RUST-1629 Sync testdata updates for csfle (#869)

Author: abr-egn

etc/update-spec-tests.sh

@@ -28,4 +28,16 @@ curl -sL "https://github.com/mongodb/specifications/archive/$REF.zip" -o "$tmpdi
 unzip -q -d "$tmpdir" "$tmpdir/specs.zip"
 mkdir -p "src/test/spec/json/$1"
 rsync -ah "$tmpdir/specifications-$REF"*"/source/$1/tests/" "src/test/spec/json/$1" --delete
+
+if [ "$1" = "client-side-encryption" ]; then
+    mkdir -p "src/test/spec/json/testdata/$1/data"
+    rsync -ah "$tmpdir/specifications-$REF"*"/source/$1/etc/data/" "src/test/spec/json/testdata/$1/data" --delete
+    mkdir -p "src/test/spec/json/testdata/$1/corpus"
+    rsync -ah "$tmpdir/specifications-$REF"*"/source/$1/corpus/" "src/test/spec/json/testdata/$1/corpus" --delete
+    mkdir -p "src/test/spec/json/testdata/$1/external"
+    rsync -ah "$tmpdir/specifications-$REF"*"/source/$1/external/" "src/test/spec/json/testdata/$1/external" --delete
+    mkdir -p "src/test/spec/json/testdata/$1/limits"
+    rsync -ah "$tmpdir/specifications-$REF"*"/source/$1/limits/" "src/test/spec/json/testdata/$1/limits" --delete
+fi
+
 rm -rf "$tmpdir"

src/test/csfle.rs

@@ -455,7 +455,7 @@ async fn external_key_vault() -> Result<()> {
         // Setup: initialize db.
         let (client, datakeys) = init_client().await?;
         datakeys
-            .insert_one(load_testdata("external-key.json")?, None)
+            .insert_one(load_testdata("external/external-key.json")?, None)
             .await?;
 
         // Setup: test options.
@@ -479,7 +479,7 @@ async fn external_key_vault() -> Result<()> {
             LOCAL_KMS.clone(),
         )?
         .key_vault_client(kv_client.clone())
-        .schema_map([("db.coll", load_testdata("external-schema.json")?)])
+        .schema_map([("db.coll", load_testdata("external/external-schema.json")?)])
         .extra_options(EXTRA_OPTIONS.clone())
         .disable_crypt_shared(*DISABLE_CRYPT_SHARED)
         .build()
@@ -562,12 +562,12 @@ async fn bson_size_limits() -> Result<()> {
         .create_collection(
             "coll",
             CreateCollectionOptions::builder()
-                .validator(doc! { "$jsonSchema": load_testdata("limits-schema.json")? })
+                .validator(doc! { "$jsonSchema": load_testdata("limits/limits-schema.json")? })
                 .build(),
         )
         .await?;
     datakeys
-        .insert_one(load_testdata("limits-key.json")?, None)
+        .insert_one(load_testdata("limits/limits-key.json")?, None)
         .await?;
 
     // Setup: encrypted client.
@@ -597,7 +597,7 @@ async fn bson_size_limits() -> Result<()> {
     .await?;
 
     // Test operation 2
-    let mut doc: Document = load_testdata("limits-doc.json")?;
+    let mut doc: Document = load_testdata("limits/limits-doc.json")?;
     doc.insert("_id", "encryption_exceeds_2mib");
     doc.insert("unencrypted", "a".repeat(2_097_152 - 2_000));
     coll.insert_one(doc, None).await?;
@@ -631,7 +631,7 @@ async fn bson_size_limits() -> Result<()> {
     assert_eq!(2, inserts.len());
 
     // Test operation 4
-    let mut doc = load_testdata("limits-doc.json")?;
+    let mut doc = load_testdata("limits/limits-doc.json")?;
     doc.insert("_id", "encryption_exceeds_2mib_1");
     doc.insert("unencrypted", "a".repeat(2_097_152 - 2_000));
     let mut doc2 = doc.clone();
@@ -657,7 +657,7 @@ async fn bson_size_limits() -> Result<()> {
     coll.insert_one(doc, None).await?;
 
     // Test operation 6
-    let mut doc: Document = load_testdata("limits-doc.json")?;
+    let mut doc: Document = load_testdata("limits/limits-doc.json")?;
     doc.insert("_id", "encryption_exceeds_16mib");
     doc.insert("unencrypted", "a".repeat(16_777_216 - 2_000));
     let result = coll.insert_one(doc, None).await;
@@ -1347,7 +1347,7 @@ async fn bypass_mongocryptd_via_shared_library() -> Result<()> {
         KV_NAMESPACE.clone(),
         LOCAL_KMS.clone(),
     )?
-    .schema_map([("db.coll", load_testdata("external-schema.json")?)])
+    .schema_map([("db.coll", load_testdata("external/external-schema.json")?)])
     .extra_options(doc! {
         "mongocryptdURI": "mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000",
         "mongocryptdSpawnArgs": ["--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"],
@@ -1394,7 +1394,7 @@ async fn bypass_mongocryptd_via_bypass_spawn() -> Result<()> {
         KV_NAMESPACE.clone(),
         LOCAL_KMS.clone(),
     )?
-    .schema_map([("db.coll", load_testdata("external-schema.json")?)])
+    .schema_map([("db.coll", load_testdata("external/external-schema.json")?)])
     .extra_options(extra_options)
     .disable_crypt_shared(true)
     .build()
@@ -1617,7 +1617,7 @@ impl DeadlockTestCase {
             .database("keyvault")
             .collection::<Document>("datakeys")
             .insert_one(
-                load_testdata("external-key.json")?,
+                load_testdata("external/external-key.json")?,
                 InsertOneOptions::builder()
                     .write_concern(WriteConcern::MAJORITY)
                     .build(),
@@ -1628,7 +1628,9 @@ impl DeadlockTestCase {
             .create_collection(
                 "coll",
                 CreateCollectionOptions::builder()
-                    .validator(doc! { "$jsonSchema": load_testdata("external-schema.json")? })
+                    .validator(
+                        doc! { "$jsonSchema": load_testdata("external/external-schema.json")? },
+                    )
                     .build(),
             )
             .await?;
@@ -2363,8 +2365,8 @@ async fn explicit_encryption_setup() -> Result<Option<ExplicitEncryptionTestData
         return Ok(None);
     }
 
-    let encrypted_fields = load_testdata("encryptedFields.json")?;
-    let key1_document = load_testdata("key1-document.json")?;
+    let encrypted_fields = load_testdata("data/encryptedFields.json")?;
+    let key1_document = load_testdata("data/keys/key1-document.json")?;
     let key1_id = match key1_document.get("_id").unwrap() {
         Bson::Binary(b) => b.clone(),
         v => return Err(failure!("expected binary _id, got {:?}", v)),
@@ -3130,9 +3132,10 @@ async fn range_explicit_encryption_test(
     let _guard = LOCK.run_exclusively().await;
     let util_client = TestClient::new().await;
 
-    let encrypted_fields = load_testdata(&format!("range-encryptedFields-{}.json", bson_type))?;
+    let encrypted_fields =
+        load_testdata(&format!("data/range-encryptedFields-{}.json", bson_type))?;
 
-    let key1_document = load_testdata("key1-document.json")?;
+    let key1_document = load_testdata("data/keys/key1-document.json")?;
     let key1_id = match key1_document.get("_id").unwrap() {
         Bson::Binary(binary) => binary,
         _ => unreachable!(),

src/test/spec/json/client-side-encryption/README.rst

@@ -2807,7 +2807,7 @@ Each test listed in the cases below must pass for all supported data types unles
 
 Case 1: can decrypt a payload
 `````````````````````````````
-Use ``clientEncryption.encrypt()`` to encrypt the value 6. Ensure the type matches with the type of the encrypted field. For example, if the encrypted field is ``encryptedDoubleNoPrecision`` encrypt the double value 6.0.
+Use ``clientEncryption.encrypt()`` to encrypt the value 6. Ensure the encoded BSON type matches the type of the encrypted field. For example, if the encrypted field is ``encryptedLong`` encrypt the 64-bit BSON long value 6, not the 32-bit BSON int value 6.
 
 Store the result in ``insertPayload``.
 
@@ -2823,6 +2823,11 @@ Encrypt with the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and t
 
 Use ``clientEncryption`` to decrypt ``insertPayload``. Assert the returned value equals 6.
 
+.. note::
+
+   The type returned by ``clientEncryption.decrypt()`` may differ from the input type to ``clientEncryption.encrypt()`` depending on how the driver unmarshals BSON numerics to language native types.
+   Example: a driver may unmarshal a BSON long to a numeric type that does not distinguish between int64 and int32.
+
 Case 2: can find encrypted range and return the maximum 
 ```````````````````````````````````````````````````````
 Use ``clientEncryption.encryptExpression()`` to encrypt this query:

src/test/spec/json/client-side-encryption/legacy/bypassedCommand.json

@@ -78,7 +78,7 @@
       ]
     },
     {
-      "description": "current op is not bypassed",
+      "description": "kill op is not bypassed",
       "clientOptions": {
         "autoEncryptOpts": {
           "kmsProviders": {
@@ -90,14 +90,15 @@
         {
           "name": "runCommand",
           "object": "database",
-          "command_name": "currentOp",
+          "command_name": "killOp",
           "arguments": {
             "command": {
-              "currentOp": 1
+              "killOp": 1,
+              "op": 1234
             }
           },
           "result": {
-            "errorContains": "command not supported for auto encryption: currentOp"
+            "errorContains": "command not supported for auto encryption: killOp"
           }
         }
       ]

src/test/spec/json/client-side-encryption/legacy/bypassedCommand.yml

@@ -26,17 +26,18 @@ tests:
           command:
             ping: 1
           command_name: ping
-  - description: "current op is not bypassed"
+  - description: "kill op is not bypassed"
     clientOptions:
       autoEncryptOpts:
         kmsProviders:
           aws: {} # Credentials filled in from environment.
     operations:
       - name: runCommand
         object: database
-        command_name: currentOp
+        command_name: killOp
         arguments:
           command:
-            currentOp: 1
+            killOp: 1
+            op: 1234 
         result:
-          errorContains: "command not supported for auto encryption: currentOp"
+          errorContains: "command not supported for auto encryption: killOp"

src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.json

@@ -150,7 +150,44 @@
                   }
                 }
               ],
-              "ordered": true
+              "ordered": true,
+              "encryptionInformation": {
+                "type": 1,
+                "schema": {
+                  "default.default": {
+                    "escCollection": "enxcol_.default.esc",
+                    "ecocCollection": "enxcol_.default.ecoc",
+                    "fields": [
+                      {
+                        "keyId": {
+                          "$binary": {
+                            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+                            "subType": "04"
+                          }
+                        },
+                        "path": "encryptedIndexed",
+                        "bsonType": "string",
+                        "queries": {
+                          "queryType": "equality",
+                          "contention": {
+                            "$numberLong": "0"
+                          }
+                        }
+                      },
+                      {
+                        "keyId": {
+                          "$binary": {
+                            "base64": "q83vqxI0mHYSNBI0VniQEg==",
+                            "subType": "04"
+                          }
+                        },
+                        "path": "encryptedUnindexed",
+                        "bsonType": "string"
+                      }
+                    ]
+                  }
+                }
+              }
             },
             "command_name": "insert"
           }

src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.yml

@@ -48,6 +48,14 @@ tests:
             documents:
               - *doc0_encrypted
             ordered: true
+            encryptionInformation:
+                type: 1
+                schema:
+                  "default.default":
+                    # libmongocrypt applies escCollection and ecocCollection to outgoing command.
+                    escCollection: "enxcol_.default.esc"
+                    ecocCollection: "enxcol_.default.ecoc"
+                    <<: *encrypted_fields
           command_name: insert
       - command_started_event:
           command:

src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.json

@@ -176,6 +176,8 @@
                 "type": 1,
                 "schema": {
                   "default.default": {
+                    "escCollection": "enxcol_.default.esc",
+                    "ecocCollection": "enxcol_.default.ecoc",
                     "fields": [
                       {
                         "keyId": {
@@ -230,10 +232,13 @@
                   "limit": 1
                 }
               ],
+              "ordered": true,
               "encryptionInformation": {
                 "type": 1,
                 "schema": {
                   "default.default": {
+                    "escCollection": "enxcol_.default.esc",
+                    "ecocCollection": "enxcol_.default.ecoc",
                     "fields": [
                       {
                         "keyId": {

src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.yml

@@ -63,7 +63,11 @@ tests:
             encryptionInformation:
                 type: 1
                 schema:
-                  "default.default": *encrypted_fields
+                  "default.default":
+                    # libmongocrypt applies escCollection and ecocCollection to outgoing command.
+                    escCollection: "enxcol_.default.esc"
+                    ecocCollection: "enxcol_.default.ecoc"
+                    <<: *encrypted_fields
           command_name: insert
       - command_started_event:
           command:
@@ -82,10 +86,15 @@ tests:
                   },
                   "limit": 1
                 }
+            ordered: true
             encryptionInformation:
               type: 1
               schema:
-                "default.default": *encrypted_fields
+                "default.default":
+                  # libmongocrypt applies escCollection and ecocCollection to outgoing command.
+                  escCollection: "enxcol_.default.esc"
+                  ecocCollection: "enxcol_.default.ecoc"
+                  <<: *encrypted_fields
           command_name: delete
     outcome:
       collection:

src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.json

@@ -183,6 +183,8 @@
                 "type": 1,
                 "schema": {
                   "default.default": {
+                    "escCollection": "enxcol_.default.esc",
+                    "ecocCollection": "enxcol_.default.ecoc",
                     "fields": [
                       {
                         "keyId": {
@@ -236,6 +238,8 @@
                 "type": 1,
                 "schema": {
                   "default.default": {
+                    "escCollection": "enxcol_.default.esc",
+                    "ecocCollection": "enxcol_.default.ecoc",
                     "fields": [
                       {
                         "keyId": {