mongodb · W-A-James · Aug 20, 2024 · Aug 5, 2024 · Aug 14, 2024 · Aug 14, 2024
diff --git a/.evergreen/install-mongodb-client-encryption.sh b/.evergreen/install-mongodb-client-encryption.sh
@@ -1,5 +1,5 @@
 #! /usr/bin/env bash
-set +o xtrace # Do not write AWS credentials to stderr
+set +o xtrace
 
 # Initial checks for running these tests
 if [ -z ${PROJECT_DIRECTORY+omitted} ]; then echo "PROJECT_DIRECTORY is unset" && exit 1; fi
@@ -9,20 +9,19 @@ source "${PROJECT_DIRECTORY}/.evergreen/init-node-and-npm-env.sh"
 set -o xtrace # Write all commands first to stderr
 set -o errexit # Exit the script with error if any of the commands fail
 
-rm -rf $INSTALL_DIR
+rm -rf mongodb-client-encryption
 git clone https://github.com/mongodb-js/mongodb-client-encryption.git
 pushd mongodb-client-encryption
 
 if [ -n "${LIBMONGOCRYPT_VERSION}" ]; then
  # nightly tests test with `latest` to test against the laster FLE build.
- npm run install:libmongocrypt -- --libVersion $LIBMONGOCRYPT_VERSION
+ npm run install:libmongocrypt -- --build --libVersion $LIBMONGOCRYPT_VERSION
 else
  # otherwise use whatever is specified in the package.json.
  npm run install:libmongocrypt
 fi
 
 echo "finished installing libmongocrypt"
-BINDINGS_DIR=$(pwd)
 
 popd
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -98,7 +98,7 @@
  "js-yaml": "^4.1.0",
  "mocha": "^10.4.0",
  "mocha-sinon": "^2.1.2",
- "mongodb-client-encryption": "^6.1.0-alpha.0",
+ "mongodb-client-encryption": "^6.1.0",
  "mongodb-legacy": "^6.0.1",
  "nyc": "^15.1.0",
  "prettier": "^2.8.8",

diff --git a/src/client-side-encryption/client_encryption.ts b/src/client-side-encryption/client_encryption.ts
@@ -5,7 +5,15 @@ import type {
  MongoCryptOptions
 } from 'mongodb-client-encryption';
 
-import { type Binary, deserialize, type Document, type Long, serialize, type UUID } from '../bson';
+import {
+ type Binary,
+ deserialize,
+ type Document,
+ type Int32,
+ type Long,
+ serialize,
+ type UUID
+} from '../bson';
 import { type AnyBulkWriteOperation, type BulkWriteResult } from '../bulk/common';
 import { type ProxyOptions } from '../cmap/connection';
 import { type Collection } from '../collection';
@@ -948,12 +956,13 @@ export interface ClientEncryptionRewrapManyDataKeyResult {
 /**
  * @public
  * RangeOptions specifies index options for a Queryable Encryption field supporting "rangePreview" queries.
- * min, max, sparsity, and range must match the values set in the encryptedFields of the destination collection.
+ * min, max, sparsity, trimFactor and range must match the values set in the encryptedFields of the destination collection.
  * For double and decimal128, min/max/precision must all be set, or all be unset.
  */
 export interface RangeOptions {
  min?: any;
  max?: any;
- sparsity: Long;
+ sparsity?: Long;
+ trimFactor?: Int32;
  precision?: number;
 }
diff --git a/.../client-side-encryption/client_side_encryption.prose.23.range_encryption_defaults.test.ts b/.../client-side-encryption/client_side_encryption.prose.23.range_encryption_defaults.test.ts
@@ -0,0 +1,144 @@
+import { type Binary, EJSON, Int32, Long } from 'bson';
+import { expect } from 'chai';
+
+/* eslint-disable @typescript-eslint/no-restricted-imports */
+import { ClientEncryption } from '../../../src/client-side-encryption/client_encryption';
+import { installNodeDNSWorkaroundHooks } from '../../tools/runner/hooks/configuration';
+
+const metaData: MongoDBMetadataUI = {
+ requires: {
+ clientSideEncryption: '>=6.1.0',
+
+ // The Range Explicit Encryption tests require MongoDB server 7.0+ for QE v2.
+ // The tests must not run against a standalone.
+ //
+ // `range` is not supported on 8.0+ servers.
+ mongodb: '>=8.0.0',
+ topology: '!single'
+ }
+};
+
+const getKmsProviders = (): { local: { key: string } } => {
+ const result = EJSON.parse(process.env.CSFLE_KMS_PROVIDERS || '{}') as unknown as {
+ local: { key: string };
+ };
+
+ return { local: result.local };
+};
+
+describe('Range Explicit Encryption Defaults', function () {
+ installNodeDNSWorkaroundHooks();
+
+ let clientEncryption: ClientEncryption;
+ let keyId;
+ let keyVaultClient;
+ let payload_defaults: Binary;
+
+ beforeEach(async function () {
+ // Create a MongoClient named `keyVaultClient`.
+ keyVaultClient = this.configuration.newClient();
+
+ // Create a ClientEncryption object named `clientEncryption` with these options:
+ // ```typescript
+ // class ClientEncryptionOpts {
+ // keyVaultClient: keyVaultClient,
+ // keyVaultNamespace: "keyvault.datakeys",
+ // kmsProviders: { "local": { "key": "<base64 decoding of LOCAL_MASTERKEY>" } },
+ // }
+ // ```
+ clientEncryption = new ClientEncryption(keyVaultClient, {
+ keyVaultNamespace: 'keyvault.datakeys',
+ kmsProviders: getKmsProviders()
+ });
+
+ // Create a key with `clientEncryption.createDataKey`. Store the returned key ID in a variable named `keyId`.
+ keyId = await clientEncryption.createDataKey('local');
+
+ // Call `clientEncryption.encrypt` to encrypt the int32 value `123` with these options:
+ // ```typescript
+ // class EncryptOpts {
+ // keyId : keyId,
+ // algorithm: "Range",
+ // contentionFactor: 0,
+ // rangeOpts: RangeOpts {
+ // min: 0,
+ // max: 1000
+ // }
+ // }
+ // ```
+ // Store the result in a variable named `payload_defaults`.
+ payload_defaults = await clientEncryption.encrypt(new Int32(123), {
+ keyId,
+ algorithm: 'Range',
+ contentionFactor: 0,
+ rangeOptions: {
+ min: 0,
+ max: 1000
+ }
+ });
+ });
+
+ afterEach(async function () {
+ await keyVaultClient.close();
+ });
+
+ it('Case 1: Uses libmongocrypt defaults', metaData, async function () {
+ // Call `clientEncryption.encrypt` to encrypt the int32 value `123` with these options:
+ // ```typescript
+ // class EncryptOpts {
+ // keyId : keyId,
+ // algorithm: "Range",
+ // contentionFactor: 0,
+ // rangeOpts: RangeOpts {
+ // min: 0,
+ // max: 1000,
+ // sparsity: 2,
+ // trimFactor: 6
+ // }
+ // }
+ // ```
+ const encrypted = await clientEncryption.encrypt(new Int32(123), {
+ keyId: keyId,
+ algorithm: 'Range',
+ contentionFactor: 0,
+ rangeOptions: {
+ min: 0,
+ max: 1000,
+ sparsity: new Long(2),
+ trimFactor: new Int32(6)
+ }
+ });
+
+ // Assert the returned payload size equals the size of `payload_defaults`.
+ expect(encrypted.length()).to.equal(payload_defaults.length());
+ });
+
+ it('Case 2: can find encrypted range and return the maximum', metaData, async function () {
+ // Call `clientEncryption.encrypt` to encrypt the int32 value `123` with these options:
+ // ```typescript
+ // class EncryptOpts {
+ // keyId : keyId,
+ // algorithm: "Range",
+ // contentionFactor: 0,
+ // rangeOpts: RangeOpts {
+ // min: 0,
+ // max: 1000,
+ // trimFactor: 0
+ // }
+ // }
+ // ```
+ const encrypted = await clientEncryption.encrypt(new Int32(123), {
+ keyId: keyId,
+ algorithm: 'Range',
+ contentionFactor: 0,
+ rangeOptions: {
+ min: 0,
+ max: 1000,
+ trimFactor: new Int32(0)
+ }
+ });
+
+ // Assert the returned payload size is greater than the size of `payload_defaults`.
+ expect(encrypted.length()).to.be.greaterThan(payload_defaults.length());
+ });
+});
diff --git a/test/integration/client-side-encryption/client_side_encryption.spec.test.ts b/test/integration/client-side-encryption/client_side_encryption.spec.test.ts
@@ -97,6 +97,9 @@ describe('Client Side Encryption (Legacy)', function () {
  }
 
  if (isServerless) {
+ if (description === "Compact works with 'range' fields") {
+ return 'TODO(CLOUDP-267864): fix compactStructuredEncryptionData against serverless';
+ }
  // TODO(NODE-4730): Fix failing csfle tests against serverless
  const isSkippedTest = [
  'BypassQueryAnalysis decrypts',