test(NODE-4331): add prose test 13 (#3335)

baileympearson · web-flow · commit 74fe82ae8a24 · 2022-07-29T14:13:46.000-04:00
diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js
@@ -9,7 +9,7 @@ const { dropCollection, APMEventCollector } = require('../shared');
 
 const { EJSON, Binary } = BSON;
 const { LEGACY_HELLO_COMMAND } = require('../../../src/constants');
-const { MongoNetworkError } = require('../../../src/error');
+const { MongoNetworkError, MongoServerError } = require('../../../src/error');
 
 const getKmsProviders = (localKey, kmipEndpoint, azureEndpoint, gcpEndpoint) => {
   const result = BSON.EJSON.parse(process.env.CSFLE_KMS_PROVIDERS || '{}');
@@ -1723,6 +1723,110 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
     });
   });
 
+  context('13. Unique Index on keyAltNames', function () {
+    let client, clientEncryption, setupKeyId;
+
+    beforeEach(async function () {
+      // Create a MongoClient object (referred to as client).
+      client = this.configuration.newClient();
+      await client.connect();
+
+      // Using client, drop the collection keyvault.datakeys.
+      await client
+        .db('keyvault')
+        .dropCollection('datakeys')
+        .catch(() => null);
+
+      await client
+        .db('keyvault')
+        .collection('datakeys')
+        .createIndex(
+          { keyAltNames: 1 },
+          {
+            unique: true,
+            partialFilterExpression: { keyAltNames: { $exists: true } },
+            writeConcern: { w: 'majority' }
+          }
+        );
+
+      // Create a ClientEncryption object (referred to as client_encryption) with client set as the keyVaultClient.
+      clientEncryption = new this.configuration.mongodbClientEncryption.ClientEncryption(client, {
+        keyVaultNamespace: 'keyvault.datakeys',
+        kmsProviders: getKmsProviders()
+      });
+
+      // Using client_encryption, create a data key with a local KMS provider and the keyAltName "def".
+      setupKeyId = await clientEncryption.createDataKey('local', {
+        keyAltNames: ['def']
+      });
+    });
+
+    afterEach(async () => {
+      clientEncryption = null;
+      setupKeyId = null;
+      await client.close();
+    });
+
+    context('Case 1', metadata, function () {
+      it('createDataKey() handles duplicate key errors on the keyvault collection', async function () {
+        // 1. Use client_encryption to create a new local data key with a keyAltName "abc" and assert the operation does not fail.
+        await clientEncryption.createDataKey('local', {
+          keyAltNames: ['abc']
+        });
+
+        // 2. Repeat Step 1 and assert the operation fails due to a duplicate key server error (error code 11000).
+        const resultStep2 = await clientEncryption
+          .createDataKey('local', {
+            keyAltNames: ['abc']
+          })
+          .catch(e => e);
+        expect(
+          resultStep2,
+          'Error in step 2) expected clientEncryption.createDataKey to throw duplicate key error but it did not'
+        ).to.be.instanceof(MongoServerError);
+        expect(resultStep2).have.property('code', 11000);
+
+        // 3. Use client_encryption to create a new local data key with a keyAltName "def" and assert the operation fails due to a duplicate key server error (error code 11000).
+        const resultStep3 = await clientEncryption
+          .createDataKey('local', {
+            keyAltNames: ['def']
+          })
+          .catch(e => e);
+        expect(
+          resultStep3,
+          'Error in step 3) expected clientEncryption.createDataKey to throw duplicate key error but it did not'
+        ).to.be.instanceof(MongoServerError);
+        expect(resultStep3).have.property('code', 11000);
+      });
+    });
+
+    context('Case 2', metadata, function () {
+      it('addKeyAltName() handles duplicate key errors on the keyvault collection', async function () {
+        // 1. Use client_encryption to create a new local data key and assert the operation does not fail.
+        const _id = await clientEncryption.createDataKey('local');
+
+        // 2. Use client_encryption to add a keyAltName "abc" to the key created in Step 1 and assert the operation does not fail.
+        await clientEncryption.addKeyAltName(_id, 'abc');
+
+        // 3. Repeat Step 2, assert the operation does not fail, and assert the returned key document contains the keyAltName "abc" added in Step 2.
+        const resultStep3 = await clientEncryption.addKeyAltName(_id, 'abc');
+        expect(resultStep3).to.have.property('keyAltNames').to.include('abc');
+
+        // 4. Use client_encryption to add a keyAltName "def" to the key created in Step 1 and assert the operation fails due to a duplicate key server error (error code 11000).
+        const resultStep4 = await clientEncryption.addKeyAltName(_id, 'def').catch(e => e);
+        expect(
+          resultStep4,
+          'Error in step 4) expected clientEncryption.addKeyAltName to throw duplicate key error but it did not'
+        ).to.be.instanceof(MongoServerError);
+        expect(resultStep4).to.have.property('code', 11000);
+
+        // 5. Use client_encryption to add a keyAltName "def" to the existing key, assert the operation does not fail, and assert the returned key document contains the keyAltName "def" added during Setup.
+        const resultStep5 = await clientEncryption.addKeyAltName(setupKeyId, 'def');
+        expect(resultStep5).to.have.property('keyAltNames').to.include('def');
+      });
+    });
+  });
+
   context('14. Decryption Events', metadata, function () {
     let setupClient;
     let clientEncryption;
