
+ end
411
359
 
412
- documents = client['users'].find
413
- expect(documents.count).to eq(1)
414
- expect(documents.first['ssn']).to eq(encrypted_ssn_binary)
415
- end
416
- end
360
+ context 'when bypass_auto_encryption=true' do
361
+ include_context 'bypass auto encryption'
417
362
 
418
- context 'when bypass_auto_encryption=true' do
419
- include_context 'bypass auto encryption'
420
- include_context 'encrypted document in collection'
363
+ it 'does not encrypt the command' do
364
+ expect(result).to be_nil
365
+ end
421
366
 
422
- let(:result) do
423
- encryption_client['users'].find_one_and_replace(
424
- { ssn: encrypted_ssn_binary },
425
- { name: name },
426
- :return_document => :before
427
- )
367
+ it 'still decrypts the command' do
368
+ result = encryption_client['users'].find_one_and_delete(ssn: encrypted_ssn_binary)
369
+ expect(result['ssn']).to eq(ssn)
370
+ end
371
+ end
428
372
  end
429
373
 
430
- it 'does not encrypt the command but still decrypts the response, returning original document' do
431
- expect(result['ssn']).to eq(ssn)
432
-
433
- documents = client['users'].find
434
- expect(documents.count).to eq(1)
435
- expect(documents.first['ssn']).to be_nil
436
- end
374
+ it_behaves_like 'an encrypted command'
437
375
  end
438
- end
439
-
440
- it_behaves_like 'an encrypted command'
441
- end
442
376
 
443
- describe '#find_one_and_update' do
444
- shared_examples 'it performs an encrypted command' do
445
- include_context 'encrypted document in collection'
377
+ describe '#find_one_and_replace' do
378
+ shared_examples 'it performs an encrypted command' do
379
+ let(:name) { 'Alan Turing' }
446
380
 
447
- let(:name) { 'Alan Turing' }
381
+ context 'with :return_document => :before' do
382
+ include_context 'encrypted document in collection'
448
383
 
449
- let(:result) do
450
- encryption_client['users'].find_one_and_update(
451
- { ssn: ssn },
452
- { name: name }
453
- )
454
- end
384
+ let(:result) do
385
+ encryption_client['users'].find_one_and_replace(
386
+ { ssn: ssn },
387
+ { name: name },
388
+ return_document: :before
389
+ )
390
+ end
455
391
 
456
- it 'encrypts the command and decrypts the response' do
457
- expect(result['ssn']).to eq(ssn)
392
+ it 'encrypts the command and decrypts the response, returning original document' do
393
+ expect(result['ssn']).to eq(ssn)
458
394
 
459
- documents = client['users'].find
460
- expect(documents.count).to eq(1)
461
- expect(documents.first['ssn']).to be_nil
462
- end
395
+ documents = client['users'].find
396
+ expect(documents.count).to eq(1)
397
+ expect(documents.first['ssn']).to be_nil
398
+ end
399
+ end
463
400
 
464
- context 'with bypass_auto_encryption=true' do
465
- include_context 'bypass auto encryption'
401
+ context 'with :return_document => :after' do
402
+ before do
403
+ client['users'].insert_one(name: name)
404
+ end
405
+
406
+ let(:result) do
407
+ encryption_client['users'].find_one_and_replace(
408
+ { name: name },
409
+ { ssn: ssn },
410
+ return_document: :after
411
+ )
412
+ end
413
+
414
+ it 'encrypts the command and decrypts the response, returning new document' do
415
+ expect(result['ssn']).to eq(ssn)
416
+
417
+ documents = client['users'].find
418
+ expect(documents.count).to eq(1)
419
+ expect(documents.first['ssn']).to eq(encrypted_ssn_binary)
420
+ end
421
+ end
466
422
 
467
- it 'does not encrypt the command' do
468
- expect(result).to be_nil
423
+ context 'when bypass_auto_encryption=true' do
424
+ include_context 'bypass auto encryption'
425
+ include_context 'encrypted document in collection'
426
+
427
+ let(:result) do
428
+ encryption_client['users'].find_one_and_replace(
429
+ { ssn: encrypted_ssn_binary },
430
+ { name: name },
431
+ :return_document => :before
432
+ )
433
+ end
434
+
435
+ it 'does not encrypt the command but still decrypts the response, returning original document' do
436
+ expect(result['ssn']).to eq(ssn)
437
+
438
+ documents = client['users'].find
439
+ expect(documents.count).to eq(1)
440
+ expect(documents.first['ssn']).to be_nil
441
+ end
442
+ end
469
443
  end
470
444
 
471
- it 'still decrypts the response' do
472
- # Query using the encrypted ssn value so the find will succeed
473
- result = encryption_client['users'].find_one_and_update(
474
- { ssn: encrypted_ssn_binary },
475
- { name: name }
476
- )
477
-
478
- expect(result['ssn']).to eq(ssn)
479
- end
445
+ it_behaves_like 'an encrypted command'
480
446
  end
481
- end
482
-
483
- it_behaves_like 'an encrypted command'
484
- end
485
447
 
486
- describe '#insert_one' do
487
- let(:query) { { ssn: ssn } }
488
- let(:result) { encryption_client['users'].insert_one(query) }
448
+ describe '#find_one_and_update' do
449
+ shared_examples 'it performs an encrypted command' do
450
+ include_context 'encrypted document in collection'
489
451
 
490
- shared_examples 'it performs an encrypted command' do
491
- it 'encrypts the ssn field' do
492
- expect(result).to be_ok
493
- expect(result.inserted_ids.length).to eq(1)
452
+ let(:name) { 'Alan Turing' }
494
453
 
495
- id = result.inserted_ids.first
496
-
497
- document = client['users'].find(_id: id).first
498
- document.should_not be_nil
499
- expect(document['ssn']).to eq(encrypted_ssn_binary)
500
- end
501
- end
454
+ let(:result) do
455
+ encryption_client['users'].find_one_and_update(
456
+ { ssn: ssn },
457
+ { name: name }
458
+ )
459
+ end
502
460
 
503
- shared_examples 'it obeys bypass_auto_encryption option' do
504
- include_context 'bypass auto encryption'
461
+ it 'encrypts the command and decrypts the response' do
462
+ expect(result['ssn']).to eq(ssn)
505
463
 
506
- it 'does not encrypt the command' do
507
- result = encryption_client['users'].insert_one(ssn: ssn)
508
- expect(result).to be_ok
509
- expect(result.inserted_ids.length).to eq(1)
464
+ documents = client['users'].find
465
+ expect(documents.count).to eq(1)
466
+ expect(documents.first['ssn']).to be_nil
467
+ end
510
468
 
511
- id = result.inserted_ids.first
469
+ context 'with bypass_auto_encryption=true' do
470
+ include_context 'bypass auto encryption'
512
471
 
513
- document = client['users'].find(_id: id).first
514
- expect(document['ssn']).to eq(ssn)
515
- end
516
- end
472
+ it 'does not encrypt the command' do
473
+ expect(result).to be_nil
474
+ end
517
475
 
518
- it_behaves_like 'an encrypted command'
476
+ it 'still decrypts the response' do
477
+ # Query using the encrypted ssn value so the find will succeed
478
+ result = encryption_client['users'].find_one_and_update(
479
+ { ssn: encrypted_ssn_binary },
480
+ { name: name }
481
+ )
519
482
 
520
- context 'with jsonSchema in schema_map option' do
521
- include_context 'schema map in client options'
483
+ expect(result['ssn']).to eq(ssn)
484
+ end
485
+ end
486
+ end
522
487
 
523
- context 'with AWS KMS provider' do
524
- include_context 'with AWS kms_providers'
525
- it_behaves_like 'it obeys bypass_auto_encryption option'
488
+ it_behaves_like 'an encrypted command'
526
489
  end
527
490
 
528
- context 'with Azure KMS provider' do
529
- include_context 'with Azure kms_providers'
530
- it_behaves_like 'it obeys bypass_auto_encryption option'
531
- end
491
+ describe '#insert_one' do
492
+ let(:query) { { ssn: ssn } }
493
+ let(:result) { encryption_client['users'].insert_one(query) }
532
494
 
533
- context 'with GCP KMS provider' do
534
- include_context 'with GCP kms_providers'
535
- it_behaves_like 'it obeys bypass_auto_encryption option'
536
- end
495
+ shared_examples 'it performs an encrypted command' do
496
+ it 'encrypts the ssn field' do
497
+ expect(result).to be_ok
498
+ expect(result.inserted_ids.length).to eq(1)
537
499
 
538
- context 'with KMIP KMS provider' do
539
- include_context 'with KMIP kms_providers'
540
- it_behaves_like 'it obeys bypass_auto_encryption option'
541
- end
500
+ id = result.inserted_ids.first
542
501
 
502
+ document = client['users'].find(_id: id).first
503
+ document.should_not be_nil
504
+ expect(document['ssn']).to eq(encrypted_ssn_binary)
505
+ end
506
+ end
543
507
 
544
- context 'with local KMS provider and ' do
545
- include_context 'with local kms_providers'
546
- it_behaves_like 'it obeys bypass_auto_encryption option'
547
- end
548
- end
508
+ shared_examples 'it obeys bypass_auto_encryption option' do
509
+ include_context 'bypass auto encryption'
549
510
 
550
- context 'with schema_map client option pointing to wrong collection' do
551
- let(:local_schema) { { 'wrong_db.wrong_coll' => schema_map } }
511
+ it 'does not encrypt the command' do
512
+ result = encryption_client['users'].insert_one(ssn: ssn)
513
+ expect(result).to be_ok
514
+ expect(result.inserted_ids.length).to eq(1)
552
515
 
553
- include_context 'with local kms_providers'
516
+ id = result.inserted_ids.first
554
517
 
555
- it 'does not raise an exception but doesn\'t encrypt either' do
556
- expect do
557
- result
558
- end.not_to raise_error
518
+ document = client['users'].find(_id: id).first
519
+ expect(document['ssn']).to eq(ssn)
520
+ end
521
+ end
559
522
 
560
- expect(result).to be_ok
561
- id = result.inserted_ids.first
523
+ it_behaves_like 'an encrypted command'
562
524
 
563
- document = client['users'].find(_id: id).first
564
- document.should_not be_nil
565
- # Document was not encrypted
566
- expect(document['ssn']).to eq(ssn)
567
- end
568
- end
525
+ context 'with jsonSchema in schema_map option' do
526
+ include_context 'schema map in client options'
527
+
528
+ context 'with AWS KMS provider' do
529
+ include_context 'with AWS kms_providers'
530
+ it_behaves_like 'it obeys bypass_auto_encryption option'
531
+ end
569
532
 
570
- context 'encrypting using key alt name' do
571
- include_context 'schema map in client options'
533
+ context 'with Azure KMS provider' do
534
+ include_context 'with Azure kms_providers'
535
+ it_behaves_like 'it obeys bypass_auto_encryption option'
536
+ end
572
537
 
573
- let(:query) { { ssn: ssn, altname: key_alt_name } }
538
+ context 'with GCP KMS provider' do
539
+ include_context 'with GCP kms_providers'
540
+ it_behaves_like 'it obeys bypass_auto_encryption option'
541
+ end
574
542
 
575
- context 'with AWS KMS provider' do
576
- include_context 'with AWS kms_providers and key alt names'
577
- it 'encrypts the ssn field' do
578
- expect(result).to be_ok
579
- expect(result.inserted_ids.length).to eq(1)
543
+ context 'with KMIP KMS provider' do
544
+ include_context 'with KMIP kms_providers'
545
+ it_behaves_like 'it obeys bypass_auto_encryption option'
546
+ end
580
547
 
581
- id = result.inserted_ids.first
582
548
 
583
- document = client['users'].find(_id: id).first
584
- document.should_not be_nil
585
- # Auto-encryption with key alt names only works with random encryption,
586
- # so it will not generate the same result on every test run.
587
- expect(document['ssn']).to be_ciphertext
549
+ context 'with local KMS provider and ' do
550
+ include_context 'with local kms_providers'
551
+ it_behaves_like 'it obeys bypass_auto_encryption option'
552
+ end
588
553
  end
589
- end
590
554
 
591
- context 'with Azure KMS provider' do
592
- include_context 'with Azure kms_providers and key alt names'
593
- it 'encrypts the ssn field' do
594
- expect(result).to be_ok
595
- expect(result.inserted_ids.length).to eq(1)
555
+ context 'with schema_map client option pointing to wrong collection' do
556
+ let(:local_schema) { { 'wrong_db.wrong_coll' => schema_map } }
596
557
 
597
- id = result.inserted_ids.first
558
+ include_context 'with local kms_providers'
598
559
 
599
- document = client['users'].find(_id: id).first
600
- document.should_not be_nil
601
- # Auto-encryption with key alt names only works with random encryption,
602
- # so it will not generate the same result on every test run.
603
- expect(document['ssn']).to be_ciphertext
604
- end
560
+ it 'does not raise an exception but doesn\'t encrypt either' do
561
+ expect do
562
+ result
563
+ end.not_to raise_error
605
564
 
606
- context 'with GCP KMS provider' do
607
- include_context 'with GCP kms_providers and key alt names'
608
- it 'encrypts the ssn field' do
609
565
  expect(result).to be_ok
610
- expect(result.inserted_ids.length).to eq(1)
611
-
612
566
  id = result.inserted_ids.first
613
567
 
614
568
  document = client['users'].find(_id: id).first
615
569
  document.should_not be_nil
616
- # Auto-encryption with key alt names only works with random encryption,
617
- # so it will not generate the same result on every test run.
618
- expect(document['ssn']).to be_ciphertext
570
+ # Document was not encrypted
571
+ expect(document['ssn']).to eq(ssn)
619
572
  end
620
573
  end
621
574
 
622
- context 'with KMIP KMS provider' do
623
- include_context 'with KMIP kms_providers and key alt names'
624
- it 'encrypts the ssn field' do
625
- expect(result).to be_ok
626
- expect(result.inserted_ids.length).to eq(1)
575
+ context 'encrypting using key alt name' do
576
+ include_context 'schema map in client options'
627
577
 
628
- id = result.inserted_ids.first
578
+ let(:query) { { ssn: ssn, altname: key_alt_name } }
629
579
 
630
- document = client['users'].find(_id: id).first
631
- document.should_not be_nil
632
- # Auto-encryption with key alt names only works with random encryption,
633
- # so it will not generate the same result on every test run.
634
- expect(document['ssn']).to be_ciphertext
580
+ context 'with AWS KMS provider' do
581
+ include_context 'with AWS kms_providers and key alt names'
582
+ it 'encrypts the ssn field' do
583
+ expect(result).to be_ok
584
+ expect(result.inserted_ids.length).to eq(1)
585
+
586
+ id = result.inserted_ids.first
587
+
588
+ document = client['users'].find(_id: id).first
589
+ document.should_not be_nil
590
+ # Auto-encryption with key alt names only works with random encryption,
591
+ # so it will not generate the same result on every test run.
592
+ expect(document['ssn']).to be_ciphertext
593
+ end
594
+ end
595
+
596
+ context 'with Azure KMS provider' do
597
+ include_context 'with Azure kms_providers and key alt names'
598
+ it 'encrypts the ssn field' do
599
+ expect(result).to be_ok
600
+ expect(result.inserted_ids.length).to eq(1)
601
+
602
+ id = result.inserted_ids.first
603
+
604
+ document = client['users'].find(_id: id).first
605
+ document.should_not be_nil
606
+ # Auto-encryption with key alt names only works with random encryption,
607
+ # so it will not generate the same result on every test run.
608
+ expect(document['ssn']).to be_ciphertext
609
+ end
610
+
611
+ context 'with GCP KMS provider' do
612
+ include_context 'with GCP kms_providers and key alt names'
613
+ it 'encrypts the ssn field' do
614
+ expect(result).to be_ok
615
+ expect(result.inserted_ids.length).to eq(1)
616
+
617
+ id = result.inserted_ids.first
618
+
619
+ document = client['users'].find(_id: id).first
620
+ document.should_not be_nil
621
+ # Auto-encryption with key alt names only works with random encryption,
622
+ # so it will not generate the same result on every test run.
623
+ expect(document['ssn']).to be_ciphertext
624
+ end
625
+ end
626
+
627
+ context 'with KMIP KMS provider' do
628
+ include_context 'with KMIP kms_providers and key alt names'
629
+ it 'encrypts the ssn field' do
630
+ expect(result).to be_ok
631
+ expect(result.inserted_ids.length).to eq(1)
632
+
633
+ id = result.inserted_ids.first
634
+
635
+ document = client['users'].find(_id: id).first
636
+ document.should_not be_nil
637
+ # Auto-encryption with key alt names only works with random encryption,
638
+ # so it will not generate the same result on every test run.
639
+ expect(document['ssn']).to be_ciphertext
640
+ end
641
+ end
635
642
  end
636
- end
637
- end
638
643
 
639
- context 'with local KMS provider' do
640
- include_context 'with local kms_providers and key alt names'
641
- it 'encrypts the ssn field' do
642
- expect(result).to be_ok
643
- expect(result.inserted_ids.length).to eq(1)
644
+ context 'with local KMS provider' do
645
+ include_context 'with local kms_providers and key alt names'
646
+ it 'encrypts the ssn field' do
647
+ expect(result).to be_ok
648
+ expect(result.inserted_ids.length).to eq(1)
644
649
 
645
- id = result.inserted_ids.first
650
+ id = result.inserted_ids.first
646
651
 
647
- document = client['users'].find(_id: id).first
648
- document.should_not be_nil
649
- # Auto-encryption with key alt names only works with random encryption,
650
- # so it will not generate the same result on every test run.
651
- expect(document['ssn']).to be_a_kind_of(BSON::Binary)
652
+ document = client['users'].find(_id: id).first
653
+ document.should_not be_nil
654
+ # Auto-encryption with key alt names only works with random encryption,
655
+ # so it will not generate the same result on every test run.
656
+ expect(document['ssn']).to be_a_kind_of(BSON::Binary)
657
+ end
658
+ end
652
659
  end
653
660
  end
654
- end
655
- end
656
661
 
657
- describe '#replace_one' do
658
- shared_examples 'it performs an encrypted command' do
659
- include_context 'encrypted document in collection'
662
+ describe '#replace_one' do
663
+ shared_examples 'it performs an encrypted command' do
664
+ include_context 'encrypted document in collection'
660
665
 
661
- let(:replacement_ssn) { '098-765-4321' }
666
+ let(:replacement_ssn) { '098-765-4321' }
662
667
 
663
- let(:result) do
664
- encryption_client['users'].replace_one(
665
- { ssn: ssn },
666
- { ssn: replacement_ssn }
667
- )
668
- end
668
+ let(:result) do
669
+ encryption_client['users'].replace_one(
670
+ { ssn: ssn },
671
+ { ssn: replacement_ssn }
672
+ )
673
+ end
669
674
 
670
- it 'encrypts the ssn field' do
671
- expect(result.modified_count).to eq(1)
675
+ it 'encrypts the ssn field' do
676
+ expect(result.modified_count).to eq(1)
672
677
 
673
- find_result = encryption_client['users'].find(ssn: '098-765-4321')
674
- expect(find_result.count).to eq(1)
675
- end
678
+ find_result = encryption_client['users'].find(ssn: '098-765-4321')
679
+ expect(find_result.count).to eq(1)
680
+ end
676
681
 
677
- context 'with bypass_auto_encryption=true' do
678
- include_context 'bypass auto encryption'
682
+ context 'with bypass_auto_encryption=true' do
683
+ include_context 'bypass auto encryption'
679
684
 
680
- it 'does not encrypt the command' do
681
- expect(result.modified_count).to eq(0)
685
+ it 'does not encrypt the command' do
686
+ expect(result.modified_count).to eq(0)
687
+ end
688
+ end
682
689
  end
683
- end
684
- end
685
690
 
686
- it_behaves_like 'an encrypted command'
687
- end
691
+ it_behaves_like 'an encrypted command'
692
+ end
688
693
 
689
- describe '#update_one' do
690
- shared_examples 'it performs an encrypted command' do
691
- include_context 'encrypted document in collection'
694
+ describe '#update_one' do
695
+ shared_examples 'it performs an encrypted command' do
696
+ include_context 'encrypted document in collection'
692
697
 
693
- let(:result) do
694
- encryption_client['users'].replace_one({ ssn: ssn }, { ssn: '098-765-4321' })
695
- end
698
+ let(:result) do
699
+ encryption_client['users'].replace_one({ ssn: ssn }, { ssn: '098-765-4321' })
700
+ end
696
701
 
697
- it 'encrypts the ssn field' do
698
- expect(result.n).to eq(1)
702
+ it 'encrypts the ssn field' do
703
+ expect(result.n).to eq(1)
699
704
 
700
- find_result = encryption_client['users'].find(ssn: '098-765-4321')
701
- expect(find_result.count).to eq(1)
702
- end
705
+ find_result = encryption_client['users'].find(ssn: '098-765-4321')
706
+ expect(find_result.count).to eq(1)
707
+ end
703
708
 
704
- context 'with bypass_auto_encryption=true' do
705
- include_context 'bypass auto encryption'
709
+ context 'with bypass_auto_encryption=true' do
710
+ include_context 'bypass auto encryption'
706
711
 
707
- it 'does not encrypt the command' do
708
- expect(result.n).to eq(0)
712
+ it 'does not encrypt the command' do
713
+ expect(result.n).to eq(0)
714
+ end
715
+ end
709
716
  end
710
- end
711
- end
712
-
713
- it_behaves_like 'an encrypted command'
714
- end
715
717
 
716
- describe '#update_many' do
717
- shared_examples 'it performs an encrypted command' do
718
- before do
719
- client['users'].insert_one(ssn: encrypted_ssn_binary, age: 25)
720
- client['users'].insert_one(ssn: encrypted_ssn_binary, age: 43)
718
+ it_behaves_like 'an encrypted command'
721
719
  end
722
720
 
723
- let(:result) do
724
- encryption_client['users'].update_many({ ssn: ssn }, { "$inc" => { :age => 1 } })
725
- end
721
+ describe '#update_many' do
722
+ shared_examples 'it performs an encrypted command' do
723
+ before do
724
+ client['users'].insert_one(ssn: encrypted_ssn_binary, age: 25)
725
+ client['users'].insert_one(ssn: encrypted_ssn_binary, age: 43)
726
+ end
727
+
728
+ let(:result) do
729
+ encryption_client['users'].update_many({ ssn: ssn }, { "$inc" => { :age => 1 } })
730
+ end
726
731
 
727
- it 'encrypts the ssn field' do
728
- expect(result.n).to eq(2)
732
+ it 'encrypts the ssn field' do
733
+ expect(result.n).to eq(2)
729
734
 
730
- updated_documents = encryption_client['users'].find(ssn: ssn)
731
- ages = updated_documents.map { |doc| doc['age'] }
732
- expect(ages).to include(26)
733
- expect(ages).to include(44)
734
- end
735
+ updated_documents = encryption_client['users'].find(ssn: ssn)
736
+ ages = updated_documents.map { |doc| doc['age'] }
737
+ expect(ages).to include(26)
738
+ expect(ages).to include(44)
739
+ end
735
740
 
736
- context 'with bypass_auto_encryption=true' do
737
- include_context 'bypass auto encryption'
741
+ context 'with bypass_auto_encryption=true' do
742
+ include_context 'bypass auto encryption'
738
743
 
739
- it 'does not encrypt the command' do
740
- expect(result.n).to eq(0)
744
+ it 'does not encrypt the command' do
745
+ expect(result.n).to eq(0)
746
+ end
747
+ end
741
748
  end
749
+
750
+ it_behaves_like 'an encrypted command'
742
751
  end
743
752
  end
744
-
745
- it_behaves_like 'an encrypted command'
746
753
  end
747
754
  end