-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Expand file tree
/
Copy pathclient_side_encryption.prose.20.mongocryptd_client.test.ts
More file actions
75 lines (67 loc) · 3.11 KB
/
client_side_encryption.prose.20.mongocryptd_client.test.ts
File metadata and controls
75 lines (67 loc) · 3.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import { expect } from 'chai';
import { once } from 'events';
import { createServer, type Server } from 'net';
import { getCSFLEKMSProviders } from '../../csfle-kms-providers';
import { type MongoClient } from '../../mongodb';
import { getEncryptExtraOptions } from '../../tools/utils';
describe('20. Bypass creating mongocryptd client when shared library is loaded', function () {
let server: Server;
let hasConnection = false;
let client: MongoClient;
beforeEach(function () {
// Start a new thread (referred to as listenerThread)
// On listenerThread, create a TcpListener on 127.0.0.1 endpoint and port 27021. Start the listener and wait for establishing connections. If any connection is established, then signal about this to the main thread.
// Drivers MAY pass a different port if they expect their testing infrastructure to be using port 27021. Pass a port that should be free.
// In Node, we don't need to create a separate thread for the server.
server = createServer({});
server.listen(27021);
server.on('connection', () => (hasConnection = true));
// Create a MongoClient configured with auto encryption (referred to as client_encrypted)
// Configure the required options. Use the local KMS provider as follows:
// { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } }
// Configure with the keyVaultNamespace set to keyvault.datakeys.
// Configure the following extraOptions:
// {
// "mongocryptdURI": "mongodb://localhost:27021/?serverSelectionTimeoutMS=1000"
// }
client = this.configuration.newClient(
{},
{
autoEncryption: {
kmsProviders: { local: getCSFLEKMSProviders().local },
keyVaultNamespace: 'keyvault.datakeys',
extraOptions: {
cryptSharedLibPath: getEncryptExtraOptions().cryptSharedLibPath,
mongocryptdURI: 'mongodb://localhost:27021'
}
}
}
);
});
afterEach(async function () {
server && (await once(server.close(), 'close'));
await client?.close();
});
it(
'does not create or use a mongocryptd client when the shared library is loaded',
{
requires: {
clientSideEncryption: true,
crypt_shared: 'enabled'
}
},
async function () {
// Use client_encrypted to insert the document {"unencrypted": "test"} into db.coll.
await client.db('db').collection('coll').insertOne({ unencrypted: 'test' });
// Expect no signal from listenerThread.
expect(hasConnection).to.be.false;
// Note: this assertion is not in the spec test. However, unlike other drivers, Node's client
// does not connect when instantiated. So, we won't receive any TCP connections to the
// server if the mongocryptd client is only instantiated. This assertion captures the
// spirit of this test, causing it to fail if we do instantiate a client. I left the
// TCP server in, although it isn't necessary for Node's test, just because its nice to have
// in case Node's client behavior ever changes.
expect(client.autoEncrypter._mongocryptdClient).to.be.undefined;
}
);
});