Comments

Author: baileympearson

lib/drivers/node-mongodb-native/index.js

@@ -7,3 +7,4 @@
 exports.BulkWriteResult = require('./bulkWriteResult');
 exports.Collection = require('./collection');
 exports.Connection = require('./connection');
+exports.ClientEncryption = require('mongodb').ClientEncryption;

lib/model.js

@@ -69,8 +69,7 @@ const minimize = require('./helpers/minimize');
 const MongooseBulkSaveIncompleteError = require('./error/bulkSaveIncompleteError');
 const ObjectExpectedError = require('./error/objectExpected');
 const decorateBulkWriteResult = require('./helpers/model/decorateBulkWriteResult');
-const { ClientEncryption } = require('mongodb');
-
+const driver = require('./driver');
 const modelCollectionSymbol = Symbol('mongoose#Model#collection');
 const modelDbSymbol = Symbol('mongoose#Model#db');
 const modelSymbol = require('./helpers/symbols').modelSymbol;
@@ -4882,7 +4881,11 @@ Model.compile = function compile(name, schema, collectionName, connection, base)
 };
 
 Model.clientEncryption = function clientEncryption() {
-  /** @type(import('mongodb').MongoClient) */
+  const ClientEncryption = driver.get().ClientEncryption;
+  if (!ClientEncryption) {
+    throw new Error('The mongodb driver must be used to obtain a ClientEncryption object.');
+  }
+
   const client = this.collection?.conn?.client;
 
   if (!client) return null;

scripts/configure-cluster-with-encryption.sh

@@ -49,7 +49,7 @@ if [ ! -d "data" ]; then
   echo 'Configuring Cluster...'
 
   # start cluster
-  (bash $DRIVERS_TOOLS/.evergreen/run-orchestration.sh) 1>/dev/null 2>/dev/null
+  (bash $DRIVERS_TOOLS/.evergreen/run-orchestration.sh)
 
   echo 'Cluster Configuration Finished!'
 

test/encryption/encryption.test.js

@@ -1269,15 +1269,12 @@ describe('encryption integration tests', () => {
           assert.equal(model.clientEncryption()._keyVaultClient, options.keyVaultClient, 'keyvault client not the same');
         });
       });
-    });
 
+
+    });
     describe('auto index creation', function() {
       let connection;
 
-      afterEach(async function() {
-        await connection?.close();
-      });
-
       describe('CSFLE', function() {
         it('automatically creates indexes for CSFLE models', async function() {
           connection = mongoose.createConnection();
@@ -1313,141 +1310,130 @@ describe('encryption integration tests', () => {
           const indexes = await model.listIndexes();
           assert.ok(indexes.find(({ name }) => name === 'age_1'));
         });
-
-
       });
     });
 
-    describe('auto collection creation', function() {
-      let connection;
 
-      afterEach(async function() {
-        await connection?.close();
-      });
+    describe('Queryable Encryption', function() {
+      let connection;
 
-      describe('CSFLE', function() {
-        it('automatically creates the model\'s collection', async function() {
-          connection = mongoose.createConnection();
-          const schema = new Schema({
-            name: { type: String, encrypt: { keyId: [keyId], algorithm } },
-            age: Number
-          }, { encryptionType: 'csfle', autoCreate: true });
+      it('automatically creates indexes for QE models', async function() {
+        connection = mongoose.createConnection();
+        const schema = new Schema({
+          name: { type: String, encrypt: { keyId } },
+          age: Number
+        }, { encryptionType: 'queryableEncryption' });
+        schema.index({ age: 1 });
+        const model = connection.model(new UUID().toHexString(), schema);
+        await connection.openUri(clusterUri, autoEncryptionOptions());
 
-          const model = connection.model(new UUID().toHexString(), schema);
+        await model.init();
 
-          await connection.openUri(clusterUri, autoEncryptionOptions());
+        const indexes = await model.listIndexes();
+        assert.ok(indexes.find(({ name }) => name === 'age_1'));
+      });
 
-          await model.init();
 
-          const collections = await connection.db.listCollections({}, { readPreference: 'primary' }).toArray();
-          assert.equal(collections.length, 1);
-        });
-      });
+    });
+  });
 
-      describe('Queryable Encryption', function() {
-        it('automatically creates the model\'s collection', async function() {
-          connection = mongoose.createConnection();
-          const schema = new Schema({
-            name: { type: String, encrypt: { keyId: keyId } }
-          }, { encryptionType: 'queryableEncryption', autoCreate: true });
+  describe('auto collection creation', function() {
+    let connection;
 
-          const model = connection.model(new UUID().toHexString(), schema);
+    afterEach(async function() {
+      await connection?.close();
+    });
 
-          await connection.openUri(clusterUri, autoEncryptionOptions());
+    describe('CSFLE', function() {
+      it('automatically creates the model\'s collection', async function() {
+        connection = mongoose.createConnection();
+        const schema = new Schema({
+          name: { type: String, encrypt: { keyId: [keyId], algorithm } },
+          age: Number
+        }, { encryptionType: 'csfle', autoCreate: true });
 
+        const model = connection.model(new UUID().toHexString(), schema);
 
-          await model.init();
+        await connection.openUri(clusterUri, autoEncryptionOptions());
+        await model.init();
 
-          const collections = await utilClient.db('db').listCollections().toArray();
-          assert.equal(collections.length, 3);
-        });
+        const collections = await connection.db.listCollections({}, { readPreference: 'primary' }).toArray();
+        assert.equal(collections.length, 1);
       });
     });
 
-    describe('read operations', function() {
-      let connection;
+    describe('Queryable Encryption', function() {
+      it('automatically creates the model\'s collection', async function() {
+        connection = mongoose.createConnection();
+        const schema = new Schema({
+          name: { type: String, encrypt: { keyId: keyId } }
+        }, { encryptionType: 'queryableEncryption', autoCreate: true });
 
-      afterEach(async function() {
-        await connection?.close();
-      });
+        const model = connection.model(new UUID().toHexString(), schema);
 
-      describe('CSFLE', function() {
-        it('encrypted documents can be read', async function() {
-          connection = mongoose.createConnection();
-          const schema = new Schema({
-            name: { type: String, encrypt: { keyId: [keyId], algorithm } },
-            age: Number
-          }, { encryptionType: 'csfle', autoCreate: true });
+        await connection.openUri(clusterUri, autoEncryptionOptions());
 
-          const model = connection.model(new UUID().toHexString(), schema);
 
-          await connection.openUri(clusterUri, autoEncryptionOptions());
+        await model.init();
 
-          await model.insertMany([
-            { name: 'bailey', age: 1 },
-            { name: 'john', age: 2 }
-          ]);
+        const collections = await utilClient.db('db').listCollections().toArray();
+        assert.equal(collections.length, 3);
+      });
+    });
+  });
 
-          assert.equal((await model.find()).length, 2);
-          assert.deepEqual(await model.findOne({ age: 1 }, { _id: 0, name: 1 }, { lean: true }), { name: 'bailey' });
-        });
+  describe('read operations', function() {
+    let connection;
 
-        it('deterministically encrypted fields can be equality queried', async function() {
-          connection = mongoose.createConnection();
-          const schema = new Schema({
-            name: { type: String, encrypt: { keyId: [keyId], algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic' } },
-            age: Number
-          }, { encryptionType: 'csfle', autoCreate: true });
+    afterEach(async function() {
+      await connection?.close();
+    });
 
-          const model = connection.model(new UUID().toHexString(), schema);
+    describe('CSFLE', function() {
+      it('encrypted documents can be read', async function() {
+        connection = mongoose.createConnection();
+        const schema = new Schema({
+          name: { type: String, encrypt: { keyId: [keyId], algorithm } },
+          age: Number
+        }, { encryptionType: 'csfle', autoCreate: true });
 
-          await connection.openUri(clusterUri, autoEncryptionOptions());
+        const model = connection.model(new UUID().toHexString(), schema);
 
-          await model.insertMany([
-            { name: 'bailey', age: 1 },
-            { name: 'john', age: 2 }
-          ]);
+        await connection.openUri(clusterUri, autoEncryptionOptions());
 
-          assert.equal((await model.find()).length, 2);
-          assert.deepEqual(await model.findOne({ name: 'bailey' }, { _id: 0, name: 1 }, { lean: true }), { name: 'bailey' });
-        });
-      });
+        await model.insertMany([
+          { name: 'bailey', age: 1 },
+          { name: 'john', age: 2 }
+        ]);
 
-      describe('QE encrypted queries', function() {
-        describe('when a field is configured for equality queries', function() {
-          it('can be queried with mongoose', async function() {
-            connection = mongoose.createConnection();
-            const schema = new Schema({
-              name: { type: String, encrypt: { keyId, queries: { queryType: 'equality' } } }
-            }, { encryptionType: 'queryableEncryption' });
-            const model = connection.model(new UUID().toHexString(), schema);
-            await connection.openUri(clusterUri, autoEncryptionOptions());
+        assert.equal((await model.find()).length, 2);
+        assert.deepEqual(await model.findOne({ age: 1 }, { _id: 0, name: 1 }, { lean: true }), { name: 'bailey' });
+      });
 
-            await model.insertMany([{ name: 'bailey' }, { name: 'john' }]);
+      it('deterministically encrypted fields can be equality queried', async function() {
+        connection = mongoose.createConnection();
+        const schema = new Schema({
+          name: { type: String, encrypt: { keyId: [keyId], algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic' } },
+          age: Number
+        }, { encryptionType: 'csfle', autoCreate: true });
 
-            const doc = await model.findOne({ name: 'bailey' });
-            assert.ok(doc);
-          });
-        });
+        const model = connection.model(new UUID().toHexString(), schema);
 
-        describe('when a field is not configured for equality queries', function() {
-          it('cannot be queried directly', async function() {
-            connection = mongoose.createConnection();
-            const schema = new Schema({
-              name: { type: String, encrypt: { keyId } }
-            }, { encryptionType: 'queryableEncryption' });
-            const model = connection.model(new UUID().toHexString(), schema);
-            await connection.openUri(clusterUri, autoEncryptionOptions());
+        await connection.openUri(clusterUri, autoEncryptionOptions());
 
-            await model.insertMany([{ name: { toString: function() { 'asdf';} } }, { name: 'john' }]);
+        await model.insertMany([
+          { name: 'bailey', age: 1 },
+          { name: 'john', age: 2 }
+        ]);
 
-            await assert.rejects(() => {
-              return model.findOne({ name: 'bailey' });
-            }, /Can only execute encrypted equality queries with an encrypted equality index/);
-          });
-        });
+        assert.equal((await model.find()).length, 2);
+        assert.deepEqual(await model.findOne({ name: 'bailey' }, { _id: 0, name: 1 }, { lean: true }), { name: 'bailey' });
+      });
+    });
 
-        it('queried documents can be modified and saved', async function() {
+    describe('QE encrypted queries', function() {
+      describe('when a field is configured for equality queries', function() {
+        it('can be queried with mongoose', async function() {
           connection = mongoose.createConnection();
           const schema = new Schema({
             name: { type: String, encrypt: { keyId, queries: { queryType: 'equality' } } }
@@ -1458,12 +1444,44 @@ describe('encryption integration tests', () => {
           await model.insertMany([{ name: 'bailey' }, { name: 'john' }]);
 
           const doc = await model.findOne({ name: 'bailey' });
-          doc.name = 'new name!';
-          await doc.save();
+          assert.ok(doc);
+        });
+      });
+
+      describe('when a field is not configured for equality queries', function() {
+        it('cannot be queried directly', async function() {
+          connection = mongoose.createConnection();
+          const schema = new Schema({
+            name: { type: String, encrypt: { keyId } }
+          }, { encryptionType: 'queryableEncryption' });
+          const model = connection.model(new UUID().toHexString(), schema);
+          await connection.openUri(clusterUri, autoEncryptionOptions());
+
+          await model.insertMany([{ name: { toString: function() { 'asdf';} } }, { name: 'john' }]);
 
-          assert.ok(model.findOne({ name: 'new name!' }));
+          await assert.rejects(() => {
+            return model.findOne({ name: 'bailey' });
+          }, /Can only execute encrypted equality queries with an encrypted equality index/);
         });
       });
+
+      it('queried documents can be modified and saved', async function() {
+        connection = mongoose.createConnection();
+        const schema = new Schema({
+          name: { type: String, encrypt: { keyId, queries: { queryType: 'equality' } } }
+        }, { encryptionType: 'queryableEncryption' });
+        const model = connection.model(new UUID().toHexString(), schema);
+        await connection.openUri(clusterUri, autoEncryptionOptions());
+        await model.init();
+        await model.insertMany([{ name: 'bailey' }, { name: 'john' }]);
+
+        const doc = await model.findOne({ name: 'bailey' });
+        doc.name = 'new name!';
+
+        await doc.save();
+
+        assert.ok(await model.findOne({ name: 'new name!' }));
+      });
     });
   });
 });