mongodb-js · addaleax · Mar 15, 2022 · Mar 14, 2022
@@ -138,6 +138,35 @@ describe('FLE tests', () => {
     expect(keyVaultContents).to.include(keyId.match(uuidRegexp)[1]);
   });
 
+  it('works when a schemaMap option has been passed', async() => {
+    const shell = TestShell.start({
+      args: ['--nodb']
+    });
+    await shell.waitForPrompt();
+    await shell.executeLine('local = { key: BinData(0, "kh4Gv2N8qopZQMQYMEtww/AkPsIrXNmEMxTrs3tUoTQZbZu4msdRUaR8U5fXD7A7QXYHcEvuu4WctJLoT+NvvV3eeIg3MD+K8H9SR794m/safgRHdIfy6PD+rFpvmFbY") }');
+    await shell.executeLine(`keyMongo = Mongo(${JSON.stringify(await testServer.connectionString())}, { \
+      keyVaultNamespace: '${dbname}.keyVault', \
+      kmsProviders: { local }, \
+      schemaMap: {} \
+    });`);
+
+    await shell.executeLine('keyVault = keyMongo.getKeyVault();');
+    const keyId = await shell.executeLine('keyId = keyVault.createKey("local");');
+    const uuidRegexp = /UUID([^)])/;
+    expect(keyId).to.match(uuidRegexp);
+
+    await shell.executeLine(`plainMongo = Mongo(${JSON.stringify(await testServer.connectionString())})`);
+    await shell.executeLine(`db = plainMongo.getDB('${dbname}')`);
+    const keyVaultContents = await shell.executeLine('db.keyVault.find()');
+    expect(keyVaultContents).to.include(keyId.match(uuidRegexp)[1]);
+
+    await shell.executeLine('clientEncryption = keyMongo.getClientEncryption();');
+    await shell.executeLine('encrypted = clientEncryption.encrypt(' +
+      'keyId, { someValue: "foo" }, "AEAD_AES_256_CBC_HMAC_SHA_512-Random");');
+    const result = await shell.executeLine('({ decrypted: clientEncryption.decrypt(encrypted) })');
+    expect(result).to.include("{ decrypted: { someValue: 'foo' } }");
+  });
+
   it('performs KeyVault data key management as expected', async() => {
     const shell = TestShell.start({
       args: [await testServer.connectionString()]

@@ -148,8 +148,7 @@ describe('Field Level Encryption', () => {
             keyVaultClient: undefined,
             keyVaultNamespace: AWS_KMS.keyVaultNamespace,
             kmsProviders: AWS_KMS.kmsProviders,
-            bypassAutoEncryption: AWS_KMS.bypassAutoEncryption,
-            schemaMap: AWS_KMS.schemaMap
+            bypassAutoEncryption: AWS_KMS.bypassAutoEncryption
           }
         );
       });
@@ -406,6 +405,21 @@ describe('Field Level Encryption', () => {
       // eslint-disable-next-line no-new
       new Mongo(instanceState, 'localhost:27017', localKmsOptions, undefined, sp);
     });
+    it('allows getting ClientEncryption if a schema map is provided', () => {
+      const localKmsOptions: ClientSideFieldLevelEncryptionOptions = {
+        keyVaultNamespace: `${DB}.${COLL}`,
+        kmsProviders: {
+          local: {
+            key: new bson.Binary(Buffer.alloc(96).toString('base64'))
+          }
+        },
+        schemaMap: SCHEMA_MAP,
+        bypassAutoEncryption: true
+      };
+      const mongo = new Mongo(instanceState, 'localhost:27017', localKmsOptions, undefined, sp);
+      expect(mongo.getClientEncryption()).to.be.instanceOf(ClientEncryption);
+      expect(mongo.getKeyVault()).to.be.instanceOf(KeyVault);
+    });
     it('fails if both explicitEncryptionOnly and schemaMap are passed', () => {
       const localKmsOptions: ClientSideFieldLevelEncryptionOptions = {
         keyVaultNamespace: `${DB}.${COLL}`,
@@ -496,7 +510,7 @@ describe('Field Level Encryption', () => {
         accessKeyId: 'SxHpYMUtB1CEVg9tX0N1',
         secretAccessKey: '44mjXTk34uMUmORma3w1viIAx4RCUv78bzwDY0R7',
         sessionToken: 'WXWHMnniSqij0CH27KK7H'
-      } as any], // As any until we have NODE-3107
+      }],
       ['azure', {
         tenantId: 'MUtB1CEVg9tX0',
         clientId: 'SxHpYMUtB1CEVg9tX0N1',

@@ -58,11 +58,13 @@ export class ClientEncryption extends ShellApiWithMongoClass {
       throw new MongoshRuntimeError('FLE API is not available');
     }
 
+    // ClientEncryption does not take a schemaMap and will fail if it receives one
+    const fleOptions = { ...this._mongo._fleOptions };
+    delete fleOptions.schemaMap;
+
     this._libmongocrypt = new fle.ClientEncryption(
       mongo._serviceProvider.getRawClient(),
-      {
-        ...(this._mongo._fleOptions as ClientEncryptionOptions)
-      }
+      fleOptions as ClientEncryptionOptions
     );
   }