ready for review

aditi-khare-mongoDB · aditi-khare-mongoDB · commit eac708f94c73 · 2024-12-10T17:24:32.000-05:00
diff --git a/.github/workflows/encryption-tests.yml b/.github/workflows/encryption-tests.yml
@@ -2,7 +2,9 @@ name: Encryption Tests
 
 on:
   push: 
-    branches: ['master', 'NODE-6505/ci-setup']
+    branches: ['master']
+  pull_request:
+    branches: [ 'master' ]
   workflow_dispatch: {}
 
 permissions:
diff --git a/.gitignore b/.gitignore
@@ -67,3 +67,5 @@ examples/ecommerce-netlify-functions/.netlify/state.json
 
 notes.md
 list.out
+
+encrypted-cluster
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -46,6 +46,7 @@ If you have a question about Mongoose (not a bug report) please post it to eithe
   * execute `npm run test-tsd` to run the typescript tests
   * execute `npm run ts-benchmark` to run the typescript benchmark "performance test" for a single time.
   * execute `npm run ts-benchmark-watch` to run the typescript benchmark "performance test" while watching changes on types folder. Note: Make sure to commit all changes before executing this command.
+* in order to run tests that require an encrypted cluster locally, run `npm run test-encryption-local`. Alternatively, you can start an encrypted cluster using the `scripts/encrypted-cluster.sh` file
 
 ## Documentation
 
diff --git a/mongocryptd.pid b/mongocryptd.pid
diff --git a/package.json b/package.json
@@ -20,6 +20,7 @@
   "license": "MIT",
   "dependencies": {
     "bson": "^6.7.0",
+    "hugo": "^0.0.3",
     "kareem": "2.6.3",
     "mongodb": "~6.10.0",
     "mongodb-client-encryption": "^6.1.0",
@@ -106,6 +107,7 @@
     "test-rs": "START_REPLICA_SET=1 mocha --timeout 30000 --exit ./test/*.test.js",
     "test-tsd": "node ./test/types/check-types-filename && tsd",
     "test-encryption": "mocha --exit ./test/encryption/*.test.js",
+    "test-encryption-local": "chmod +x scripts/encrypted-cluster.sh && scripts/encrypted-cluster.sh",
     "tdd": "mocha ./test/*.test.js --inspect --watch --recursive --watch-files ./**/*.{js,ts}",
     "test-coverage": "nyc --reporter=html --reporter=text npm test",
     "ts-benchmark": "cd ./benchmarks/typescript/simple && npm install && npm run benchmark | node ../../../scripts/tsc-diagnostics-check"
diff --git a/scripts/encrypted-cluster.sh b/scripts/encrypted-cluster.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+# sets up an encrypted mongodb cluster
+
+if [ -d "encrypted-cluster" ]; then
+  cd encrypted-cluster
+else
+  mkdir encrypted-cluster
+  cd encrypted-cluster
+
+  if [-d drivers-evergreen-tools]; then 
+    git clone --depth=1 "https://github.com/mongodb-labs/drivers-evergreen-tools.git"
+  fi
+
+  export DRIVERS_TOOLS=$(pwd)/drivers-evergreen-tools
+  export MONGODB_VERSION=8.0
+  export AUTH=true
+  export MONGODB_BINARIES=$DRIVERS_TOOLS/mongodb/bin
+  export NODE_DRIVER=~/dev/node-mongodb-native
+  export MONGO_ORCHESTRATION_HOME=$DRIVERS_TOOLS/mo
+  export PROJECT_ORCHESTRATION_HOME=$DRIVERS_TOOLS/.evergreen/orchestration
+  export TOPOLOGY=sharded_cluster
+  export SSL=nossl
+
+  cd $DRIVERS_TOOLS
+  rm -rf mongosh mongodb mo
+  mkdir mo
+  cd -
+
+  rm expansions.sh 2> /dev/null
+
+  bash $DRIVERS_TOOLS/.evergreen/run-orchestration.sh
+fi
+
+# IMPORTANT: extracts mongodb-uri, and starts the cluster of servers, store the uri for GitHub output
+
+read -r -d '' SOURCE_SCRIPT << EOM
+const fs = require('fs');
+const file = fs.readFileSync('mo-expansion.yml', { encoding: 'utf-8' })
+	.trim().split('\\n');
+const regex = /^(?<key>.*): "(?<value>.*)"$/;
+const variables = file.map(
+	(line) => regex.exec(line.trim()).groups
+).map(
+	({key, value}) => \`export \${key}='\${value}'\`
+).join('\n');
+
+process.stdout.write(variables);
+process.stdout.write('\n');
+EOM
+
+node --eval "$SOURCE_SCRIPT" | tee expansions.sh
+source expansions.sh
+
+export MONGOOSE_TEST_URI=$MONGODB_URI
+
+npm run test-encryption
diff --git a/test/encryption/encryption.test.js b/test/encryption/encryption.test.js
@@ -44,14 +44,14 @@ describe('basic integration', () => {
             'db.coll': {
               bsonType: 'object',
               encryptMetadata: {
-                keyId: [new mdb.UUID(dataKey)]
+                keyId: [dataKey]
               },
               properties: {
                 a: {
                   encrypt: {
                     bsonType: 'int',
                     algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Random',
-                    keyId: [new mdb.UUID(dataKey)]
+                    keyId: [dataKey]
                   }
                 }
               }
@@ -78,9 +78,11 @@ describe('basic integration', () => {
     await encryptedClient.connect();
     await encryptedClient.db('db').collection('coll').insertOne({ a: 1 });
 
+    const { insertedId } = await encryptedClient.db('db').collection('coll').insertOne({ a: 1 });
+
     // a dummyClient not configured with autoEncryption, returns a encrypted binary type, meaning that encryption succeeded
-    const encryptedCursor = await dummyClient.db('db').collection('coll').find();
-    const encryptedResult = await encryptedCursor.next();
+    const encryptedResult = await dummyClient.db('db').collection('coll').findOne({ _id: insertedId });
+
     assert.ok(encryptedResult);
     assert.ok(encryptedResult.a);
     assert.ok(isBsonType(encryptedResult.a, 'Binary'));
