update unified integration

Author: qingyang-hu

etc/install-libmongocrypt.sh

@@ -3,7 +3,7 @@
 # This script installs libmongocrypt into an "install" directory.
 set -eux
 
-LIBMONGOCRYPT_TAG="1.12.0"
+LIBMONGOCRYPT_TAG="1.15.1"
 
 # Install libmongocrypt based on OS.
 if [ "Windows_NT" = "${OS:-}" ]; then

internal/integration/unified/client_entity.go

@@ -8,9 +8,8 @@ package unified
 
 import (
 	"context"
-	"encoding/base64"
+	"crypto/tls"
 	"fmt"
-	"os"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -34,19 +33,11 @@ import (
 // exceed the default truncation length.
 const defaultMaxDocumentLen = 10_000
 
-var (
-	// Security-sensitive commands that should be ignored in command monitoring by default.
-	securitySensitiveCommands = []string{
-		"authenticate", "saslStart", "saslContinue", "getnonce",
-		"createUser", "updateUser", "copydbgetnonce", "copydbsaslstart", "copydb",
-	}
-
-	awsAccessKeyID     = os.Getenv("FLE_AWS_KEY")
-	awsSecretAccessKey = os.Getenv("FLE_AWS_SECRET")
-	azureTenantID      = os.Getenv("FLE_AZURE_TENANTID")
-	azureClientID      = os.Getenv("FLE_AZURE_CLIENTID")
-	azureClientSecret  = os.Getenv("FLE_AZURE_CLIENTSECRET")
-)
+// Security-sensitive commands that should be ignored in command monitoring by default.
+var securitySensitiveCommands = []string{
+	"authenticate", "saslStart", "saslContinue", "getnonce",
+	"createUser", "updateUser", "copydbgetnonce", "copydbsaslstart", "copydb",
+}
 
 // clientEntity is a wrapper for a mongo.Client object that also holds additional information required during test
 // execution.
@@ -288,44 +279,49 @@ func createAutoEncryptionOptions(opts bson.Raw) (*options.AutoEncryptionOptions,
 				return nil, err
 			}
 			for _, elem := range elems {
-				provider := elem.Key()
-				providerOpt := elem.Value()
-				switch provider {
-				case "aws":
-					providers["aws"] = map[string]any{
-						"accessKeyId":     awsAccessKeyID,
-						"secretAccessKey": awsSecretAccessKey,
-					}
-				case "azure":
-					providers["azure"] = map[string]any{
-						"tenantId":     azureTenantID,
-						"clientId":     azureClientID,
-						"clientSecret": azureClientSecret,
-					}
-				case "local":
-					str := providerOpt.Document().Lookup("key").StringValue()
-					key, err := base64.StdEncoding.DecodeString(str)
+				key := elem.Key()
+				opt := elem.Value().Document()
+				provider, err := getKmsProvider(key, opt)
+				if err != nil {
+					return nil, err
+				}
+				if provider == nil {
+					continue
+				}
+				providers[key] = provider
+				if key == "kmip" && tlsClientCertificateKeyFile != "" && tlsCAFile != "" {
+					cfg, err := options.BuildTLSConfig(map[string]any{
+						"tlsCertificateKeyFile": tlsClientCertificateKeyFile,
+						"tlsCAFile":             tlsCAFile,
+					})
 					if err != nil {
-						return nil, err
-					}
-					providers["local"] = map[string]any{
-						"key": key,
+						return nil, fmt.Errorf("error constructing tls config: %w", err)
 					}
-				default:
-					return nil, fmt.Errorf("unrecognized KMS provider: %v", provider)
+					aeo.SetTLSConfig(map[string]*tls.Config{
+						"kmip": cfg,
+					})
 				}
 			}
 			aeo.SetKmsProviders(providers)
 		case "schemaMap":
 			var schemaMap map[string]any
 			err := bson.Unmarshal(opt.Document(), &schemaMap)
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("error creating schema map: %v", err)
 			}
 			aeo.SetSchemaMap(schemaMap)
 		case "keyVaultNamespace":
 			kvnsFound = true
 			aeo.SetKeyVaultNamespace(opt.StringValue())
+		case "bypassAutoEncryption":
+			aeo.SetBypassAutoEncryption(opt.Boolean())
+		case "encryptedFieldsMap":
+			var encryptedFieldsMap map[string]any
+			err := bson.Unmarshal(opt.Document(), &encryptedFieldsMap)
+			if err != nil {
+				return nil, fmt.Errorf("error creating encryptedFieldsMap: %v", err)
+			}
+			aeo.SetEncryptedFieldsMap(encryptedFieldsMap)
 		case "bypassQueryAnalysis":
 			aeo.SetBypassQueryAnalysis(opt.Boolean())
 		default:

internal/integration/unified/collection_data.go

@@ -27,9 +27,10 @@ type collectionData struct {
 }
 
 type createOptions struct {
-	Capped          *bool  `bson:"capped"`
-	SizeInBytes     *int64 `bson:"size"`
-	EncryptedFields any    `bson:"encryptedFields"`
+	Capped          *bool    `bson:"capped"`
+	SizeInBytes     *int64   `bson:"size"`
+	EncryptedFields bson.Raw `bson:"encryptedFields"`
+	Validator       bson.Raw `bson:"validator"`
 }
 
 // createCollection configures the collection represented by the receiver using the internal client. This function
@@ -53,6 +54,9 @@ func (c *collectionData) createCollection(ctx context.Context) error {
 		if c.Options.EncryptedFields != nil {
 			createOpts = createOpts.SetEncryptedFields(c.Options.EncryptedFields)
 		}
+		if c.Options.Validator != nil {
+			createOpts = createOpts.SetValidator(c.Options.Validator)
+		}
 
 		if err := db.CreateCollection(ctx, c.CollectionName, createOpts); err != nil {
 			return fmt.Errorf("error creating collection: %w", err)

internal/integration/unified/database_operation_execution.go

@@ -125,6 +125,10 @@ func executeCreateCollection(ctx context.Context, operation *operation) (*operat
 			cco.SetTimeSeriesOptions(tso)
 		case "clusteredIndex":
 			cco.SetClusteredIndex(val.Document())
+		case "validator":
+			cco.SetValidator(val.Document())
+		case "encryptedFields":
+			cco.SetEncryptedFields(val.Document())
 		default:
 			return nil, fmt.Errorf("unrecognized createCollection option %q", key)
 		}
@@ -156,13 +160,17 @@ func executeDropCollection(ctx context.Context, operation *operation) (*operatio
 		return nil, err
 	}
 
+	dco := options.DropCollection()
+
 	var collName string
 	elems, _ := operation.Arguments.Elements()
 	for _, elem := range elems {
 		key := elem.Key()
 		val := elem.Value()
 
 		switch key {
+		case "encryptedFields":
+			dco.SetEncryptedFields(val.Document())
 		case "collection":
 			collName = val.StringValue()
 		default:
@@ -173,7 +181,7 @@ func executeDropCollection(ctx context.Context, operation *operation) (*operatio
 		return nil, newMissingArgumentError("collection")
 	}
 
-	err = db.Collection(collName).Drop(ctx)
+	err = db.Collection(collName).Drop(ctx, dco)
 	return newErrorResult(err), nil
 }