Merge branch 'master' into GODRIVER-3434

Author: prestonvasquez

internal/integration/client_side_encryption_prose_test.go

@@ -1444,6 +1444,10 @@ func TestClientSideEncryptionProse(t *testing.T) {
 		if os.Getenv("KMS_MOCK_SERVERS_RUNNING") == "" {
 			mt.Skipf("Skipping test as KMS_MOCK_SERVERS_RUNNING is not set")
 		}
+		if tlsCAFileKMIP == "" || tlsClientCertificateKeyFileKMIP == "" {
+			mt.Fatal("Env vars CSFLE_TLS_CA_FILE and CSFLE_TLS_CLIENT_CERT_FILE must be set")
+		}
+
 		validKmsProviders := map[string]map[string]interface{}{
 			"aws": {
 				"accessKeyId":     awsAccessKeyID,
@@ -1513,50 +1517,50 @@ func TestClientSideEncryptionProse(t *testing.T) {
 			SetKeyVaultNamespace(kvNamespace)
 
 		// make TLS opts containing client certificate and CA file
-		tlsConfig := make(map[string]*tls.Config)
-		if tlsCAFileKMIP != "" && tlsClientCertificateKeyFileKMIP != "" {
-			clientAndCATlsMap := map[string]interface{}{
-				"tlsCertificateKeyFile": tlsClientCertificateKeyFileKMIP,
-				"tlsCAFile":             tlsCAFileKMIP,
-			}
-			certConfig, err := options.BuildTLSConfig(clientAndCATlsMap)
-			assert.Nil(mt, err, "BuildTLSConfig error: %v", err)
-			tlsConfig["aws"] = certConfig
-			tlsConfig["azure"] = certConfig
-			tlsConfig["gcp"] = certConfig
-			tlsConfig["kmip"] = certConfig
-		}
+		clientAndCATLSConfig, err := options.BuildTLSConfig(map[string]interface{}{
+			"tlsCertificateKeyFile": tlsClientCertificateKeyFileKMIP,
+			"tlsCAFile":             tlsCAFileKMIP,
+		})
+		assert.Nil(mt, err, "BuildTLSConfig error: %v", err)
 
 		// create valid Client Encryption options and set valid TLS options
 		validClientEncryptionOptionsWithTLS := options.ClientEncryption().
 			SetKmsProviders(validKmsProviders).
 			SetKeyVaultNamespace(kvNamespace).
-			SetTLSConfig(tlsConfig)
+			SetTLSConfig(map[string]*tls.Config{
+				"aws":   clientAndCATLSConfig,
+				"azure": clientAndCATLSConfig,
+				"gcp":   clientAndCATLSConfig,
+				"kmip":  clientAndCATLSConfig,
+			})
 
 		// make TLS opts containing only CA file
-		if tlsCAFileKMIP != "" {
-			caTlsMap := map[string]interface{}{
-				"tlsCAFile": tlsCAFileKMIP,
-			}
-			certConfig, err := options.BuildTLSConfig(caTlsMap)
-			assert.Nil(mt, err, "BuildTLSConfig error: %v", err)
-			tlsConfig["aws"] = certConfig
-			tlsConfig["azure"] = certConfig
-			tlsConfig["gcp"] = certConfig
-			tlsConfig["kmip"] = certConfig
-		}
+		caTLSConfig, err := options.BuildTLSConfig(map[string]interface{}{
+			"tlsCAFile": tlsCAFileKMIP,
+		})
+		assert.Nil(mt, err, "BuildTLSConfig error: %v", err)
 
 		// create invalid Client Encryption options with expired credentials
 		expiredClientEncryptionOptions := options.ClientEncryption().
 			SetKmsProviders(expiredKmsProviders).
 			SetKeyVaultNamespace(kvNamespace).
-			SetTLSConfig(tlsConfig)
+			SetTLSConfig(map[string]*tls.Config{
+				"aws":   caTLSConfig,
+				"azure": caTLSConfig,
+				"gcp":   caTLSConfig,
+				"kmip":  caTLSConfig,
+			})
 
 		// create invalid Client Encryption options with invalid hostnames
 		invalidHostnameClientEncryptionOptions := options.ClientEncryption().
 			SetKmsProviders(invalidKmsProviders).
 			SetKeyVaultNamespace(kvNamespace).
-			SetTLSConfig(tlsConfig)
+			SetTLSConfig(map[string]*tls.Config{
+				"aws":   caTLSConfig,
+				"azure": caTLSConfig,
+				"gcp":   caTLSConfig,
+				"kmip":  caTLSConfig,
+			})
 
 		awsMasterKeyNoClientCert := map[string]interface{}{
 			"region":   "us-east-1",
@@ -1622,7 +1626,8 @@ func TestClientSideEncryptionProse(t *testing.T) {
 
 				possibleErrors := []string{
 					"x509: certificate signed by unknown authority",                   // Windows
-					"x509: “valid.testing.golang.invalid” certificate is not trusted", // MacOS
+					"x509: “valid.testing.golang.invalid” certificate is not trusted", // macOS
+					"x509: “server” certificate is not standards compliant",           // macOS
 					"x509: certificate is not authorized to sign other certificates",  // All others
 				}
 

internal/integration/collection_test.go

@@ -1165,6 +1165,7 @@ func TestCollection(t *testing.T) {
 				SetHint(indexName).
 				SetMax(bson.D{{"x", int32(5)}}).
 				SetMin(bson.D{{"x", int32(0)}}).
+				SetOplogReplay(false).
 				SetProjection(bson.D{{"x", int32(1)}}).
 				SetReturnKey(false).
 				SetShowRecordID(false).
@@ -1186,6 +1187,7 @@ func TestCollection(t *testing.T) {
 				AppendString("hint", indexName).
 				StartDocument("max").AppendInt32("x", 5).FinishDocument().
 				StartDocument("min").AppendInt32("x", 0).FinishDocument().
+				AppendBoolean("oplogReplay", false).
 				StartDocument("projection").AppendInt32("x", 1).FinishDocument().
 				AppendBoolean("returnKey", false).
 				AppendBoolean("showRecordId", false).

internal/integration/unified/collection_operation_execution.go

@@ -1471,6 +1471,8 @@ func createFindCursor(ctx context.Context, operation *operation) (*cursorResult,
 			opts.SetMin(val.Document())
 		case "noCursorTimeout":
 			opts.SetNoCursorTimeout(val.Boolean())
+		case "oplogReplay":
+			opts.SetOplogReplay(val.Boolean())
 		case "projection":
 			opts.SetProjection(val.Document())
 		case "returnKey":

internal/integration/unified/unified_spec_test.go

@@ -25,6 +25,7 @@ var (
 		"command-monitoring/logging",
 		"connection-monitoring-and-pooling/logging",
 		"sessions",
+		"retryable-reads/unified",
 		"retryable-writes/unified",
 		"client-side-encryption/unified",
 		"client-side-operations-timeout",

internal/integration/unified_spec_test.go

@@ -178,7 +178,7 @@ const dataPath string = "../../testdata/"
 var directories = []string{
 	"transactions/legacy",
 	"convenient-transactions",
-	"retryable-reads",
+	"retryable-reads/legacy",
 	"read-write-concern/operation",
 	"server-discovery-and-monitoring/integration",
 	"atlas-data-lake-testing",

mongo/collection.go

@@ -1465,6 +1465,9 @@ func (coll *Collection) find(
 	if args.NoCursorTimeout != nil {
 		op.NoCursorTimeout(*args.NoCursorTimeout)
 	}
+	if args.OplogReplay != nil {
+		op.OplogReplay(*args.OplogReplay)
+	}
 	if args.Projection != nil {
 		proj, err := marshal(args.Projection, coll.bsonOpts, coll.registry)
 		if err != nil {
@@ -1518,6 +1521,7 @@ func newFindArgsFromFindOneArgs(args *options.FindOneOptions) *options.FindOptio
 		v.Hint = args.Hint
 		v.Max = args.Max
 		v.Min = args.Min
+		v.OplogReplay = args.OplogReplay
 		v.Projection = args.Projection
 		v.ReturnKey = args.ReturnKey
 		v.ShowRecordID = args.ShowRecordID

mongo/options/autoencryptionoptions.go

@@ -184,17 +184,9 @@ func (a *AutoEncryptionOptionsBuilder) SetExtraOptions(extraOpts map[string]inte
 // to the KMS provider.
 //
 // This should only be used to set custom TLS configurations. By default, the connection will use an empty tls.Config{} with MinVersion set to tls.VersionTLS12.
-func (a *AutoEncryptionOptionsBuilder) SetTLSConfig(tlsOpts map[string]*tls.Config) *AutoEncryptionOptionsBuilder {
+func (a *AutoEncryptionOptionsBuilder) SetTLSConfig(cfg map[string]*tls.Config) *AutoEncryptionOptionsBuilder {
 	a.Opts = append(a.Opts, func(args *AutoEncryptionOptions) error {
-		tlsConfigs := make(map[string]*tls.Config)
-		for provider, config := range tlsOpts {
-			// use TLS min version 1.2 to enforce more secure hash algorithms and advanced cipher suites
-			if config.MinVersion == 0 {
-				config.MinVersion = tls.VersionTLS12
-			}
-			tlsConfigs[provider] = config
-		}
-		args.TLSConfig = tlsConfigs
+		args.TLSConfig = cfg
 
 		return nil
 	})

mongo/options/clientencryptionoptions.go

@@ -70,19 +70,13 @@ func (c *ClientEncryptionOptionsBuilder) SetKmsProviders(providers map[string]ma
 // to the KMS provider.
 //
 // This should only be used to set custom TLS configurations. By default, the connection will use an empty tls.Config{} with MinVersion set to tls.VersionTLS12.
-func (c *ClientEncryptionOptionsBuilder) SetTLSConfig(tlsOpts map[string]*tls.Config) *ClientEncryptionOptionsBuilder {
+func (c *ClientEncryptionOptionsBuilder) SetTLSConfig(cfg map[string]*tls.Config) *ClientEncryptionOptionsBuilder {
 	c.Opts = append(c.Opts, func(opts *ClientEncryptionOptions) error {
-		tlsConfigs := make(map[string]*tls.Config)
-		for provider, config := range tlsOpts {
-			// use TLS min version 1.2 to enforce more secure hash algorithms and advanced cipher suites
-			if config.MinVersion == 0 {
-				config.MinVersion = tls.VersionTLS12
-			}
-			tlsConfigs[provider] = config
-		}
-		opts.TLSConfig = tlsConfigs
+		opts.TLSConfig = cfg
+
 		return nil
 	})
+
 	return c
 }
 

mongo/options/findoptions.go

@@ -22,6 +22,7 @@ type FindOptions struct {
 	Max                 interface{}
 	MaxAwaitTime        *time.Duration
 	Min                 interface{}
+	OplogReplay         *bool
 	Projection          interface{}
 	ReturnKey           *bool
 	ShowRecordID        *bool
@@ -200,6 +201,19 @@ func (f *FindOptionsBuilder) SetNoCursorTimeout(b bool) *FindOptionsBuilder {
 	return f
 }
 
+// SetOplogReplay sets the value for the OplogReplay field. OplogReplay is for internal
+// replication use only and should not be set.
+//
+// Deprecated: This option has been deprecated in MongoDB version 4.4 and will be ignored by
+// the server if it is set.
+func (f *FindOptionsBuilder) SetOplogReplay(b bool) *FindOptionsBuilder {
+	f.Opts = append(f.Opts, func(opts *FindOptions) error {
+		opts.OplogReplay = &b
+		return nil
+	})
+	return f
+}
+
 // SetProjection sets the value for the Projection field. Projection is a document describing
 // which fields will be included in the documents returned by the Find operation. The
 // default value is nil, which means all fields will be included.
@@ -265,6 +279,7 @@ type FindOneOptions struct {
 	Hint                interface{}
 	Max                 interface{}
 	Min                 interface{}
+	OplogReplay         *bool
 	Projection          interface{}
 	ReturnKey           *bool
 	ShowRecordID        *bool
@@ -354,6 +369,19 @@ func (f *FindOneOptionsBuilder) SetMin(min interface{}) *FindOneOptionsBuilder {
 	return f
 }
 
+// SetOplogReplay sets the value for the OplogReplay field. OplogReplay is for internal
+// replication use only and should not be set.
+//
+// Deprecated: This option has been deprecated in MongoDB version 4.4 and will be ignored by
+// the server if it is set.
+func (f *FindOneOptionsBuilder) SetOplogReplay(b bool) *FindOneOptionsBuilder {
+	f.Opts = append(f.Opts, func(opts *FindOneOptions) error {
+		opts.OplogReplay = &b
+		return nil
+	})
+	return f
+}
+
 // SetProjection sets the value for the Projection field. Sets a document describing which fields
 // will be included in the document returned by the operation. The default value is nil, which
 // means all fields will be included.