Merge branch 'main' into NODE-6492-txn-prose

Author: durran

test/csfle-kms-providers.js renamed to test/csfle-kms-providers.ts

@@ -1,4 +1,4 @@
-'use strict';
+import { type KMSProviders } from './mongodb';
 
 const csfleKMSProviders = {
   aws: {
@@ -22,7 +22,7 @@ const csfleKMSProviders = {
   }
 };
 
-function getCSFLEKMSProviders() {
+export function getCSFLEKMSProviders(): KMSProviders {
   return JSON.parse(JSON.stringify(csfleKMSProviders));
 }
 
@@ -37,10 +37,7 @@ const keys = [
 ];
 
 const isInEnvironment = key => typeof process.env[key] === 'string' && process.env[key].length > 0;
-const missingKeys = keys.filter(key => !isInEnvironment(key)).join(',');
 
-module.exports = {
-  getCSFLEKMSProviders,
-  kmsCredentialsPresent: missingKeys === '',
-  missingKeys
-};
+export const missingKeys = keys.filter(key => !isInEnvironment(key)).join(',');
+
+export const kmsCredentialsPresent = missingKeys === '';

test/integration/change-streams/change_streams.prose.test.ts

@@ -992,7 +992,7 @@ describe('Change Stream prose tests', function () {
     });
 
     it('splits the event into multiple fragments', {
-      metadata: { requires: { topology: '!single', mongodb: '>=7.0.0' } },
+      metadata: { requires: { topology: '!single', mongodb: '>=6.0.9' } },
       test: async function () {
         // Insert into _C_ a document at least 10mb in size, e.g. { "value": "q"*10*1024*1024 }
         await collection.insertOne({ value: 'q'.repeat(10 * 1024 * 1024) });

test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts

@@ -0,0 +1,68 @@
+import { expect } from 'chai';
+
+import { getCSFLEKMSProviders } from '../../csfle-kms-providers';
+import { ClientEncryption, type MongoClient } from '../../mongodb';
+
+const metadata: MongoDBMetadataUI = {
+  requires: {
+    clientSideEncryption: true,
+    mongodb: '>=4.2.0'
+  }
+};
+
+describe('10. KMS TLS Tests', function () {
+  const keyVaultNamespace = 'keyvault.datakeys';
+  const masterKeyBase = {
+    region: 'us-east-1',
+    key: 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0'
+  };
+
+  let client: MongoClient;
+  let clientEncryption: ClientEncryption;
+
+  beforeEach(async function () {
+    client = this.configuration.newClient();
+    await client.connect();
+
+    clientEncryption = new ClientEncryption(client, {
+      keyVaultNamespace,
+      kmsProviders: { aws: getCSFLEKMSProviders().aws },
+      tlsOptions: {
+        aws: {
+          tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+          tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
+        }
+      }
+    });
+  });
+
+  afterEach(async function () {
+    await client.close();
+  });
+
+  it('should fail with an expired certificate', metadata, async function () {
+    const masterKey = { ...masterKeyBase, endpoint: '127.0.0.1:9000' };
+
+    const error = await clientEncryption.createDataKey('aws', { masterKey }).then(
+      () => null,
+      error => error
+    );
+
+    expect(error).to.exist;
+    expect(error, error.stack).to.have.property('cause').that.is.instanceOf(Error);
+    expect(error.cause.message, error.stack).to.include('certificate has expired');
+  });
+
+  it('should fail with an invalid hostname', metadata, async function () {
+    const masterKey = { ...masterKeyBase, endpoint: '127.0.0.1:9001' };
+
+    const error = await clientEncryption.createDataKey('aws', { masterKey }).then(
+      () => null,
+      error => error
+    );
+
+    expect(error).to.exist;
+    expect(error, error.stack).to.have.property('cause').that.is.instanceOf(Error);
+    expect(error.cause.message, error.stack).to.include('does not match certificate');
+  });
+});

test/integration/client-side-encryption/client_side_encryption.prose.test.js

@@ -1351,11 +1351,6 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
     });
   });
 
-  // TODO(NODE-3151): Implement kms prose tests
-  describe('KMS TLS Tests', () => {
-    it.skip('TBD', () => {}).skipReason = 'TODO(NODE-3151): Implement "KMS TLS Tests"';
-  });
-
   /**
    * - Create client encryption no tls
    * - Create client encryption with tls

test/spec/crud/unified/estimatedDocumentCount.json

@@ -249,7 +249,7 @@
           "name": "estimatedDocumentCount",
           "object": "collection0",
           "expectError": {
-            "isError": true
+            "isClientError": true
           }
         }
       ],

test/spec/crud/unified/estimatedDocumentCount.yml

@@ -130,7 +130,7 @@ tests:
       - name: estimatedDocumentCount
         object: *collection0
         expectError:
-          isError: true
+          isClientError: true
     expectEvents:
       - client: *client0
         events:

test/spec/retryable-reads/unified/estimatedDocumentCount.json

@@ -195,7 +195,7 @@
           "object": "collection1",
           "name": "estimatedDocumentCount",
           "expectError": {
-            "isError": true
+            "isClientError": true
           }
         }
       ],
@@ -241,7 +241,7 @@
           "object": "collection0",
           "name": "estimatedDocumentCount",
           "expectError": {
-            "isError": true
+            "isClientError": true
           }
         }
       ],

test/spec/retryable-reads/unified/estimatedDocumentCount.yml

@@ -116,7 +116,7 @@ tests:
         object: *collection1
         name: estimatedDocumentCount
         expectError:
-          isError: true
+          isClientError: true
     expectEvents:
       -
         client: *client1

test/spec/unified-test-format/valid-pass/expectedError-isClientError.json

@@ -0,0 +1,74 @@
+{
+  "description": "expectedError-isClientError",
+  "schemaVersion": "1.3",
+  "runOnRequirements": [
+    {
+      "minServerVersion": "4.0",
+      "topologies": [
+        "single",
+        "replicaset"
+      ]
+    },
+    {
+      "minServerVersion": "4.1.7",
+      "topologies": [
+        "sharded",
+        "load-balanced"
+      ]
+    }
+  ],
+  "createEntities": [
+    {
+      "client": {
+        "id": "client0",
+        "useMultipleMongoses": false
+      }
+    },
+    {
+      "database": {
+        "id": "database0",
+        "client": "client0",
+        "databaseName": "test"
+      }
+    }
+  ],
+  "tests": [
+    {
+      "description": "isClientError considers network errors",
+      "operations": [
+        {
+          "name": "failPoint",
+          "object": "testRunner",
+          "arguments": {
+            "client": "client0",
+            "failPoint": {
+              "configureFailPoint": "failCommand",
+              "mode": {
+                "times": 1
+              },
+              "data": {
+                "failCommands": [
+                  "ping"
+                ],
+                "closeConnection": true
+              }
+            }
+          }
+        },
+        {
+          "name": "runCommand",
+          "object": "database0",
+          "arguments": {
+            "commandName": "ping",
+            "command": {
+              "ping": 1
+            }
+          },
+          "expectError": {
+            "isClientError": true
+          }
+        }
+      ]
+    }
+  ]
+}

test/spec/unified-test-format/valid-pass/expectedError-isClientError.yml

@@ -0,0 +1,39 @@
+description: "expectedError-isClientError"
+
+schemaVersion: "1.3"
+
+runOnRequirements:
+  - minServerVersion: "4.0"
+    topologies: [single, replicaset]
+  - minServerVersion: "4.1.7"
+    topologies: [sharded, load-balanced]
+
+createEntities:
+  - client:
+      id: &client0 client0
+      useMultipleMongoses: false
+  - database:
+      id: &database0 database0
+      client: *client0
+      databaseName: &database0Name test
+
+tests:
+  - description: "isClientError considers network errors"
+    operations:
+      - name: failPoint
+        object: testRunner
+        arguments:
+          client: *client0
+          failPoint:
+            configureFailPoint: failCommand
+            mode: { times: 1 }
+            data:
+                failCommands: [ ping ]
+                closeConnection: true
+      - name: runCommand
+        object: *database0
+        arguments:
+          commandName: ping
+          command: { ping: 1 }
+        expectError:
+          isClientError: true