DRIVERS-2790 Add codespell checker

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.4.0
+ rev: v4.5.0
  hooks:
  - id: check-case-conflict
  - id: check-executables-have-shebangs
@@ -44,7 +44,7 @@ repos:
  stages: [manual]
 
 - repo: https://github.com/python-jsonschema/check-jsonschema
- rev: 0.26.3
+ rev: 0.27.3
  hooks:
  - id: check-github-workflows
 
@@ -55,8 +55,8 @@ repos:
  - id: rst-directive-colons
  - id: rst-inline-touching-normal
 
-# - repo: https://github.com/codespell-project/codespell
-#  rev: "v2.2.6"
-#  hooks:
-#  - id: codespell
-#  exclude_types: [json,yaml]
+- repo: https://github.com/codespell-project/codespell
+ rev: "v2.2.6"
+ hooks:
+ - id: codespell
+ args: ["-L", "fle,re-use,merchantibility,synching,crate,nin,infinit,te"]

source/auth/auth.rst

@@ -759,7 +759,7 @@ BSON representation and a human-readable "friendly name" which is used in this s
 Name Friendly Name Type Description
 ==== ==================== ================= ==============================================================================================================================================
 r client nonce BinData Subtype 0 32 byte cryptographically secure random number 
-p gs2-cb-flag int32 The integer representation of the ASCII charater 'n' or 'y', i.e., ``110`` or ``121``
+p gs2-cb-flag int32 The integer representation of the ASCII character 'n' or 'y', i.e., ``110`` or ``121``
 s server nonce BinData Subtype 0 64 bytes total, 32 bytes from the client first message and a 32 byte cryptographically secure random number generated by the server
 h sts host string FQDN of the STS service 
 a authorization header string Authorization header for `AWS Signature Version 4 <https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html?shortFooter=true>`_
@@ -776,7 +776,7 @@ Conversation
 ````````````
 
 The first message sent by drivers MUST contain a ``client nonce`` and ``gs2-cb-flag``. In response, the server will send a ``server nonce``
-and ``sts host``. Drivers MUST validate that the server nonce is exactly 64 bytes and the first 32 bytes are the same as the client nonce. Drivers MUST also validate that the length of the host is greater than 0 and less than or equal to 255 bytes per `RFC 1035 <https://tools.ietf.org/html/rfc1035>`_. Drivers MUST reject FQDN names with empty lables (e.g., "abc..def"), names that start with a period (e.g., ".abc.def") and names that end with a period (e.g., "abc.def."). Drivers MUST respond to the server's message with an ``authorization header`` and a ``date``.
+and ``sts host``. Drivers MUST validate that the server nonce is exactly 64 bytes and the first 32 bytes are the same as the client nonce. Drivers MUST also validate that the length of the host is greater than 0 and less than or equal to 255 bytes per `RFC 1035 <https://tools.ietf.org/html/rfc1035>`_. Drivers MUST reject FQDN names with empty labels (e.g., "abc..def"), names that start with a period (e.g., ".abc.def") and names that end with a period (e.g., "abc.def."). Drivers MUST respond to the server's message with an ``authorization header`` and a ``date``.
 
 As an example, given a client nonce value of "dzw1U2IwSEtgaWI0IUxZMVJqc2xuQzNCcUxBc05wZjI=", a MONGODB-AWS conversation decoded from
 BSON to JSON would appear as follows:
@@ -888,7 +888,7 @@ Body Action=GetCallerIdentity&Version=2011-06-15
 Region Calculation
 ``````````````````
 
-To get the region from the host, the driver MUST follow the algorithm expressed in psuedocode below. :: 
+To get the region from the host, the driver MUST follow the algorithm expressed in pseudocode below. :: 
 
  if the host is invalid according to the rules described earlier
  the region is undefined and the driver must raise an error.
@@ -1067,7 +1067,7 @@ would be with other credential responses.
 
 ECS endpoint
 ____________
-If a username and password are not provided and the aforementioned enviornment variables are not set, drivers MUST query a link-local AWS address for temporary credentials.
+If a username and password are not provided and the aforementioned environment variables are not set, drivers MUST query a link-local AWS address for temporary credentials.
 If temporary credentials cannot be obtained then drivers MUST fail authentication and raise an error. Drivers SHOULD
 enforce a 10 second read timeout while waiting for incoming content from both the ECS and EC2 endpoints. If the
 environment variable ``AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`` is set then drivers MUST assume that it was set by an
@@ -1155,15 +1155,15 @@ Caching Credentials
 ___________________
 Credentials fetched by the driver using AWS endpoints MUST be cached and reused
 to avoid hitting AWS rate limitations. AWS recommends using a suitable
-Software Development Kit (SDK) for your langauge. If that SDK supports
+Software Development Kit (SDK) for your language. If that SDK supports
 credential fetch and automatic refresh/caching, then that mechanism can
 be used in lieu of manual caching.
 
 If using manual caching, the "Expiration" field MUST be stored
 and used to determine when to clear the cache. Credentials are considered
 valid if they are more than five minutes away from expiring; to the reduce the
 chance of expiration before they are validated by the server. Credentials
-that are retreived from environment variables MUST NOT be cached.
+that are retrieved from environment variables MUST NOT be cached.
 
 If there are no current valid cached credentials, the driver MUST initiate a
 credential request. To avoid adding a bottleneck that would override the
@@ -1460,8 +1460,8 @@ Implementation
 
 #. Credentials MAY be specified in the connection string immediately after the scheme separator "//".
 #. A realm MAY be passed as a part of the username in the url. It would be something like dev@MONGODB.COM, where dev is the username and MONGODB.COM is the realm. Per the RFC, the @ symbol should be url encoded using %40.
- * When GSSAPI is specified, this should be interpretted as the realm.
- * When non-GSSAPI is specified, this should be interpetted as part of the username.
+ * When GSSAPI is specified, this should be interpreted as the realm.
+ * When non-GSSAPI is specified, this should be interpreted as part of the username.
 #. It is permissible for only the username to appear in the connection string. This would be identified by having no colon follow the username before the '@' hostname separator.
 #. The source is determined by the following:
  * if authSource is specified, it is used.
@@ -1509,13 +1509,13 @@ For the example users above, the ``dbstats`` command could be used as a test
 command.
 
 For a test user supporting both SCRAM-SHA-1 and SCRAM-SHA-256, drivers should
-verify that negotation selects SCRAM-SHA-256. This may require monkey
+verify that negotiation selects SCRAM-SHA-256. This may require monkey
 patching, manual log analysis, etc.
 
 Step 3
 ------
 
-For test users that support only one mechanism, verify that explictly specifying
+For test users that support only one mechanism, verify that explicitly specifying
 the other mechanism fails.
 
 For a non-existent username, verify that not specifying a mechanism when

source/auth/tests/mongodb-oidc.rst

@@ -429,7 +429,7 @@ Separate Connections Avoid Extra Callback Calls
 - Create request and refresh callbacks that return tokens that will not expire
  soon. Ensure that we can record the number of times each callback is called.
 - Create two clients using the callbacks
-- Peform a find operation on each client that succeeds.
+- Perform a find operation on each client that succeeds.
 - Ensure that the request callback has been called once and the refresh
  callback has not been called.
 - Force a reauthenication on the first client using a ``failCommand`` of the
@@ -450,10 +450,10 @@ Separate Connections Avoid Extra Callback Calls
  }
  }
 
-- Perform a ``find`` operation that succeds.
+- Perform a ``find`` operation that succeeds.
 - Ensure that the request callback has been called once and the refresh
  callback has been called once.
 - Repeat the ``failCommand`` and ``find`` operation on the second client.
 - Ensure that the request callback has been called once and the refresh
  callback has been called once.
-- Close both clients.
+- Close both clients.

source/bson-corpus/bson-corpus.rst

@@ -46,7 +46,7 @@ Goals
 Non-Goals
 ---------
 
-* Replace or extend the offical BSON spec at http://bsonspec.org.
+* Replace or extend the official BSON spec at http://bsonspec.org.
 
 * Provide a formal specification for ``extjson``.
 

source/change-streams/change-streams.rst

@@ -597,7 +597,7 @@ The stage has the following shape:
 
 The first parameter of the helpers specifies an array of aggregation pipeline stages which MUST be appended to the initial stage. Drivers MUST support an empty pipeline. Languages which support default parameters MAY specify an empty array as the default value for this parameter. Drivers SHOULD otherwise make specification of a pipeline as similar as possible to the `aggregate <https://github.com/mongodb/specifications/blob/master/source/crud/crud.rst#read>`_ CRUD method.
 
-Additionally, implementors MAY provide a form of these methods which require no parameters, assuming no options and no additional stages beyond the initial ``$changeStream`` stage:
+Additionally, implementers MAY provide a form of these methods which require no parameters, assuming no options and no additional stages beyond the initial ``$changeStream`` stage:
 
 .. code:: python
 
@@ -616,7 +616,7 @@ A driver MUST NOT throw an exception if any unsupported stage is provided, but i
 
 A driver MUST NOT throw an exception if a user adds, removes, or modifies fields using ``$project``. The server will produce an error if ``_id``
 is projected out, but a user should otherwise be able to modify the shape of the change stream event as desired. This may require the result
-to be deserialized to a ``BsonDocument`` or custom-defined type rather than a ``ChangeStreamDocument``. It is the responsiblity of the
+to be deserialized to a ``BsonDocument`` or custom-defined type rather than a ``ChangeStreamDocument``. It is the responsibility of the
 user to ensure that the deserialized type is compatible with the specified ``$project`` stage.
 
 The aggregate helper methods MUST have no new logic related to the ``$changeStream`` stage. Drivers MUST be capable of handling `TAILABLE_AWAIT <https://github.com/mongodb/specifications/blob/master/source/crud/crud.rst#read>`_ cursors from the aggregate command in the same way they handle such cursors from find.
@@ -679,7 +679,7 @@ Drivers MUST use the ``ns`` returned in the ``aggregate`` command to set the ``c
 ChangeStream
 ------------
 
-A ``ChangeStream`` is an abstraction of a `TAILABLE_AWAIT <https://github.com/mongodb/specifications/blob/master/source/crud/crud.rst#read>`_ cursor, with support for resumability. Implementors MAY choose to implement a ``ChangeStream`` as an extension of an existing tailable cursor implementation. If the ``ChangeStream`` is implemented as a type which owns a tailable cursor, then the implementor MUST provide a manner of closing the change stream, as well as satisfy the requirements of extending ``Iterable<Document>``. If your language has an idiomatic way of disposing of resources you MAY choose to implement that in addition to, or instead of, an explicit close method.
+A ``ChangeStream`` is an abstraction of a `TAILABLE_AWAIT <https://github.com/mongodb/specifications/blob/master/source/crud/crud.rst#read>`_ cursor, with support for resumability. Implementers MAY choose to implement a ``ChangeStream`` as an extension of an existing tailable cursor implementation. If the ``ChangeStream`` is implemented as a type which owns a tailable cursor, then the implementer MUST provide a manner of closing the change stream, as well as satisfy the requirements of extending ``Iterable<Document>``. If your language has an idiomatic way of disposing of resources you MAY choose to implement that in addition to, or instead of, an explicit close method.
 
 A change stream MUST track the last resume token, per `Updating the Cached Resume Token`_.
 
@@ -705,7 +705,7 @@ The server expects ``startAtOperationTime`` as a BSON Timestamp. Drivers MUST al
 
 ``startAtOperationTime``, ``resumeAfter``, and ``startAfter`` are all mutually exclusive; if any two are set, the server will return an error. Drivers MUST NOT throw a custom error, and MUST defer to the server error.
 
-The ``ChangeStream`` MUST save the ``operationTime`` from the initial ``aggregate`` response when the following critera are met:
+The ``ChangeStream`` MUST save the ``operationTime`` from the initial ``aggregate`` response when the following criteria are met:
 
 - None of ``startAtOperationTime``, ``resumeAfter``, ``startAfter`` were specified in the ``ChangeStreamOptions``.
 - The max wire version is >= ``7``.

source/client-side-encryption/client-side-encryption.rst

@@ -1539,7 +1539,7 @@ for explicit encryption only (i.e. on the ClientEncryption class).
 For purposes of testing, a driver may use a different set of search paths.
 
 
-.. rubric:: Explaination
+.. rubric:: Explanation
 
 The `search paths`_ array in libmongocrypt_ allows the driver to customize the
 way that libmongocrypt_ searches and loads the crypt_shared_ library. For testing
@@ -2419,15 +2419,15 @@ Why are serverSelectionTryOnce and cooldownMS disabled for single-threaded drive
 By default, single threaded clients set serverSelectionTryOnce to true, which
 means server selection fails if a topology scan fails the first time (i.e. it
 will not make repeat attempts until serverSelectionTimeoutMS expires). This
-behavior is overriden since there may be a small delay between spawning
+behavior is overridden since there may be a small delay between spawning
 mongocryptd (which the driver may be responsible for) and for mongocryptd to
 listen on sockets. See the Server Selection spec description of `serverSelectionTryOnce <../server-selection/server-selection.rst#serverselectiontryonce>`_.
 
 Similarly, single threaded clients will by default wait for 5 second cooldown
 period after failing to connect to a server before making another attempt.
 Meaning if the first attempt to mongocryptd fails to connect, then the user
 would observe a 5 second delay. This is not configurable in the URI, so this
-must be overriden internally. Since mongocryptd is a local process, there should
+must be overridden internally. Since mongocryptd is a local process, there should
 only be a very short delay after spawning mongocryptd for it to start listening
 on sockets. See the SDAM spec description of `cooldownMS <../source/server-discovery-and-monitoring/server-discovery-and-monitoring.rst#cooldownms>`__.
 

source/client-side-encryption/etc/test-templates/fle2v2-MissingKey.yml.template

@@ -19,7 +19,7 @@ data: [
 encrypted_fields: {{ yamlfile("encryptedFields.json") }}
 key_vault_data: []
 tests:
- - description: "FLE2 encrypt fails with mising key"
+ - description: "FLE2 encrypt fails with missing key"
  clientOptions:
  autoEncryptOpts:
  kmsProviders:
@@ -30,7 +30,7 @@ tests:
  document: { _id: 1, encryptedIndexed: "123" }
  result:
  errorContains: "not all keys requested were satisfied"
- - description: "FLE2 decrypt fails with mising key"
+ - description: "FLE2 decrypt fails with missing key"
  clientOptions:
  autoEncryptOpts:
  kmsProviders:

source/client-side-encryption/tests/README.rst

@@ -1308,7 +1308,7 @@ Drivers that do not support an unlimited maximum pool size MUST skip this test.
 The following tests that connections to KMS servers with TLS verify peer certificates.
 
 The two tests below make use of mock KMS servers which can be run on Evergreen using `the mock KMS server script <https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/kms_http_server.py>`_.
-Drivers can set up their local Python enviroment for the mock KMS server by running `the virtualenv activation script <https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/activate_venv.sh>`_.
+Drivers can set up their local Python environment for the mock KMS server by running `the virtualenv activation script <https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/activate_venv.sh>`_.
 
 To start two mock KMS servers, one on port 9000 with `ca.pem`_ as a CA file and `expired.pem`_ as a cert file, and one on port 9001 with `ca.pem`_ as a CA file and `wrong-host.pem`_ as a cert file,
 run the following commands from the ``.evergreen/csfle`` directory:

source/client-side-encryption/tests/legacy/fle2v2-MissingKey.yml

@@ -19,7 +19,7 @@ data: [
 encrypted_fields: {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
 key_vault_data: []
 tests:
- - description: "FLE2 encrypt fails with mising key"
+ - description: "FLE2 encrypt fails with missing key"
  clientOptions:
  autoEncryptOpts:
  kmsProviders:
@@ -30,7 +30,7 @@ tests:
  document: { _id: 1, encryptedIndexed: "123" }
  result:
  errorContains: "not all keys requested were satisfied"
- - description: "FLE2 decrypt fails with mising key"
+ - description: "FLE2 decrypt fails with missing key"
  clientOptions:
  autoEncryptOpts:
  kmsProviders: