-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Expand file tree
/
Copy pathclient_side_encryption.spec.test.ts
More file actions
155 lines (138 loc) · 5.66 KB
/
client_side_encryption.spec.test.ts
File metadata and controls
155 lines (138 loc) · 5.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
import * as path from 'path';
import { loadSpecTests } from '../../spec';
import {
gatherTestSuites,
generateTopologyTests,
TestRunnerContext
} from '../../tools/spec-runner';
import { runUnifiedSuite } from '../../tools/unified-spec-runner/runner';
const isAuthEnabled = process.env.AUTH === 'auth';
// 'TODO: NODE-3891 - fix tests broken when AUTH enabled'
const skippedAuthTests = [
'Insert a document with auto encryption using the AWS provider with temporary credentials',
'Insert a document with auto encryption using Azure KMS provider',
'$rename works if target value has same encryption options',
'Insert with deterministic encryption, then find it',
'Insert with randomized encryption, then find it',
'Bulk write with encryption',
'Insert with bypassAutoEncryption',
'Insert with bypassAutoEncryption for local schema',
'ping is bypassed',
'deleteOne with deterministic encryption',
'deleteMany with deterministic encryption',
'distinct with deterministic encryption',
'Find with deterministic encryption',
'Find with $in with deterministic encryption',
'findOneAndReplace with deterministic encryption',
'findOneAndUpdate with deterministic encryption',
'Insert a document with auto encryption using GCP KMS provider',
'getMore with encryption',
'unset works with an encrypted field',
'updateOne with deterministic encryption',
'updateMany with deterministic encryption',
'replaceOne with encryption',
'Insert with encryption on a missing key',
'A local schema should override',
'Count with deterministic encryption',
'Insert a document with auto encryption using local KMS provider',
'Insert with encryption using key alt name',
'insertMany with encryption',
'insertOne with encryption',
'findOneAndDelete with deterministic encryption',
'$unset works with an encrypted field',
'Insert a document with auto encryption using KMIP KMS provider'
];
// TODO(NODE-6048): Int32 and Long not allowed as batchSize option to cursor.
const skippedNoAuthTests = ['getMore with encryption'];
const SKIPPED_TESTS = new Set([
...(isAuthEnabled ? skippedAuthTests.concat(skippedNoAuthTests) : skippedNoAuthTests),
...[
// the node driver does not have a mapReduce helper
'mapReduce deterministic encryption (unsupported)'
]
]);
const isServerless = !!process.env.SERVERLESS;
describe('Client Side Encryption (Legacy)', function () {
const testContext = new TestRunnerContext({ requiresCSFLE: true });
const testSuites = gatherTestSuites(
path.join(__dirname, '../../spec/client-side-encryption/tests/legacy'),
testContext
);
after(() => testContext.teardown());
before(function () {
return testContext.setup(this.configuration);
});
generateTopologyTests(testSuites, testContext, (test, configuration) => {
const { description } = test;
if (SKIPPED_TESTS.has(description)) {
return 'Skipped by generic test name skip filter.';
}
if (
[
'timeoutMS applied to listCollections to get collection schema',
'remaining timeoutMS applied to find to get keyvault data'
].includes(description)
) {
return 'TODO(NODE-5686): add CSOT support to FLE';
}
if (isServerless) {
// TODO(NODE-4730): Fix failing csfle tests against serverless
const isSkippedTest = [
'BypassQueryAnalysis decrypts',
'encryptedFieldsMap is preferred over remote encryptedFields'
].includes(description);
return isSkippedTest ? 'TODO(NODE-4730): Fix failing csfle tests against serverless' : true;
}
if (
[
'Insert a document with auto encryption using KMIP delegated KMS provider',
'Automatically encrypt and decrypt with a named KMS provider'
].includes(description)
) {
const result = configuration.filters.ClientSideEncryptionFilter.filter({
metadata: { requires: { clientSideEncryption: '>=6.0.1' } }
});
if (typeof result === 'string') return result;
}
return true;
});
});
describe('Client Side Encryption (Unified)', function () {
runUnifiedSuite(
loadSpecTests(path.join('client-side-encryption', 'tests', 'unified')),
({ description }, configuration) => {
const delegatedKMIPTests = [
'rewrap with current KMS provider',
'rewrap with new local KMS provider',
'rewrap with new KMIP delegated KMS provider',
'rewrap with new KMIP KMS provider',
'rewrap with new GCP KMS provider',
'rewrap with new Azure KMS provider',
'rewrap with new AWS KMS provider',
'create datakey with KMIP delegated KMS provider',
'Insert a document with auto encryption using KMIP delegated KMS provider',
'create data key with named AWS KMS provider',
'create datakey with named Azure KMS provider',
'create datakey with named GCP KMS provider',
'create datakey with named KMIP KMS provider',
'create datakey with named local KMS provider',
'can explicitly decrypt with a named KMS provider',
'rewrap to aws:name1',
'rewrap to azure:name1',
'rewrap to gcp:name1',
'rewrap to kmip:name1',
'rewrap to local:name1',
'rewrap from local:name1 to local:name2',
'rewrap from aws:name1 to aws:name2',
'can explicitly encrypt with a named KMS provider'
];
if (delegatedKMIPTests.includes(description)) {
const shouldSkip = configuration.filters.ClientSideEncryptionFilter.filter({
metadata: { requires: { clientSideEncryption: '>=6.0.1' } }
});
if (typeof shouldSkip === 'string') return shouldSkip;
}
return isServerless ? 'Unified CSFLE tests to not run on serverless' : false;
}
);
});