mongodb · DmitryLukyanov · Nov 28, 2022 · Nov 23, 2022 · Nov 23, 2022 · Nov 25, 2022
diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml
@@ -2063,22 +2063,22 @@ buildvariants:
     - name: test-gssapi-netstandard21
 
 - matrix_name: "csfle-with-mocked-kms-tests-windows"
-  matrix_spec: { os: "windows-64", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
+  matrix_spec: { os: "windows-64", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["replicaset"] }
   display_name: "CSFLE Mocked KMS ${version} ${os}"
   tasks:
     - name: test-csfle-with-mocked-kms-tls-net472
     - name: test-csfle-with-mocked-kms-tls-netstandard20
     - name: test-csfle-with-mocked-kms-tls-netstandard21
 
 - matrix_name: "csfle-with-mocked-kms-tests-linux"
-  matrix_spec: { os: "ubuntu-1804", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
+  matrix_spec: { os: "ubuntu-1804", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["replicaset"] }
   display_name: "CSFLE Mocked KMS ${version} ${os}"
   tasks:
     - name: test-csfle-with-mocked-kms-tls-netstandard20
     - name: test-csfle-with-mocked-kms-tls-netstandard21
 
 - matrix_name: "csfle-with-mocked-kms-tests-macOS"
-  matrix_spec: { os: [ "macos-1100", "macos-1100-arm64" ], ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
+  matrix_spec: { os: [ "macos-1100", "macos-1100-arm64" ], ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["replicaset"] }
   display_name: "CSFLE Mocked KMS ${version} ${os}"
   tasks:
     - name: test-csfle-with-mocked-kms-tls-netstandard21

diff --git a/src/MongoDB.Driver/Encryption/AutoEncryptionOptions.cs b/src/MongoDB.Driver/Encryption/AutoEncryptionOptions.cs
@@ -77,7 +77,7 @@ public AutoEncryptionOptions(
             _tlsOptions = tlsOptions.WithDefault(new Dictionary<string, SslSettings>());
             _encryptedFieldsMap = encryptedFieldsMap.WithDefault(null);
 
-            EncryptionExtraOptionsValidator.EnsureThatExtraOptionsAreValid(_extraOptions);
+            EncryptionExtraOptionsHelper.EnsureThatExtraOptionsAreValid(_extraOptions);
             KmsProvidersHelper.EnsureKmsProvidersAreValid(_kmsProviders);
             KmsProvidersHelper.EnsureKmsProvidersTlsSettingsAreValid(_tlsOptions);
             EncryptedCollectionHelper.EnsureCollectionsValid(_schemaMap, _encryptedFieldsMap);
@@ -273,10 +273,10 @@ public override string ToString()
         internal CryptClientSettings ToCryptClientSettings() =>
             new CryptClientSettings(
                 _bypassQueryAnalysis,
-                ExtraOptions.GetValueOrDefault<string, string, object>("cryptSharedLibPath"),
+                EncryptionExtraOptionsHelper.ExtractCryptSharedLibPath(ExtraOptions),
                 cryptSharedLibSearchPath: _bypassAutoEncryption ? null : "$SYSTEM",
                 _encryptedFieldsMap,
-                ExtraOptions.GetValueOrDefault<bool?, string, object>("cryptSharedLibRequired"),
+                EncryptionExtraOptionsHelper.ExtractCryptSharedLibRequired(ExtraOptions),
                 _kmsProviders,
                 _schemaMap);
 

diff --git a/src/MongoDB.Driver/Encryption/MongocryptdFactory.cs b/src/MongoDB.Driver/Encryption/MongocryptdFactory.cs
@@ -20,13 +20,13 @@
 using System.IO;
 using System.Linq;
 using System.Reflection;
+using MongoDB.Driver.Core;
 using MongoDB.Driver.Core.Misc;
 
 namespace MongoDB.Driver.Encryption
 {
-    internal static class EncryptionExtraOptionsValidator
+    internal static class EncryptionExtraOptionsHelper
     {
-        #region static
         private static readonly Dictionary<string, Type[]> __supportedExtraOptions = new Dictionary<string, Type[]>
         {
             { "cryptSharedLibPath", new [] { typeof(string) } },
@@ -36,7 +36,6 @@ internal static class EncryptionExtraOptionsValidator
             { "mongocryptdSpawnPath", new [] { typeof(string) } },
             { "mongocryptdSpawnArgs", new [] { typeof(string), typeof(IEnumerable<string>) } }
         };
-        #endregion
 
         public static void EnsureThatExtraOptionsAreValid(IReadOnlyDictionary<string, object> extraOptions)
         {
@@ -63,6 +62,13 @@ public static void EnsureThatExtraOptionsAreValid(IReadOnlyDictionary<string, ob
                 }
             }
         }
+
+        public static string ExtractCryptSharedLibPath(IReadOnlyDictionary<string, object> dict) =>
+            dict.GetValueOrDefault<string, string, object>("cryptSharedLibPath");
+
+        public static bool? ExtractCryptSharedLibRequired(IReadOnlyDictionary<string, object> dict) =>
+            dict.GetValueOrDefault<bool?, string, object>("cryptSharedLibRequired");
+
     }
 
     internal class MongocryptdFactory

diff --git a/...ver.Tests/Specifications/client-side-encryption/prose-tests/ClientEncryptionProseTests.cs b/...ver.Tests/Specifications/client-side-encryption/prose-tests/ClientEncryptionProseTests.cs
@@ -16,6 +16,7 @@
 using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
+using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -34,7 +35,6 @@
 using MongoDB.Driver.Core.Authentication.External;
 using MongoDB.Driver.Core.Bindings;
 using MongoDB.Driver.Core.Clusters;
-using MongoDB.Driver.Core.Configuration;
 using MongoDB.Driver.Core.Events;
 using MongoDB.Driver.Core.Misc;
 using MongoDB.Driver.Core.Operations;
@@ -271,36 +271,28 @@ public void BypassSpawningMongocryptdViaMongocryptdBypassSpawnTest(
                 kmsProviderFilter: "local",
                 extraOptions: extraOptions))
             {
-                var datakeys = GetCollection(client, __keyVaultCollectionNamespace);
-                var externalKey = JsonFileReader.Instance.Documents["external.external-key.json"];
-                Insert(datakeys, async, externalKey);
-
                 var coll = GetCollection(clientEncrypted, __collCollectionNamespace);
                 var exception = Record.Exception(() => Insert(coll, async, new BsonDocument("encrypted", "test")));
 
                 AssertInnerEncryptionException<TimeoutException>(exception, "A timeout occurred after 10000ms selecting a server");
             }
         }
 
+        public enum BypassSpawningMongocryptd
+        {
+            BypassAutoEncryption,
+            BypassQueryAnalysis,
+            SharedLibrary
+        }
+
         [SkippableTheory]
         [ParameterAttributeData]
         public void BypassSpawningMongocryptdTest(
-            [Values(false, true)] bool bypassAutoEncryption, // true - BypassAutoEncryption, false - BypassQueryAnalysis
+            [Values(BypassSpawningMongocryptd.BypassQueryAnalysis, BypassSpawningMongocryptd.BypassAutoEncryption, BypassSpawningMongocryptd.SharedLibrary)] BypassSpawningMongocryptd bypassSpawning,
             [Values(false, true)] bool async)
         {
-            RequireServer.Check().Supports(Feature.ClientSideEncryption);
-            RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: false);
-
-            var extraOptions = new Dictionary<string, object>
-            {
-                { "mongocryptdSpawnArgs", new [] { "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021" } },
-            };
-            using (var mongocryptdClient = new DisposableMongoClient(new MongoClient("mongodb://localhost:27021/?serverSelectionTimeoutMS=10000"), CreateLogger<DisposableMongoClient>()))
-            using (var clientEncrypted = ConfigureClientEncrypted(
-                kmsProviderFilter: "local",
-                bypassAutoEncryption: bypassAutoEncryption, // bypass options are mutually exclusive for this test
-                bypassQueryAnalysis: !bypassAutoEncryption,
-                extraOptions: extraOptions))
+            using (var clientEncrypted = EnsureEnvironmentAndConfigureTestClientEncrypted())
+            using (var mongocryptdClient = new DisposableMongoClient(new MongoClient("mongodb://localhost:27021/?serverSelectionTimeoutMS=1000"), CreateLogger<DisposableMongoClient>()))
             {
                 var coll = GetCollection(clientEncrypted, __collCollectionNamespace);
                 Insert(coll, async, new BsonDocument("unencrypted", "test"));
@@ -310,7 +302,43 @@ public void BypassSpawningMongocryptdTest(
                 var exception = Record.Exception(() => adminDatabase.RunCommand<BsonDocument>(legacyHelloCommand));
 
                 exception.Should().BeOfType<TimeoutException>();
-                exception.Message.Should().Contain("A timeout occurred after 10000ms selecting a server");
+                exception.Message.Should().Contain("A timeout occurred after 1000ms selecting a server").And.Contain("localhost:27021");
+            }
+
+            DisposableMongoClient EnsureEnvironmentAndConfigureTestClientEncrypted()
+            {
+                var extraOptions = new Dictionary<string, object>
+                {
+                    { "mongocryptdSpawnArgs", new [] { "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021" } },
+                };
+                var kmsProvider = "local";
+                switch (bypassSpawning)
+                {
+                    case BypassSpawningMongocryptd.BypassAutoEncryption:
+                        RequireServer.Check().Supports(Feature.ClientSideEncryption);
+                        RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: false);
+                        return ConfigureClientEncrypted(kmsProviderFilter: kmsProvider, bypassAutoEncryption: true, extraOptions: extraOptions);
+                    case BypassSpawningMongocryptd.BypassQueryAnalysis:
+                        RequireServer.Check().Supports(Feature.ClientSideEncryption);
+                        RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: false);
+                        return ConfigureClientEncrypted(kmsProviderFilter: kmsProvider, bypassQueryAnalysis: true, extraOptions: extraOptions);
+                    case BypassSpawningMongocryptd.SharedLibrary:
+                        {
+                            RequireServer.Check().Supports(Feature.Csfle2).ClusterTypes(ClusterType.ReplicaSet, ClusterType.Sharded, ClusterType.LoadBalanced);
+                            RequireEnvironment.Check().EnvironmentVariable("CRYPT_SHARED_LIB_PATH", isDefined: true, allowEmpty: false);
+                            var clientEncryptedSchema = new BsonDocument("db.coll", JsonFileReader.Instance.Documents["external.external-schema.json"]);
+                            var cryptSharedPath = CoreTestConfiguration.GetCryptSharedLibPath();
+                            Ensure.That(File.Exists(cryptSharedPath), $"Shared library path {cryptSharedPath} is not valid.");
+                            var effectiveExtraOptions = new Dictionary<string, object>(extraOptions)
+                            {
+                                { "mongocryptdURI", "mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000" },
+                                { "cryptSharedLibPath", cryptSharedPath },
+                                { "cryptSharedRequired", true }
+                            };
+                            return ConfigureClientEncrypted(kmsProviderFilter: kmsProvider, schemaMap: clientEncryptedSchema, extraOptions: effectiveExtraOptions);
+                        }
+                    default: throw new Exception($"Invalid bypass mongocryptd {bypassSpawning} option.");
+                }
             }
         }