diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 5058fae720b..46faf26ed33 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -470,6 +470,36 @@ functions: -p 8100 \ -v \ --fault revoked + run custom csfle tests: + - command: shell.exec + type: test + params: + silent: true + working_dir: src + script: | + ${PREPARE_SHELL} + cat < prepare_client_encryption.sh + export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION} + export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}' + export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" + export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" + export CSFLE_GIT_REF="${CSFLE_GIT_REF}" + export CDRIVER_GIT_REF="${CDRIVER_GIT_REF}" + EOT + - command: shell.exec + type: test + params: + working_dir: src + timeout_secs: 60 + script: | + ${PREPARE_SHELL} + + # Disable xtrace (just in case it was accidentally set). + set +x + . ./prepare_client_encryption.sh + rm -f ./prepare_client_encryption.sh + + MONGODB_URI="${MONGODB_URI}" bash ${PROJECT_DIRECTORY}/.evergreen/run-custom-csfle-tests.sh upload test results: - command: attach.xunit_results params: @@ -1177,6 +1207,18 @@ tasks: vars: NODE_LTS_NAME: fermium - func: run mongosh integration tests + - name: run-custom-csfle-tests + tags: + - run-custom-csfle-tests + commands: + - func: install dependencies + vars: + NODE_LTS_NAME: erbium + - func: bootstrap mongo-orchestration + vars: + VERSION: '4.4' + TOPOLOGY: server + - func: run custom csfle tests buildvariants: - name: macos-1014-dubnium display_name: macOS 10.14 Node Dubnium @@ -1504,6 +1546,11 @@ buildvariants: run_on: rhel70 tasks: - run-checks + - name: ubuntu1804-custom-csfle-tests + display_name: Custom FLE Version Test + run_on: ubuntu1804-test + tasks: + - run-custom-csfle-tests - name: mongosh_integration_tests display_name: mongosh integration tests run_on: ubuntu1804-test diff --git a/.evergreen/config.yml.in b/.evergreen/config.yml.in index 2e72318aefe..5946e26a2f9 100644 --- a/.evergreen/config.yml.in +++ b/.evergreen/config.yml.in @@ -513,6 +513,37 @@ functions: -v \ --fault revoked + "run custom csfle tests": + - command: shell.exec + type: test + params: + silent: true + working_dir: "src" + script: | + ${PREPARE_SHELL} + cat < prepare_client_encryption.sh + export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION} + export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}' + export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" + export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" + export CSFLE_GIT_REF="${CSFLE_GIT_REF}" + export CDRIVER_GIT_REF="${CDRIVER_GIT_REF}" + EOT + - command: shell.exec + type: test + params: + working_dir: "src" + timeout_secs: 60 + script: | + ${PREPARE_SHELL} + + # Disable xtrace (just in case it was accidentally set). + set +x + . ./prepare_client_encryption.sh + rm -f ./prepare_client_encryption.sh + + MONGODB_URI="${MONGODB_URI}" bash ${PROJECT_DIRECTORY}/.evergreen/run-custom-csfle-tests.sh + "upload test results": # Upload the xunit-format test results. - command: attach.xunit_results diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 4a6f4518005..fe36f52f829 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -521,6 +521,11 @@ BUILD_VARIANTS.push({ display_name: 'lint', run_on: 'rhel70', tasks: ['run-checks'] +}, { + name: 'ubuntu1804-custom-csfle-tests', + display_name: 'Custom FLE Version Test', + run_on: 'ubuntu1804-test', + tasks: ['run-custom-csfle-tests'] }); // singleton build variant for mongosh integration tests @@ -557,6 +562,28 @@ BUILD_VARIANTS.push({ tasks: AWS_AUTH_TASKS }); +// special case for custom CSFLE test +SINGLETON_TASKS.push({ + name: 'run-custom-csfle-tests', + tags: ['run-custom-csfle-tests'], + commands: [ + { + func: 'install dependencies', + vars: { + NODE_LTS_NAME: 'erbium', + }, + }, + { + func: 'bootstrap mongo-orchestration', + vars: { + VERSION: '4.4', + TOPOLOGY: 'server' + } + }, + { func: 'run custom csfle tests' } + ] +}); + const fileData = yaml.safeLoad(fs.readFileSync(`${__dirname}/config.yml.in`, 'utf8')); fileData.tasks = (fileData.tasks || []).concat(BASE_TASKS).concat(TASKS).concat(SINGLETON_TASKS); fileData.buildvariants = (fileData.buildvariants || []).concat(BUILD_VARIANTS); diff --git a/.evergreen/run-custom-csfle-tests.sh b/.evergreen/run-custom-csfle-tests.sh new file mode 100644 index 00000000000..e2c012c3aca --- /dev/null +++ b/.evergreen/run-custom-csfle-tests.sh @@ -0,0 +1,51 @@ +#! /usr/bin/env bash + +# Initiail checks for running these tests +if [ -z ${AWS_ACCESS_KEY_ID+omitted} ]; then echo "AWS_ACCESS_KEY_ID is unset" && exit 1; fi +if [ -z ${AWS_SECRET_ACCESS_KEY+omitted} ]; then echo "AWS_SECRET_ACCESS_KEY is unset" && exit 1; fi +if [ -z ${CSFLE_KMS_PROVIDERS+omitted} ]; then echo "CSFLE_KMS_PROVIDERS is unset" && exit 1; fi + +[ -s "$PROJECT_DIRECTORY/node-artifacts/nvm/nvm.sh" ] && source "$PROJECT_DIRECTORY"/node-artifacts/nvm/nvm.sh + +set -o xtrace # Write all commands first to stderr +set -o errexit # Exit the script with error if any of the commands fail + +# Environment Variables: +# CSFLE_GIT_REF - set the git reference to checkout for a custom CSFLE version +# CDRIVER_GIT_REF - set the git reference to checkout for a custom CDRIVER version (this is for libbson) + +CSFLE_GIT_REF=${CSFLE_GIT_REF:-master} +CDRIVER_GIT_REF=${CDRIVER_GIT_REF:-1.17.4} + +rm -rf csfle-deps-tmp +mkdir -p csfle-deps-tmp +pushd csfle-deps-tmp + +rm -rf libmongocrypt mongo-c-driver + +git clone https://github.com/mongodb/libmongocrypt.git +pushd libmongocrypt +git fetch --tags +git checkout "$CSFLE_GIT_REF" -b csfle-custom +popd # libmongocrypt + +git clone https://github.com/mongodb/mongo-c-driver.git +pushd mongo-c-driver +git fetch --tags +git checkout "$CDRIVER_GIT_REF" -b cdriver-custom +popd # mongo-c-driver + +pushd libmongocrypt/bindings/node + +source ./.evergreen/find_cmake.sh +bash ./etc/build-static.sh + +popd # libmongocrypt/bindings/node +popd # csfle-deps-tmp + +npm install + +cp -r csfle-deps-tmp/libmongocrypt/bindings/node node_modules/mongodb-client-encryption + +export MONGODB_URI=${MONGODB_URI} +npx mocha test/functional/client_side_encryption diff --git a/src/connection_string.ts b/src/connection_string.ts index a119be4ca3c..519d337830e 100644 --- a/src/connection_string.ts +++ b/src/connection_string.ts @@ -29,7 +29,7 @@ import { MongoCredentials } from './cmap/auth/mongo_credentials'; import type { TagSet } from './sdam/server_description'; import { Logger, LoggerLevelId } from './logger'; import { PromiseProvider } from './promise_provider'; -import { createAutoEncrypter } from './operations/connect'; +import { Encrypter } from './encrypter'; /** * Determines whether a provided address matches the provided parent domain in order @@ -424,9 +424,7 @@ export function parseOptions( } checkTLSOptions(mongoOptions); - if (mongoClient && options.autoEncryption) { - mongoOptions.autoEncrypter = createAutoEncrypter(mongoClient, mongoOptions); - } + if (options.promiseLibrary) PromiseProvider.set(options.promiseLibrary); if (mongoOptions.directConnection && typeof mongoOptions.srvHost === 'string') { @@ -439,6 +437,12 @@ export function parseOptions( mongoOptions.userSpecifiedReplicaSet = objectOptions.has('replicaSet') || urlOptions.has('replicaSet'); + if (mongoClient && mongoOptions.autoEncryption) { + Encrypter.checkForMongoCrypt(); + mongoOptions.encrypter = new Encrypter(mongoClient, uri, options); + mongoOptions.autoEncrypter = mongoOptions.encrypter.autoEncrypter; + } + return mongoOptions; } diff --git a/src/deps.ts b/src/deps.ts index 30fed6d3756..361746e8c5f 100644 --- a/src/deps.ts +++ b/src/deps.ts @@ -1,6 +1,6 @@ import { MongoError } from './error'; import type { MongoClient } from './mongo_client'; -import type { Document } from './bson'; +import type { deserialize, Document, serialize } from './bson'; import type { Callback } from './utils'; function makeErrorModule(error: any) { @@ -81,6 +81,10 @@ export type AutoEncryptionLoggerLevelId = typeof AutoEncryptionLoggerLevel[keyof /** @public */ export interface AutoEncryptionOptions { + /** @internal */ + bson?: { serialize: typeof serialize; deserialize: typeof deserialize }; + /** @internal client for metadata lookups */ + metadataClient?: MongoClient; /** A `MongoClient` used to fetch keys from a key vault */ keyVaultClient?: MongoClient; /** The namespace where keys are stored in the key vault */ @@ -168,6 +172,8 @@ export interface AutoEncryptionOptions { /** @public */ export interface AutoEncrypter { + // eslint-disable-next-line @typescript-eslint/no-misused-new + new (client: MongoClient, options: AutoEncryptionOptions): AutoEncrypter; init(cb: Callback): void; teardown(force: boolean, callback: Callback): void; encrypt(ns: string, cmd: Document, options: any, callback: Callback): void; diff --git a/src/encrypter.ts b/src/encrypter.ts new file mode 100644 index 00000000000..25c648e2377 --- /dev/null +++ b/src/encrypter.ts @@ -0,0 +1,148 @@ +/* eslint-disable @typescript-eslint/no-var-requires */ +import { MongoClient, MongoClientOptions } from './mongo_client'; +import type { AutoEncrypter, AutoEncryptionOptions } from './deps'; +import { MongoError } from './error'; +import { deserialize, serialize } from './bson'; +import type { Callback } from './utils'; +import { Connection } from './cmap/connection'; +import { Topology } from './sdam/topology'; +import { Server } from './sdam/server'; +import { CMAP_EVENT_NAMES } from './cmap/connection_pool'; + +let AutoEncrypterClass: AutoEncrypter; + +const kInternalClient = Symbol('internalClient'); + +/** @internal */ +export interface EncrypterOptions { + autoEncryption: AutoEncryptionOptions; + maxPoolSize?: number; +} + +/** @internal */ +export class Encrypter { + [kInternalClient]: MongoClient; + bypassAutoEncryption: boolean; + needsConnecting: boolean; + autoEncrypter: AutoEncrypter; + + constructor(client: MongoClient, uri: string, options: MongoClientOptions) { + if (typeof options.autoEncryption !== 'object') { + throw new TypeError('Options autoEncryption must be specified'); + } + + this.bypassAutoEncryption = !!options.autoEncryption.bypassAutoEncryption; + this.needsConnecting = false; + + if (options.maxPoolSize === 0 && options.autoEncryption.keyVaultClient == null) { + options.autoEncryption.keyVaultClient = client; + } else if (options.autoEncryption.keyVaultClient == null) { + options.autoEncryption.keyVaultClient = this.getInternalClient(client, uri, options); + } + + if (this.bypassAutoEncryption) { + options.autoEncryption.metadataClient = undefined; + } else if (options.maxPoolSize === 0) { + options.autoEncryption.metadataClient = client; + } else { + options.autoEncryption.metadataClient = this.getInternalClient(client, uri, options); + } + + options.autoEncryption.bson = Object.create(null); + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + options.autoEncryption.bson!.serialize = serialize; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + options.autoEncryption.bson!.deserialize = deserialize; + + this.autoEncrypter = new AutoEncrypterClass(client, options.autoEncryption); + } + + getInternalClient(client: MongoClient, uri: string, options: MongoClientOptions): MongoClient { + if (!this[kInternalClient]) { + const clonedOptions: MongoClientOptions = {}; + + for (const key of Object.keys(options)) { + if (['autoEncryption', 'minPoolSize', 'servers', 'caseTranslate', 'dbName'].includes(key)) + continue; + Reflect.set(clonedOptions, key, Reflect.get(options, key)); + } + + clonedOptions.minPoolSize = 0; + + const allEvents = [ + // APM + Connection.COMMAND_STARTED, + Connection.COMMAND_SUCCEEDED, + Connection.COMMAND_FAILED, + + // SDAM + Topology.SERVER_OPENING, + Topology.SERVER_CLOSED, + Topology.SERVER_DESCRIPTION_CHANGED, + Topology.TOPOLOGY_OPENING, + Topology.TOPOLOGY_CLOSED, + Topology.SERVER_DESCRIPTION_CHANGED, + Server.SERVER_HEARTBEAT_STARTED, + Server.SERVER_HEARTBEAT_FAILED, + Server.SERVER_HEARTBEAT_SUCCEEDED, + + // CMAP + ...CMAP_EVENT_NAMES + ]; + + this[kInternalClient] = new MongoClient(uri, clonedOptions); + + for (const eventName of allEvents) { + for (const listener of client.listeners(eventName)) { + this[kInternalClient].on(eventName, listener as (...args: any[]) => void); + } + } + + client.on('newListener', (eventName, listener) => { + this[kInternalClient].on(eventName, listener); + }); + + this.needsConnecting = true; + } + return this[kInternalClient]; + } + + connectInternalClient(callback: Callback): void { + if (this.needsConnecting) { + this.needsConnecting = false; + return this[kInternalClient].connect(callback); + } + + return callback(); + } + + close(client: MongoClient, force: boolean, callback: Callback): void { + this.autoEncrypter.teardown(!!force, e => { + if (this[kInternalClient] && client !== this[kInternalClient]) { + return this[kInternalClient].close(force, callback); + } + callback(e); + }); + } + + static checkForMongoCrypt(): void { + try { + require.resolve('mongodb-client-encryption'); + } catch (err) { + throw new MongoError( + 'Auto-encryption requested, but the module is not installed. ' + + 'Please add `mongodb-client-encryption` as a dependency of your project' + ); + } + + const mongodbClientEncryption = require('mongodb-client-encryption'); + if (typeof mongodbClientEncryption.extension !== 'function') { + throw new MongoError( + 'loaded version of `mongodb-client-encryption` does not have property `extension`. ' + + 'Please make sure you are loading the correct version of `mongodb-client-encryption`' + ); + } + + AutoEncrypterClass = mongodbClientEncryption.extension(require('../lib/index')).AutoEncrypter; + } +} diff --git a/src/index.ts b/src/index.ts index a9c6f505b0f..5acbc023f99 100644 --- a/src/index.ts +++ b/src/index.ts @@ -324,3 +324,4 @@ export type { } from './bulk/common'; export type { OrderedBulkOperation } from './bulk/ordered'; export type { UnorderedBulkOperation } from './bulk/unordered'; +export type { Encrypter, EncrypterOptions } from './encrypter'; diff --git a/src/mongo_client.ts b/src/mongo_client.ts index c052f4399e5..34f0a72e7cb 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -31,6 +31,7 @@ import type { TcpNetConnectOpts } from 'net'; import type { SrvPoller } from './sdam/srv_polling'; import type { Connection } from './cmap/connection'; import type { LEGAL_TLS_SOCKET_OPTIONS, LEGAL_TCP_SOCKET_OPTIONS } from './cmap/connect'; +import type { Encrypter } from './encrypter'; /** @public */ export const ServerApiVersion = { @@ -215,7 +216,21 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC monitorCommands?: boolean; /** Server API version */ serverApi?: ServerApi | ServerApiVersionId; - /** Optionally enable client side auto encryption */ + /** + * Optionally enable client side auto encryption + * + * @remarks + * Automatic encryption is an enterprise only feature that only applies to operations on a collection. Automatic encryption is not supported for operations on a database or view, and operations that are not bypassed will result in error + * (see [libmongocrypt: Auto Encryption Allow-List](https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/client-side-encryption.rst#libmongocrypt-auto-encryption-allow-list)). To bypass automatic encryption for all operations, set bypassAutoEncryption=true in AutoEncryptionOpts. + * + * Automatic encryption requires the authenticated user to have the [listCollections privilege action](https://docs.mongodb.com/manual/reference/command/listCollections/#dbcmd.listCollections). + * + * If a MongoClient with a limited connection pool size (i.e a non-zero maxPoolSize) is configured with AutoEncryptionOptions, a separate internal MongoClient is created if any of the following are true: + * - AutoEncryptionOptions.keyVaultClient is not passed. + * - AutoEncryptionOptions.bypassAutomaticEncryption is false. + * + * If an internal MongoClient is created, it is configured with the same options as the parent MongoClient except minPoolSize is set to 0 and AutoEncryptionOptions is omitted. + */ autoEncryption?: AutoEncryptionOptions; /** Allows a wrapping driver to amend the client metadata generated by the driver to include information about the wrapping driver */ driverInfo?: DriverInfo; @@ -408,23 +423,24 @@ export class MongoClient extends EventEmitter { const force = typeof forceOrCallback === 'boolean' ? forceOrCallback : false; - return maybePromise(callback, cb => { + return maybePromise(callback, callback => { if (this.topology == null) { - return cb(); + return callback(); } // clear out references to old topology const topology = this.topology; this.topology = undefined; - topology.close({ force }, err => { - const autoEncrypter = topology.s.options.autoEncrypter; - if (!autoEncrypter) { - cb(err); - return; + topology.close({ force }, error => { + if (error) return callback(error); + const { encrypter } = this[kOptions]; + if (encrypter) { + return encrypter.close(this, force, error => { + callback(error); + }); } - - autoEncrypter.teardown(force, err2 => cb(err || err2)); + callback(); }); }); } @@ -641,7 +657,11 @@ export interface MongoOptions metadata: ClientMetadata; autoEncrypter?: AutoEncrypter; + /** @internal */ + encrypter: Encrypter; + /** @internal */ userSpecifiedAuthSource: boolean; + /** @internal */ userSpecifiedReplicaSet: boolean; /** diff --git a/src/operations/connect.ts b/src/operations/connect.ts index a768cb06307..ee8c8ba7f51 100644 --- a/src/operations/connect.ts +++ b/src/operations/connect.ts @@ -3,11 +3,9 @@ import { Topology } from '../sdam/topology'; import { resolveSRVRecord } from '../connection_string'; import type { Callback } from '../utils'; import { CMAP_EVENT_NAMES } from '../cmap/connection_pool'; -import * as BSON from '../bson'; import type { MongoClient, MongoOptions } from '../mongo_client'; import { Connection } from '../cmap/connection'; import { Server } from '../sdam/server'; -import type { AutoEncrypter } from '../deps'; export function connect( mongoClient: MongoClient, @@ -68,44 +66,6 @@ function createListener(mongoClient: MongoClient, event: string): Listen }; } -/** - * If AutoEncryption is requested, handles the optional dependency logic and passing through options - * returns undefined if CSFLE is not enabled. - * @throws if optional 'mongodb-client-encryption' dependency missing - */ -export function createAutoEncrypter( - client: MongoClient, - options: MongoOptions -): AutoEncrypter | undefined { - if (!options.autoEncryption) { - return; - } - try { - require.resolve('mongodb-client-encryption'); - } catch (err) { - throw new MongoError( - 'Auto-encryption requested, but the module is not installed. ' + - 'Please add `mongodb-client-encryption` as a dependency of your project' - ); - } - - // eslint-disable-next-line @typescript-eslint/no-var-requires - const mongodbClientEncryption = require('mongodb-client-encryption'); - if (typeof mongodbClientEncryption.extension !== 'function') { - throw new MongoError( - 'loaded version of `mongodb-client-encryption` does not have property `extension`. ' + - 'Please make sure you are loading the correct version of `mongodb-client-encryption`' - ); - } - const { AutoEncrypter: AutoEncrypterClass } = mongodbClientEncryption.extension( - // eslint-disable-next-line @typescript-eslint/no-var-requires - require('../../lib/index') - ); - - const mongoCryptOptions = Object.assign({ bson: BSON }, options.autoEncryption); - return new AutoEncrypterClass(client, mongoCryptOptions); -} - function createTopology( mongoClient: MongoClient, options: MongoOptions, @@ -130,18 +90,20 @@ function createTopology( if (mongoClient.autoEncrypter) { mongoClient.autoEncrypter.init(err => { if (err) { - callback(err); - return; + return callback(err); } topology.connect(options, err => { if (err) { topology.close({ force: true }); - callback(err); - return; + return callback(err); } - callback(undefined, topology); + options.encrypter.connectInternalClient(error => { + if (error) return callback(error); + + callback(undefined, topology); + }); }); }); diff --git a/test/functional/client_side_encryption/deadlock_tests.js b/test/functional/client_side_encryption/deadlock_tests.js new file mode 100644 index 00000000000..17c4dfb052a --- /dev/null +++ b/test/functional/client_side_encryption/deadlock_tests.js @@ -0,0 +1,327 @@ +'use strict'; + +const BSON = require('bson'); +const { expect } = require('chai'); +const { dropCollection } = require('../shared'); +const util = require('util'); +const fs = require('fs'); +const path = require('path'); + +/* REFERENCE: (note commit hash) */ +/* https://github.com/mongodb/specifications/blob/b3beada72ae1c992294ae6a8eea572003a274c35/source/client-side-encryption/tests/README.rst#deadlock-tests */ + +const LOCAL_KEY = Buffer.from( + 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', + 'base64' +); + +const externalKey = BSON.EJSON.parse( + fs.readFileSync( + path.resolve(__dirname, '../../spec/client-side-encryption/external/external-key.json') + ) +); +const $jsonSchema = BSON.EJSON.parse( + fs.readFileSync( + path.resolve(__dirname, '../../spec/client-side-encryption/external/external-schema.json') + ) +); + +const kEvents = Symbol('events'); +const kClientsCreated = Symbol('clientsCreated'); +const CapturingMongoClient = class extends require('../../../src/index').MongoClient { + constructor(url, options) { + options = options || {}; + options.useUnifiedTopology = true; + options.useNewUrlParser = true; + options.monitorCommands = true; + super(url, options); + + this[kEvents] = []; + this.on('commandStarted', ev => this[kEvents].push(ev)); + + this[kClientsCreated] = 0; + this.on('topologyOpening', () => this[kClientsCreated]++); + } +}; + +function deadlockTest(options, assertions) { + return function () { + const url = this.configuration.url(); + const clientTest = this.clientTest; + const ciphertext = this.ciphertext; + + const clientEncryptedOpts = { + autoEncryption: { + keyVaultNamespace: 'keyvault.datakeys', + kmsProviders: { local: { key: LOCAL_KEY } }, + bypassAutoEncryption: options.bypassAutoEncryption, + keyVaultClient: options.useKeyVaultClient ? this.clientKeyVault : undefined + }, + maxPoolSize: options.maxPoolSize + }; + const clientEncrypted = new CapturingMongoClient(url, clientEncryptedOpts); + + return clientEncrypted + .connect() + .then(() => { + if (clientEncryptedOpts.autoEncryption.bypassAutoEncryption === true) { + return clientTest + .db('db') + .collection('coll') + .insertOne({ _id: 0, encrypted: ciphertext }); + } + return clientEncrypted + .db('db') + .collection('coll') + .insertOne({ _id: 0, encrypted: 'string0' }); + }) + .then(() => clientEncrypted.db('db').collection('coll').findOne({ _id: 0 })) + .then(res => { + expect(res).to.have.property('_id', 0); + expect(res).to.have.property('encrypted', 'string0'); + assertions(clientEncrypted, this.clientKeyVault); + return clientEncrypted.close(); + }); + }; +} + +function deadlockTests(metadata) { + describe('Connection Pool Deadlock Prevention', function () { + beforeEach(function () { + const mongodbClientEncryption = this.configuration.mongodbClientEncryption; + const url = this.configuration.url(); + + this.clientTest = new CapturingMongoClient(url); + this.clientKeyVault = new CapturingMongoClient(url, { + monitorCommands: true, + maxPoolSize: 1 + }); + + this.clientEncryption = undefined; + this.ciphertext = undefined; + + return this.clientTest + .connect() + .then(() => this.clientKeyVault.connect()) + .then(() => dropCollection(this.clientTest.db('keyvault'), 'datakeys')) + .then(() => dropCollection(this.clientTest.db('db'), 'coll')) + .then(() => this.clientTest.db('keyvault').collection('datakeys').insertOne(externalKey), { + writeConcern: { w: 'majority' } + }) + .then(() => + this.clientTest.db('db').createCollection('coll', { validator: { $jsonSchema } }) + ) + .then(() => { + this.clientEncryption = new mongodbClientEncryption.ClientEncryption(this.clientTest, { + kmsProviders: { local: { key: LOCAL_KEY } }, + keyVaultNamespace: 'keyvault.datakeys', + keyVaultClient: this.keyVaultClient + }); + this.clientEncryption.encryptPromisified = util.promisify( + this.clientEncryption.encrypt.bind(this.clientEncryption) + ); + + return this.clientEncryption.encryptPromisified('string0', { + algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', + keyAltName: 'local' + }); + }) + .then(ciphertext => { + this.ciphertext = ciphertext; + }); + }); + + afterEach(function () { + return Promise.all([this.clientKeyVault.close(), this.clientTest.close()]).then(() => { + this.clientKeyVault = undefined; + this.clientTest = undefined; + this.clientEncryption = undefined; + }); + }); + + const CASE1 = { maxPoolSize: 1, bypassAutoEncryption: false, useKeyVaultClient: false }; + it( + 'Case 1', + metadata, + deadlockTest(CASE1, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(4); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + + expect(events[2].command).to.have.property('insert'); + expect(events[2].command.$db).to.equal('db'); + + expect(events[3].command).to.have.property('find'); + expect(events[3].command.$db).to.equal('db'); + }) + ); + + const CASE2 = { maxPoolSize: 1, bypassAutoEncryption: false, useKeyVaultClient: true }; + it( + 'Case 2', + metadata, + deadlockTest(CASE2, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(3); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('insert'); + expect(events[1].command.$db).to.equal('db'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE3 = { maxPoolSize: 1, bypassAutoEncryption: true, useKeyVaultClient: false }; + it( + 'Case 3', + metadata, + deadlockTest(CASE3, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(2); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(2); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + }) + ); + + const CASE4 = { maxPoolSize: 1, bypassAutoEncryption: true, useKeyVaultClient: true }; + it( + 'Case 4', + metadata, + deadlockTest(CASE4, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(1); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE5 = { maxPoolSize: 0, bypassAutoEncryption: false, useKeyVaultClient: false }; + it( + 'Case 5', + metadata, + deadlockTest(CASE5, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(5); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('listCollections'); + expect(events[1].command.$db).to.equal('keyvault'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('keyvault'); + + expect(events[3].command).to.have.property('insert'); + expect(events[3].command.$db).to.equal('db'); + + expect(events[4].command).to.have.property('find'); + expect(events[4].command.$db).to.equal('db'); + }) + ); + + const CASE6 = { maxPoolSize: 0, bypassAutoEncryption: false, useKeyVaultClient: true }; + it( + 'Case 6', + metadata, + deadlockTest(CASE6, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(3); + + expect(events[0].command).to.have.property('listCollections'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('insert'); + expect(events[1].command.$db).to.equal('db'); + + expect(events[2].command).to.have.property('find'); + expect(events[2].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + + const CASE7 = { maxPoolSize: 0, bypassAutoEncryption: true, useKeyVaultClient: false }; + it( + 'Case 7', + metadata, + deadlockTest(CASE7, clientEncrypted => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(2); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + expect(events[1].command).to.have.property('find'); + expect(events[1].command.$db).to.equal('keyvault'); + }) + ); + + const CASE8 = { maxPoolSize: 0, bypassAutoEncryption: true, useKeyVaultClient: true }; + it( + 'Case 8', + metadata, + deadlockTest(CASE8, (clientEncrypted, clientKeyVault) => { + expect(clientEncrypted[kClientsCreated], 'Incorrect number of clients created').to.equal(1); + + const events = clientEncrypted[kEvents]; + expect(events).to.have.lengthOf(1); + + expect(events[0].command).to.have.property('find'); + expect(events[0].command.$db).to.equal('db'); + + const keyVaultEvents = clientKeyVault[kEvents]; + expect(keyVaultEvents).to.have.lengthOf(1); + + expect(keyVaultEvents[0].command).to.have.property('find'); + expect(keyVaultEvents[0].command.$db).to.equal('keyvault'); + }) + ); + }); +} + +module.exports = { deadlockTests }; diff --git a/test/functional/client_side_encryption/prose.test.js b/test/functional/client_side_encryption/prose.test.js index 2f9a6c1a2d5..66e66f5af7f 100644 --- a/test/functional/client_side_encryption/prose.test.js +++ b/test/functional/client_side_encryption/prose.test.js @@ -1,6 +1,7 @@ 'use strict'; const BSON = require('bson'); const chai = require('chai'); +const { deadlockTests } = require('./deadlock_tests.js'); const expect = chai.expect; chai.use(require('chai-subset')); @@ -1004,4 +1005,6 @@ describe('Client Side Encryption Prose Tests', function () { defineTest(true); defineTest(false); }); + + deadlockTests(metadata); }); diff --git a/test/spec/client-side-encryption/awsTemporary.json b/test/spec/client-side-encryption/awsTemporary.json new file mode 100644 index 00000000000..10eb85feee1 --- /dev/null +++ b/test/spec/client-side-encryption/awsTemporary.json @@ -0,0 +1,225 @@ +{ + "runOn": [ + { + "minServerVersion": "4.1.10" + } + ], + "database_name": "default", + "collection_name": "default", + "data": [], + "json_schema": { + "properties": { + "encrypted_w_altname": { + "encrypt": { + "keyId": "/altname", + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" + } + }, + "encrypted_string": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" + } + }, + "random": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" + } + }, + "encrypted_string_equivalent": { + "encrypt": { + "keyId": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ], + "bsonType": "string", + "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" + } + } + }, + "bsonType": "object" + }, + "key_vault_data": [ + { + "status": 1, + "_id": { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + }, + "masterKey": { + "provider": "aws", + "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", + "region": "us-east-1" + }, + "updateDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "keyMaterial": { + "$binary": { + "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO", + "subType": "00" + } + }, + "creationDate": { + "$date": { + "$numberLong": "1552949630483" + } + }, + "keyAltNames": [ + "altname", + "another_altname" + ] + } + ], + "tests": [ + { + "description": "Insert a document with auto encryption using the AWS provider with temporary credentials", + "clientOptions": { + "autoEncryptOpts": { + "kmsProviders": { + "awsTemporary": {} + } + } + }, + "operations": [ + { + "name": "insertOne", + "arguments": { + "document": { + "_id": 1, + "encrypted_string": "string0" + } + } + } + ], + "expectations": [ + { + "command_started_event": { + "command": { + "listCollections": 1, + "filter": { + "name": "default" + } + }, + "command_name": "listCollections" + } + }, + { + "command_started_event": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [ + { + "$binary": { + "base64": "AAAAAAAAAAAAAAAAAAAAAA==", + "subType": "04" + } + } + ] + } + }, + { + "keyAltNames": { + "$in": [] + } + } + ] + }, + "$db": "keyvault" + }, + "command_name": "find" + } + }, + { + "command_started_event": { + "command": { + "insert": "default", + "documents": [ + { + "_id": 1, + "encrypted_string": { + "$binary": { + "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", + "subType": "06" + } + } + } + ], + "ordered": true + }, + "command_name": "insert" + } + } + ], + "outcome": { + "collection": { + "data": [ + { + "_id": 1, + "encrypted_string": { + "$binary": { + "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", + "subType": "06" + } + } + } + ] + } + } + }, + { + "description": "Insert with invalid temporary credentials", + "clientOptions": { + "autoEncryptOpts": { + "kmsProviders": { + "awsTemporaryNoSessionToken": {} + } + } + }, + "operations": [ + { + "name": "insertOne", + "arguments": { + "document": { + "_id": 1, + "encrypted_string": "string0" + } + }, + "result": { + "errorContains": "security token" + } + } + ] + } + ] +} diff --git a/test/spec/client-side-encryption/awsTemporary.yml b/test/spec/client-side-encryption/awsTemporary.yml new file mode 100644 index 00000000000..cc787530a04 --- /dev/null +++ b/test/spec/client-side-encryption/awsTemporary.yml @@ -0,0 +1,57 @@ +runOn: + - minServerVersion: "4.1.10" +database_name: &database_name "default" +collection_name: &collection_name "default" + +data: [] +json_schema: {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'} +key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}] + +tests: + - description: "Insert a document with auto encryption using the AWS provider with temporary credentials" + clientOptions: + autoEncryptOpts: + kmsProviders: + awsTemporary: {} + operations: + - name: insertOne + arguments: + document: &doc0 { _id: 1, encrypted_string: "string0" } + expectations: + # Auto encryption will request the collection info. + - command_started_event: + command: + listCollections: 1 + filter: + name: *collection_name + command_name: listCollections + # Then key is fetched from the key vault. + - command_started_event: + command: + find: datakeys + filter: { $or: [ { _id: { $in: [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] } }, { keyAltNames: { $in: [] } } ] } + $db: keyvault + command_name: find + - command_started_event: + command: + insert: *collection_name + documents: + - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} } + ordered: true + command_name: insert + outcome: + collection: + # Outcome is checked using a separate MongoClient without auto encryption. + data: + - *doc0_encrypted + - description: "Insert with invalid temporary credentials" + clientOptions: + autoEncryptOpts: + kmsProviders: + awsTemporaryNoSessionToken: {} + operations: + - name: insertOne + arguments: + document: *doc0 + result: + errorContains: "security token" \ No newline at end of file diff --git a/test/spec/client-side-encryption/tests/aggregate.json b/test/spec/client-side-encryption/tests/aggregate.json index a9e79f9edbf..7de725b71d7 100644 --- a/test/spec/client-side-encryption/tests/aggregate.json +++ b/test/spec/client-side-encryption/tests/aggregate.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -273,18 +261,6 @@ "command_name": "aggregate" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/aggregate.yml b/test/spec/client-side-encryption/tests/aggregate.yml index ac2b265a922..64ad5efa60e 100644 --- a/test/spec/client-side-encryption/tests/aggregate.yml +++ b/test/spec/client-side-encryption/tests/aggregate.yml @@ -30,13 +30,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -83,13 +76,6 @@ tests: cursor: {} command_name: aggregate # Needs to fetch key when decrypting results - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/azureKMS.json b/test/spec/client-side-encryption/tests/azureKMS.json index 97af4c8ecfb..f0f5329d700 100644 --- a/test/spec/client-side-encryption/tests/azureKMS.json +++ b/test/spec/client-side-encryption/tests/azureKMS.json @@ -139,18 +139,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/azureKMS.yml b/test/spec/client-side-encryption/tests/azureKMS.yml index a2fbb7111a6..e3e0fc55a4c 100644 --- a/test/spec/client-side-encryption/tests/azureKMS.yml +++ b/test/spec/client-side-encryption/tests/azureKMS.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/basic.json b/test/spec/client-side-encryption/tests/basic.json index 3f9895fd5db..3ed066f5302 100644 --- a/test/spec/client-side-encryption/tests/basic.json +++ b/test/spec/client-side-encryption/tests/basic.json @@ -144,18 +144,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -283,18 +271,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/basic.yml b/test/spec/client-side-encryption/tests/basic.yml index 5c5f0cfbc4e..dfbf5270cf8 100644 --- a/test/spec/client-side-encryption/tests/basic.yml +++ b/test/spec/client-side-encryption/tests/basic.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -82,13 +75,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/bulk.json b/test/spec/client-side-encryption/tests/bulk.json index ead90985a16..1b62e5e8ab3 100644 --- a/test/spec/client-side-encryption/tests/bulk.json +++ b/test/spec/client-side-encryption/tests/bulk.json @@ -178,18 +178,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/bulk.yml b/test/spec/client-side-encryption/tests/bulk.yml index c2ad5227655..824ccdaa10f 100644 --- a/test/spec/client-side-encryption/tests/bulk.yml +++ b/test/spec/client-side-encryption/tests/bulk.yml @@ -39,13 +39,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/count.json b/test/spec/client-side-encryption/tests/count.json index 24f46a110a7..9df8cd639e0 100644 --- a/test/spec/client-side-encryption/tests/count.json +++ b/test/spec/client-side-encryption/tests/count.json @@ -149,18 +149,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/count.yml b/test/spec/client-side-encryption/tests/count.yml index 05c56d5fa7d..b8c436a4c00 100644 --- a/test/spec/client-side-encryption/tests/count.yml +++ b/test/spec/client-side-encryption/tests/count.yml @@ -28,13 +28,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/countDocuments.json b/test/spec/client-side-encryption/tests/countDocuments.json index 3cf5fbca8b6..07ff97f2645 100644 --- a/test/spec/client-side-encryption/tests/countDocuments.json +++ b/test/spec/client-side-encryption/tests/countDocuments.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/countDocuments.yml b/test/spec/client-side-encryption/tests/countDocuments.yml index 56b2ab147ac..e28b478c05b 100644 --- a/test/spec/client-side-encryption/tests/countDocuments.yml +++ b/test/spec/client-side-encryption/tests/countDocuments.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/delete.json b/test/spec/client-side-encryption/tests/delete.json index 30fb453a936..a6f4ffde916 100644 --- a/test/spec/client-side-encryption/tests/delete.json +++ b/test/spec/client-side-encryption/tests/delete.json @@ -151,18 +151,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -276,18 +264,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/delete.yml b/test/spec/client-side-encryption/tests/delete.yml index dc69a071226..60810d063d4 100644 --- a/test/spec/client-side-encryption/tests/delete.yml +++ b/test/spec/client-side-encryption/tests/delete.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -76,13 +69,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/distinct.json b/test/spec/client-side-encryption/tests/distinct.json index 7a5f75c4a51..9786b07814c 100644 --- a/test/spec/client-side-encryption/tests/distinct.json +++ b/test/spec/client-side-encryption/tests/distinct.json @@ -161,18 +161,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/distinct.yml b/test/spec/client-side-encryption/tests/distinct.yml index 8c8e4dd65db..ca1d8fbf6b8 100644 --- a/test/spec/client-side-encryption/tests/distinct.yml +++ b/test/spec/client-side-encryption/tests/distinct.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/explain.json b/test/spec/client-side-encryption/tests/explain.json index 5ad46bc238b..0e451e4818a 100644 --- a/test/spec/client-side-encryption/tests/explain.json +++ b/test/spec/client-side-encryption/tests/explain.json @@ -155,18 +155,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/explain.yml b/test/spec/client-side-encryption/tests/explain.yml index a2733e7d32a..c0dd9c57c02 100644 --- a/test/spec/client-side-encryption/tests/explain.yml +++ b/test/spec/client-side-encryption/tests/explain.yml @@ -33,13 +33,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/find.json b/test/spec/client-side-encryption/tests/find.json index b7c5258a13c..1feddab0e37 100644 --- a/test/spec/client-side-encryption/tests/find.json +++ b/test/spec/client-side-encryption/tests/find.json @@ -160,18 +160,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -302,18 +290,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/find.yml b/test/spec/client-side-encryption/tests/find.yml index 053fb085442..20179a314c0 100644 --- a/test/spec/client-side-encryption/tests/find.yml +++ b/test/spec/client-side-encryption/tests/find.yml @@ -30,13 +30,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -78,13 +71,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndDelete.json b/test/spec/client-side-encryption/tests/findOneAndDelete.json index 6261d8601ba..e418a4581be 100644 --- a/test/spec/client-side-encryption/tests/findOneAndDelete.json +++ b/test/spec/client-side-encryption/tests/findOneAndDelete.json @@ -148,18 +148,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndDelete.yml b/test/spec/client-side-encryption/tests/findOneAndDelete.yml index 44dc5b53d4b..6650f2132dc 100644 --- a/test/spec/client-side-encryption/tests/findOneAndDelete.yml +++ b/test/spec/client-side-encryption/tests/findOneAndDelete.yml @@ -28,13 +28,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndReplace.json b/test/spec/client-side-encryption/tests/findOneAndReplace.json index d91bc059980..78baca8432e 100644 --- a/test/spec/client-side-encryption/tests/findOneAndReplace.json +++ b/test/spec/client-side-encryption/tests/findOneAndReplace.json @@ -147,18 +147,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndReplace.yml b/test/spec/client-side-encryption/tests/findOneAndReplace.yml index 9288a220833..f39f3c0fb4e 100644 --- a/test/spec/client-side-encryption/tests/findOneAndReplace.yml +++ b/test/spec/client-side-encryption/tests/findOneAndReplace.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/findOneAndUpdate.json b/test/spec/client-side-encryption/tests/findOneAndUpdate.json index fad70609ad7..1d858511516 100644 --- a/test/spec/client-side-encryption/tests/findOneAndUpdate.json +++ b/test/spec/client-side-encryption/tests/findOneAndUpdate.json @@ -149,18 +149,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/findOneAndUpdate.yml b/test/spec/client-side-encryption/tests/findOneAndUpdate.yml index 38852149ace..459902fd448 100644 --- a/test/spec/client-side-encryption/tests/findOneAndUpdate.yml +++ b/test/spec/client-side-encryption/tests/findOneAndUpdate.yml @@ -29,13 +29,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/gcpKMS.json b/test/spec/client-side-encryption/tests/gcpKMS.json index a715a7d152a..297d5d0dc8e 100644 --- a/test/spec/client-side-encryption/tests/gcpKMS.json +++ b/test/spec/client-side-encryption/tests/gcpKMS.json @@ -141,18 +141,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/gcpKMS.yml b/test/spec/client-side-encryption/tests/gcpKMS.yml index e07a8809cc2..736d9684dfc 100644 --- a/test/spec/client-side-encryption/tests/gcpKMS.yml +++ b/test/spec/client-side-encryption/tests/gcpKMS.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/getMore.json b/test/spec/client-side-encryption/tests/getMore.json index cf234422264..ee99bf7537e 100644 --- a/test/spec/client-side-encryption/tests/getMore.json +++ b/test/spec/client-side-encryption/tests/getMore.json @@ -179,18 +179,6 @@ "command_name": "find" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/getMore.yml b/test/spec/client-side-encryption/tests/getMore.yml index 0dc9cef6cb2..4359ee89174 100644 --- a/test/spec/client-side-encryption/tests/getMore.yml +++ b/test/spec/client-side-encryption/tests/getMore.yml @@ -38,13 +38,6 @@ tests: find: *collection_name batchSize: 2 command_name: find - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/insert.json b/test/spec/client-side-encryption/tests/insert.json index 78fa8feba0e..cf2910fd7a1 100644 --- a/test/spec/client-side-encryption/tests/insert.json +++ b/test/spec/client-side-encryption/tests/insert.json @@ -131,18 +131,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -258,18 +246,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/insert.yml b/test/spec/client-side-encryption/tests/insert.yml index 0dc1042be22..99521f0350d 100644 --- a/test/spec/client-side-encryption/tests/insert.yml +++ b/test/spec/client-side-encryption/tests/insert.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -71,13 +64,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/keyAltName.json b/test/spec/client-side-encryption/tests/keyAltName.json index d062bed4537..7f71b9dbeb4 100644 --- a/test/spec/client-side-encryption/tests/keyAltName.json +++ b/test/spec/client-side-encryption/tests/keyAltName.json @@ -131,18 +131,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/keyAltName.yml b/test/spec/client-side-encryption/tests/keyAltName.yml index 1536dc724c0..a7660ba38c3 100644 --- a/test/spec/client-side-encryption/tests/keyAltName.yml +++ b/test/spec/client-side-encryption/tests/keyAltName.yml @@ -25,13 +25,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/localKMS.json b/test/spec/client-side-encryption/tests/localKMS.json index e4d25309c44..67c4ba1308e 100644 --- a/test/spec/client-side-encryption/tests/localKMS.json +++ b/test/spec/client-side-encryption/tests/localKMS.json @@ -114,18 +114,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/localKMS.yml b/test/spec/client-side-encryption/tests/localKMS.yml index b5d82fb0a71..4c0d962f327 100644 --- a/test/spec/client-side-encryption/tests/localKMS.yml +++ b/test/spec/client-side-encryption/tests/localKMS.yml @@ -26,13 +26,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/localSchema.json b/test/spec/client-side-encryption/tests/localSchema.json index 7071d6fefd1..4698520f6fa 100644 --- a/test/spec/client-side-encryption/tests/localSchema.json +++ b/test/spec/client-side-encryption/tests/localSchema.json @@ -136,18 +136,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/localSchema.yml b/test/spec/client-side-encryption/tests/localSchema.yml index a5842fe61cf..89b4bd51d04 100644 --- a/test/spec/client-side-encryption/tests/localSchema.yml +++ b/test/spec/client-side-encryption/tests/localSchema.yml @@ -25,13 +25,6 @@ tests: filter: { _id: 1 } result: [*doc0] expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/missingKey.json b/test/spec/client-side-encryption/tests/missingKey.json index ac8e8320b0e..275147bb723 100644 --- a/test/spec/client-side-encryption/tests/missingKey.json +++ b/test/spec/client-side-encryption/tests/missingKey.json @@ -140,18 +140,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "different" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/missingKey.yml b/test/spec/client-side-encryption/tests/missingKey.yml index dc65d40b287..2be5395108f 100644 --- a/test/spec/client-side-encryption/tests/missingKey.yml +++ b/test/spec/client-side-encryption/tests/missingKey.yml @@ -32,13 +32,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "different" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/replaceOne.json b/test/spec/client-side-encryption/tests/replaceOne.json index 5cdb3d40f0d..9757686819d 100644 --- a/test/spec/client-side-encryption/tests/replaceOne.json +++ b/test/spec/client-side-encryption/tests/replaceOne.json @@ -148,18 +148,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/replaceOne.yml b/test/spec/client-side-encryption/tests/replaceOne.yml index a2573d701c1..e3b50a828ba 100644 --- a/test/spec/client-side-encryption/tests/replaceOne.yml +++ b/test/spec/client-side-encryption/tests/replaceOne.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/types.json b/test/spec/client-side-encryption/tests/types.json index 47e4c27a2e2..a070f8bff71 100644 --- a/test/spec/client-side-encryption/tests/types.json +++ b/test/spec/client-side-encryption/tests/types.json @@ -103,18 +103,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -254,18 +242,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -405,18 +381,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -656,18 +620,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -807,18 +759,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1057,18 +997,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1214,18 +1142,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { @@ -1369,18 +1285,6 @@ } ], "expectations": [ - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/types.yml b/test/spec/client-side-encryption/tests/types.yml index 6136b0c60ee..b0827eae73a 100644 --- a/test/spec/client-side-encryption/tests/types.yml +++ b/test/spec/client-side-encryption/tests/types.yml @@ -27,13 +27,6 @@ tests: filter: { _id: 1 } result: *doc0 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -75,13 +68,6 @@ tests: filter: { _id: 1 } result: *doc1 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -123,13 +109,6 @@ tests: filter: { _id: 1 } result: *doc2 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -197,13 +176,6 @@ tests: filter: { _id: 1 } result: *doc6 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -245,13 +217,6 @@ tests: filter: { _id: 1 } result: *doc7 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -319,13 +284,6 @@ tests: filter: { _id: 1 } result: *doc10 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -367,13 +325,6 @@ tests: filter: { _id: 1 } result: *doc11 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: @@ -415,13 +366,6 @@ tests: filter: { _id: 1 } result: *doc13 expectations: - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/updateMany.json b/test/spec/client-side-encryption/tests/updateMany.json index fd1f4d12bdf..823909044b7 100644 --- a/test/spec/client-side-encryption/tests/updateMany.json +++ b/test/spec/client-side-encryption/tests/updateMany.json @@ -164,18 +164,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/updateMany.yml b/test/spec/client-side-encryption/tests/updateMany.yml index 30c2e0854f7..6d8c7e9707b 100644 --- a/test/spec/client-side-encryption/tests/updateMany.yml +++ b/test/spec/client-side-encryption/tests/updateMany.yml @@ -32,13 +32,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: diff --git a/test/spec/client-side-encryption/tests/updateOne.json b/test/spec/client-side-encryption/tests/updateOne.json index bed763d7205..23bada964ff 100644 --- a/test/spec/client-side-encryption/tests/updateOne.json +++ b/test/spec/client-side-encryption/tests/updateOne.json @@ -150,18 +150,6 @@ "command_name": "listCollections" } }, - { - "command_started_event": { - "command": { - "listCollections": 1, - "filter": { - "name": "datakeys" - }, - "$db": "keyvault" - }, - "command_name": "listCollections" - } - }, { "command_started_event": { "command": { diff --git a/test/spec/client-side-encryption/tests/updateOne.yml b/test/spec/client-side-encryption/tests/updateOne.yml index 597d30c3f44..aef3716fadc 100644 --- a/test/spec/client-side-encryption/tests/updateOne.yml +++ b/test/spec/client-side-encryption/tests/updateOne.yml @@ -31,13 +31,6 @@ tests: filter: name: *collection_name command_name: listCollections - - command_started_event: - command: - listCollections: 1 - filter: - name: "datakeys" - $db: keyvault - command_name: listCollections # Then key is fetched from the key vault. - command_started_event: command: