chore(deps): bump mongosh, devtools-connect, mongodb-client-encryption (#3160)

* chore(deps): bump mongosh, devtools-connect, mongodb-client-encryption

* fixup: rename shared library option, add ts-expect-error

* fixup: adjust csfle collection tracker tests and crypt library logging

* fixup: update asar unpack list

* fixup: add ticket link

Author: addaleax

package-lock.json

@@ -147,11 +147,11 @@ describe('Logging and Telemetry integration', function () {
           s: 'I',
           c: 'COMPASS-MAIN',
           id: 1_001_000_125,
-          ctx: 'CSFLE',
-          msg: 'Found CSFLE library',
+          ctx: 'AutoEncryption',
+          msg: 'Found MongoDB Crypt library',
           attr: (actual: any) => {
-            expect(actual.csfleLibraryPath).to.be.a('string');
-            expect(actual.csfleLibraryPath).to.include('mongo_csfle_v1');
+            expect(actual.cryptSharedLibPath).to.be.a('string');
+            expect(actual.cryptSharedLibPath).to.include('mongo_crypt_v1');
           },
         },
         {

packages/compass-e2e-tests/tests/logging.test.ts

@@ -46,10 +46,10 @@
     "@leafygreen-ui/code": "^9.4.0",
     "@mongodb-js/compass-logging": "^0.12.0",
     "@mongodb-js/mongodb-redux-common": "^1.12.0",
-    "@mongosh/browser-repl": "^1.4.2",
-    "@mongosh/logging": "^1.4.2",
-    "@mongosh/node-runtime-worker-thread": "^1.4.2",
-    "@mongosh/service-provider-core": "^1.4.2"
+    "@mongosh/browser-repl": "^1.5.0",
+    "@mongosh/logging": "^1.5.0",
+    "@mongosh/node-runtime-worker-thread": "^1.5.0",
+    "@mongosh/service-provider-core": "^1.5.0"
   },
   "peerDependencies": {
     "@mongodb-js/compass-components": "^0.15.0",

packages/compass-shell/package.json

@@ -110,7 +110,7 @@
           "**/win-export-certificate-and-key/**",
           "**/macos-export-certificate-and-key/**",
           "**/system-ca/**",
-          "**/mongo_csfle_v1.*"
+          "**/mongo_crypt_v1.*"
         ]
       },
       "rebuild": {
@@ -160,11 +160,11 @@
     "email": "[email protected]"
   },
   "dependencies": {
-    "@mongosh/node-runtime-worker-thread": "^1.4.2",
+    "@mongosh/node-runtime-worker-thread": "^1.5.0",
     "clipboard": "^2.0.6",
     "kerberos": "^2.0.0",
     "keytar": "^7.7.0",
-    "mongodb-client-encryption": "^2.2.0-alpha.0",
+    "mongodb-client-encryption": "^2.2.0-alpha.1",
     "os-dns-native": "^1.2.0",
     "system-ca": "^1.0.2"
   },

packages/compass/package.json

@@ -84,7 +84,7 @@ const download = async(url, destDir) => {
   } catch {
     artifactInfo = await getDownloadURL({
       ...downloadOptions,
-      version: '>= 6.0.0-rc4'
+      version: '>= 6.0.0-rc8'
     });
   }
 

packages/compass/scripts/download-csfle.js

@@ -20,63 +20,41 @@ function processPath(p: string): string {
 
 export async function setupCSFLELibrary(): Promise<void> {
   const errors: Error[] = [];
-  let csfleLibraryPath;
-  if (!csfleLibraryPath) {
+  let cryptSharedLibPath;
+  if (!cryptSharedLibPath) {
     // This is not a loop so that the require() parts receive literal strings
     // in order for webpack to process them properly
     try {
       const candidate = processPath(require('../deps/csfle/bin/mongo_crypt_v1.dll'));
       await fs.access(candidate);
-      csfleLibraryPath = candidate;
+      cryptSharedLibPath = candidate;
     } catch (err: any) {
       errors.push(err);
     }
     try {
       const candidate = processPath(require('../deps/csfle/lib/mongo_crypt_v1.so'));
       await fs.access(candidate);
-      csfleLibraryPath = candidate;
+      cryptSharedLibPath = candidate;
     } catch (err: any) {
       errors.push(err);
     }
     try {
       const candidate = processPath(require('../deps/csfle/lib/mongo_crypt_v1.dylib'));
       await fs.access(candidate);
-      csfleLibraryPath = candidate;
-    } catch (err: any) {
-      errors.push(err);
-    }
-    // Drop these as soon as the rename has been completed.
-    try {
-      const candidate = processPath(require('../deps/csfle/bin/mongo_csfle_v1.dll'));
-      await fs.access(candidate);
-      csfleLibraryPath = candidate;
-    } catch (err: any) {
-      errors.push(err);
-    }
-    try {
-      const candidate = processPath(require('../deps/csfle/lib/mongo_csfle_v1.so'));
-      await fs.access(candidate);
-      csfleLibraryPath = candidate;
-    } catch (err: any) {
-      errors.push(err);
-    }
-    try {
-      const candidate = processPath(require('../deps/csfle/lib/mongo_csfle_v1.dylib'));
-      await fs.access(candidate);
-      csfleLibraryPath = candidate;
+      cryptSharedLibPath = candidate;
     } catch (err: any) {
       errors.push(err);
     }
   }
-  if (!csfleLibraryPath) {
-    log.error(mongoLogId(1_001_000_124), 'CSFLE', 'No CSFLE library available', {
+  if (!cryptSharedLibPath) {
+    log.error(mongoLogId(1_001_000_124), 'AutoEncryption', 'No MongoDB Crypt library available', {
       errors: errors.map(err => err.message)
     });
   } else {
-    log.info(mongoLogId(1_001_000_125), 'CSFLE', 'Found CSFLE library', {
-      csfleLibraryPath,
+    log.info(mongoLogId(1_001_000_125), 'AutoEncryption', 'Found MongoDB Crypt library', {
+      cryptSharedLibPath,
       externalOverride: process.env.COMPASS_CRYPT_LIBRARY_PATH
     });
-    process.env.COMPASS_CRYPT_LIBRARY_PATH ??= csfleLibraryPath;
+    process.env.COMPASS_CRYPT_LIBRARY_PATH ??= cryptSharedLibPath;
   }
 }

packages/compass/src/main/setup-csfle-library.ts

@@ -60,13 +60,13 @@
   },
   "dependencies": {
     "@mongodb-js/compass-logging": "^0.12.0",
-    "@mongodb-js/devtools-connect": "^1.3.1",
+    "@mongodb-js/devtools-connect": "^1.4.3",
     "@mongodb-js/ssh-tunnel": "^1.7.0",
     "async": "^3.2.0",
     "debug": "4.3.0",
     "lodash": "^4.17.20",
     "mongodb-build-info": "^1.3.0",
-    "mongodb-client-encryption": "^2.2.0-alpha.0",
+    "mongodb-client-encryption": "^2.2.0-alpha.1",
     "mongodb-connection-model": "^21.17.0",
     "mongodb-connection-string-url": "^2.5.2",
     "mongodb-index-model": "^3.11.0",

packages/data-service/package.json

@@ -45,7 +45,8 @@ export default async function connectMongoClientCompass(
       ...options.autoEncryption,
       extraOptions: {
         ...options.autoEncryption?.extraOptions,
-        csflePath: process.env.COMPASS_CRYPT_LIBRARY_PATH,
+        // @ts-expect-error next driver release has types
+        cryptSharedLibPath: process.env.COMPASS_CRYPT_LIBRARY_PATH,
       },
     };
   }

packages/data-service/src/connect-mongo-client.ts

@@ -1,19 +1,12 @@
 import type { CSFLECollectionTracker } from './csfle-collection-tracker';
-import { CSFLECollectionTrackerImpl } from './csfle-collection-tracker';
 import { expect } from 'chai';
-import type { DataService } from './data-service';
+import type { DataService, DataServiceImpl } from './data-service';
 import type { AutoEncryptionOptions, MongoClient } from 'mongodb';
-import { UUID } from 'bson';
+import type { Binary } from 'bson';
 import connect from './connect';
 
 describe('CSFLECollectionTracker', function () {
   const DECRYPTED_KEYS = Symbol.for('@@mdb.decryptedKeys');
-  const SOME_UUID1 = new UUID(
-    '00000000-0000-4000-8000-000000000001'
-  ).toBinary();
-  const SOME_UUID2 = new UUID(
-    '00000000-0000-4000-8000-000000000002'
-  ).toBinary();
   const ALGO_DET = 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic';
 
   let dataService: DataService;
@@ -33,8 +26,22 @@ describe('CSFLECollectionTracker', function () {
   });
 
   async function createTracker(
-    autoEncryption: AutoEncryptionOptions = {}
-  ): Promise<[CSFLECollectionTracker, DataService]> {
+    autoEncryption:
+      | AutoEncryptionOptions
+      | ((keys: [Binary, Binary]) => AutoEncryptionOptions) = {}
+  ): Promise<[CSFLECollectionTracker, DataService, Binary, Binary]> {
+    if (typeof autoEncryption === 'function') {
+      // This autoEncryption config depends on the keys, so we first need
+      // to set up the keys with one DataService instance,
+      // then create the 'real' DataService instance.
+      const [, tempDataService, someKey1, someKey2] = await createTracker({});
+      await tempDataService.disconnect();
+      const [tracker, dataService] = await createTracker(
+        autoEncryption([someKey1, someKey2])
+      );
+      return [tracker, dataService, someKey1, someKey2];
+    }
+
     const dataService = await connect({
       connectionString: 'mongodb://localhost:27018',
       fleOptions: {
@@ -43,16 +50,21 @@ describe('CSFLECollectionTracker', function () {
           kmsProviders: { local: { key: 'A'.repeat(128) } },
           keyVaultNamespace: `${dbName}.kv`,
           extraOptions: {
-            csflePath: process.env.COMPASS_CRYPT_LIBRARY_PATH,
+            // @ts-expect-error next driver release has types
+            cryptSharedLibPath: process.env.COMPASS_CRYPT_LIBRARY_PATH,
           },
           ...autoEncryption,
         },
       },
     });
-    const crudClient = (dataService as any)._initializedClient('CRUD');
+    // It can be useful to have one or two pre-defined keys in the key vault.
+    const someKey1 = (await dataService.createDataKey('local')) as Binary;
+    const someKey2 = (await dataService.createDataKey('local')) as Binary;
     return [
-      new CSFLECollectionTrackerImpl(dataService, crudClient),
+      (dataService as DataServiceImpl).getCSFLECollectionTracker(),
       dataService,
+      someKey1,
+      someKey2,
     ];
   }
 
@@ -134,7 +146,7 @@ describe('CSFLECollectionTracker', function () {
 
   context('with client-side FLE1 schema info', function () {
     beforeEach(async function () {
-      [tracker, dataService] = await createTracker({
+      [tracker, dataService] = await createTracker(([SOME_UUID1]) => ({
         schemaMap: {
           [`${dbName}.test1`]: {
             properties: {
@@ -168,7 +180,7 @@ describe('CSFLECollectionTracker', function () {
             },
           },
         },
-      });
+      }));
     });
 
     it('correctly returns whether updates are allowed', async function () {
@@ -190,16 +202,18 @@ describe('CSFLECollectionTracker', function () {
 
   context('with client-side FLE2 schema info', function () {
     beforeEach(async function () {
-      [tracker, dataService] = await createTracker({
-        encryptedFieldsMap: {
-          [`${dbName}.test2`]: {
-            fields: [{ path: 'a', keyId: SOME_UUID1, bsonType: 'string' }],
-          },
-          [`${dbName}.test3`]: {
-            fields: [{ path: 'n.a', keyId: SOME_UUID2, bsonType: 'string' }],
+      [tracker, dataService] = await createTracker(
+        ([SOME_UUID1, SOME_UUID2]) => ({
+          encryptedFieldsMap: {
+            [`${dbName}.test2`]: {
+              fields: [{ path: 'a', keyId: SOME_UUID1, bsonType: 'string' }],
+            },
+            [`${dbName}.test3`]: {
+              fields: [{ path: 'n.a', keyId: SOME_UUID2, bsonType: 'string' }],
+            },
           },
-        },
-      });
+        })
+      );
     });
 
     it('correctly returns whether updates are allowed', async function () {
@@ -220,12 +234,15 @@ describe('CSFLECollectionTracker', function () {
   });
 
   context('with server-side FLE1 schema info', function () {
+    let SOME_UUID1;
     beforeEach(async function () {
-      [tracker, dataService] = await createTracker();
-      const crudClient: MongoClient = (dataService as any)._initializedClient(
-        'CRUD'
-      );
-      await crudClient.db(dbName).createCollection('test1', {
+      [tracker, dataService, SOME_UUID1] = await createTracker();
+      // TODO: This might/should be the CRUD client, but that doesn't
+      // work -- https://jira.mongodb.org/browse/MONGOCRYPT-436 tracks this.
+      const metadataClient: MongoClient = (
+        dataService as any
+      )._initializedClient('META');
+      await metadataClient.db(dbName).createCollection('test1', {
         validator: {
           $jsonSchema: {
             properties: {
@@ -235,7 +252,7 @@ describe('CSFLECollectionTracker', function () {
         },
       });
 
-      await crudClient.db(dbName).createCollection('test2', {
+      await metadataClient.db(dbName).createCollection('test2', {
         validator: {
           $jsonSchema: {
             properties: {
@@ -251,7 +268,7 @@ describe('CSFLECollectionTracker', function () {
         },
       });
 
-      await crudClient.db(dbName).createCollection('test3', {
+      await metadataClient.db(dbName).createCollection('test3', {
         validator: {
           $jsonSchema: {
             properties: {
@@ -290,18 +307,22 @@ describe('CSFLECollectionTracker', function () {
   });
 
   context('with server-side FLE2 schema info', function () {
+    let SOME_UUID1, SOME_UUID2;
     beforeEach(async function () {
-      [tracker, dataService] = await createTracker();
-      const crudClient: MongoClient = (dataService as any)._initializedClient(
-        'CRUD'
-      );
-      await crudClient.db(dbName).createCollection('test2', {
+      [tracker, dataService, SOME_UUID1, SOME_UUID2] = await createTracker();
+      // Creating the collections needs to be done through the non-FLE-aware
+      // client here, because newer libmongocrypt versions also fetch
+      // collection infos when doing createCollection commands.
+      const metaDataClient: MongoClient = (
+        dataService as any
+      )._initializedClient('META');
+      await metaDataClient.db(dbName).createCollection('test2', {
         encryptedFields: {
           fields: [{ path: 'a', keyId: SOME_UUID1, bsonType: 'string' }],
         },
       });
 
-      await crudClient.db(dbName).createCollection('test3', {
+      await metaDataClient.db(dbName).createCollection('test3', {
         encryptedFields: {
           fields: [{ path: 'n.a', keyId: SOME_UUID2, bsonType: 'string' }],
         },
@@ -360,7 +381,7 @@ describe('CSFLECollectionTracker', function () {
           dataService.findOneAndUpdate(
             `${dbName}.test2`,
             {},
-            { $set: { a: 2 } },
+            { $set: { a: '2' } },
             {},
             resolve
           );
@@ -384,7 +405,7 @@ describe('CSFLECollectionTracker', function () {
           dataService.findOneAndUpdate(
             `${dbName}.test2`,
             {},
-            { $set: { a: 2 } },
+            { $set: { a: '2' } },
             {},
             resolve
           );
@@ -419,14 +440,18 @@ describe('CSFLECollectionTracker', function () {
   });
 
   context('with client-side and server-side FLE2 schema info', function () {
+    let SOME_UUID2;
+
     beforeEach(async function () {
-      [tracker, dataService] = await createTracker({
-        encryptedFieldsMap: {
-          [`${dbName}.test3`]: {
-            fields: [{ path: 'n.a', keyId: SOME_UUID2, bsonType: 'string' }],
+      [tracker, dataService, SOME_UUID2] = await createTracker(
+        ([SOME_UUID2]) => ({
+          encryptedFieldsMap: {
+            [`${dbName}.test3`]: {
+              fields: [{ path: 'n.a', keyId: SOME_UUID2, bsonType: 'string' }],
+            },
           },
-        },
-      });
+        })
+      );
       const crudClient: MongoClient = (dataService as any)._initializedClient(
         'CRUD'
       );