From f18b1377e94bc4b331a17476b5a4d88ef42cd4af Mon Sep 17 00:00:00 2001 From: Warren James Date: Wed, 3 May 2023 16:20:39 -0400 Subject: [PATCH 1/8] test(NODE-4772): add new prose test --- .evergreen/run-kms-servers.sh | 0 .../client_side_encryption.prose.test.js | 241 ++++++++++++------ 2 files changed, 156 insertions(+), 85 deletions(-) mode change 100644 => 100755 .evergreen/run-kms-servers.sh diff --git a/.evergreen/run-kms-servers.sh b/.evergreen/run-kms-servers.sh old mode 100644 new mode 100755 diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index eca048150d5..5c9374e9d9d 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -9,7 +9,7 @@ const { dropCollection, APMEventCollector } = require('../shared'); const { EJSON } = BSON; const { LEGACY_HELLO_COMMAND } = require('../../mongodb'); -const { MongoServerError } = require('../../mongodb'); +const { MongoServerError, MongoServerSelectionError, MongoClient } = require('../../mongodb'); const { getEncryptExtraOptions } = require('../../tools/utils'); const { installNodeDNSWorkaroundHooks } = require('../../tools/runner/hooks/configuration'); const { coerce, gte } = require('semver'); @@ -34,7 +34,7 @@ const getKmsProviders = (localKey, kmipEndpoint, azureEndpoint, gcpEndpoint) => return result; }; -const noop = () => {}; +const noop = () => { }; const metadata = { requires: { clientSideEncryption: true, @@ -58,7 +58,7 @@ const eeMetadata = { // .. code:: javascript // Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk -describe('Client Side Encryption Prose Tests', metadata, function () { +describe('Client Side Encryption Prose Tests', metadata, function() { const dataDbName = 'db'; const dataCollName = 'coll'; const dataNamespace = `${dataDbName}.${dataCollName}`; @@ -73,11 +73,11 @@ describe('Client Side Encryption Prose Tests', metadata, function () { installNodeDNSWorkaroundHooks(); - describe('Data key and double encryption', function () { + describe('Data key and double encryption', function() { // Data key and double encryption // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // First, perform the setup. - beforeEach(function () { + beforeEach(function() { const mongodbClientEncryption = this.configuration.mongodbClientEncryption; // 1. Create a MongoClient without encryption enabled (referred to as ``client``). Enable command monitoring to listen for command_started events. @@ -159,7 +159,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { ); }); - afterEach(function () { + afterEach(function() { if (this.commandStartedEvents) { this.commandStartedEvents.teardown(); this.commandStartedEvents = undefined; @@ -169,7 +169,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { .then(() => this.client && this.client.close()); }); - it('should work for local KMS provider', metadata, function () { + it('should work for local KMS provider', metadata, function() { let localDatakeyId; let localEncrypted; return Promise.resolve() @@ -237,7 +237,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - it('should work for aws KMS provider', metadata, function () { + it('should work for aws KMS provider', metadata, function() { // Then, repeat the above tests with the ``aws`` KMS provider: let awsDatakeyId; let awsEncrypted; @@ -315,7 +315,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - it('should error on an attempt to double-encrypt a value', metadata, function () { + it('should error on an attempt to double-encrypt a value', metadata, function() { // Then, run the following final tests: // #. Test explicit encrypting an auto encrypted field. // - Use ``client_encrypted`` to attempt to insert ``{ "encrypted_placeholder": (local_encrypted) }`` @@ -349,7 +349,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // connect-less client. So instead we are implementing the tests via APM, // and confirming that the externalClient is firing off keyVault requests during // encrypted operations - describe('External Key Vault Test', function () { + describe('External Key Vault Test', function() { function loadExternal(file) { return EJSON.parse( fs.readFileSync(path.resolve(__dirname, '../../spec/client-side-encryption/external', file)) @@ -359,7 +359,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { const externalKey = loadExternal('external-key.json'); const externalSchema = loadExternal('external-schema.json'); - beforeEach(function () { + beforeEach(function() { this.client = this.configuration.newClient(); // 1. Create a MongoClient without encryption enabled (referred to as ``client``). @@ -379,7 +379,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { ); }); - afterEach(function () { + afterEach(function() { if (this.commandStartedEvents) { this.commandStartedEvents.teardown(); this.commandStartedEvents = undefined; @@ -394,7 +394,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { it( `should work ${withExternalKeyVault ? 'with' : 'without'} external key vault`, metadata, - function () { + function() { const ClientEncryption = this.configuration.mongodbClientEncryption.ClientEncryption; return ( Promise.resolve() @@ -551,7 +551,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { defineTest(false); }); - describe('BSON size limits and batch splitting', function () { + describe('BSON size limits and batch splitting', function() { function loadLimits(file) { return EJSON.parse( fs.readFileSync(path.resolve(__dirname, '../../spec/client-side-encryption/limits', file)) @@ -563,7 +563,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { const limitsDoc = loadLimits('limits-doc.json'); let hasRunFirstTimeSetup = false; - beforeEach(async function () { + beforeEach(async function() { if (hasRunFirstTimeSetup) { // Even though we have to use a beforeEach here // We still only want the following code to be run *once* @@ -595,7 +595,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - beforeEach(function () { + beforeEach(function() { // 4. Create a MongoClient configured with auto encryption (referred to as ``client_encrypted``) // Configure with the ``local`` KMS provider as follows: // .. code:: javascript @@ -620,7 +620,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - afterEach(function () { + afterEach(function() { if (this.commandStartedEvents) { this.commandStartedEvents.teardown(); this.commandStartedEvents = undefined; @@ -630,7 +630,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - afterEach(function () { + afterEach(function() { return this.client && this.client.close(); }); @@ -716,7 +716,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { ]; testCases.forEach(testCase => { - it(testCase.description, metadata, function () { + it(testCase.description, metadata, function() { return this.encryptedColl.insertMany(testCase.docs()).then( () => { if (testCase.error) { @@ -756,8 +756,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - describe('Views are prohibited', function () { - beforeEach(function () { + describe('Views are prohibited', function() { + beforeEach(function() { // First, perform the setup. // 1. Create a MongoClient without encryption enabled (referred to as ``client``). @@ -779,11 +779,11 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }, noop); }); - afterEach(function () { + afterEach(function() { return this.client && this.client.close(); }); - beforeEach(function () { + beforeEach(function() { // 3. Create a MongoClient configured with auto encryption (referred to as client_encrypted) // Configure with the local KMS provider this.clientEncrypted = this.configuration.newClient( @@ -800,13 +800,13 @@ describe('Client Side Encryption Prose Tests', metadata, function () { return this.clientEncrypted.connect(); }); - afterEach(function () { + afterEach(function() { return this.clientEncrypted && this.clientEncrypted.close(); }); // 4. Using client_encrypted, attempt to insert a document into db.view. // Expect an exception to be thrown containing the message: "cannot auto encrypt a view". - it('should error when inserting into a view with autoEncryption', metadata, function () { + it('should error when inserting into a view with autoEncryption', metadata, function() { return this.clientEncrypted .db(dataDbName) .collection('view') @@ -824,7 +824,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - describe('Corpus Test', function () { + describe('Corpus Test', function() { it('runs in a separate suite', () => { expect(() => fs.statSync(path.resolve(__dirname, './client_side_encryption.prose.06.corpus.test.js')) @@ -832,10 +832,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - describe('Custom Endpoint Test', function () { + describe('Custom Endpoint Test', function() { // Data keys created with AWS KMS may specify a custom endpoint to contact (instead of the default endpoint derived from the AWS region). - beforeEach(function () { + beforeEach(function() { // 1. Create a ``ClientEncryption`` object (referred to as ``client_encryption``) // Configure with ``aws`` KMS providers as follows: // .. code:: javascript @@ -883,7 +883,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - afterEach(function () { + afterEach(function() { return this.client && this.client.close(); }); @@ -1041,7 +1041,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { ]; testCases.forEach(testCase => { - it(testCase.description, metadata, function () { + it(testCase.description, metadata, function() { // Call `client_encryption.createDataKey()` with as the provider and the following masterKey: // .. code:: javascript // { @@ -1101,11 +1101,82 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // TODO(NODE-2422): Implement bypass prose tests describe('Bypass spawning mongocryptd', () => { - it.skip('Via mongocryptdBypassSpawn', () => {}).skipReason = + it.skip('Via mongocryptdBypassSpawn', () => { }).skipReason = 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests'; - it.skip('Via bypassAutoEncryption', () => {}).skipReason = + it.skip('Via bypassAutoEncryption', () => { }).skipReason = 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests'; + + describe('via loading shared library', function() { + let clientEncrypted; + let client; + // Setup + beforeEach(async function() { + // 1. Create a MongoClient configured with auto encryption (referred to as `client_encrypted`) + clientEncrypted = this.configuration.newClient( + {}, + { + // 2. Configure the required options. use the `local` KMS provider as follows: + // ```javascript + // { "local" : {"key": } } + // ``` + // configure with the `keyVaultNamespace` set to `keyvault.datakeys` + // configure with `client_encrypted` to use the schema `external/external-schema.json` for + // `db.coll` by setting a schema map like `{"db.coll": ", + // "cryptSharedRequired": true + // } + extraOptions: { + ...getEncryptExtraOptions(), + mongocryptdURI: 'mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000', + mongocryptdSpawnArgs: [ + '--pidfilepath=bypass-spawning-mongocryptd.pid', + '--port=27021' + ], + cryptdSharedLibRequired: true + }, + schemaMap: require('../../spec/client-side-encryption/external/external-schema.json') + } + } + ); + // 3. Use `client_encrypted` to insert the document `{"unencrypted": "test"}` into `db.coll` + // expect this to succeed + await clientEncrypted.connect(); + const insertResult = await clientEncrypted + .db(dataDbName) + .collection(dataCollName) + .insertOne({ unencrypted: 'test' }); + expect(insertResult).to.have.property('insertedId'); + }); + + afterEach(async function() { + await clientEncrypted.close(); + if (client) { + await client.close(); + } + }); + + // 4. Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 (or + // whatever was passed via `--port` with serverSelectionTimeoutMS=1000.) Run a handshake + // command and ensure it fails with a server selection timeout + it('should not spawn mongocryptd', async function() { + client = new MongoClient( + 'mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000' + ); + const error = await client.connect().then( + () => null, + err => err + ); + expect(error).to.be.instanceOf(MongoServerSelectionError, /'Server selection timed out'/i); + }); + }); }); describe('Deadlock tests', () => { @@ -1114,7 +1185,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // TODO(NODE-3151): Implement kms prose tests describe('KMS TLS Tests', () => { - it.skip('TBD', () => {}).skipReason = 'TODO(NODE-3151): Implement "KMS TLS Tests"'; + it.skip('TBD', () => { }).skipReason = 'TODO(NODE-3151): Implement "KMS TLS Tests"'; }); /** @@ -1123,7 +1194,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { * - Create client encryption expired * - Create client encryption invalid hostname */ - context('KMS TLS Options Tests', metadata, function () { + context('KMS TLS Options Tests', metadata, function() { let clientNoTls; let clientWithTls; let clientWithTlsExpired; @@ -1133,7 +1204,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { let clientEncryptionWithTlsExpired; let clientEncryptionWithInvalidHostname; - beforeEach(async function () { + beforeEach(async function() { const tlsCaOptions = { aws: { tlsCAFile: process.env.KMIP_TLS_CA_FILE @@ -1238,7 +1309,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - afterEach(async function () { + afterEach(async function() { const allClients = [ clientNoTls, clientWithTls, @@ -1253,7 +1324,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 1. - context('Case 1: AWS', metadata, function () { + context('Case 1: AWS', metadata, function() { const masterKey = { region: 'us-east-1', key: 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', @@ -1262,7 +1333,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { const masterKeyExpired = { ...masterKey, endpoint: '127.0.0.1:8000' }; const masterKeyInvalidHostname = { ...masterKey, endpoint: '127.0.0.1:8001' }; - it('should fail with no TLS', metadata, async function () { + it('should fail with no TLS', metadata, async function() { try { await clientEncryptionNoTls.createDataKey('aws', { masterKey }); expect.fail('it must fail with no tls'); @@ -1272,7 +1343,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should succeed with valid TLS options', metadata, async function () { + it('should succeed with valid TLS options', metadata, async function() { try { await clientEncryptionWithTls.createDataKey('aws', { masterKey }); expect.fail('it must fail to parse response'); @@ -1283,7 +1354,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an expired certificate', async function () { + it('should fail with an expired certificate', async function() { try { await clientEncryptionWithTlsExpired.createDataKey('aws', { masterKey: masterKeyExpired @@ -1295,7 +1366,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', metadata, async function() { try { await clientEncryptionWithInvalidHostname.createDataKey('aws', { masterKey: masterKeyInvalidHostname @@ -1309,13 +1380,13 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 2. - context('Case 2: Azure', metadata, function () { + context('Case 2: Azure', metadata, function() { const masterKey = { keyVaultEndpoint: 'doesnotexist.local', keyName: 'foo' }; - it('should fail with no TLS', metadata, async function () { + it('should fail with no TLS', metadata, async function() { try { await clientEncryptionNoTls.createDataKey('azure', { masterKey }); expect.fail('it must fail with no tls'); @@ -1325,7 +1396,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should succeed with valid TLS options', metadata, async function () { + it('should succeed with valid TLS options', metadata, async function() { try { await clientEncryptionWithTls.createDataKey('azure', { masterKey }); expect.fail('it must fail with HTTP 404'); @@ -1336,7 +1407,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an expired certificate', async function () { + it('should fail with an expired certificate', async function() { try { await clientEncryptionWithTlsExpired.createDataKey('azure', { masterKey }); expect.fail('it must fail with expired certificates'); @@ -1346,7 +1417,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', metadata, async function() { try { await clientEncryptionWithInvalidHostname.createDataKey('azure', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1358,7 +1429,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 3. - context('Case 3: GCP', metadata, function () { + context('Case 3: GCP', metadata, function() { const masterKey = { projectId: 'foo', location: 'bar', @@ -1366,7 +1437,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { keyName: 'foo' }; - it('should fail with no TLS', metadata, async function () { + it('should fail with no TLS', metadata, async function() { try { await clientEncryptionNoTls.createDataKey('gcp', { masterKey }); expect.fail('it must fail with no tls'); @@ -1376,7 +1447,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should succeed with valid TLS options', metadata, async function () { + it('should succeed with valid TLS options', metadata, async function() { try { await clientEncryptionWithTls.createDataKey('gcp', { masterKey }); expect.fail('it must fail with HTTP 404'); @@ -1387,7 +1458,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an expired certificate', async function () { + it('should fail with an expired certificate', async function() { try { await clientEncryptionWithTlsExpired.createDataKey('gcp', { masterKey }); expect.fail('it must fail with expired certificates'); @@ -1397,7 +1468,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', metadata, async function() { try { await clientEncryptionWithInvalidHostname.createDataKey('gcp', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1409,10 +1480,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 4. - context('Case 4: KMIP', metadata, function () { + context('Case 4: KMIP', metadata, function() { const masterKey = {}; - it('should fail with no TLS', metadata, async function () { + it('should fail with no TLS', metadata, async function() { if (gte(coerce(process.version), coerce('19'))) { this.skip('TODO(NODE-4942): fix failing csfle kmip test on Node19+'); return; @@ -1426,13 +1497,13 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should succeed with valid TLS options', metadata, async function () { + it('should succeed with valid TLS options', metadata, async function() { const keyId = await clientEncryptionWithTls.createDataKey('kmip', { masterKey }); // expect success expect(keyId).to.be.an('object'); }); - it('should fail with an expired certificate', async function () { + it('should fail with an expired certificate', async function() { try { await clientEncryptionWithTlsExpired.createDataKey('kmip', { masterKey }); expect.fail('it must fail with expired certificates'); @@ -1442,7 +1513,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', metadata, async function() { try { await clientEncryptionWithInvalidHostname.createDataKey('kmip', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1454,7 +1525,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - context('12. Explicit Encryption', eeMetadata, function () { + context('12. Explicit Encryption', eeMetadata, function() { const data = path.join(__dirname, '..', '..', 'spec', 'client-side-encryption', 'etc', 'data'); let encryptedFields; let key1Document; @@ -1464,7 +1535,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { let clientEncryption; let encryptedClient; - beforeEach(async function () { + beforeEach(async function() { const mongodbClientEncryption = this.configuration.mongodbClientEncryption; // Load the file encryptedFields.json as encryptedFields. encryptedFields = EJSON.parse( @@ -1522,17 +1593,17 @@ describe('Client Side Encryption Prose Tests', metadata, function () { ); }); - afterEach(async function () { + afterEach(async function() { await setupClient.close(); await keyVaultClient.close(); await encryptedClient.close(); }); - context('Case 1: can insert encrypted indexed and find', eeMetadata, function () { + context('Case 1: can insert encrypted indexed and find', eeMetadata, function() { let insertPayload; let findPayload; - beforeEach(async function () { + beforeEach(async function() { // Use clientEncryption to encrypt the value "encrypted indexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1564,7 +1635,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - it('returns the decrypted value', async function () { + it('returns the decrypted value', async function() { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "encryptedIndexed": }. // Assert one document is returned containing the field @@ -1578,11 +1649,11 @@ describe('Client Side Encryption Prose Tests', metadata, function () { context( 'Case 2: can insert encrypted indexed and find with non-zero contention', eeMetadata, - function () { + function() { let findPayload; let findPayload2; - beforeEach(async function () { + beforeEach(async function() { for (let i = 0; i < 10; i++) { // Use clientEncryption to encrypt the value "encrypted indexed value" with these EncryptOpts: // class EncryptOpts { @@ -1633,7 +1704,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - it('returns less than the total documents with no contention', async function () { + it('returns less than the total documents with no contention', async function() { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "encryptedIndexed": }. // Assert less than 10 documents are returned. 0 documents may be returned. @@ -1647,7 +1718,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('returns all documents with contention', async function () { + it('returns all documents with contention', async function() { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "encryptedIndexed": }. // Assert 10 documents are returned. Assert each returned document contains the @@ -1662,10 +1733,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } ); - context('Case 3: can insert encrypted unindexed', eeMetadata, function () { + context('Case 3: can insert encrypted unindexed', eeMetadata, function() { let insertPayload; - beforeEach(async function () { + beforeEach(async function() { // Use clientEncryption to encrypt the value "encrypted unindexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1684,7 +1755,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - it('returns unindexed documents', async function () { + it('returns unindexed documents', async function() { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "_id": 1 }. // Assert one document is returned containing the field @@ -1695,10 +1766,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - context('Case 4: can roundtrip encrypted indexed', eeMetadata, function () { + context('Case 4: can roundtrip encrypted indexed', eeMetadata, function() { let payload; - beforeEach(async function () { + beforeEach(async function() { // Use clientEncryption to encrypt the value "encrypted indexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1712,7 +1783,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - it('decrypts the value', async function () { + it('decrypts the value', async function() { // Use clientEncryption to decrypt payload. Assert the returned value // equals "encrypted indexed value". const result = await clientEncryption.decrypt(payload); @@ -1720,10 +1791,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - context('Case 5: can roundtrip encrypted unindexed', eeMetadata, function () { + context('Case 5: can roundtrip encrypted unindexed', eeMetadata, function() { let payload; - beforeEach(async function () { + beforeEach(async function() { // Use clientEncryption to encrypt the value "encrypted unindexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1736,7 +1807,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - it('decrypts the value', async function () { + it('decrypts the value', async function() { // Use clientEncryption to decrypt payload. Assert the returned value // equals "encrypted unindexed value". const result = await clientEncryption.decrypt(payload); @@ -1745,10 +1816,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - context('13. Unique Index on keyAltNames', function () { + context('13. Unique Index on keyAltNames', function() { let client, clientEncryption, setupKeyId; - beforeEach(async function () { + beforeEach(async function() { // Create a MongoClient object (referred to as client). client = this.configuration.newClient(); await client.connect(); @@ -1790,8 +1861,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () { await client.close(); }); - context('Case 1', metadata, function () { - it('createDataKey() handles duplicate key errors on the keyvault collection', async function () { + context('Case 1', metadata, function() { + it('createDataKey() handles duplicate key errors on the keyvault collection', async function() { // 1. Use client_encryption to create a new local data key with a keyAltName "abc" and assert the operation does not fail. await clientEncryption.createDataKey('local', { keyAltNames: ['abc'] @@ -1823,8 +1894,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - context('Case 2', metadata, function () { - it('addKeyAltName() handles duplicate key errors on the keyvault collection', async function () { + context('Case 2', metadata, function() { + it('addKeyAltName() handles duplicate key errors on the keyvault collection', async function() { // 1. Use client_encryption to create a new local data key and assert the operation does not fail. const _id = await clientEncryption.createDataKey('local'); @@ -1850,7 +1921,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - context('16. Rewrap', function () { + context('16. Rewrap', function() { const masterKeys = { aws: { region: 'us-east-1', @@ -1884,12 +1955,12 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } } - beforeEach(function () { + beforeEach(function() { client1 = this.configuration.newClient(); client2 = this.configuration.newClient(); }); - afterEach(async function () { + afterEach(async function() { await client1.close(); await client2.close(); }); @@ -1898,7 +1969,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { it( `should rewrap data key from ${srcProvider} to ${dstProvider}`, metadata, - async function () { + async function() { // Step 1. Drop the collection ``keyvault.datakeys`` await client1 .db('keyvault') From 1c96541d08fcaafc8e0d5b759ffbc1883bec3394 Mon Sep 17 00:00:00 2001 From: Warren James Date: Thu, 4 May 2023 13:45:58 -0400 Subject: [PATCH 2/8] test(NODE-4772): small fix --- .../client_side_encryption.prose.test.js | 186 +++++++++--------- 1 file changed, 94 insertions(+), 92 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index 5c9374e9d9d..c0681fda9a6 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -14,6 +14,10 @@ const { getEncryptExtraOptions } = require('../../tools/utils'); const { installNodeDNSWorkaroundHooks } = require('../../tools/runner/hooks/configuration'); const { coerce, gte } = require('semver'); +const { + externalSchema +} = require('../../spec/client-side-encryption/external/external-schema.json'); + const getKmsProviders = (localKey, kmipEndpoint, azureEndpoint, gcpEndpoint) => { const result = BSON.EJSON.parse(process.env.CSFLE_KMS_PROVIDERS || '{}'); if (localKey) { @@ -34,7 +38,7 @@ const getKmsProviders = (localKey, kmipEndpoint, azureEndpoint, gcpEndpoint) => return result; }; -const noop = () => { }; +const noop = () => {}; const metadata = { requires: { clientSideEncryption: true, @@ -58,7 +62,7 @@ const eeMetadata = { // .. code:: javascript // Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk -describe('Client Side Encryption Prose Tests', metadata, function() { +describe('Client Side Encryption Prose Tests', metadata, function () { const dataDbName = 'db'; const dataCollName = 'coll'; const dataNamespace = `${dataDbName}.${dataCollName}`; @@ -73,11 +77,11 @@ describe('Client Side Encryption Prose Tests', metadata, function() { installNodeDNSWorkaroundHooks(); - describe('Data key and double encryption', function() { + describe('Data key and double encryption', function () { // Data key and double encryption // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // First, perform the setup. - beforeEach(function() { + beforeEach(function () { const mongodbClientEncryption = this.configuration.mongodbClientEncryption; // 1. Create a MongoClient without encryption enabled (referred to as ``client``). Enable command monitoring to listen for command_started events. @@ -159,7 +163,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { ); }); - afterEach(function() { + afterEach(function () { if (this.commandStartedEvents) { this.commandStartedEvents.teardown(); this.commandStartedEvents = undefined; @@ -169,7 +173,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { .then(() => this.client && this.client.close()); }); - it('should work for local KMS provider', metadata, function() { + it('should work for local KMS provider', metadata, function () { let localDatakeyId; let localEncrypted; return Promise.resolve() @@ -237,7 +241,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - it('should work for aws KMS provider', metadata, function() { + it('should work for aws KMS provider', metadata, function () { // Then, repeat the above tests with the ``aws`` KMS provider: let awsDatakeyId; let awsEncrypted; @@ -315,7 +319,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - it('should error on an attempt to double-encrypt a value', metadata, function() { + it('should error on an attempt to double-encrypt a value', metadata, function () { // Then, run the following final tests: // #. Test explicit encrypting an auto encrypted field. // - Use ``client_encrypted`` to attempt to insert ``{ "encrypted_placeholder": (local_encrypted) }`` @@ -349,7 +353,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { // connect-less client. So instead we are implementing the tests via APM, // and confirming that the externalClient is firing off keyVault requests during // encrypted operations - describe('External Key Vault Test', function() { + describe('External Key Vault Test', function () { function loadExternal(file) { return EJSON.parse( fs.readFileSync(path.resolve(__dirname, '../../spec/client-side-encryption/external', file)) @@ -359,7 +363,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { const externalKey = loadExternal('external-key.json'); const externalSchema = loadExternal('external-schema.json'); - beforeEach(function() { + beforeEach(function () { this.client = this.configuration.newClient(); // 1. Create a MongoClient without encryption enabled (referred to as ``client``). @@ -379,7 +383,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { ); }); - afterEach(function() { + afterEach(function () { if (this.commandStartedEvents) { this.commandStartedEvents.teardown(); this.commandStartedEvents = undefined; @@ -394,7 +398,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { it( `should work ${withExternalKeyVault ? 'with' : 'without'} external key vault`, metadata, - function() { + function () { const ClientEncryption = this.configuration.mongodbClientEncryption.ClientEncryption; return ( Promise.resolve() @@ -551,7 +555,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { defineTest(false); }); - describe('BSON size limits and batch splitting', function() { + describe('BSON size limits and batch splitting', function () { function loadLimits(file) { return EJSON.parse( fs.readFileSync(path.resolve(__dirname, '../../spec/client-side-encryption/limits', file)) @@ -563,7 +567,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { const limitsDoc = loadLimits('limits-doc.json'); let hasRunFirstTimeSetup = false; - beforeEach(async function() { + beforeEach(async function () { if (hasRunFirstTimeSetup) { // Even though we have to use a beforeEach here // We still only want the following code to be run *once* @@ -595,7 +599,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - beforeEach(function() { + beforeEach(function () { // 4. Create a MongoClient configured with auto encryption (referred to as ``client_encrypted``) // Configure with the ``local`` KMS provider as follows: // .. code:: javascript @@ -620,7 +624,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - afterEach(function() { + afterEach(function () { if (this.commandStartedEvents) { this.commandStartedEvents.teardown(); this.commandStartedEvents = undefined; @@ -630,7 +634,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - afterEach(function() { + afterEach(function () { return this.client && this.client.close(); }); @@ -716,7 +720,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { ]; testCases.forEach(testCase => { - it(testCase.description, metadata, function() { + it(testCase.description, metadata, function () { return this.encryptedColl.insertMany(testCase.docs()).then( () => { if (testCase.error) { @@ -756,8 +760,8 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - describe('Views are prohibited', function() { - beforeEach(function() { + describe('Views are prohibited', function () { + beforeEach(function () { // First, perform the setup. // 1. Create a MongoClient without encryption enabled (referred to as ``client``). @@ -779,11 +783,11 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }, noop); }); - afterEach(function() { + afterEach(function () { return this.client && this.client.close(); }); - beforeEach(function() { + beforeEach(function () { // 3. Create a MongoClient configured with auto encryption (referred to as client_encrypted) // Configure with the local KMS provider this.clientEncrypted = this.configuration.newClient( @@ -800,13 +804,13 @@ describe('Client Side Encryption Prose Tests', metadata, function() { return this.clientEncrypted.connect(); }); - afterEach(function() { + afterEach(function () { return this.clientEncrypted && this.clientEncrypted.close(); }); // 4. Using client_encrypted, attempt to insert a document into db.view. // Expect an exception to be thrown containing the message: "cannot auto encrypt a view". - it('should error when inserting into a view with autoEncryption', metadata, function() { + it('should error when inserting into a view with autoEncryption', metadata, function () { return this.clientEncrypted .db(dataDbName) .collection('view') @@ -824,7 +828,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - describe('Corpus Test', function() { + describe('Corpus Test', function () { it('runs in a separate suite', () => { expect(() => fs.statSync(path.resolve(__dirname, './client_side_encryption.prose.06.corpus.test.js')) @@ -832,10 +836,10 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - describe('Custom Endpoint Test', function() { + describe('Custom Endpoint Test', function () { // Data keys created with AWS KMS may specify a custom endpoint to contact (instead of the default endpoint derived from the AWS region). - beforeEach(function() { + beforeEach(function () { // 1. Create a ``ClientEncryption`` object (referred to as ``client_encryption``) // Configure with ``aws`` KMS providers as follows: // .. code:: javascript @@ -883,7 +887,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - afterEach(function() { + afterEach(function () { return this.client && this.client.close(); }); @@ -1041,7 +1045,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { ]; testCases.forEach(testCase => { - it(testCase.description, metadata, function() { + it(testCase.description, metadata, function () { // Call `client_encryption.createDataKey()` with as the provider and the following masterKey: // .. code:: javascript // { @@ -1101,17 +1105,17 @@ describe('Client Side Encryption Prose Tests', metadata, function() { // TODO(NODE-2422): Implement bypass prose tests describe('Bypass spawning mongocryptd', () => { - it.skip('Via mongocryptdBypassSpawn', () => { }).skipReason = + it.skip('Via mongocryptdBypassSpawn', () => {}).skipReason = 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests'; - it.skip('Via bypassAutoEncryption', () => { }).skipReason = + it.skip('Via bypassAutoEncryption', () => {}).skipReason = 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests'; - describe('via loading shared library', function() { + describe('via loading shared library', function () { let clientEncrypted; let client; // Setup - beforeEach(async function() { + beforeEach(async function () { // 1. Create a MongoClient configured with auto encryption (referred to as `client_encrypted`) clientEncrypted = this.configuration.newClient( {}, @@ -1142,7 +1146,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { ], cryptdSharedLibRequired: true }, - schemaMap: require('../../spec/client-side-encryption/external/external-schema.json') + schemaMap: externalSchema } } ); @@ -1156,7 +1160,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { expect(insertResult).to.have.property('insertedId'); }); - afterEach(async function() { + afterEach(async function () { await clientEncrypted.close(); if (client) { await client.close(); @@ -1166,10 +1170,8 @@ describe('Client Side Encryption Prose Tests', metadata, function() { // 4. Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 (or // whatever was passed via `--port` with serverSelectionTimeoutMS=1000.) Run a handshake // command and ensure it fails with a server selection timeout - it('should not spawn mongocryptd', async function() { - client = new MongoClient( - 'mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000' - ); + it('should not spawn mongocryptd', async function () { + client = new MongoClient('mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000'); const error = await client.connect().then( () => null, err => err @@ -1185,7 +1187,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { // TODO(NODE-3151): Implement kms prose tests describe('KMS TLS Tests', () => { - it.skip('TBD', () => { }).skipReason = 'TODO(NODE-3151): Implement "KMS TLS Tests"'; + it.skip('TBD', () => {}).skipReason = 'TODO(NODE-3151): Implement "KMS TLS Tests"'; }); /** @@ -1194,7 +1196,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { * - Create client encryption expired * - Create client encryption invalid hostname */ - context('KMS TLS Options Tests', metadata, function() { + context('KMS TLS Options Tests', metadata, function () { let clientNoTls; let clientWithTls; let clientWithTlsExpired; @@ -1204,7 +1206,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { let clientEncryptionWithTlsExpired; let clientEncryptionWithInvalidHostname; - beforeEach(async function() { + beforeEach(async function () { const tlsCaOptions = { aws: { tlsCAFile: process.env.KMIP_TLS_CA_FILE @@ -1309,7 +1311,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - afterEach(async function() { + afterEach(async function () { const allClients = [ clientNoTls, clientWithTls, @@ -1324,7 +1326,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); // Case 1. - context('Case 1: AWS', metadata, function() { + context('Case 1: AWS', metadata, function () { const masterKey = { region: 'us-east-1', key: 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', @@ -1333,7 +1335,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { const masterKeyExpired = { ...masterKey, endpoint: '127.0.0.1:8000' }; const masterKeyInvalidHostname = { ...masterKey, endpoint: '127.0.0.1:8001' }; - it('should fail with no TLS', metadata, async function() { + it('should fail with no TLS', metadata, async function () { try { await clientEncryptionNoTls.createDataKey('aws', { masterKey }); expect.fail('it must fail with no tls'); @@ -1343,7 +1345,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should succeed with valid TLS options', metadata, async function() { + it('should succeed with valid TLS options', metadata, async function () { try { await clientEncryptionWithTls.createDataKey('aws', { masterKey }); expect.fail('it must fail to parse response'); @@ -1354,7 +1356,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should fail with an expired certificate', async function() { + it('should fail with an expired certificate', async function () { try { await clientEncryptionWithTlsExpired.createDataKey('aws', { masterKey: masterKeyExpired @@ -1366,7 +1368,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should fail with an invalid hostname', metadata, async function() { + it('should fail with an invalid hostname', metadata, async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('aws', { masterKey: masterKeyInvalidHostname @@ -1380,13 +1382,13 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); // Case 2. - context('Case 2: Azure', metadata, function() { + context('Case 2: Azure', metadata, function () { const masterKey = { keyVaultEndpoint: 'doesnotexist.local', keyName: 'foo' }; - it('should fail with no TLS', metadata, async function() { + it('should fail with no TLS', metadata, async function () { try { await clientEncryptionNoTls.createDataKey('azure', { masterKey }); expect.fail('it must fail with no tls'); @@ -1396,7 +1398,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should succeed with valid TLS options', metadata, async function() { + it('should succeed with valid TLS options', metadata, async function () { try { await clientEncryptionWithTls.createDataKey('azure', { masterKey }); expect.fail('it must fail with HTTP 404'); @@ -1407,7 +1409,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should fail with an expired certificate', async function() { + it('should fail with an expired certificate', async function () { try { await clientEncryptionWithTlsExpired.createDataKey('azure', { masterKey }); expect.fail('it must fail with expired certificates'); @@ -1417,7 +1419,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should fail with an invalid hostname', metadata, async function() { + it('should fail with an invalid hostname', metadata, async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('azure', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1429,7 +1431,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); // Case 3. - context('Case 3: GCP', metadata, function() { + context('Case 3: GCP', metadata, function () { const masterKey = { projectId: 'foo', location: 'bar', @@ -1437,7 +1439,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { keyName: 'foo' }; - it('should fail with no TLS', metadata, async function() { + it('should fail with no TLS', metadata, async function () { try { await clientEncryptionNoTls.createDataKey('gcp', { masterKey }); expect.fail('it must fail with no tls'); @@ -1447,7 +1449,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should succeed with valid TLS options', metadata, async function() { + it('should succeed with valid TLS options', metadata, async function () { try { await clientEncryptionWithTls.createDataKey('gcp', { masterKey }); expect.fail('it must fail with HTTP 404'); @@ -1458,7 +1460,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should fail with an expired certificate', async function() { + it('should fail with an expired certificate', async function () { try { await clientEncryptionWithTlsExpired.createDataKey('gcp', { masterKey }); expect.fail('it must fail with expired certificates'); @@ -1468,7 +1470,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should fail with an invalid hostname', metadata, async function() { + it('should fail with an invalid hostname', metadata, async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('gcp', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1480,10 +1482,10 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); // Case 4. - context('Case 4: KMIP', metadata, function() { + context('Case 4: KMIP', metadata, function () { const masterKey = {}; - it('should fail with no TLS', metadata, async function() { + it('should fail with no TLS', metadata, async function () { if (gte(coerce(process.version), coerce('19'))) { this.skip('TODO(NODE-4942): fix failing csfle kmip test on Node19+'); return; @@ -1497,13 +1499,13 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should succeed with valid TLS options', metadata, async function() { + it('should succeed with valid TLS options', metadata, async function () { const keyId = await clientEncryptionWithTls.createDataKey('kmip', { masterKey }); // expect success expect(keyId).to.be.an('object'); }); - it('should fail with an expired certificate', async function() { + it('should fail with an expired certificate', async function () { try { await clientEncryptionWithTlsExpired.createDataKey('kmip', { masterKey }); expect.fail('it must fail with expired certificates'); @@ -1513,7 +1515,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('should fail with an invalid hostname', metadata, async function() { + it('should fail with an invalid hostname', metadata, async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('kmip', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1525,7 +1527,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - context('12. Explicit Encryption', eeMetadata, function() { + context('12. Explicit Encryption', eeMetadata, function () { const data = path.join(__dirname, '..', '..', 'spec', 'client-side-encryption', 'etc', 'data'); let encryptedFields; let key1Document; @@ -1535,7 +1537,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { let clientEncryption; let encryptedClient; - beforeEach(async function() { + beforeEach(async function () { const mongodbClientEncryption = this.configuration.mongodbClientEncryption; // Load the file encryptedFields.json as encryptedFields. encryptedFields = EJSON.parse( @@ -1593,17 +1595,17 @@ describe('Client Side Encryption Prose Tests', metadata, function() { ); }); - afterEach(async function() { + afterEach(async function () { await setupClient.close(); await keyVaultClient.close(); await encryptedClient.close(); }); - context('Case 1: can insert encrypted indexed and find', eeMetadata, function() { + context('Case 1: can insert encrypted indexed and find', eeMetadata, function () { let insertPayload; let findPayload; - beforeEach(async function() { + beforeEach(async function () { // Use clientEncryption to encrypt the value "encrypted indexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1635,7 +1637,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - it('returns the decrypted value', async function() { + it('returns the decrypted value', async function () { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "encryptedIndexed": }. // Assert one document is returned containing the field @@ -1649,11 +1651,11 @@ describe('Client Side Encryption Prose Tests', metadata, function() { context( 'Case 2: can insert encrypted indexed and find with non-zero contention', eeMetadata, - function() { + function () { let findPayload; let findPayload2; - beforeEach(async function() { + beforeEach(async function () { for (let i = 0; i < 10; i++) { // Use clientEncryption to encrypt the value "encrypted indexed value" with these EncryptOpts: // class EncryptOpts { @@ -1704,7 +1706,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - it('returns less than the total documents with no contention', async function() { + it('returns less than the total documents with no contention', async function () { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "encryptedIndexed": }. // Assert less than 10 documents are returned. 0 documents may be returned. @@ -1718,7 +1720,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } }); - it('returns all documents with contention', async function() { + it('returns all documents with contention', async function () { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "encryptedIndexed": }. // Assert 10 documents are returned. Assert each returned document contains the @@ -1733,10 +1735,10 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } ); - context('Case 3: can insert encrypted unindexed', eeMetadata, function() { + context('Case 3: can insert encrypted unindexed', eeMetadata, function () { let insertPayload; - beforeEach(async function() { + beforeEach(async function () { // Use clientEncryption to encrypt the value "encrypted unindexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1755,7 +1757,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - it('returns unindexed documents', async function() { + it('returns unindexed documents', async function () { // Use encryptedClient to run a "find" operation on the db.explicit_encryption // collection with the filter { "_id": 1 }. // Assert one document is returned containing the field @@ -1766,10 +1768,10 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - context('Case 4: can roundtrip encrypted indexed', eeMetadata, function() { + context('Case 4: can roundtrip encrypted indexed', eeMetadata, function () { let payload; - beforeEach(async function() { + beforeEach(async function () { // Use clientEncryption to encrypt the value "encrypted indexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1783,7 +1785,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - it('decrypts the value', async function() { + it('decrypts the value', async function () { // Use clientEncryption to decrypt payload. Assert the returned value // equals "encrypted indexed value". const result = await clientEncryption.decrypt(payload); @@ -1791,10 +1793,10 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - context('Case 5: can roundtrip encrypted unindexed', eeMetadata, function() { + context('Case 5: can roundtrip encrypted unindexed', eeMetadata, function () { let payload; - beforeEach(async function() { + beforeEach(async function () { // Use clientEncryption to encrypt the value "encrypted unindexed value" with these EncryptOpts: // class EncryptOpts { // keyId : @@ -1807,7 +1809,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - it('decrypts the value', async function() { + it('decrypts the value', async function () { // Use clientEncryption to decrypt payload. Assert the returned value // equals "encrypted unindexed value". const result = await clientEncryption.decrypt(payload); @@ -1816,10 +1818,10 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - context('13. Unique Index on keyAltNames', function() { + context('13. Unique Index on keyAltNames', function () { let client, clientEncryption, setupKeyId; - beforeEach(async function() { + beforeEach(async function () { // Create a MongoClient object (referred to as client). client = this.configuration.newClient(); await client.connect(); @@ -1861,8 +1863,8 @@ describe('Client Side Encryption Prose Tests', metadata, function() { await client.close(); }); - context('Case 1', metadata, function() { - it('createDataKey() handles duplicate key errors on the keyvault collection', async function() { + context('Case 1', metadata, function () { + it('createDataKey() handles duplicate key errors on the keyvault collection', async function () { // 1. Use client_encryption to create a new local data key with a keyAltName "abc" and assert the operation does not fail. await clientEncryption.createDataKey('local', { keyAltNames: ['abc'] @@ -1894,8 +1896,8 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - context('Case 2', metadata, function() { - it('addKeyAltName() handles duplicate key errors on the keyvault collection', async function() { + context('Case 2', metadata, function () { + it('addKeyAltName() handles duplicate key errors on the keyvault collection', async function () { // 1. Use client_encryption to create a new local data key and assert the operation does not fail. const _id = await clientEncryption.createDataKey('local'); @@ -1921,7 +1923,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { }); }); - context('16. Rewrap', function() { + context('16. Rewrap', function () { const masterKeys = { aws: { region: 'us-east-1', @@ -1955,12 +1957,12 @@ describe('Client Side Encryption Prose Tests', metadata, function() { } } - beforeEach(function() { + beforeEach(function () { client1 = this.configuration.newClient(); client2 = this.configuration.newClient(); }); - afterEach(async function() { + afterEach(async function () { await client1.close(); await client2.close(); }); @@ -1969,7 +1971,7 @@ describe('Client Side Encryption Prose Tests', metadata, function() { it( `should rewrap data key from ${srcProvider} to ${dstProvider}`, metadata, - async function() { + async function () { // Step 1. Drop the collection ``keyvault.datakeys`` await client1 .db('keyvault') From 8f3b0b63abab0b2003bd467fa3d89f167b949a8b Mon Sep 17 00:00:00 2001 From: Warren James Date: Thu, 4 May 2023 14:58:20 -0400 Subject: [PATCH 3/8] test(NODE-4772): restrict execution on metadata --- .../client-side-encryption/client_side_encryption.prose.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index c0681fda9a6..2761a0d1e9b 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -1170,7 +1170,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // 4. Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 (or // whatever was passed via `--port` with serverSelectionTimeoutMS=1000.) Run a handshake // command and ensure it fails with a server selection timeout - it('should not spawn mongocryptd', async function () { + it('should not spawn mongocryptd', metadata, async function () { client = new MongoClient('mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000'); const error = await client.connect().then( () => null, From d42a3fa39860aba5ded10409ba95194d18d32643 Mon Sep 17 00:00:00 2001 From: Warren James Date: Thu, 4 May 2023 15:37:42 -0400 Subject: [PATCH 4/8] test(NODE-2422): add new tests --- .../client_side_encryption.prose.test.js | 155 ++++++++++++++++-- 1 file changed, 141 insertions(+), 14 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index 2761a0d1e9b..e9516d7b782 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -1104,23 +1104,152 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // TODO(NODE-2422): Implement bypass prose tests - describe('Bypass spawning mongocryptd', () => { - it.skip('Via mongocryptdBypassSpawn', () => {}).skipReason = - 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests'; + describe('Bypass spawning mongocryptd', function () { + describe.only('via mongocryptdBypassSpawn', function () { + let clientEncrypted; + // Create a MongoClient configured with auto encryption + // Configure the required options. use the `local` KMS provider as follows: + // ```javascript + // { "local" : {"key": } } + // ``` + // configure with the `keyVaultNamespace` set to `keyvault.datakeys` + // configure with `client_encrypted` to use the schema `external/external-schema.json` for + // `db.coll` by setting a schema map like `{"db.coll": } } + // ``` + // configure with the `keyVaultNamespace` set to `keyvault.datakeys` + // configure with `client_encrypted` to use the schema `external/external-schema.json` for + // `db.coll` by setting a schema map like `{"db.coll": {}).skipReason = - 'TODO(NODE-2422): Implement "Bypass spawning mongocryptd" tests'; + afterEach(async function () { + if (clientEncrypted) { + await clientEncrypted.close(); + } + }); + + it('does not spawn mongocryptd', metadata, async function () { + // Use client_encrypted to insert the document {"encrypted": "test"} into db.coll. + // Expect a server selection error propagated from the internal MongoClient failing to connect to mongocryptd on port 27021. + expect(async function () { + await clientEncrypted.connect(); + await clientEncrypted + .db(dataDbName) + .collection(dataCollName) + .insertOne({ encrypted: 'test' }); + }).to.throw(MongoServerSelectionError, /27021/); + }); + }); + + describe.only('via bypassAutoEncryption', function () { + let clientEncrypted; + let client; + // Create a MongoClient configured with auto encryption + // Configure the required options. use the `local` KMS provider as follows: + // ```javascript + // { "local" : {"key": } } + // ``` + // configure with the `keyVaultNamespace` set to `keyvault.datakeys` + // configure with bypassAutoEncryption=true. + // `db.coll` by setting a schema map like `{"db.coll": } } + // ``` + // configure with the `keyVaultNamespace` set to `keyvault.datakeys` + autoEncryption: { + keyVaultNamespace, + kmsProviders: { local: { key: LOCAL_KEY } }, + extraOptions: { + // Configure the following extraOptions + // ```javascript + // { + // "mongocryptdSpawnArgs": [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"] + // } + //``` + ...getEncryptExtraOptions(), + mongocryptdSpawnArgs: [ + '--pidfilepath=bypass-spawning-mongocryptd.pid', + '--port=27021' + ] + } + } + } + ); + + // Use client_encrypted to insert the document {"unencrypted": "test"} into db.coll. + // Expect this to succeed. + await clientEncrypted.connect(); + const insertResult = await clientEncrypted + .db(dataDbName) + .collection(dataCollName) + .insertOne({ unencrypted: 'test' }); + + expect(insertResult).to.have.property('insertedId'); + }); + + afterEach(async function () { + if (clientEncrypted) await clientEncrypted.close(); + if (client) await client.close(); + }); + + // Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 + // (or whatever was passed via --port) with serverSelectionTimeoutMS=1000. Run a handshake + // command and ensure it fails with a server selection timeout. + it('does not spawn mongocryptd', metadata, async function () { + client = new MongoClient('mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000'); + const error = await client.connect().then( + () => null, + err => err + ); + + expect(error).to.be.instanceOf(MongoServerSelectionError); + console.log(error); + }); + }); describe('via loading shared library', function () { let clientEncrypted; let client; // Setup beforeEach(async function () { - // 1. Create a MongoClient configured with auto encryption (referred to as `client_encrypted`) + // Create a MongoClient configured with auto encryption (referred to as `client_encrypted`) clientEncrypted = this.configuration.newClient( {}, { - // 2. Configure the required options. use the `local` KMS provider as follows: + // Configure the required options. use the `local` KMS provider as follows: // ```javascript // { "local" : {"key": } } // ``` @@ -1150,7 +1279,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } } ); - // 3. Use `client_encrypted` to insert the document `{"unencrypted": "test"}` into `db.coll` + // Use `client_encrypted` to insert the document `{"unencrypted": "test"}` into `db.coll` // expect this to succeed await clientEncrypted.connect(); const insertResult = await clientEncrypted @@ -1161,13 +1290,11 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); afterEach(async function () { - await clientEncrypted.close(); - if (client) { - await client.close(); - } + if (clientEncrypted) await clientEncrypted.close(); + if (client) await client.close(); }); - // 4. Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 (or + // Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 (or // whatever was passed via `--port` with serverSelectionTimeoutMS=1000.) Run a handshake // command and ensure it fails with a server selection timeout it('should not spawn mongocryptd', metadata, async function () { @@ -1176,7 +1303,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { () => null, err => err ); - expect(error).to.be.instanceOf(MongoServerSelectionError, /'Server selection timed out'/i); + expect(error).to.be.instanceOf(MongoServerSelectionError); }); }); }); From 4e7cc2b1f3f38654733da0044f4452f079b55042 Mon Sep 17 00:00:00 2001 From: Warren James Date: Thu, 4 May 2023 16:24:17 -0400 Subject: [PATCH 5/8] test(NODE-2422): fix test failure --- .../client_side_encryption.prose.test.js | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index e9516d7b782..3d04740ee9d 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -1103,9 +1103,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); }); - // TODO(NODE-2422): Implement bypass prose tests describe('Bypass spawning mongocryptd', function () { - describe.only('via mongocryptdBypassSpawn', function () { + describe('via mongocryptdBypassSpawn', function () { let clientEncrypted; // Create a MongoClient configured with auto encryption // Configure the required options. use the `local` KMS provider as follows: @@ -1129,6 +1128,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { autoEncryption: { keyVaultNamespace, kmsProviders: { local: { key: LOCAL_KEY } }, + schemaMap: { dataNamespace: externalSchema }, // Configure the following `extraOptions` // { // "mongocryptdBypassSpawn": true @@ -1136,15 +1136,13 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // "mongocryptdSpawnArgs": [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"] // } extraOptions: { - ...getEncryptExtraOptions(), mongocryptdBypassSpawn: true, mongocryptdURI: 'mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000', mongocryptdSpawnArgs: [ '--pidfilepath=bypass-spawning-mongocryptd.pid', '--port=27021' ] - }, - schemaMap: externalSchema + } } } ); @@ -1159,17 +1157,21 @@ describe('Client Side Encryption Prose Tests', metadata, function () { it('does not spawn mongocryptd', metadata, async function () { // Use client_encrypted to insert the document {"encrypted": "test"} into db.coll. // Expect a server selection error propagated from the internal MongoClient failing to connect to mongocryptd on port 27021. - expect(async function () { - await clientEncrypted.connect(); - await clientEncrypted - .db(dataDbName) - .collection(dataCollName) - .insertOne({ encrypted: 'test' }); - }).to.throw(MongoServerSelectionError, /27021/); + const insertResult = await clientEncrypted + .db(dataDbName) + .collection(dataCollName) + .insertOne({ encrypted: 'test' }) + .then( + () => 'Insert Succeeded', + err => err + ); + + expect(insertResult).to.be.instanceOf(Error); + expect(insertResult).to.have.property('name', 'MongoServerSelectionError'); }); }); - describe.only('via bypassAutoEncryption', function () { + describe('via bypassAutoEncryption', function () { let clientEncrypted; let client; // Create a MongoClient configured with auto encryption @@ -1189,8 +1191,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // { "local" : {"key": } } // ``` // configure with the `keyVaultNamespace` set to `keyvault.datakeys` + // Configure with bypassAutoEncryption=true. autoEncryption: { keyVaultNamespace, + bypassAutoEncryption: true, kmsProviders: { local: { key: LOCAL_KEY } }, extraOptions: { // Configure the following extraOptions @@ -1199,7 +1203,6 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // "mongocryptdSpawnArgs": [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"] // } //``` - ...getEncryptExtraOptions(), mongocryptdSpawnArgs: [ '--pidfilepath=bypass-spawning-mongocryptd.pid', '--port=27021' @@ -1210,13 +1213,13 @@ describe('Client Side Encryption Prose Tests', metadata, function () { ); // Use client_encrypted to insert the document {"unencrypted": "test"} into db.coll. - // Expect this to succeed. await clientEncrypted.connect(); const insertResult = await clientEncrypted .db(dataDbName) .collection(dataCollName) .insertOne({ unencrypted: 'test' }); + // Expect this to succeed. expect(insertResult).to.have.property('insertedId'); }); @@ -1259,6 +1262,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { autoEncryption: { keyVaultNamespace, kmsProviders: { local: { key: LOCAL_KEY } }, + schemaMap: { dataNamespace: externalSchema }, // Configure the following `extraOptions` // { // "mongocryptdURI": "mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000", @@ -1267,15 +1271,14 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // "cryptSharedRequired": true // } extraOptions: { - ...getEncryptExtraOptions(), + ...getEncryptExtraOptions(), // sets cryptSharedLibPath if it exists mongocryptdURI: 'mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000', mongocryptdSpawnArgs: [ '--pidfilepath=bypass-spawning-mongocryptd.pid', '--port=27021' ], cryptdSharedLibRequired: true - }, - schemaMap: externalSchema + } } } ); From ff2393cf7c6fd8ac7446d922cb5165acc32d26dc Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 11 May 2023 12:17:21 -0600 Subject: [PATCH 6/8] chore: clean up tests --- .../client_side_encryption.prose.test.js | 56 +++++++++++++------ 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index c64873f8cc4..09fc112edda 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -1148,26 +1148,35 @@ describe('Client Side Encryption Prose Tests', metadata, function () { ); }); - afterEach(async function () { - if (clientEncrypted) { - await clientEncrypted.close(); + beforeEach('precondition: the shared library must NOT be loaded', function () { + const { cryptSharedLibPath } = getEncryptExtraOptions(); + if (cryptSharedLibPath) { + this.currentTest.skipReason = + 'test requires that the shared library NOT is present, but CRYPT_SHARED_LIB_PATH is set.'; + this.skip(); } + // the presence of the shared library can only be reliably determine after + // libmongocrypt has been initialized, and can be detected with the + // cryptSharedLibVersionInfo getter on the autoEncrypter. + expect(!!clientEncrypted.autoEncrypter.cryptSharedLibVersionInfo).to.be.false; + }); + + afterEach(async function () { + await clientEncrypted?.close(); }); it('does not spawn mongocryptd', metadata, async function () { // Use client_encrypted to insert the document {"encrypted": "test"} into db.coll. // Expect a server selection error propagated from the internal MongoClient failing to connect to mongocryptd on port 27021. - const insertResult = await clientEncrypted + const insertError = await clientEncrypted .db(dataDbName) .collection(dataCollName) .insertOne({ encrypted: 'test' }) - .then( - () => 'Insert Succeeded', - err => err - ); + .catch(e => e); - expect(insertResult).to.be.instanceOf(Error); - expect(insertResult).to.have.property('name', 'MongoServerSelectionError'); + expect(insertError) + .to.be.instanceOf(Error) + .to.match(/connect ECONNREFUSED 127.0.0.1:27021/); }); }); @@ -1223,9 +1232,22 @@ describe('Client Side Encryption Prose Tests', metadata, function () { expect(insertResult).to.have.property('insertedId'); }); + beforeEach('precondition: the shared library must NOT be loaded', function () { + const { cryptSharedLibPath } = getEncryptExtraOptions(); + if (cryptSharedLibPath) { + this.currentTest.skipReason = + 'test requires that the shared library NOT is present, but CRYPT_SHARED_LIB_PATH is set.'; + this.skip(); + } + // the presence of the shared library can only be reliably determine after + // libmongocrypt has been initialized, and can be detected with the + // cryptSharedLibVersionInfo getter on the autoEncrypter. + expect(!!clientEncrypted.autoEncrypter.cryptSharedLibVersionInfo).to.be.false; + }); + afterEach(async function () { - if (clientEncrypted) await clientEncrypted.close(); - if (client) await client.close(); + await clientEncrypted?.close(); + await client?.close(); }); // Validate that mongocryptd was not spawned. Create a MongoClient to localhost:27021 @@ -1233,13 +1255,11 @@ describe('Client Side Encryption Prose Tests', metadata, function () { // command and ensure it fails with a server selection timeout. it('does not spawn mongocryptd', metadata, async function () { client = new MongoClient('mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000'); - const error = await client.connect().then( - () => null, - err => err - ); + const error = await client.connect().catch(e => e); - expect(error).to.be.instanceOf(MongoServerSelectionError); - console.log(error); + expect(error) + .to.be.instanceOf(MongoServerSelectionError) + .to.match(/connect ECONNREFUSED 127.0.0.1:27021/); }); }); From dcb98d91f92fe2512f5018dfef59212325e0b819 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 15 May 2023 10:10:55 -0600 Subject: [PATCH 7/8] add check for name and error message --- .../client_side_encryption.prose.test.js | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index 09fc112edda..3ece16898b3 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -1176,7 +1176,20 @@ describe('Client Side Encryption Prose Tests', metadata, function () { expect(insertError) .to.be.instanceOf(Error) - .to.match(/connect ECONNREFUSED 127.0.0.1:27021/); + .to.have.property('name', 'MongoServerSelectionError'); + + expect(insertError).to.match(/connect ECONNREFUSED 127.0.0.1:27021/); + + expect(insertError).to.be.instanceOf( + MongoServerSelectionError, + ` + +TODO(NODE-5283): The error thrown in this test fails an instanceof check with MongoServerSelectionError. + This should change after NODE-5283. If this assertion is failing, then the test + should be updated to reflect that the error thrown is now a server selection error. + +` + ); }); }); From 4bb50ddab0a1d917b38780a8c2cfe5ddf127dfb7 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 15 May 2023 14:58:57 -0600 Subject: [PATCH 8/8] flip bad assertion --- .../client-side-encryption/client_side_encryption.prose.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index 3ece16898b3..4d22c5ce211 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -1180,7 +1180,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { expect(insertError).to.match(/connect ECONNREFUSED 127.0.0.1:27021/); - expect(insertError).to.be.instanceOf( + expect(insertError).not.to.be.instanceOf( MongoServerSelectionError, `