From ba8330dfe10c080bc3bd1bfeb2f33211851e234d Mon Sep 17 00:00:00 2001 From: Pavel Safronov Date: Thu, 16 Oct 2025 10:06:46 -0700 Subject: [PATCH 1/4] skip client side encryption tests for node v25 --- ...client_side_encryption.prose.10.kms_tls.test.ts | 4 +++- .../client_side_encryption.prose.test.ts | 14 ++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts index b829f9ddfe6..9d1e0c0fc6b 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts @@ -2,10 +2,12 @@ import { expect } from 'chai'; import { getCSFLEKMSProviders } from '../../csfle-kms-providers'; import { ClientEncryption, type MongoClient } from '../../mongodb'; +import { vs25Predicate } from './client_side_encryption.prose.test'; const metadata: MongoDBMetadataUI = { requires: { - clientSideEncryption: true + clientSideEncryption: true, + predicate: vs25Predicate } }; diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts index 1f919fc2fa1..dda7d41e6ff 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts @@ -2,6 +2,7 @@ import { BSON, EJSON } from 'bson'; import { expect } from 'chai'; import * as fs from 'fs/promises'; import * as path from 'path'; +import { satisfies } from 'semver'; import { ClientEncryption } from '../../../src/client-side-encryption/client_encryption'; import { getCSFLEKMSProviders } from '../../csfle-kms-providers'; @@ -37,12 +38,16 @@ export const getKmsProviders = (localKey, kmipEndpoint, azureEndpoint, gcpEndpoi return result; }; +export const vs25Predicate = () => + satisfies(process.version, '<25.0.0') ? true : 'TODO(NODE-7250): fix these tests in v25'; + // eslint-disable-next-line @typescript-eslint/no-empty-function -const noop = () => {}; +const noop = () => { }; const metadata: MongoDBMetadataUI = { requires: { clientSideEncryption: true, - topology: '!load-balanced' + topology: '!load-balanced', + predicate: vs25Predicate } }; @@ -50,7 +55,8 @@ const eeMetadata: MongoDBMetadataUI = { requires: { clientSideEncryption: true, mongodb: '>=7.0.0', - topology: ['replicaset', 'sharded'] + topology: ['replicaset', 'sharded'], + predicate: vs25Predicate } }; @@ -1717,7 +1723,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { function () {} ).skipReason = 'TODO(NODE-4840): Node does not support any OCSP options'; - context('Case 6: named KMS providers apply TLS options', function () { + context('Case 6: named KMS providers apply TLS options', metadata, function () { afterEach(() => keyvaultClient?.close()); beforeEach(async function () { const shouldSkip = this.configuration.filters.ClientSideEncryptionFilter.filter({ From 94145380cd7017b08ccec18255867aa82eefea99 Mon Sep 17 00:00:00 2001 From: Pavel Safronov Date: Thu, 16 Oct 2025 11:29:30 -0700 Subject: [PATCH 2/4] fix lint issue --- .../client-side-encryption/client_side_encryption.prose.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts index dda7d41e6ff..d0990983c87 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts @@ -42,7 +42,7 @@ export const vs25Predicate = () => satisfies(process.version, '<25.0.0') ? true : 'TODO(NODE-7250): fix these tests in v25'; // eslint-disable-next-line @typescript-eslint/no-empty-function -const noop = () => { }; +const noop = () => {}; const metadata: MongoDBMetadataUI = { requires: { clientSideEncryption: true, From ba3d7204be37a44317227c872eeb71cc708fd15d Mon Sep 17 00:00:00 2001 From: Pavel Safronov Date: Thu, 16 Oct 2025 13:45:32 -0700 Subject: [PATCH 3/4] pr feedback: narrower scope on what tests we skip --- ...t_side_encryption.prose.10.kms_tls.test.ts | 5 +- .../client_side_encryption.prose.test.ts | 52 ++++++++++--------- 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts index 9d1e0c0fc6b..ffd8f621dfc 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.10.kms_tls.test.ts @@ -1,13 +1,14 @@ import { expect } from 'chai'; +import { satisfies } from 'semver'; import { getCSFLEKMSProviders } from '../../csfle-kms-providers'; import { ClientEncryption, type MongoClient } from '../../mongodb'; -import { vs25Predicate } from './client_side_encryption.prose.test'; const metadata: MongoDBMetadataUI = { requires: { clientSideEncryption: true, - predicate: vs25Predicate + predicate: () => + satisfies(process.version, '<25.0.0') ? true : 'TODO(NODE-7252): fix these tests in v25' } }; diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts index d0990983c87..fb26b11ea94 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts @@ -38,16 +38,21 @@ export const getKmsProviders = (localKey, kmipEndpoint, azureEndpoint, gcpEndpoi return result; }; -export const vs25Predicate = () => - satisfies(process.version, '<25.0.0') ? true : 'TODO(NODE-7250): fix these tests in v25'; - // eslint-disable-next-line @typescript-eslint/no-empty-function -const noop = () => {}; +const noop = () => { }; const metadata: MongoDBMetadataUI = { + requires: { + clientSideEncryption: true, + topology: '!load-balanced' + } +}; + +const kmsTlsMetadata: MongoDBMetadataUI = { requires: { clientSideEncryption: true, topology: '!load-balanced', - predicate: vs25Predicate + predicate: () => + satisfies(process.version, '<25.0.0') ? true : 'TODO(NODE-7252): fix these tests in v25' } }; @@ -55,8 +60,7 @@ const eeMetadata: MongoDBMetadataUI = { requires: { clientSideEncryption: true, mongodb: '>=7.0.0', - topology: ['replicaset', 'sharded'], - predicate: vs25Predicate + topology: ['replicaset', 'sharded'] } }; @@ -1375,7 +1379,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { * - Create client encryption expired * - Create client encryption invalid hostname */ - context('KMS TLS Options Tests', metadata, function () { + context('KMS TLS Options Tests', kmsTlsMetadata, function () { let clientNoTls; let clientWithTls; let clientWithTlsExpired; @@ -1512,7 +1516,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 1. - context('Case 1: AWS', metadata, function () { + context('Case 1: AWS', kmsTlsMetadata, function () { const masterKey = { region: 'us-east-1', key: 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', @@ -1521,7 +1525,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { const masterKeyExpired = { ...masterKey, endpoint: '127.0.0.1:9000' }; const masterKeyInvalidHostname = { ...masterKey, endpoint: '127.0.0.1:9001' }; - it('should fail with no TLS', metadata, async function () { + it('should fail with no TLS', async function () { // NODE-6861: flakiness is caused by mock KMS servers this.retries(2); @@ -1534,7 +1538,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should succeed with valid TLS options', metadata, async function () { + it('should succeed with valid TLS options', async function () { try { await clientEncryptionWithTls.createDataKey('aws', { masterKey }); expect.fail('it must fail to parse response'); @@ -1557,7 +1561,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('aws', { masterKey: masterKeyInvalidHostname @@ -1571,13 +1575,13 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 2. - context('Case 2: Azure', metadata, function () { + context('Case 2: Azure', kmsTlsMetadata, function () { const masterKey = { keyVaultEndpoint: 'doesnotexist.invalid', keyName: 'foo' }; - it('should fail with no TLS', metadata, async function () { + it('should fail with no TLS', async function () { // NODE-6861: flakiness is caused by mock KMS servers this.retries(2); @@ -1590,7 +1594,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should succeed with valid TLS options', metadata, async function () { + it('should succeed with valid TLS options', async function () { try { await clientEncryptionWithTls.createDataKey('azure', { masterKey }); expect.fail('it must fail with HTTP 404'); @@ -1611,7 +1615,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('azure', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1623,7 +1627,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 3. - context('Case 3: GCP', metadata, function () { + context('Case 3: GCP', kmsTlsMetadata, function () { const masterKey = { projectId: 'foo', location: 'bar', @@ -1631,7 +1635,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { keyName: 'foo' }; - it('should fail with no TLS', metadata, async function () { + it('should fail with no TLS', async function () { // NODE-6861: flakiness is caused by mock KMS servers this.retries(2); @@ -1644,7 +1648,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should succeed with valid TLS options', metadata, async function () { + it('should succeed with valid TLS options', async function () { try { await clientEncryptionWithTls.createDataKey('gcp', { masterKey }); expect.fail('it must fail with HTTP 404'); @@ -1665,7 +1669,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('gcp', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1677,7 +1681,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { }); // Case 4. - context('Case 4: KMIP', metadata, function () { + context('Case 4: KMIP', kmsTlsMetadata, function () { const masterKey = {}; it('should fail with no TLS', metadata, async function () { @@ -1705,7 +1709,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { } }); - it('should fail with an invalid hostname', metadata, async function () { + it('should fail with an invalid hostname', async function () { try { await clientEncryptionWithInvalidHostname.createDataKey('kmip', { masterKey }); expect.fail('it must fail with invalid hostnames'); @@ -1720,10 +1724,10 @@ describe('Client Side Encryption Prose Tests', metadata, function () { 'Case 5: `tlsDisableOCSPEndpointCheck` is permitted', metadata, // eslint-disable-next-line @typescript-eslint/no-empty-function - function () {} + function () { } ).skipReason = 'TODO(NODE-4840): Node does not support any OCSP options'; - context('Case 6: named KMS providers apply TLS options', metadata, function () { + context('Case 6: named KMS providers apply TLS options', kmsTlsMetadata, function () { afterEach(() => keyvaultClient?.close()); beforeEach(async function () { const shouldSkip = this.configuration.filters.ClientSideEncryptionFilter.filter({ From 6f3c05a3a9e04c16c9162baeab4f7b1b762903aa Mon Sep 17 00:00:00 2001 From: Pavel Safronov Date: Thu, 16 Oct 2025 13:53:18 -0700 Subject: [PATCH 4/4] lint fix --- .../client_side_encryption.prose.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts index fb26b11ea94..47bc3a101a1 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.ts @@ -39,7 +39,7 @@ export const getKmsProviders = (localKey, kmipEndpoint, azureEndpoint, gcpEndpoi }; // eslint-disable-next-line @typescript-eslint/no-empty-function -const noop = () => { }; +const noop = () => {}; const metadata: MongoDBMetadataUI = { requires: { clientSideEncryption: true, @@ -1724,7 +1724,7 @@ describe('Client Side Encryption Prose Tests', metadata, function () { 'Case 5: `tlsDisableOCSPEndpointCheck` is permitted', metadata, // eslint-disable-next-line @typescript-eslint/no-empty-function - function () { } + function () {} ).skipReason = 'TODO(NODE-4840): Node does not support any OCSP options'; context('Case 6: named KMS providers apply TLS options', kmsTlsMetadata, function () {