.evergreen/init-nvm.sh

@@ -0,0 +1,13 @@
+#! /usr/bin/env bash
+
+export PATH="/opt/mongodbtoolchain/v2/bin:$PATH"
+
+NODE_ARTIFACTS_PATH="${PROJECT_DIRECTORY}/node-artifacts"
+if [[ "$OS" == "Windows_NT" ]]; then
+  NODE_ARTIFACTS_PATH=$(cygpath --unix "$NODE_ARTIFACTS_PATH")
+fi
+
+export PATH="$NODE_ARTIFACTS_PATH/npm_global/bin:$NODE_ARTIFACTS_PATH/nodejs/bin:$PATH"
+hash -r
+
+export NODE_OPTIONS="--trace-deprecation --trace-warnings"

.evergreen/install-dependencies.sh

@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+set -o errexit  # Exit the script with error if any of the commands fail
+
+NODE_LTS_NAME=${NODE_LTS_NAME:-fermium}
+NODE_ARTIFACTS_PATH="${PROJECT_DIRECTORY:-$(pwd)}/node-artifacts"
+if [[ "$OS" = "Windows_NT" ]]; then NODE_ARTIFACTS_PATH=$(cygpath --unix "$NODE_ARTIFACTS_PATH"); fi
+
+CURL_FLAGS=(
+  --fail          # Exit code 1 if request fails
+  --compressed    # Request a compressed response should keep fetching fast
+  --location      # Follow a redirect
+  --retry 8       # Retry HTTP 408, 429, 500, 502, 503 or 504, 8 times
+  --silent        # Do not print a progress bar
+  --show-error    # Despite the silent flag still print out errors
+  --max-time 900  # 900 seconds is 15 minutes, evergreen times out at 20
+  --continue-at - # If a download is interrupted it can figure out where to resume
+)
+
+mkdir -p "$NODE_ARTIFACTS_PATH/npm_global"
+
+# Comparisons are all case insensitive
+shopt -s nocasematch
+
+# index.tab is a sorted tab separated values file with the following headers
+# 0       1    2     3   4  5  6    7       8       9   10
+# version date files npm v8 uv zlib openssl modules lts security
+curl "${CURL_FLAGS[@]}" "https://nodejs.org/dist/index.tab" --output node_index.tab
+
+while IFS=$'\t' read -r -a row; do
+  node_index_version="${row[0]}"
+  node_index_date="${row[1]}"
+  node_index_lts="${row[9]}"
+  [[ "$node_index_version" = "version" ]] && continue # skip tsv header
+  [[ "$NODE_LTS_NAME" = "latest" ]] && break # first line is latest
+  [[ "$NODE_LTS_NAME" = "$node_index_lts" ]] && break # case insensitive compare
+done < node_index.tab
+
+if [[ "$OS" = "Windows_NT" ]]; then
+  operating_system="win"
+elif [[ $(uname) = "darwin" ]]; then
+  operating_system="darwin"
+elif [[ $(uname) = "linux" ]]; then
+  operating_system="linux"
+else
+  echo "Unable to determine operating system: $operating_system"
+  exit 1
+fi
+
+architecture=$(uname -m)
+if [[ $architecture = "x86_64" ]]; then
+  architecture="x64"
+elif [[ $architecture = "arm64" ]]; then
+  architecture="arm64"
+elif [[ $architecture = "aarch64" ]]; then
+  architecture="arm64"
+elif [[ $architecture == s390* ]]; then
+  architecture="s390x"
+elif [[ $architecture == ppc* ]]; then
+  architecture="ppc64le"
+else
+  echo "Unable to determine operating system: $architecture"
+  exit 1
+fi
+
+file_extension="tar.gz"
+if [[ "$OS" = "Windows_NT" ]]; then file_extension="zip"; fi
+
+node_directory="node-${node_index_version}-${operating_system}-${architecture}"
+node_archive="${node_directory}.${file_extension}"
+node_archive_path="$NODE_ARTIFACTS_PATH/${node_archive}"
+node_download_url="https://nodejs.org/dist/${node_index_version}/${node_archive}"
+
+echo "Node.js ${node_index_version} for ${operating_system}-${architecture} released on ${node_index_date}"
+
+set -o xtrace
+
+curl "${CURL_FLAGS[@]}" "${node_download_url}" --output "$node_archive_path"
+
+if [[ "$file_extension" = "zip" ]]; then
+  unzip -q "$node_archive_path" -d "${NODE_ARTIFACTS_PATH}"
+  mkdir -p "${NODE_ARTIFACTS_PATH}/nodejs"
+  # Windows "bins" are at the top level
+  mv "${NODE_ARTIFACTS_PATH}/${node_directory}" "${NODE_ARTIFACTS_PATH}/nodejs/bin"
+  # Need to add executable flag ourselves
+  chmod +x "${NODE_ARTIFACTS_PATH}/nodejs/bin/node.exe"
+  chmod +x "${NODE_ARTIFACTS_PATH}/nodejs/bin/npm"
+else
+  tar -xf "$node_archive_path" -C "${NODE_ARTIFACTS_PATH}"
+  mv "${NODE_ARTIFACTS_PATH}/${node_directory}" "${NODE_ARTIFACTS_PATH}/nodejs"
+fi
+
+export PATH="$NODE_ARTIFACTS_PATH/npm_global/bin:$NODE_ARTIFACTS_PATH/nodejs/bin:$PATH"
+hash -r
+
+# Set npm -g prefix to our local artifacts directory
+cat <<EOT > .npmrc
+prefix=$NODE_ARTIFACTS_PATH/npm_global
+EOT
+
+if [[ $operating_system != "win" ]]; then
+  # Update npm to latest when we can
+  npm install --global npm@latest
+  hash -r
+fi
+
+echo "npm version: $(npm -v)"
+
+npm install "${NPM_OPTIONS}"

.evergreen/test.sh

@@ -4,7 +4,14 @@
 set -o errexit  # Exit the script with error if any of the commands fail
 
 echo "Setting up environment"
-. ./.evergreen/setup_environment.sh
+
+export PATH="/opt/mongodbtoolchain/v2/bin:$PATH"
+hash -r
+
+export NODE_LTS_NAME="gallium"
+source ./.evergreen/install-dependencies.sh
+
+
 
 # Handle the circular dependency when testing with a real client.
 MONGODB_CLIENT_ENCRYPTION_OVERRIDE="$(pwd)"

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.7.0](https://github.com/mongodb/libmongocrypt/compare/node-v2.7.0-alpha.0...node-v2.7.0) (2023-03-20)
+
 ## [2.7.0-alpha.0](https://github.com/mongodb/libmongocrypt/compare/node-v2.6.0...node-v2.7.0-alpha.0) (2023-03-14)
 
 ## [2.6.0](https://github.com/mongodb/libmongocrypt/compare/node-v2.6.0-alpha.0...node-v2.6.0) (2023-02-23)

README.md

@@ -60,6 +60,9 @@ npm test
 <dt><a href="#MongoCryptCreateEncryptedCollectionError">MongoCryptCreateEncryptedCollectionError</a></dt>
 <dd><p>An error indicating that <code>ClientEncryption.createEncryptedCollection()</code> failed to create a collection</p>
 </dd>
+<dt><a href="#MongoCryptAzureKMSRequestError">MongoCryptAzureKMSRequestError</a></dt>
+<dd><p>An error indicating that mongodb-client-encryption failed to auto-refresh Azure KMS credentials.</p>
+</dd>
 </dl>
 
 ## Typedefs
@@ -692,6 +695,20 @@ An error indicating that `ClientEncryption.createEncryptedCollection()` failed t
 **Experimental**: Public Technical Preview  
 An error indicating that `ClientEncryption.createEncryptedCollection()` failed to create a collection
 
+<a name="MongoCryptAzureKMSRequestError"></a>
+
+## MongoCryptAzureKMSRequestError
+An error indicating that mongodb-client-encryption failed to auto-refresh Azure KMS credentials.
+
+<a name="new_MongoCryptAzureKMSRequestError_new"></a>
+
+### new MongoCryptAzureKMSRequestError(message, body)
+
+| Param | Type |
+| --- | --- |
+| message | <code>string</code> | 
+| body | <code>object</code> \| <code>undefined</code> | 
+
 <a name="BSONValue"></a>
 
 ## BSONValue

lib/providers/azure.js

@@ -9,6 +9,7 @@ const utils = require('./utils');
 const MINIMUM_TOKEN_REFRESH_IN_MILLISECONDS = 6000;
 
 /**
+ * @class
  * @ignore
  */
 class AzureCredentialCache {
@@ -36,35 +37,45 @@ class AzureCredentialCache {
   }
 
   /**
-   * @ignore
    * exposed for testing
+   * @ignore
    */
   resetCache() {
     this.cachedToken = null;
   }
 
   /**
-   * @ignore
    * exposed for testing
+   * @ignore
    */
   _getToken() {
     return fetchAzureKMSToken();
   }
 }
 /**
- * @type{AzureCredentialCache}
+ * @type{ AzureCredentialCache }
+ * @ignore
  */
 let tokenCache = new AzureCredentialCache();
 
+/**
+ * @typedef {object} KmsRequestResponsePayload
+ * @property {string | undefined} access_token
+ * @property {string | undefined} expires_in
+ *
+ * @ignore
+ */
+
 /**
  * @param { {body: string, status: number }} response
  * @returns { Promise<{ accessToken: string, expiresOnTimestamp: number } >}
+ * @ignore
  */
 async function parseResponse(response) {
   const { status, body: rawBody } = response;
 
   /**
-   * @type { { access_token?: string, expires_in?: string} }
+   * @type { KmsRequestResponsePayload }
    */
   const body = (() => {
     try {
@@ -107,6 +118,8 @@ async function parseResponse(response) {
  * @param {object} options
  * @param {object | undefined} [options.headers]
  * @param {URL | undefined} [options.url]
+ *
+ * @ignore
  */
 function prepareRequest(options) {
   const url =
@@ -122,13 +135,26 @@ function prepareRequest(options) {
 }
 
 /**
+ * @typedef {object} AzureKMSRequestOptions
+ * @property {object | undefined} headers
+ * @property {URL | undefined} url
  * @ignore
+ */
+
+/**
+ * @typedef {object} AzureKMSRequestResponse
+ * @property {string} accessToken
+ * @property {number} expiresOnTimestamp
+ * @ignore
+ */
+
+/**
  * exported only for testing purposes in the driver
  *
- * @param {object} options
- * @param {object | undefined} [options.headers]
- * @param {URL | undefined} [options.url]
- * @returns {Promise<{ accessToken: string, expiresOnTimestamp: number }>}
+ * @param {AzureKMSRequestOptions} options
+ * @returns {Promise<AzureKMSRequestResponse>}
+ *
+ * @ignore
  */
 async function fetchAzureKMSToken(options = {}) {
   const { headers, url } = prepareRequest(options);
@@ -142,7 +168,6 @@ async function fetchAzureKMSToken(options = {}) {
 }
 
 /**
- * @param {import('../../index').KMSProviders} kmsProviders
  * @ignore
  */
 async function loadAzureCredentials(kmsProviders) {

lib/providers/index.js

@@ -5,14 +5,15 @@ const { loadAzureCredentials, fetchAzureKMSToken } = require('./azure');
 const { loadGCPCredentials } = require('./gcp');
 
 /**
- * @ignore
  * Auto credential fetching should only occur when the provider is defined on the kmsProviders map
  * and the settings are an empty object.
  *
  * This is distinct from a nullish provider key.
  *
  * @param {'aws' | 'gcp' | 'azure'} provider
- * @param {import('../../index').KMSProviders} kmsProviders
+ * @param {object} kmsProviders
+ *
+ * @ignore
  */
 function isEmptyCredentials(provider, kmsProviders) {
   return (
@@ -28,8 +29,8 @@ function isEmptyCredentials(provider, kmsProviders) {
  * Credentials will only attempt to get loaded if they do not exist
  * and no existing credentials will get overwritten.
  *
- * @param {import('../../index').KMSProviders} kmsProviders - The user provided KMS providers.
- * @returns {Promise<import('../../index').KMSProviders>} The new kms providers.
+ * @param {object} kmsProviders - The user provided KMS providers.
+ * @returns {object} The new kms providers.
  *
  * @ignore
  */