From 1e4cf3222dc8a5f693cfc4fddb5643aabbdf5cda Mon Sep 17 00:00:00 2001 From: Neal Beeken Date: Fri, 2 Apr 2021 12:36:23 -0400 Subject: [PATCH] fix(NODE-2995): Add shared metadata MongoClient Automatic client side encryption needs to perform metadata look ups like listCollections. In situations where the connection pool size is constrained or in full use it can be impossible for an operation to proceed. Adding a separate client in these situations permits the metadata look ups to proceed unblocking operations. --- .evergreen/config.yml | 47 +++ .evergreen/config.yml.in | 31 ++ .evergreen/generate_evergreen_tasks.js | 27 ++ .evergreen/run-custom-csfle-tests.sh | 51 +++ src/connection_string.ts | 12 +- src/deps.ts | 8 +- src/encrypter.ts | 148 ++++++++ src/index.ts | 1 + src/mongo_client.ts | 40 ++- src/operations/connect.ts | 52 +-- .../client_side_encryption/deadlock_tests.js | 327 ++++++++++++++++++ .../client_side_encryption/prose.test.js | 3 + .../client-side-encryption/awsTemporary.json | 225 ++++++++++++ .../client-side-encryption/awsTemporary.yml | 57 +++ .../tests/aggregate.json | 24 -- .../tests/aggregate.yml | 14 - .../tests/azureKMS.json | 12 - .../client-side-encryption/tests/azureKMS.yml | 7 - .../client-side-encryption/tests/basic.json | 24 -- .../client-side-encryption/tests/basic.yml | 14 - .../client-side-encryption/tests/bulk.json | 12 - .../client-side-encryption/tests/bulk.yml | 7 - .../client-side-encryption/tests/count.json | 12 - .../client-side-encryption/tests/count.yml | 7 - .../tests/countDocuments.json | 12 - .../tests/countDocuments.yml | 7 - .../client-side-encryption/tests/delete.json | 24 -- .../client-side-encryption/tests/delete.yml | 14 - .../tests/distinct.json | 12 - .../client-side-encryption/tests/distinct.yml | 7 - .../client-side-encryption/tests/explain.json | 12 - .../client-side-encryption/tests/explain.yml | 7 - .../client-side-encryption/tests/find.json | 24 -- .../client-side-encryption/tests/find.yml | 14 - .../tests/findOneAndDelete.json | 12 - .../tests/findOneAndDelete.yml | 7 - .../tests/findOneAndReplace.json | 12 - .../tests/findOneAndReplace.yml | 7 - .../tests/findOneAndUpdate.json | 12 - .../tests/findOneAndUpdate.yml | 7 - .../client-side-encryption/tests/gcpKMS.json | 12 - .../client-side-encryption/tests/gcpKMS.yml | 7 - .../client-side-encryption/tests/getMore.json | 12 - .../client-side-encryption/tests/getMore.yml | 7 - .../client-side-encryption/tests/insert.json | 24 -- .../client-side-encryption/tests/insert.yml | 14 - .../tests/keyAltName.json | 12 - .../tests/keyAltName.yml | 7 - .../tests/localKMS.json | 12 - .../client-side-encryption/tests/localKMS.yml | 7 - .../tests/localSchema.json | 12 - .../tests/localSchema.yml | 7 - .../tests/missingKey.json | 12 - .../tests/missingKey.yml | 7 - .../tests/replaceOne.json | 12 - .../tests/replaceOne.yml | 7 - .../client-side-encryption/tests/types.json | 96 ----- .../client-side-encryption/tests/types.yml | 56 --- .../tests/updateMany.json | 12 - .../tests/updateMany.yml | 7 - .../tests/updateOne.json | 12 - .../tests/updateOne.yml | 7 - 62 files changed, 969 insertions(+), 744 deletions(-) create mode 100644 .evergreen/run-custom-csfle-tests.sh create mode 100644 src/encrypter.ts create mode 100644 test/functional/client_side_encryption/deadlock_tests.js create mode 100644 test/spec/client-side-encryption/awsTemporary.json create mode 100644 test/spec/client-side-encryption/awsTemporary.yml diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 5058fae720b..46faf26ed33 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -470,6 +470,36 @@ functions: -p 8100 \ -v \ --fault revoked + run custom csfle tests: + - command: shell.exec + type: test + params: + silent: true + working_dir: src + script: | + ${PREPARE_SHELL} + cat < prepare_client_encryption.sh + export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION} + export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}' + export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" + export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" + export CSFLE_GIT_REF="${CSFLE_GIT_REF}" + export CDRIVER_GIT_REF="${CDRIVER_GIT_REF}" + EOT + - command: shell.exec + type: test + params: + working_dir: src + timeout_secs: 60 + script: | + ${PREPARE_SHELL} + + # Disable xtrace (just in case it was accidentally set). + set +x + . ./prepare_client_encryption.sh + rm -f ./prepare_client_encryption.sh + + MONGODB_URI="${MONGODB_URI}" bash ${PROJECT_DIRECTORY}/.evergreen/run-custom-csfle-tests.sh upload test results: - command: attach.xunit_results params: @@ -1177,6 +1207,18 @@ tasks: vars: NODE_LTS_NAME: fermium - func: run mongosh integration tests + - name: run-custom-csfle-tests + tags: + - run-custom-csfle-tests + commands: + - func: install dependencies + vars: + NODE_LTS_NAME: erbium + - func: bootstrap mongo-orchestration + vars: + VERSION: '4.4' + TOPOLOGY: server + - func: run custom csfle tests buildvariants: - name: macos-1014-dubnium display_name: macOS 10.14 Node Dubnium @@ -1504,6 +1546,11 @@ buildvariants: run_on: rhel70 tasks: - run-checks + - name: ubuntu1804-custom-csfle-tests + display_name: Custom FLE Version Test + run_on: ubuntu1804-test + tasks: + - run-custom-csfle-tests - name: mongosh_integration_tests display_name: mongosh integration tests run_on: ubuntu1804-test diff --git a/.evergreen/config.yml.in b/.evergreen/config.yml.in index 2e72318aefe..5946e26a2f9 100644 --- a/.evergreen/config.yml.in +++ b/.evergreen/config.yml.in @@ -513,6 +513,37 @@ functions: -v \ --fault revoked + "run custom csfle tests": + - command: shell.exec + type: test + params: + silent: true + working_dir: "src" + script: | + ${PREPARE_SHELL} + cat < prepare_client_encryption.sh + export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION} + export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}' + export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" + export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" + export CSFLE_GIT_REF="${CSFLE_GIT_REF}" + export CDRIVER_GIT_REF="${CDRIVER_GIT_REF}" + EOT + - command: shell.exec + type: test + params: + working_dir: "src" + timeout_secs: 60 + script: | + ${PREPARE_SHELL} + + # Disable xtrace (just in case it was accidentally set). + set +x + . ./prepare_client_encryption.sh + rm -f ./prepare_client_encryption.sh + + MONGODB_URI="${MONGODB_URI}" bash ${PROJECT_DIRECTORY}/.evergreen/run-custom-csfle-tests.sh + "upload test results": # Upload the xunit-format test results. - command: attach.xunit_results diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 4a6f4518005..fe36f52f829 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -521,6 +521,11 @@ BUILD_VARIANTS.push({ display_name: 'lint', run_on: 'rhel70', tasks: ['run-checks'] +}, { + name: 'ubuntu1804-custom-csfle-tests', + display_name: 'Custom FLE Version Test', + run_on: 'ubuntu1804-test', + tasks: ['run-custom-csfle-tests'] }); // singleton build variant for mongosh integration tests @@ -557,6 +562,28 @@ BUILD_VARIANTS.push({ tasks: AWS_AUTH_TASKS }); +// special case for custom CSFLE test +SINGLETON_TASKS.push({ + name: 'run-custom-csfle-tests', + tags: ['run-custom-csfle-tests'], + commands: [ + { + func: 'install dependencies', + vars: { + NODE_LTS_NAME: 'erbium', + }, + }, + { + func: 'bootstrap mongo-orchestration', + vars: { + VERSION: '4.4', + TOPOLOGY: 'server' + } + }, + { func: 'run custom csfle tests' } + ] +}); + const fileData = yaml.safeLoad(fs.readFileSync(`${__dirname}/config.yml.in`, 'utf8')); fileData.tasks = (fileData.tasks || []).concat(BASE_TASKS).concat(TASKS).concat(SINGLETON_TASKS); fileData.buildvariants = (fileData.buildvariants || []).concat(BUILD_VARIANTS); diff --git a/.evergreen/run-custom-csfle-tests.sh b/.evergreen/run-custom-csfle-tests.sh new file mode 100644 index 00000000000..e2c012c3aca --- /dev/null +++ b/.evergreen/run-custom-csfle-tests.sh @@ -0,0 +1,51 @@ +#! /usr/bin/env bash + +# Initiail checks for running these tests +if [ -z ${AWS_ACCESS_KEY_ID+omitted} ]; then echo "AWS_ACCESS_KEY_ID is unset" && exit 1; fi +if [ -z ${AWS_SECRET_ACCESS_KEY+omitted} ]; then echo "AWS_SECRET_ACCESS_KEY is unset" && exit 1; fi +if [ -z ${CSFLE_KMS_PROVIDERS+omitted} ]; then echo "CSFLE_KMS_PROVIDERS is unset" && exit 1; fi + +[ -s "$PROJECT_DIRECTORY/node-artifacts/nvm/nvm.sh" ] && source "$PROJECT_DIRECTORY"/node-artifacts/nvm/nvm.sh + +set -o xtrace # Write all commands first to stderr +set -o errexit # Exit the script with error if any of the commands fail + +# Environment Variables: +# CSFLE_GIT_REF - set the git reference to checkout for a custom CSFLE version +# CDRIVER_GIT_REF - set the git reference to checkout for a custom CDRIVER version (this is for libbson) + +CSFLE_GIT_REF=${CSFLE_GIT_REF:-master} +CDRIVER_GIT_REF=${CDRIVER_GIT_REF:-1.17.4} + +rm -rf csfle-deps-tmp +mkdir -p csfle-deps-tmp +pushd csfle-deps-tmp + +rm -rf libmongocrypt mongo-c-driver + +git clone https://github.com/mongodb/libmongocrypt.git +pushd libmongocrypt +git fetch --tags +git checkout "$CSFLE_GIT_REF" -b csfle-custom +popd # libmongocrypt + +git clone https://github.com/mongodb/mongo-c-driver.git +pushd mongo-c-driver +git fetch --tags +git checkout "$CDRIVER_GIT_REF" -b cdriver-custom +popd # mongo-c-driver + +pushd libmongocrypt/bindings/node + +source ./.evergreen/find_cmake.sh +bash ./etc/build-static.sh + +popd # libmongocrypt/bindings/node +popd # csfle-deps-tmp + +npm install + +cp -r csfle-deps-tmp/libmongocrypt/bindings/node node_modules/mongodb-client-encryption + +export MONGODB_URI=${MONGODB_URI} +npx mocha test/functional/client_side_encryption diff --git a/src/connection_string.ts b/src/connection_string.ts index a119be4ca3c..519d337830e 100644 --- a/src/connection_string.ts +++ b/src/connection_string.ts @@ -29,7 +29,7 @@ import { MongoCredentials } from './cmap/auth/mongo_credentials'; import type { TagSet } from './sdam/server_description'; import { Logger, LoggerLevelId } from './logger'; import { PromiseProvider } from './promise_provider'; -import { createAutoEncrypter } from './operations/connect'; +import { Encrypter } from './encrypter'; /** * Determines whether a provided address matches the provided parent domain in order @@ -424,9 +424,7 @@ export function parseOptions( } checkTLSOptions(mongoOptions); - if (mongoClient && options.autoEncryption) { - mongoOptions.autoEncrypter = createAutoEncrypter(mongoClient, mongoOptions); - } + if (options.promiseLibrary) PromiseProvider.set(options.promiseLibrary); if (mongoOptions.directConnection && typeof mongoOptions.srvHost === 'string') { @@ -439,6 +437,12 @@ export function parseOptions( mongoOptions.userSpecifiedReplicaSet = objectOptions.has('replicaSet') || urlOptions.has('replicaSet'); + if (mongoClient && mongoOptions.autoEncryption) { + Encrypter.checkForMongoCrypt(); + mongoOptions.encrypter = new Encrypter(mongoClient, uri, options); + mongoOptions.autoEncrypter = mongoOptions.encrypter.autoEncrypter; + } + return mongoOptions; } diff --git a/src/deps.ts b/src/deps.ts index 30fed6d3756..361746e8c5f 100644 --- a/src/deps.ts +++ b/src/deps.ts @@ -1,6 +1,6 @@ import { MongoError } from './error'; import type { MongoClient } from './mongo_client'; -import type { Document } from './bson'; +import type { deserialize, Document, serialize } from './bson'; import type { Callback } from './utils'; function makeErrorModule(error: any) { @@ -81,6 +81,10 @@ export type AutoEncryptionLoggerLevelId = typeof AutoEncryptionLoggerLevel[keyof /** @public */ export interface AutoEncryptionOptions { + /** @internal */ + bson?: { serialize: typeof serialize; deserialize: typeof deserialize }; + /** @internal client for metadata lookups */ + metadataClient?: MongoClient; /** A `MongoClient` used to fetch keys from a key vault */ keyVaultClient?: MongoClient; /** The namespace where keys are stored in the key vault */ @@ -168,6 +172,8 @@ export interface AutoEncryptionOptions { /** @public */ export interface AutoEncrypter { + // eslint-disable-next-line @typescript-eslint/no-misused-new + new (client: MongoClient, options: AutoEncryptionOptions): AutoEncrypter; init(cb: Callback): void; teardown(force: boolean, callback: Callback): void; encrypt(ns: string, cmd: Document, options: any, callback: Callback): void; diff --git a/src/encrypter.ts b/src/encrypter.ts new file mode 100644 index 00000000000..25c648e2377 --- /dev/null +++ b/src/encrypter.ts @@ -0,0 +1,148 @@ +/* eslint-disable @typescript-eslint/no-var-requires */ +import { MongoClient, MongoClientOptions } from './mongo_client'; +import type { AutoEncrypter, AutoEncryptionOptions } from './deps'; +import { MongoError } from './error'; +import { deserialize, serialize } from './bson'; +import type { Callback } from './utils'; +import { Connection } from './cmap/connection'; +import { Topology } from './sdam/topology'; +import { Server } from './sdam/server'; +import { CMAP_EVENT_NAMES } from './cmap/connection_pool'; + +let AutoEncrypterClass: AutoEncrypter; + +const kInternalClient = Symbol('internalClient'); + +/** @internal */ +export interface EncrypterOptions { + autoEncryption: AutoEncryptionOptions; + maxPoolSize?: number; +} + +/** @internal */ +export class Encrypter { + [kInternalClient]: MongoClient; + bypassAutoEncryption: boolean; + needsConnecting: boolean; + autoEncrypter: AutoEncrypter; + + constructor(client: MongoClient, uri: string, options: MongoClientOptions) { + if (typeof options.autoEncryption !== 'object') { + throw new TypeError('Options autoEncryption must be specified'); + } + + this.bypassAutoEncryption = !!options.autoEncryption.bypassAutoEncryption; + this.needsConnecting = false; + + if (options.maxPoolSize === 0 && options.autoEncryption.keyVaultClient == null) { + options.autoEncryption.keyVaultClient = client; + } else if (options.autoEncryption.keyVaultClient == null) { + options.autoEncryption.keyVaultClient = this.getInternalClient(client, uri, options); + } + + if (this.bypassAutoEncryption) { + options.autoEncryption.metadataClient = undefined; + } else if (options.maxPoolSize === 0) { + options.autoEncryption.metadataClient = client; + } else { + options.autoEncryption.metadataClient = this.getInternalClient(client, uri, options); + } + + options.autoEncryption.bson = Object.create(null); + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + options.autoEncryption.bson!.serialize = serialize; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + options.autoEncryption.bson!.deserialize = deserialize; + + this.autoEncrypter = new AutoEncrypterClass(client, options.autoEncryption); + } + + getInternalClient(client: MongoClient, uri: string, options: MongoClientOptions): MongoClient { + if (!this[kInternalClient]) { + const clonedOptions: MongoClientOptions = {}; + + for (const key of Object.keys(options)) { + if (['autoEncryption', 'minPoolSize', 'servers', 'caseTranslate', 'dbName'].includes(key)) + continue; + Reflect.set(clonedOptions, key, Reflect.get(options, key)); + } + + clonedOptions.minPoolSize = 0; + + const allEvents = [ + // APM + Connection.COMMAND_STARTED, + Connection.COMMAND_SUCCEEDED, + Connection.COMMAND_FAILED, + + // SDAM + Topology.SERVER_OPENING, + Topology.SERVER_CLOSED, + Topology.SERVER_DESCRIPTION_CHANGED, + Topology.TOPOLOGY_OPENING, + Topology.TOPOLOGY_CLOSED, + Topology.SERVER_DESCRIPTION_CHANGED, + Server.SERVER_HEARTBEAT_STARTED, + Server.SERVER_HEARTBEAT_FAILED, + Server.SERVER_HEARTBEAT_SUCCEEDED, + + // CMAP + ...CMAP_EVENT_NAMES + ]; + + this[kInternalClient] = new MongoClient(uri, clonedOptions); + + for (const eventName of allEvents) { + for (const listener of client.listeners(eventName)) { + this[kInternalClient].on(eventName, listener as (...args: any[]) => void); + } + } + + client.on('newListener', (eventName, listener) => { + this[kInternalClient].on(eventName, listener); + }); + + this.needsConnecting = true; + } + return this[kInternalClient]; + } + + connectInternalClient(callback: Callback): void { + if (this.needsConnecting) { + this.needsConnecting = false; + return this[kInternalClient].connect(callback); + } + + return callback(); + } + + close(client: MongoClient, force: boolean, callback: Callback): void { + this.autoEncrypter.teardown(!!force, e => { + if (this[kInternalClient] && client !== this[kInternalClient]) { + return this[kInternalClient].close(force, callback); + } + callback(e); + }); + } + + static checkForMongoCrypt(): void { + try { + require.resolve('mongodb-client-encryption'); + } catch (err) { + throw new MongoError( + 'Auto-encryption requested, but the module is not installed. ' + + 'Please add `mongodb-client-encryption` as a dependency of your project' + ); + } + + const mongodbClientEncryption = require('mongodb-client-encryption'); + if (typeof mongodbClientEncryption.extension !== 'function') { + throw new MongoError( + 'loaded version of `mongodb-client-encryption` does not have property `extension`. ' + + 'Please make sure you are loading the correct version of `mongodb-client-encryption`' + ); + } + + AutoEncrypterClass = mongodbClientEncryption.extension(require('../lib/index')).AutoEncrypter; + } +} diff --git a/src/index.ts b/src/index.ts index a9c6f505b0f..5acbc023f99 100644 --- a/src/index.ts +++ b/src/index.ts @@ -324,3 +324,4 @@ export type { } from './bulk/common'; export type { OrderedBulkOperation } from './bulk/ordered'; export type { UnorderedBulkOperation } from './bulk/unordered'; +export type { Encrypter, EncrypterOptions } from './encrypter'; diff --git a/src/mongo_client.ts b/src/mongo_client.ts index c052f4399e5..34f0a72e7cb 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -31,6 +31,7 @@ import type { TcpNetConnectOpts } from 'net'; import type { SrvPoller } from './sdam/srv_polling'; import type { Connection } from './cmap/connection'; import type { LEGAL_TLS_SOCKET_OPTIONS, LEGAL_TCP_SOCKET_OPTIONS } from './cmap/connect'; +import type { Encrypter } from './encrypter'; /** @public */ export const ServerApiVersion = { @@ -215,7 +216,21 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC monitorCommands?: boolean; /** Server API version */ serverApi?: ServerApi | ServerApiVersionId; - /** Optionally enable client side auto encryption */ + /** + * Optionally enable client side auto encryption + * + * @remarks + * Automatic encryption is an enterprise only feature that only applies to operations on a collection. Automatic encryption is not supported for operations on a database or view, and operations that are not bypassed will result in error + * (see [libmongocrypt: Auto Encryption Allow-List](https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/client-side-encryption.rst#libmongocrypt-auto-encryption-allow-list)). To bypass automatic encryption for all operations, set bypassAutoEncryption=true in AutoEncryptionOpts. + * + * Automatic encryption requires the authenticated user to have the [listCollections privilege action](https://docs.mongodb.com/manual/reference/command/listCollections/#dbcmd.listCollections). + * + * If a MongoClient with a limited connection pool size (i.e a non-zero maxPoolSize) is configured with AutoEncryptionOptions, a separate internal MongoClient is created if any of the following are true: + * - AutoEncryptionOptions.keyVaultClient is not passed. + * - AutoEncryptionOptions.bypassAutomaticEncryption is false. + * + * If an internal MongoClient is created, it is configured with the same options as the parent MongoClient except minPoolSize is set to 0 and AutoEncryptionOptions is omitted. + */ autoEncryption?: AutoEncryptionOptions; /** Allows a wrapping driver to amend the client metadata generated by the driver to include information about the wrapping driver */ driverInfo?: DriverInfo; @@ -408,23 +423,24 @@ export class MongoClient extends EventEmitter { const force = typeof forceOrCallback === 'boolean' ? forceOrCallback : false; - return maybePromise(callback, cb => { + return maybePromise(callback, callback => { if (this.topology == null) { - return cb(); + return callback(); } // clear out references to old topology const topology = this.topology; this.topology = undefined; - topology.close({ force }, err => { - const autoEncrypter = topology.s.options.autoEncrypter; - if (!autoEncrypter) { - cb(err); - return; + topology.close({ force }, error => { + if (error) return callback(error); + const { encrypter } = this[kOptions]; + if (encrypter) { + return encrypter.close(this, force, error => { + callback(error); + }); } - - autoEncrypter.teardown(force, err2 => cb(err || err2)); + callback(); }); }); } @@ -641,7 +657,11 @@ export interface MongoOptions metadata: ClientMetadata; autoEncrypter?: AutoEncrypter; + /** @internal */ + encrypter: Encrypter; + /** @internal */ userSpecifiedAuthSource: boolean; + /** @internal */ userSpecifiedReplicaSet: boolean; /** diff --git a/src/operations/connect.ts b/src/operations/connect.ts index a768cb06307..ee8c8ba7f51 100644 --- a/src/operations/connect.ts +++ b/src/operations/connect.ts @@ -3,11 +3,9 @@ import { Topology } from '../sdam/topology'; import { resolveSRVRecord } from '../connection_string'; import type { Callback } from '../utils'; import { CMAP_EVENT_NAMES } from '../cmap/connection_pool'; -import * as BSON from '../bson'; import type { MongoClient, MongoOptions } from '../mongo_client'; import { Connection } from '../cmap/connection'; import { Server } from '../sdam/server'; -import type { AutoEncrypter } from '../deps'; export function connect( mongoClient: MongoClient, @@ -68,44 +66,6 @@ function createListener(mongoClient: MongoClient, event: string): Listen }; } -/** - * If AutoEncryption is requested, handles the optional dependency logic and passing through options - * returns undefined if CSFLE is not enabled. - * @throws if optional 'mongodb-client-encryption' dependency missing - */ -export function createAutoEncrypter( - client: MongoClient, - options: MongoOptions -): AutoEncrypter | undefined { - if (!options.autoEncryption) { - return; - } - try { - require.resolve('mongodb-client-encryption'); - } catch (err) { - throw new MongoError( - 'Auto-encryption requested, but the module is not installed. ' + - 'Please add `mongodb-client-encryption` as a dependency of your project' - ); - } - - // eslint-disable-next-line @typescript-eslint/no-var-requires - const mongodbClientEncryption = require('mongodb-client-encryption'); - if (typeof mongodbClientEncryption.extension !== 'function') { - throw new MongoError( - 'loaded version of `mongodb-client-encryption` does not have property `extension`. ' + - 'Please make sure you are loading the correct version of `mongodb-client-encryption`' - ); - } - const { AutoEncrypter: AutoEncrypterClass } = mongodbClientEncryption.extension( - // eslint-disable-next-line @typescript-eslint/no-var-requires - require('../../lib/index') - ); - - const mongoCryptOptions = Object.assign({ bson: BSON }, options.autoEncryption); - return new AutoEncrypterClass(client, mongoCryptOptions); -} - function createTopology( mongoClient: MongoClient, options: MongoOptions, @@ -130,18 +90,20 @@ function createTopology( if (mongoClient.autoEncrypter) { mongoClient.autoEncrypter.init(err => { if (err) { - callback(err); - return; + return callback(err); } topology.connect(options, err => { if (err) { topology.close({ force: true }); - callback(err); - return; + return callback(err); } - callback(undefined, topology); + options.encrypter.connectInternalClient(error => { + if (error) return callback(error); + + callback(undefined, topology); + }); }); }); diff --git a/test/functional/client_side_encryption/deadlock_tests.js b/test/functional/client_side_encryption/deadlock_tests.js new file mode 100644 index 00000000000..17c4dfb052a --- /dev/null +++ b/test/functional/client_side_encryption/deadlock_tests.js @@ -0,0 +1,327 @@ +'use strict'; + +const BSON = require('bson'); +const { expect } = require('chai'); +const { dropCollection } = require('../shared'); +const util = require('util'); +const fs = require('fs'); +const path = require('path'); + +/* REFERENCE: (note commit hash) */ +/* https://github.com/mongodb/specifications/blob/b3beada72ae1c992294ae6a8eea572003a274c35/source/client-side-encryption/tests/README.rst#deadlock-tests */ + +const LOCAL_KEY = Buffer.from( + 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', + 'base64' +); + +const externalKey = BSON.EJSON.parse( + fs.readFileSync( + path.resolve(__dirname, '../../spec/client-side-encryption/external/external-key.json') + ) +); +const $jsonSchema = BSON.EJSON.parse( + fs.readFileSync( + path.resolve(__dirname, '../../spec/client-side-encryption/external/external-schema.json') + ) +); + +const kEvents = Symbol('events'); +const kClientsCreated = Symbol('clientsCreated'); +const CapturingMongoClient = class extends require('../../../src/index').MongoClient { + constructor(url, options) { + options = options || {}; + options.useUnifiedTopology = true; + options.useNewUrlParser = true; + options.monitorCommands = true; + super(url, options); + + this[kEvents] = []; + this.on('commandStarted', ev => this[kEvents].push(ev)); + + this[kClientsCreated] = 0; + this.on('topologyOpening', () => this[kClientsCreated]++); + } +}; + +function deadlockTest(options, assertions) { + return function () { + const url = this.configuration.url(); + const clientTest = this.clientTest; + const ciphertext = this.ciphertext; + + const clientEncryptedOpts = { + autoEncryption: { + keyVaultNamespace: 'keyvault.datakeys', + kmsProviders: { local: { key: LOCAL_KEY } }, + bypassAutoEncryption: options.bypassAutoEncryption, + keyVaultClient: options.useKeyVaultClient ? this.clientKeyVault : undefined + }, + maxPoolSize: options.maxPoolSize + }; + const clientEncrypted = new CapturingMongoClient(url, clientEncryptedOpts); + + return clientEncrypted + .connect() + .then(() => { + if (clientEncryptedOpts.autoEncryption.bypassAutoEncryption === true) { + return clientTest + .db('db') + .collection('coll') + .insertOne({ _id: 0, encrypted: ciphertext }); + } + return clientEncrypted + .db('db') + .collection('coll') + .insertOne({ _id: 0, encrypted: 'string0' }); + }) + .then(() => clientEncrypted.db('db').collection('coll').findOne({ _id: 0 })) + .then(res => { + expect(res).to.have.property('_id', 0); + expect(res).to.have.property('encrypted', 'string0'); + assertions(clientEncrypted, this.clientKeyVault); + return clientEncrypted.close(); + }); + }; +} + +function deadlockTests(metadata) { + describe('Connection Pool Deadlock Prevention', function () { + beforeEach(function () { + const mongodbClientEncryption = this.configuration.mongodbClientEncryption; + const url = this.configuration.url(); + + this.clientTest = new CapturingMongoClient(url); + this.clientKeyVault = new CapturingMongoClient(url, { + monitorCommands: true, + maxPoolSize: 1 + }); + + this.clientEncryption = undefined; + this.ciphertext = undefined; + + return this.clientTest + .connect() + .then(() => this.clientKeyVault.connect()) + .then(() => dropCollection(this.clientTest.db('keyvault'), 'datakeys')) + .then(() => dropCollection(this.clientTest.db('db'), 'coll')) + .then(() => this.clientTest.db('keyvault').collection('datakeys').insertOne(externalKey), { + writeConcern: { w: 'majority' } + }) + .then(() => + this.clientTest.db('db').createCollection('coll', { validator: { $jsonSchema } }) + ) + .then(() => { + this.clientEncryption = new mongodbClientEncryption.ClientEncryption(this.clientTest, { + kmsProviders: { local: { key: LOCAL_KEY } }, + keyVaultNamespace: 'keyvault.datakeys', + keyVaultClient: this.keyVaultClient + }); + this.clientEncryption.encryptPromisified = util.promisify( + this.clientEncryption.encrypt.bind(this.clientEncryption) + ); + + return this.clientEncryption.encryptPromisified('string0', { + algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', + keyAltName: 'local' + }); + }) + .then(ciphertext => { + this.ciphertext = ciphertext; + }); + }); + + afterEach(function () { + return Promise.all([this.clientKeyVault.close(), this.clientTest.close()]).then(() => { + this.clientKeyVault = undefined; + this.clientTest = undefined; + this.clientEncryption = undefined; + }); + }); + + const CASE1 = { maxPoolSize: 1, bypassAutoEncryption: false, useKeyVaultClient: false }; + it( + 'Case 1', + metadata, + deadlockTest(CASE1, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(4); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + + expect(events[2].command).to.have.property('insert'); + expect(events[2].command.$db).to.equal('db'); + + expect(events[3].command).to.have.property('find'); + expect(events[3].command.$db).to.equal('db'); + }) + ); + + const CASE2 = { maxPoolSize: 1, bypassAutoEncryption: false, useKeyVaultClient: true }; + it( + 'Case 2', + metadata, + deadlockTest(CASE2, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(3); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('insert'); + expect(events[1].command.$db).to.equal('db'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE3 = { maxPoolSize: 1, bypassAutoEncryption: true, useKeyVaultClient: false }; + it( + 'Case 3', + metadata, + deadlockTest(CASE3, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(2); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + }) + ); + + const CASE4 = { maxPoolSize: 1, bypassAutoEncryption: true, useKeyVaultClient: true }; + it( + 'Case 4', + metadata, + deadlockTest(CASE4, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(1); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE5 = { maxPoolSize: 0, bypassAutoEncryption: false, useKeyVaultClient: false }; + it( + 'Case 5', + metadata, + deadlockTest(CASE5, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(5); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('listCollections'); + expect(events[1].command.$db).to.equal('keyvault'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('keyvault'); + + expect(events[3].command).to.have.property('insert'); + expect(events[3].command.$db).to.equal('db'); + + expect(events[4].command).to.have.property('find'); + expect(events[4].command.$db).to.equal('db'); + }) + ); + + const CASE6 = { maxPoolSize: 0, bypassAutoEncryption: false, useKeyVaultClient: true }; + it( + 'Case 6', + metadata, + deadlockTest(CASE6, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(3); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('insert'); + expect(events[1].command.$db).to.equal('db'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE7 = { maxPoolSize: 0, bypassAutoEncryption: true, useKeyVaultClient: false }; + it( + 'Case 7', + metadata, + deadlockTest(CASE7, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(2); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + }) + ); + + const CASE8 = { maxPoolSize: 0, bypassAutoEncryption: true, useKeyVaultClient: true }; + it( + 'Case 8', + metadata, + deadlockTest(CASE8, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(1); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + }); +} + +module.exports = { deadlockTests }; diff --git a/test/functional/client_side_encryption/prose.test.js b/test/functional/client_side_encryption/prose.test.js index 2f9a6c1a2d5..66e66f5af7f 100644 --- a/test/functional/client_side_encryption/prose.test.js +++ b/test/functional/client_side_encryption/prose.test.js @@ -1,6 +1,7 @@ 'use strict'; const BSON = require('bson'); const chai = require('chai'); +const { deadlockTests } = require('./deadlock_tests.js'); const expect = chai.expect; chai.use(require('chai-subset')); @@ -1004,4 +1005,6 @@ describe('Client Side Encryption Prose Tests', function () { defineTest(true); defineTest(false); }); + + deadlockTests(metadata); }); diff --git a/test/spec/client-side-encryption/awsTemporary.json b/test/spec/client-side-encryption/awsTemporary.json new file mode 100644 index 00000000000..10eb85feee1 --- /dev/null +++ b/test/spec/client-side-encryption/awsTemporary.json @@ -0,0 +1,225 @@ +{ + "runOn": [ + { + "minServerVersion": "4.1.10" + } + ], + "database_name": "default", + "collection_name": "default", + "data": [], + "json_schema": { + "properties": { + "encrypted_w_altname": { + "encrypt": { + "keyId": "/altname", + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" + } + }, + "encrypted_string": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" + } + }, + "random": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" + } + }, + "encrypted_string_equivalent": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" + } + } + }, + "bsonType": "object" + }, + "key_vault_data": [ + { + "status": 1, + "_id": { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + }, + "masterKey": { + "provider": "aws", + "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", + "region": "us-east-1" + }, + "updateDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "keyMaterial": { + "$binary": { + "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO", + "subType": "00" + } + }, + "creationDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "keyAltNames": [ + "altname", + "another_altname" + ] + } + ], + "tests": [ + { + "description": "Insert a document with auto encryption using the AWS provider with temporary credentials", + "clientOptions": { + "autoEncryptOpts": { + "kmsProviders": { + "awsTemporary": {} + } + } + }, + "operations": [ + { + "name": "insertOne", + "arguments": { + "document": { + "_id": 1, + "encrypted_string": "string0" + } + } + } + ], + "expectations": [ + { + "command_started_event": { + "command": { + "listCollections": 1, + "filter": { + "name": "default" + } + }, + "command_name": "listCollections" + } + }, + { + "command_started_event": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ] + } + }, + { + "keyAltNames": { + "$in": [] + } + } + ] + }, + "$db": "keyvault" + }, + "command_name": "find" + } + }, + { + "command_started_event": { + "command": { + "insert": "default", + "documents": [ + { + "_id": 1, + "encrypted_string": { + "$binary": { + "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", + "subType": "06" + } + } + } + ], + "ordered": true + }, + "command_name": "insert" + } + } + ], + "outcome": { + "collection": { + "data": [ + { + "_id": 1, + "encrypted_string": { + "$binary": { + "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", + "subType": "06" + } + } + } + ] + } + } + }, + { + "description": "Insert with invalid temporary credentials", + "clientOptions": { + "autoEncryptOpts": { + "kmsProviders": { + "awsTemporaryNoSessionToken": {} + } + } + }, + "operations": [ + { + "name": "insertOne", + "arguments": { + "document": { + "_id": 1, + "encrypted_string": "string0" + } + }, + "result": { + "errorContains": "security token" + } + } + ] + } + ] +} diff --git a/test/spec/client-side-encryption/awsTemporary.yml b/test/spec/client-side-encryption/awsTemporary.yml new file mode 100644 index 00000000000..cc787530a04 --- /dev/null +++ b/test/spec/client-side-encryption/awsTemporary.yml @@ -0,0 +1,57 @@ +runOn: + - minServerVersion: "4.1.10" +database_name: &database_name "default" +collection_name: &collection_name "default" + +data: [] +json_schema: {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'} +key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}] + +tests: + - description: "Insert a document with auto encryption using the AWS provider with temporary credentials" + clientOptions: + autoEncryptOpts: + kmsProviders: + awsTemporary: {} + operations: + - name: insertOne + arguments: + document: &doc0 { _id: 1, encrypted_string: "string0" } + expectations: + # Auto encryption will request the collection info. + - command_started_event: + command: + listCollections: 1 + filter: + name: *collection_name + command_name: listCollections + # Then key is fetched from the key vault. + - command_started_event: + command: + find: datakeys + filter: { $or: [ { _id: { $in: [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] } }, { keyAltNames: { $in: [] } } ] } + $db: keyvault + command_name: find + - command_started_event: + command: + insert: *collection_name + documents: + - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} } + ordered: true + command_name: insert + outcome: + collection: + # Outcome is checked using a separate MongoClient without auto encryption. + data: + - *doc0_encrypted + - description: "Insert with invalid temporary credentials" + clientOptions: + autoEncryptOpts: + kmsProviders: + awsTemporaryNoSessionToken: {} + operations: + - name: insertOne + arguments: + document: *doc0 + result: + errorContains: "security token" \ No newline at end of file diff --git a/test/spec/client-side-encryption/tests/aggregate.json b/test/spec/client-side-encryption/tests/aggregate.json index a9e79f9edbf..7de725b71d7 100644 --- a/test/spec/client-side-encryption/tests/aggregate.json +++ b/test/spec/client-side-encryption/tests/aggregate.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -273,18 +261,6 @@ "command_name": "aggregate" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/aggregate.yml b/test/spec/client-side-encryption/tests/aggregate.yml index ac2b265a922..64ad5efa60e 100644 --- a/test/spec/client-side-encryption/tests/aggregate.yml +++ b/test/spec/client-side-encryption/tests/aggregate.yml @@ -30,13 +30,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -83,13 +76,6 @@ tests: cursor: {} command_name: aggregate # Needs to fetch key when decrypting results - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/azureKMS.json b/test/spec/client-side-encryption/tests/azureKMS.json index 97af4c8ecfb..f0f5329d700 100644 --- a/test/spec/client-side-encryption/tests/azureKMS.json +++ b/test/spec/client-side-encryption/tests/azureKMS.json @@ -139,18 +139,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/azureKMS.yml b/test/spec/client-side-encryption/tests/azureKMS.yml index a2fbb7111a6..e3e0fc55a4c 100644 --- a/test/spec/client-side-encryption/tests/azureKMS.yml +++ b/test/spec/client-side-encryption/tests/azureKMS.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/basic.json b/test/spec/client-side-encryption/tests/basic.json index 3f9895fd5db..3ed066f5302 100644 --- a/test/spec/client-side-encryption/tests/basic.json +++ b/test/spec/client-side-encryption/tests/basic.json @@ -144,18 +144,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -283,18 +271,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/basic.yml b/test/spec/client-side-encryption/tests/basic.yml index 5c5f0cfbc4e..dfbf5270cf8 100644 --- a/test/spec/client-side-encryption/tests/basic.yml +++ b/test/spec/client-side-encryption/tests/basic.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -82,13 +75,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/bulk.json b/test/spec/client-side-encryption/tests/bulk.json index ead90985a16..1b62e5e8ab3 100644 --- a/test/spec/client-side-encryption/tests/bulk.json +++ b/test/spec/client-side-encryption/tests/bulk.json @@ -178,18 +178,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/bulk.yml b/test/spec/client-side-encryption/tests/bulk.yml index c2ad5227655..824ccdaa10f 100644 --- a/test/spec/client-side-encryption/tests/bulk.yml +++ b/test/spec/client-side-encryption/tests/bulk.yml @@ -39,13 +39,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/count.json b/test/spec/client-side-encryption/tests/count.json index 24f46a110a7..9df8cd639e0 100644 --- a/test/spec/client-side-encryption/tests/count.json +++ b/test/spec/client-side-encryption/tests/count.json @@ -149,18 +149,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/count.yml b/test/spec/client-side-encryption/tests/count.yml index 05c56d5fa7d..b8c436a4c00 100644 --- a/test/spec/client-side-encryption/tests/count.yml +++ b/test/spec/client-side-encryption/tests/count.yml @@ -28,13 +28,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/countDocuments.json b/test/spec/client-side-encryption/tests/countDocuments.json index 3cf5fbca8b6..07ff97f2645 100644 --- a/test/spec/client-side-encryption/tests/countDocuments.json +++ b/test/spec/client-side-encryption/tests/countDocuments.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/countDocuments.yml b/test/spec/client-side-encryption/tests/countDocuments.yml index 56b2ab147ac..e28b478c05b 100644 --- a/test/spec/client-side-encryption/tests/countDocuments.yml +++ b/test/spec/client-side-encryption/tests/countDocuments.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/delete.json b/test/spec/client-side-encryption/tests/delete.json index 30fb453a936..a6f4ffde916 100644 --- a/test/spec/client-side-encryption/tests/delete.json +++ b/test/spec/client-side-encryption/tests/delete.json @@ -151,18 +151,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -276,18 +264,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/delete.yml b/test/spec/client-side-encryption/tests/delete.yml index dc69a071226..60810d063d4 100644 --- a/test/spec/client-side-encryption/tests/delete.yml +++ b/test/spec/client-side-encryption/tests/delete.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -76,13 +69,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/distinct.json b/test/spec/client-side-encryption/tests/distinct.json index 7a5f75c4a51..9786b07814c 100644 --- a/test/spec/client-side-encryption/tests/distinct.json +++ b/test/spec/client-side-encryption/tests/distinct.json @@ -161,18 +161,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/distinct.yml b/test/spec/client-side-encryption/tests/distinct.yml index 8c8e4dd65db..ca1d8fbf6b8 100644 --- a/test/spec/client-side-encryption/tests/distinct.yml +++ b/test/spec/client-side-encryption/tests/distinct.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/explain.json b/test/spec/client-side-encryption/tests/explain.json index 5ad46bc238b..0e451e4818a 100644 --- a/test/spec/client-side-encryption/tests/explain.json +++ b/test/spec/client-side-encryption/tests/explain.json @@ -155,18 +155,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/explain.yml b/test/spec/client-side-encryption/tests/explain.yml index a2733e7d32a..c0dd9c57c02 100644 --- a/test/spec/client-side-encryption/tests/explain.yml +++ b/test/spec/client-side-encryption/tests/explain.yml @@ -33,13 +33,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/find.json b/test/spec/client-side-encryption/tests/find.json index b7c5258a13c..1feddab0e37 100644 --- a/test/spec/client-side-encryption/tests/find.json +++ b/test/spec/client-side-encryption/tests/find.json @@ -160,18 +160,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -302,18 +290,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/find.yml b/test/spec/client-side-encryption/tests/find.yml index 053fb085442..20179a314c0 100644 --- a/test/spec/client-side-encryption/tests/find.yml +++ b/test/spec/client-side-encryption/tests/find.yml @@ -30,13 +30,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -78,13 +71,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndDelete.json b/test/spec/client-side-encryption/tests/findOneAndDelete.json index 6261d8601ba..e418a4581be 100644 --- a/test/spec/client-side-encryption/tests/findOneAndDelete.json +++ b/test/spec/client-side-encryption/tests/findOneAndDelete.json @@ -148,18 +148,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndDelete.yml b/test/spec/client-side-encryption/tests/findOneAndDelete.yml index 44dc5b53d4b..6650f2132dc 100644 --- a/test/spec/client-side-encryption/tests/findOneAndDelete.yml +++ b/test/spec/client-side-encryption/tests/findOneAndDelete.yml @@ -28,13 +28,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndReplace.json b/test/spec/client-side-encryption/tests/findOneAndReplace.json index d91bc059980..78baca8432e 100644 --- a/test/spec/client-side-encryption/tests/findOneAndReplace.json +++ b/test/spec/client-side-encryption/tests/findOneAndReplace.json @@ -147,18 +147,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndReplace.yml b/test/spec/client-side-encryption/tests/findOneAndReplace.yml index 9288a220833..f39f3c0fb4e 100644 --- a/test/spec/client-side-encryption/tests/findOneAndReplace.yml +++ b/test/spec/client-side-encryption/tests/findOneAndReplace.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndUpdate.json b/test/spec/client-side-encryption/tests/findOneAndUpdate.json index fad70609ad7..1d858511516 100644 --- a/test/spec/client-side-encryption/tests/findOneAndUpdate.json +++ b/test/spec/client-side-encryption/tests/findOneAndUpdate.json @@ -149,18 +149,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndUpdate.yml b/test/spec/client-side-encryption/tests/findOneAndUpdate.yml index 38852149ace..459902fd448 100644 --- a/test/spec/client-side-encryption/tests/findOneAndUpdate.yml +++ b/test/spec/client-side-encryption/tests/findOneAndUpdate.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/gcpKMS.json b/test/spec/client-side-encryption/tests/gcpKMS.json index a715a7d152a..297d5d0dc8e 100644 --- a/test/spec/client-side-encryption/tests/gcpKMS.json +++ b/test/spec/client-side-encryption/tests/gcpKMS.json @@ -141,18 +141,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/gcpKMS.yml b/test/spec/client-side-encryption/tests/gcpKMS.yml index e07a8809cc2..736d9684dfc 100644 --- a/test/spec/client-side-encryption/tests/gcpKMS.yml +++ b/test/spec/client-side-encryption/tests/gcpKMS.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/getMore.json b/test/spec/client-side-encryption/tests/getMore.json index cf234422264..ee99bf7537e 100644 --- a/test/spec/client-side-encryption/tests/getMore.json +++ b/test/spec/client-side-encryption/tests/getMore.json @@ -179,18 +179,6 @@ "command_name": "find" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/getMore.yml b/test/spec/client-side-encryption/tests/getMore.yml index 0dc9cef6cb2..4359ee89174 100644 --- a/test/spec/client-side-encryption/tests/getMore.yml +++ b/test/spec/client-side-encryption/tests/getMore.yml @@ -38,13 +38,6 @@ tests: find: *collection_name batchSize: 2 command_name: find - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/insert.json b/test/spec/client-side-encryption/tests/insert.json index 78fa8feba0e..cf2910fd7a1 100644 --- a/test/spec/client-side-encryption/tests/insert.json +++ b/test/spec/client-side-encryption/tests/insert.json @@ -131,18 +131,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -258,18 +246,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/insert.yml b/test/spec/client-side-encryption/tests/insert.yml index 0dc1042be22..99521f0350d 100644 --- a/test/spec/client-side-encryption/tests/insert.yml +++ b/test/spec/client-side-encryption/tests/insert.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -71,13 +64,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/keyAltName.json b/test/spec/client-side-encryption/tests/keyAltName.json index d062bed4537..7f71b9dbeb4 100644 --- a/test/spec/client-side-encryption/tests/keyAltName.json +++ b/test/spec/client-side-encryption/tests/keyAltName.json @@ -131,18 +131,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/keyAltName.yml b/test/spec/client-side-encryption/tests/keyAltName.yml index 1536dc724c0..a7660ba38c3 100644 --- a/test/spec/client-side-encryption/tests/keyAltName.yml +++ b/test/spec/client-side-encryption/tests/keyAltName.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/localKMS.json b/test/spec/client-side-encryption/tests/localKMS.json index e4d25309c44..67c4ba1308e 100644 --- a/test/spec/client-side-encryption/tests/localKMS.json +++ b/test/spec/client-side-encryption/tests/localKMS.json @@ -114,18 +114,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/localKMS.yml b/test/spec/client-side-encryption/tests/localKMS.yml index b5d82fb0a71..4c0d962f327 100644 --- a/test/spec/client-side-encryption/tests/localKMS.yml +++ b/test/spec/client-side-encryption/tests/localKMS.yml @@ -26,13 +26,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/localSchema.json b/test/spec/client-side-encryption/tests/localSchema.json index 7071d6fefd1..4698520f6fa 100644 --- a/test/spec/client-side-encryption/tests/localSchema.json +++ b/test/spec/client-side-encryption/tests/localSchema.json @@ -136,18 +136,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/localSchema.yml b/test/spec/client-side-encryption/tests/localSchema.yml index a5842fe61cf..89b4bd51d04 100644 --- a/test/spec/client-side-encryption/tests/localSchema.yml +++ b/test/spec/client-side-encryption/tests/localSchema.yml @@ -25,13 +25,6 @@ tests: filter: { _id: 1 } result: [*doc0] expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/missingKey.json b/test/spec/client-side-encryption/tests/missingKey.json index ac8e8320b0e..275147bb723 100644 --- a/test/spec/client-side-encryption/tests/missingKey.json +++ b/test/spec/client-side-encryption/tests/missingKey.json @@ -140,18 +140,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "different" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/missingKey.yml b/test/spec/client-side-encryption/tests/missingKey.yml index dc65d40b287..2be5395108f 100644 --- a/test/spec/client-side-encryption/tests/missingKey.yml +++ b/test/spec/client-side-encryption/tests/missingKey.yml @@ -32,13 +32,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "different" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/replaceOne.json b/test/spec/client-side-encryption/tests/replaceOne.json index 5cdb3d40f0d..9757686819d 100644 --- a/test/spec/client-side-encryption/tests/replaceOne.json +++ b/test/spec/client-side-encryption/tests/replaceOne.json @@ -148,18 +148,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/replaceOne.yml b/test/spec/client-side-encryption/tests/replaceOne.yml index a2573d701c1..e3b50a828ba 100644 --- a/test/spec/client-side-encryption/tests/replaceOne.yml +++ b/test/spec/client-side-encryption/tests/replaceOne.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/types.json b/test/spec/client-side-encryption/tests/types.json index 47e4c27a2e2..a070f8bff71 100644 --- a/test/spec/client-side-encryption/tests/types.json +++ b/test/spec/client-side-encryption/tests/types.json @@ -103,18 +103,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -254,18 +242,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -405,18 +381,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -656,18 +620,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -807,18 +759,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1057,18 +997,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1214,18 +1142,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1369,18 +1285,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/types.yml b/test/spec/client-side-encryption/tests/types.yml index 6136b0c60ee..b0827eae73a 100644 --- a/test/spec/client-side-encryption/tests/types.yml +++ b/test/spec/client-side-encryption/tests/types.yml @@ -27,13 +27,6 @@ tests: filter: { _id: 1 } result: *doc0 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -75,13 +68,6 @@ tests: filter: { _id: 1 } result: *doc1 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -123,13 +109,6 @@ tests: filter: { _id: 1 } result: *doc2 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -197,13 +176,6 @@ tests: filter: { _id: 1 } result: *doc6 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -245,13 +217,6 @@ tests: filter: { _id: 1 } result: *doc7 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -319,13 +284,6 @@ tests: filter: { _id: 1 } result: *doc10 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -367,13 +325,6 @@ tests: filter: { _id: 1 } result: *doc11 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -415,13 +366,6 @@ tests: filter: { _id: 1 } result: *doc13 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/updateMany.json b/test/spec/client-side-encryption/tests/updateMany.json index fd1f4d12bdf..823909044b7 100644 --- a/test/spec/client-side-encryption/tests/updateMany.json +++ b/test/spec/client-side-encryption/tests/updateMany.json @@ -164,18 +164,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/updateMany.yml b/test/spec/client-side-encryption/tests/updateMany.yml index 30c2e0854f7..6d8c7e9707b 100644 --- a/test/spec/client-side-encryption/tests/updateMany.yml +++ b/test/spec/client-side-encryption/tests/updateMany.yml @@ -32,13 +32,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/updateOne.json b/test/spec/client-side-encryption/tests/updateOne.json index bed763d7205..23bada964ff 100644 --- a/test/spec/client-side-encryption/tests/updateOne.json +++ b/test/spec/client-side-encryption/tests/updateOne.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/updateOne.yml b/test/spec/client-side-encryption/tests/updateOne.yml index 597d30c3f44..aef3716fadc 100644 --- a/test/spec/client-side-encryption/tests/updateOne.yml +++ b/test/spec/client-side-encryption/tests/updateOne.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: