@@ -1103,13 +1103,178 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
11031103 } ) ;
11041104 } ) ;
11051105
1106- // TODO(NODE-2422): Implement bypass prose tests
1107- describe ( 'Bypass spawning mongocryptd' , ( ) => {
1108- it . skip ( 'Via mongocryptdBypassSpawn' , ( ) => { } ) . skipReason =
1109- 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests' ;
1106+ describe ( 'Bypass spawning mongocryptd' , function ( ) {
1107+ describe ( 'via mongocryptdBypassSpawn' , function ( ) {
1108+ let clientEncrypted ;
1109+ // Create a MongoClient configured with auto encryption
1110+ // Configure the required options. use the `local` KMS provider as follows:
1111+ // ```javascript
1112+ // { "local" : {"key": <base64 decoding of LOCAL_MASTERKEY>} }
1113+ // ```
1114+ // configure with the `keyVaultNamespace` set to `keyvault.datakeys`
1115+ // configure with `client_encrypted` to use the schema `external/external-schema.json` for
1116+ // `db.coll` by setting a schema map like `{"db.coll": <contents of external-schema.json }`
1117+ beforeEach ( async function ( ) {
1118+ clientEncrypted = this . configuration . newClient (
1119+ { } ,
1120+ {
1121+ // Configure the required options. use the `local` KMS provider as follows:
1122+ // ```javascript
1123+ // { "local" : {"key": <base64 decoding of LOCAL_MASTERKEY>} }
1124+ // ```
1125+ // configure with the `keyVaultNamespace` set to `keyvault.datakeys`
1126+ // configure with `client_encrypted` to use the schema `external/external-schema.json` for
1127+ // `db.coll` by setting a schema map like `{"db.coll": <contents of external-schema.json }`
1128+ autoEncryption : {
1129+ keyVaultNamespace,
1130+ kmsProviders : { local : { key : LOCAL_KEY } } ,
1131+ schemaMap : { dataNamespace : externalSchema } ,
1132+ // Configure the following `extraOptions`
1133+ // {
1134+ // "mongocryptdBypassSpawn": true
1135+ // "mongocryptdURI": "mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000",
1136+ // "mongocryptdSpawnArgs": [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"]
1137+ // }
1138+ extraOptions : {
1139+ mongocryptdBypassSpawn : true ,
1140+ mongocryptdURI : 'mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000' ,
1141+ mongocryptdSpawnArgs : [
1142+ '--pidfilepath=bypass-spawning-mongocryptd.pid' ,
1143+ '--port=27021'
1144+ ]
1145+ }
1146+ }
1147+ }
1148+ ) ;
1149+ } ) ;
1150+
1151+ beforeEach ( 'precondition: the shared library must NOT be loaded' , function ( ) {
1152+ const { cryptSharedLibPath } = getEncryptExtraOptions ( ) ;
1153+ if ( cryptSharedLibPath ) {
1154+ this . currentTest . skipReason =
1155+ 'test requires that the shared library NOT is present, but CRYPT_SHARED_LIB_PATH is set.' ;
1156+ this . skip ( ) ;
1157+ }
1158+ // the presence of the shared library can only be reliably determine after
1159+ // libmongocrypt has been initialized, and can be detected with the
1160+ // cryptSharedLibVersionInfo getter on the autoEncrypter.
1161+ expect ( ! ! clientEncrypted . autoEncrypter . cryptSharedLibVersionInfo ) . to . be . false ;
1162+ } ) ;
1163+
1164+ afterEach ( async function ( ) {
1165+ await clientEncrypted ?. close ( ) ;
1166+ } ) ;
1167+
1168+ it ( 'does not spawn mongocryptd' , metadata , async function ( ) {
1169+ // Use client_encrypted to insert the document {"encrypted": "test"} into db.coll.
1170+ // Expect a server selection error propagated from the internal MongoClient failing to connect to mongocryptd on port 27021.
1171+ const insertError = await clientEncrypted
1172+ . db ( dataDbName )
1173+ . collection ( dataCollName )
1174+ . insertOne ( { encrypted : 'test' } )
1175+ . catch ( e => e ) ;
1176+
1177+ expect ( insertError )
1178+ . to . be . instanceOf ( Error )
1179+ . to . have . property ( 'name' , 'MongoServerSelectionError' ) ;
11101180
1111- it . skip ( 'Via bypassAutoEncryption' , ( ) => { } ) . skipReason =
1112- 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests' ;
1181+ expect ( insertError ) . to . match ( / c o n n e c t E C O N N R E F U S E D 1 2 7 .0 .0 .1 : 2 7 0 2 1 / ) ;
1182+
1183+ expect ( insertError ) . not . to . be . instanceOf (
1184+ MongoServerSelectionError ,
1185+ `
1186+
1187+ TODO(NODE-5283): The error thrown in this test fails an instanceof check with MongoServerSelectionError.
1188+ This should change after NODE-5283. If this assertion is failing, then the test
1189+ should be updated to reflect that the error thrown is now a server selection error.
1190+
1191+ `
1192+ ) ;
1193+ } ) ;
1194+ } ) ;
1195+
1196+ describe ( 'via bypassAutoEncryption' , function ( ) {
1197+ let clientEncrypted ;
1198+ let client ;
1199+ // Create a MongoClient configured with auto encryption
1200+ // Configure the required options. use the `local` KMS provider as follows:
1201+ // ```javascript
1202+ // { "local" : {"key": <base64 decoding of LOCAL_MASTERKEY>} }
1203+ // ```
1204+ // configure with the `keyVaultNamespace` set to `keyvault.datakeys`
1205+ // configure with bypassAutoEncryption=true.
1206+ // `db.coll` by setting a schema map like `{"db.coll": <contents of external-schema.json }`
1207+ beforeEach ( async function ( ) {
1208+ clientEncrypted = this . configuration . newClient (
1209+ { } ,
1210+ {
1211+ // Configure the required options. use the `local` KMS provider as follows:
1212+ // ```javascript
1213+ // { "local" : {"key": <base64 decoding of LOCAL_MASTERKEY>} }
1214+ // ```
1215+ // configure with the `keyVaultNamespace` set to `keyvault.datakeys`
1216+ // Configure with bypassAutoEncryption=true.
1217+ autoEncryption : {
1218+ keyVaultNamespace,
1219+ bypassAutoEncryption : true ,
1220+ kmsProviders : { local : { key : LOCAL_KEY } } ,
1221+ extraOptions : {
1222+ // Configure the following extraOptions
1223+ // ```javascript
1224+ // {
1225+ // "mongocryptdSpawnArgs": [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"]
1226+ // }
1227+ //```
1228+ mongocryptdSpawnArgs : [
1229+ '--pidfilepath=bypass-spawning-mongocryptd.pid' ,
1230+ '--port=27021'
1231+ ]
1232+ }
1233+ }
1234+ }
1235+ ) ;
1236+
1237+ // Use client_encrypted to insert the document {"unencrypted": "test"} into db.coll.
1238+ await clientEncrypted . connect ( ) ;
1239+ const insertResult = await clientEncrypted
1240+ . db ( dataDbName )
1241+ . collection ( dataCollName )
1242+ . insertOne ( { unencrypted : 'test' } ) ;
1243+
1244+ // Expect this to succeed.
1245+ expect ( insertResult ) . to . have . property ( 'insertedId' ) ;
1246+ } ) ;
1247+
1248+ beforeEach ( 'precondition: the shared library must NOT be loaded' , function ( ) {
1249+ const { cryptSharedLibPath } = getEncryptExtraOptions ( ) ;
1250+ if ( cryptSharedLibPath ) {
1251+ this . currentTest . skipReason =
1252+ 'test requires that the shared library NOT is present, but CRYPT_SHARED_LIB_PATH is set.' ;
1253+ this . skip ( ) ;
1254+ }
1255+ // the presence of the shared library can only be reliably determine after
1256+ // libmongocrypt has been initialized, and can be detected with the
1257+ // cryptSharedLibVersionInfo getter on the autoEncrypter.
1258+ expect ( ! ! clientEncrypted . autoEncrypter . cryptSharedLibVersionInfo ) . to . be . false ;
1259+ } ) ;
1260+
1261+ afterEach ( async function ( ) {
1262+ await clientEncrypted ?. close ( ) ;
1263+ await client ?. close ( ) ;
1264+ } ) ;
1265+
1266+ // Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021
1267+ // (or whatever was passed via --port) with serverSelectionTimeoutMS=1000. Run a handshake
1268+ // command and ensure it fails with a server selection timeout.
1269+ it ( 'does not spawn mongocryptd' , metadata , async function ( ) {
1270+ client = new MongoClient ( 'mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000' ) ;
1271+ const error = await client . connect ( ) . catch ( e => e ) ;
1272+
1273+ expect ( error )
1274+ . to . be . instanceOf ( MongoServerSelectionError )
1275+ . to . match ( / c o n n e c t E C O N N R E F U S E D 1 2 7 .0 .0 .1 : 2 7 0 2 1 / ) ;
1276+ } ) ;
1277+ } ) ;
11131278
11141279 describe ( 'via loading shared library' , function ( ) {
11151280 let clientEncrypted ;
0 commit comments