test(NODE-3118): run CSFLE integration tests from libmongocrypt repo (#2833)

Author: nbbeeken

.evergreen/run-custom-csfle-tests.sh

@@ -5,21 +5,27 @@ if [ -z ${AWS_ACCESS_KEY_ID+omitted} ]; then echo "AWS_ACCESS_KEY_ID is unset" &
 if [ -z ${AWS_SECRET_ACCESS_KEY+omitted} ]; then echo "AWS_SECRET_ACCESS_KEY is unset" && exit 1; fi
 if [ -z ${CSFLE_KMS_PROVIDERS+omitted} ]; then echo "CSFLE_KMS_PROVIDERS is unset" && exit 1; fi
 
+export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+export CSFLE_KMS_PROVIDERS=${CSFLE_KMS_PROVIDERS}
+
 [ -s "$PROJECT_DIRECTORY/node-artifacts/nvm/nvm.sh" ] && source "$PROJECT_DIRECTORY"/node-artifacts/nvm/nvm.sh
 
 set -o xtrace   # Write all commands first to stderr
 set -o errexit  # Exit the script with error if any of the commands fail
 
+ABS_PATH_TO_PATCH=$(pwd)
+
 # Environment Variables:
 # CSFLE_GIT_REF - set the git reference to checkout for a custom CSFLE version
 # CDRIVER_GIT_REF - set the git reference to checkout for a custom CDRIVER version (this is for libbson)
 
 CSFLE_GIT_REF=${CSFLE_GIT_REF:-master}
-CDRIVER_GIT_REF=${CDRIVER_GIT_REF:-1.17.4}
+CDRIVER_GIT_REF=${CDRIVER_GIT_REF:-1.17.6}
 
-rm -rf csfle-deps-tmp
-mkdir -p csfle-deps-tmp
-pushd csfle-deps-tmp
+rm -rf ../csfle-deps-tmp
+mkdir -p ../csfle-deps-tmp
+pushd ../csfle-deps-tmp
 
 rm -rf libmongocrypt mongo-c-driver
 
@@ -37,15 +43,53 @@ popd # mongo-c-driver
 
 pushd libmongocrypt/bindings/node
 
+npm install --production --ignore-scripts
 source ./.evergreen/find_cmake.sh
 bash ./etc/build-static.sh
 
 popd # libmongocrypt/bindings/node
-popd # csfle-deps-tmp
-
-npm install
+popd # ../csfle-deps-tmp
 
-cp -r csfle-deps-tmp/libmongocrypt/bindings/node node_modules/mongodb-client-encryption
+# copy mongodb-client-encryption into driver's node_modules
+cp -R ../csfle-deps-tmp/libmongocrypt/bindings/node node_modules/mongodb-client-encryption
 
 export MONGODB_URI=${MONGODB_URI}
-npx mocha test/functional/client_side_encryption
+set +o errexit # We want to run both test suites even if the first fails
+npm run check:csfle
+DRIVER_CSFLE_TEST_RESULT=$?
+set -o errexit
+
+# Great! our drivers tests ran
+# there are tests inside the bindings repo that we also want to check
+
+pushd ../csfle-deps-tmp/libmongocrypt/bindings/node
+
+# a mongocryptd was certainly started by the driver tests,
+# let us let the bindings tests start their own
+killall mongocryptd || true
+
+# only prod deps were installed earlier, install devDependencies here (except for mongodb!)
+npm install --ignore-scripts
+
+# copy mongodb into CSFLE's node_modules
+rm -rf node_modules/mongodb
+cp -R "$ABS_PATH_TO_PATCH" node_modules/mongodb
+pushd node_modules/mongodb
+# lets be sure we have compiled TS since driver tests don't need to compile
+npm run build:ts
+popd # node_modules/mongodb
+
+# this variable needs to be empty
+export MONGODB_NODE_SKIP_LIVE_TESTS=""
+# all of the below must be defined (as well as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)
+export AWS_REGION="us-east-1"
+export AWS_CMK_ID="arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0"
+npm test -- --colors
+
+popd # ../csfle-deps-tmp/libmongocrypt/bindings/node
+
+# Exit the script in a way that will show evergreen a pass or fail
+if [ $DRIVER_CSFLE_TEST_RESULT -ne 0 ]; then
+  echo "Driver tests failed, look above for results"
+  exit 1
+fi

package.json

@@ -109,6 +109,7 @@
     "check:kerberos": "mocha --config \"test/manual/mocharc.json\" test/manual/kerberos.test.js",
     "check:tls": "mocha --config \"test/manual/mocharc.json\" test/manual/tls_support.test.js",
     "check:ldap": "mocha --config \"test/manual/mocharc.json\" test/manual/ldap.test.js",
+    "check:csfle": "mocha test/functional/client_side_encryption",
     "prepare": "node etc/prepare.js",
     "release": "standard-version -i HISTORY.md",
     "test": "npm run check:lint && npm run check:test"

src/error.ts

@@ -71,6 +71,9 @@ export interface ErrorDescription {
 /**
  * @public
  * @category Error
+ *
+ * @privateRemarks
+ * CSFLE has a dependency on this error, it uses the constructor with a string argument
  */
 export class MongoError extends Error {
   /** @internal */
@@ -192,7 +195,8 @@ export class MongoNetworkError extends MongoError {
   }
 }
 
-interface MongoNetworkTimeoutErrorOptions {
+/** @public */
+export interface MongoNetworkTimeoutErrorOptions {
   /** Indicates the timeout happened before a connection handshake completed */
   beforeHandshake: boolean;
 }
@@ -201,6 +205,9 @@ interface MongoNetworkTimeoutErrorOptions {
  * An error indicating a network timeout occurred
  * @public
  * @category Error
+ *
+ * @privateRemarks
+ * CSFLE has a dependency on this error with an instanceof check
  */
 export class MongoNetworkTimeoutError extends MongoNetworkError {
   constructor(message: string, options?: MongoNetworkTimeoutErrorOptions) {

src/index.ts

@@ -34,6 +34,7 @@ export {
   MongoServerError,
   MongoDriverError,
   MongoNetworkError,
+  MongoNetworkTimeoutError,
   MongoSystemError,
   MongoServerSelectionError,
   MongoParseError,
@@ -186,7 +187,7 @@ export type {
 } from './cursor/abstract_cursor';
 export type { DbPrivate, DbOptions } from './db';
 export type { AutoEncryptionOptions, AutoEncrypter } from './deps';
-export type { AnyError, ErrorDescription } from './error';
+export type { AnyError, ErrorDescription, MongoNetworkTimeoutErrorOptions } from './error';
 export type { Explain, ExplainOptions, ExplainVerbosityLike } from './explain';
 export type {
   GridFSBucketReadStream,

test/functional/client_side_encryption/driver.test.js

@@ -20,6 +20,38 @@ describe('Client Side Encryption Functional', function () {
     }
   };
 
+  it('CSFLE_KMS_PROVIDERS should be valid EJSON', function () {
+    if (process.env.CSFLE_KMS_PROVIDERS) {
+      /**
+       * The shape of CSFLE_KMS_PROVIDERS is as follows:
+       *
+       * interface CSFLE_kms_providers {
+       *    aws: {
+       *      accessKeyId: string;
+       *      secretAccessKey: string;
+       *   };
+       *   azure: {
+       *     tenantId: string;
+       *     clientId: string;
+       *     clientSecret: string;
+       *   };
+       *   gcp: {
+       *     email: string;
+       *     privateKey: string;
+       *   };
+       *   local: {
+       *     // EJSON handle converting this, its actually the canonical -> { $binary: { base64: string; subType: string } }
+       *     // **NOTE**: The dollar sign has to be escaped when using this as an ENV variable
+       *     key: Binary;
+       *   }
+       * }
+       */
+      expect(() => BSON.EJSON.parse(process.env.CSFLE_KMS_PROVIDERS)).to.not.throw(SyntaxError);
+    } else {
+      this.skip();
+    }
+  });
+
   describe('BSON Options', function () {
     beforeEach(function () {
       this.client = this.configuration.newClient();

test/functional/client_side_encryption/spec.test.js

@@ -38,7 +38,8 @@ describe('Client Side Encryption', function () {
     return (
       !spec.description.match(/type=regex/) &&
       !spec.description.match(/type=symbol/) &&
-      !spec.description.match(/maxWireVersion < 8/)
+      !spec.description.match(/maxWireVersion < 8/) &&
+      !spec.description.match(/Count with deterministic encryption/) // TODO(NODE-3369): Unskip
     );
   });
 });