node-mongodb-native/test/integration/client-side-encryption/client_side_encryption.spec.test.ts at b5d563ec13a0a67fe9b5926d143cd06f91b66bc7 · baileympearson/node-mongodb-native · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import * as path from 'path';

import { loadSpecTests } from '../../spec';
import {
  gatherTestSuites,
  generateTopologyTests,
  TestRunnerContext
} from '../../tools/spec-runner';
import { runUnifiedSuite } from '../../tools/unified-spec-runner/runner';

describe('Client Side Encryption (Legacy)', function () {
  const testContext = new TestRunnerContext({ requiresCSFLE: true });
  const testSuites = gatherTestSuites(
    path.join(__dirname, '../../spec/client-side-encryption/tests/legacy'),
    testContext
  );

  after(() => testContext.teardown());

  before(function () {
    return testContext.setup(this.configuration);
  });

  generateTopologyTests(testSuites, testContext, (test, configuration) => {
    const { description } = test;
    if (description === 'getMore with encryption') {
      return `TODO(NODE-6048): Int32 and Long not allowed as batchSize option to cursor`;
    }
    if (description === 'mapReduce deterministic encryption (unsupported)') {
      return `the Node driver does not have a mapReduce helper.`;
    }
    if (
      [
        'timeoutMS applied to listCollections to get collection schema',
        'remaining timeoutMS applied to find to get keyvault data'
      ].includes(description)
    ) {
      return 'TODO(NODE-5686): add CSOT support to FLE';
    }

    if (
      [
        'Insert a document with auto encryption using KMIP delegated KMS provider',
        'Automatically encrypt and decrypt with a named KMS provider'
      ].includes(description)
    ) {
      const result = configuration.filters.ClientSideEncryptionFilter.filter({
        metadata: { requires: { clientSideEncryption: '>=6.0.1' } }
      });

      if (typeof result === 'string') return result;
    }

    if (['Insert with deterministic encryption, then find it'].includes(description)) {
      const result = configuration.filters.ClientSideEncryptionFilter.filter({
        metadata: { requires: { clientSideEncryption: '>=6.4.0' } }
      });

      if (typeof result === 'string') return result;
    }
    return true;
  });
});

describe('Client Side Encryption (Unified)', function () {
  runUnifiedSuite(
    loadSpecTests(path.join('client-side-encryption', 'tests', 'unified')),
    ({ description }, configuration) => {
      const delegatedKMIPTests = [
        'rewrap with current KMS provider',
        'rewrap with new local KMS provider',
        'rewrap with new KMIP delegated KMS provider',
        'rewrap with new KMIP KMS provider',
        'rewrap with new GCP KMS provider',
        'rewrap with new Azure KMS provider',
        'rewrap with new AWS KMS provider',
        'create datakey with KMIP delegated KMS provider',
        'Insert a document with auto encryption using KMIP delegated KMS provider',
        'create data key with named AWS KMS provider',
        'create datakey with named Azure KMS provider',
        'create datakey with named GCP KMS provider',
        'create datakey with named KMIP KMS provider',
        'create datakey with named local KMS provider',
        'can explicitly decrypt with a named KMS provider',
        'rewrap to aws:name1',
        'rewrap to azure:name1',
        'rewrap to gcp:name1',
        'rewrap to kmip:name1',
        'rewrap to local:name1',
        'rewrap from local:name1 to local:name2',
        'rewrap from aws:name1 to aws:name2',
        'can explicitly encrypt with a named KMS provider'
      ];
      const dekExpirationTests = ['decrypt, wait, and decrypt again'];
      if (delegatedKMIPTests.includes(description)) {
        const shouldSkip = configuration.filters.ClientSideEncryptionFilter.filter({
          metadata: { requires: { clientSideEncryption: '>=6.0.1' } }
        });
        if (typeof shouldSkip === 'string') return shouldSkip;
      }
      if (dekExpirationTests.includes(description)) {
        const shouldSkip = configuration.filters.ClientSideEncryptionFilter.filter({
          metadata: { requires: { clientSideEncryption: '>=6.4.0' } }
        });
        if (typeof shouldSkip === 'string') return shouldSkip;
      }

      return false;
    }
  );
});