node-mongodb-native/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts at f251f50fcb2f567be94d2bdede2745221f279bc6 · mongodb/node-mongodb-native · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import { expect } from 'chai';
import { env } from 'process';

import { Binary } from '../../../src';
import { ClientEncryption } from '../../../src/client-side-encryption/client_encryption';
import { MongoCryptAzureKMSRequestError } from '../../../src/client-side-encryption/errors';

const dataKeyOptions = {
  masterKey: {
    keyVaultEndpoint: 'https://drivers-2411-keyvault.vault.azure.net/',
    keyName: 'drivers-2411-keyname'
  }
};

describe('19. On-demand Azure Credentials', () => {
  let clientEncryption;
  let keyVaultClient;

  beforeEach(async function () {
    keyVaultClient = this.configuration.newClient();

    if (typeof env.AZUREKMS_VMNAME === 'string') {
      // If azure cloud env is present then EXPECTED_AZUREKMS_OUTCOME MUST be set
      expect(
        env.EXPECTED_AZUREKMS_OUTCOME,
        `EXPECTED_AZUREKMS_OUTCOME must be 'success' or 'failure'`
      )
        .to.be.a('string')
        .that.satisfies(s => s === 'success' || s === 'failure');
    }

    clientEncryption = new ClientEncryption(keyVaultClient, {
      keyVaultClient,
      keyVaultNamespace: 'keyvault.datakeys',
      kmsProviders: { azure: {} }
    });
  });

  afterEach(async () => {
    await keyVaultClient?.close();
  });

  it(
    'Case 1: Failure',
    {
      requires: {
        predicate: () =>
          env.EXPECTED_AZUREKMS_OUTCOME !== 'failure'
            ? 'This test is supposed to run in the environment where failure is expected'
            : true
      }
    },
    async function () {
      const error = await clientEncryption
        .createDataKey('azure', dataKeyOptions)
        .catch(error => error);
      expect(error).to.be.instanceOf(MongoCryptAzureKMSRequestError);
    }
  );

  it(
    'Case 2: Success',
    {
      requires: {
        predicate: () =>
          env.EXPECTED_AZUREKMS_OUTCOME !== 'success'
            ? 'This test is supposed to run in the environment where success is expected'
            : true
      }
    },
    async function () {
      const dk = await clientEncryption.createDataKey('azure', dataKeyOptions);
      expect(dk).to.be.instanceOf(Binary);
    }
  );
});