diff --git a/.eslintrc.js b/.eslintrc.js index b4d7d1652d..7670926d24 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -14,7 +14,8 @@ module.exports = { '**/docs/js/native.js', '!.*', 'node_modules', - '.git' + '.git', + 'encrypted-cluster' ], overrides: [ { diff --git a/mongocryptd.pid b/mongocryptd.pid new file mode 100644 index 0000000000..e69de29bb2 diff --git a/package.json b/package.json index 0d0fe6f99c..5c726e144c 100644 --- a/package.json +++ b/package.json @@ -105,7 +105,7 @@ "test-rs": "START_REPLICA_SET=1 mocha --timeout 30000 --exit ./test/*.test.js", "test-tsd": "node ./test/types/check-types-filename && tsd", "test-encryption": "mocha --exit ./test/encryption/*.test.js", - "test-encryption-local": "chmod +x scripts/run-encryption-tests-local.sh && scripts/run-encryption-tests-local.sh", + "test-encryption-local": "bash scripts/run-encryption-tests-local.sh", "tdd": "mocha ./test/*.test.js --inspect --watch --recursive --watch-files ./**/*.{js,ts}", "test-coverage": "nyc --reporter=html --reporter=text npm test", "ts-benchmark": "cd ./benchmarks/typescript/simple && npm install && npm run benchmark | node ../../../scripts/tsc-diagnostics-check" diff --git a/scripts/run-encryption-tests-local.sh b/scripts/run-encryption-tests-local.sh index dd29eb9880..ff4332370b 100755 --- a/scripts/run-encryption-tests-local.sh +++ b/scripts/run-encryption-tests-local.sh @@ -1,17 +1,18 @@ #!/usr/bin/env bash -# sets up an encrypted mongodb cluster +# sets up an encrypted mongodb cluster, adds relevant variables to the environment, and runs encryption tests export CWD=$(pwd); +# set up encrypted mongodb cluster if the encrypted-cluster folder does not exist +# note: for tooling, cluster set-up and configuration look into the 'scripts/start-encrypted-cluster.sh' script if [ -d "encrypted-cluster" ]; then cd encrypted-cluster else source $CWD/scripts/start-encrypted-cluster.sh fi -# IMPORTANT: extracts mongodb-uri, and starts the cluster of servers, store the uri for GitHub output - +# extracts MONGOOSE_TEST_URI and CRYPT_SHARED_LIB_PATH from .yml file into environment variables for this test run read -r -d '' SOURCE_SCRIPT << EOM const fs = require('fs'); const file = fs.readFileSync('mo-expansion.yml', { encoding: 'utf-8' }) @@ -32,4 +33,5 @@ source expansions.sh export MONGOOSE_TEST_URI=$MONGODB_URI +# run encryption tests npm run test-encryption diff --git a/scripts/start-encrypted-cluster.sh b/scripts/start-encrypted-cluster.sh index b04c4b655c..1fb8a4aa22 100644 --- a/scripts/start-encrypted-cluster.sh +++ b/scripts/start-encrypted-cluster.sh @@ -1,17 +1,25 @@ +# creates a encrypted cluster (sharded on 8.0 server) export CWD=$(pwd); mkdir encrypted-cluster cd encrypted-cluster +# note: + # we're using drivers-evergreen-tools which is a repo that handles cluster set-up for us. + # if you'd like to make changes to the cluster settings, edit the exported variables below. + # for configuration options for the exported variables, see here: https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/run-orchestration.sh + # after this script is run, the encrypted-cluster/ folder will notably contain the following: + # 'mo-expansion.yml' file which contains for your cluster URI and crypt shared library path + # 'drivers-evergreen-tools/mongodb/bin' which contain executables for other mongodb libraries such as mongocryptd, mongosh, and mongod if [ ! -d "drivers-evergreen-tools/" ]; then git clone --depth=1 "https://github.com/mongodb-labs/drivers-evergreen-tools.git" fi +# configure cluster settings export DRIVERS_TOOLS=$CWD/encrypted-cluster/drivers-evergreen-tools export MONGODB_VERSION=8.0 export AUTH=true export MONGODB_BINARIES=$DRIVERS_TOOLS/mongodb/bin -export NODE_DRIVER=~/dev/node-mongodb-native export MONGO_ORCHESTRATION_HOME=$DRIVERS_TOOLS/mo export PROJECT_ORCHESTRATION_HOME=$DRIVERS_TOOLS/.evergreen/orchestration export TOPOLOGY=sharded_cluster @@ -24,4 +32,5 @@ cd - rm expansions.sh 2> /dev/null -bash $DRIVERS_TOOLS/.evergreen/run-orchestration.sh \ No newline at end of file +# start cluster +bash $DRIVERS_TOOLS/.evergreen/run-orchestration.sh diff --git a/test/encryption/encryption.test.js b/test/encryption/encryption.test.js index ba29506965..14e18306d9 100644 --- a/test/encryption/encryption.test.js +++ b/test/encryption/encryption.test.js @@ -6,92 +6,91 @@ const isBsonType = require('../../lib/helpers/isBsonType'); const LOCAL_KEY = Buffer.from('Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'base64'); -describe('environmental variables', () => { - it('MONGOOSE_TEST_URI is set', async function() { - const uri = process.env.MONGOOSE_TEST_URI; - assert.ok(uri); - }); +describe('ci', () => { + describe('environmental variables', () => { + it('MONGOOSE_TEST_URI is set', async function() { + const uri = process.env.MONGOOSE_TEST_URI; + assert.ok(uri); + }); - it('CRYPT_SHARED_LIB_PATH is set', async function() { - const shared_library_path = process.env.CRYPT_SHARED_LIB_PATH; - assert.ok(shared_library_path); + it('CRYPT_SHARED_LIB_PATH is set', async function() { + const shared_library_path = process.env.CRYPT_SHARED_LIB_PATH; + assert.ok(shared_library_path); + }); }); -}); -describe('basic integration', () => { - let keyVaultClient; - let dataKey; - let encryptedClient; - let dummyClient; + describe('basic integration', () => { + let keyVaultClient; + let dataKey; + let encryptedClient; + let unencryptedClient; - beforeEach(async function() { - keyVaultClient = new mdb.MongoClient(process.env.MONGOOSE_TEST_URI); - await keyVaultClient.connect(); - await keyVaultClient.db('keyvault').collection('datakeys'); - const clientEncryption = new mdb.ClientEncryption(keyVaultClient, { - keyVaultNamespace: 'keyvault.datakeys', - kmsProviders: { local: { key: LOCAL_KEY } } - }); - dataKey = await clientEncryption.createDataKey('local'); + beforeEach(async function() { + keyVaultClient = new mdb.MongoClient(process.env.MONGOOSE_TEST_URI); + await keyVaultClient.connect(); + await keyVaultClient.db('keyvault').collection('datakeys'); + const clientEncryption = new mdb.ClientEncryption(keyVaultClient, { + keyVaultNamespace: 'keyvault.datakeys', + kmsProviders: { local: { key: LOCAL_KEY } } + }); + dataKey = await clientEncryption.createDataKey('local'); - encryptedClient = new mdb.MongoClient( - process.env.MONGOOSE_TEST_URI, - { - autoEncryption: { - keyVaultNamespace: 'keyvault.datakeys', - kmsProviders: { local: { key: LOCAL_KEY } }, - schemaMap: { - 'db.coll': { - bsonType: 'object', - encryptMetadata: { - keyId: [dataKey] - }, - properties: { - a: { - encrypt: { - bsonType: 'int', - algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Random', - keyId: [dataKey] + encryptedClient = new mdb.MongoClient( + process.env.MONGOOSE_TEST_URI, + { + autoEncryption: { + keyVaultNamespace: 'keyvault.datakeys', + kmsProviders: { local: { key: LOCAL_KEY } }, + schemaMap: { + 'db.coll': { + bsonType: 'object', + encryptMetadata: { + keyId: [dataKey] + }, + properties: { + a: { + encrypt: { + bsonType: 'int', + algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Random', + keyId: [dataKey] + } } } } + }, + extraOptions: { + cryptdSharedLibRequired: true, + cryptSharedLibPath: process.env.CRYPT_SHARED_LIB_PATH } - }, - extraOptions: { - cryptdSharedLibRequired: true, - cryptSharedLibPath: process.env.CRYPT_SHARED_LIB_PATH } } - } - ); + ); - dummyClient = new mdb.MongoClient(process.env.MONGOOSE_TEST_URI); - }); - - afterEach(async function() { - await keyVaultClient.close(); - await encryptedClient.close(); - await dummyClient.close(); - }); + unencryptedClient = new mdb.MongoClient(process.env.MONGOOSE_TEST_URI); + }); - it('supports mongodb csfle auto-encryption integration', async() => { - await encryptedClient.connect(); - await encryptedClient.db('db').collection('coll').insertOne({ a: 1 }); + afterEach(async function() { + await keyVaultClient.close(); + await encryptedClient.close(); + await unencryptedClient.close(); + }); - const { insertedId } = await encryptedClient.db('db').collection('coll').insertOne({ a: 1 }); + it('ci set-up should support basic mongodb auto-encryption integration', async() => { + await encryptedClient.connect(); + const { insertedId } = await encryptedClient.db('db').collection('coll').insertOne({ a: 1 }); - // a dummyClient not configured with autoEncryption, returns a encrypted binary type, meaning that encryption succeeded - const encryptedResult = await dummyClient.db('db').collection('coll').findOne({ _id: insertedId }); + // client not configured with autoEncryption, returns a encrypted binary type, meaning that encryption succeeded + const encryptedResult = await unencryptedClient.db('db').collection('coll').findOne({ _id: insertedId }); - assert.ok(encryptedResult); - assert.ok(encryptedResult.a); - assert.ok(isBsonType(encryptedResult.a, 'Binary')); - assert.ok(encryptedResult.a.sub_type === 6); + assert.ok(encryptedResult); + assert.ok(encryptedResult.a); + assert.ok(isBsonType(encryptedResult.a, 'Binary')); + assert.ok(encryptedResult.a.sub_type === 6); - // when the encryptedClient runs a find, the original unencrypted value is returned - const unencryptedCursor = await encryptedClient.db('db').collection('coll').find(); - const unencryptedResult = await unencryptedCursor.next(); - assert.ok(unencryptedResult); - assert.ok(unencryptedResult.a === 1); + // when the encryptedClient runs a find, the original unencrypted value is returned + const unencryptedResult = await encryptedClient.db('db').collection('coll').findOne({ _id: insertedId }); + assert.ok(unencryptedResult); + assert.ok(unencryptedResult.a === 1); + }); }); });