add back install dir

Author: baileympearson

.evergreen/install-mongodb-client-encryption.sh

@@ -1,5 +1,5 @@
 #! /usr/bin/env bash
-set +o xtrace # Do not write AWS credentials to stderr
+set +o xtrace
 
 # Initial checks for running these tests
 if [ -z ${PROJECT_DIRECTORY+omitted} ]; then echo "PROJECT_DIRECTORY is unset" && exit 1; fi
@@ -9,20 +9,19 @@ source "${PROJECT_DIRECTORY}/.evergreen/init-node-and-npm-env.sh"
 set -o xtrace   # Write all commands first to stderr
 set -o errexit  # Exit the script with error if any of the commands fail
 
-rm -rf $INSTALL_DIR
+rm -rf mongodb-client-encryption
 git clone https://github.com/mongodb-js/mongodb-client-encryption.git
 pushd mongodb-client-encryption
 
 if [ -n "${LIBMONGOCRYPT_VERSION}" ]; then
 	# nightly tests test with `latest` to test against the laster FLE build.
-    npm run install:libmongocrypt -- --libVersion $LIBMONGOCRYPT_VERSION
+    npm run install:libmongocrypt -- --build --libVersion $LIBMONGOCRYPT_VERSION
 else
 	# otherwise use whatever is specified in the package.json.
     npm run install:libmongocrypt
 fi
 
 echo "finished installing libmongocrypt"
-BINDINGS_DIR=$(pwd)
 
 popd
 

src/client-side-encryption/client_encryption.ts

@@ -5,7 +5,15 @@ import type {
   MongoCryptOptions
 } from 'mongodb-client-encryption';
 
-import { type Binary, deserialize, type Document, type Long, serialize, type UUID } from '../bson';
+import {
+  type Binary,
+  deserialize,
+  type Document,
+  type Int32,
+  type Long,
+  serialize,
+  type UUID
+} from '../bson';
 import { type AnyBulkWriteOperation, type BulkWriteResult } from '../bulk/common';
 import { type ProxyOptions } from '../cmap/connection';
 import { type Collection } from '../collection';
@@ -948,12 +956,13 @@ export interface ClientEncryptionRewrapManyDataKeyResult {
 /**
  * @public
  * RangeOptions specifies index options for a Queryable Encryption field supporting "rangePreview" queries.
- * min, max, sparsity, and range must match the values set in the encryptedFields of the destination collection.
+ * min, max, sparsity, trimFactor and range must match the values set in the encryptedFields of the destination collection.
  * For double and decimal128, min/max/precision must all be set, or all be unset.
  */
 export interface RangeOptions {
   min?: any;
   max?: any;
-  sparsity: Long;
+  sparsity?: Long;
+  trimFactor?: Int32;
   precision?: number;
 }

test/integration/client-side-encryption/client_side_encryption.prose.23.range_encryption_defaults.test.ts

@@ -0,0 +1,144 @@
+import { type Binary, EJSON, Int32, Long } from 'bson';
+import { expect } from 'chai';
+
+/* eslint-disable @typescript-eslint/no-restricted-imports */
+import { ClientEncryption } from '../../../src/client-side-encryption/client_encryption';
+import { installNodeDNSWorkaroundHooks } from '../../tools/runner/hooks/configuration';
+
+const metaData: MongoDBMetadataUI = {
+  requires: {
+    clientSideEncryption: '>=6.1.0',
+
+    // The Range Explicit Encryption tests require MongoDB server 7.0+ for QE v2.
+    // The tests must not run against a standalone.
+    //
+    // `range` is not supported on 8.0+ servers.
+    mongodb: '>=8.0.0',
+    topology: '!single'
+  }
+};
+
+const getKmsProviders = (): { local: { key: string } } => {
+  const result = EJSON.parse(process.env.CSFLE_KMS_PROVIDERS || '{}') as unknown as {
+    local: { key: string };
+  };
+
+  return { local: result.local };
+};
+
+describe('Range Explicit Encryption Defaults', function () {
+  installNodeDNSWorkaroundHooks();
+
+  let clientEncryption: ClientEncryption;
+  let keyId;
+  let keyVaultClient;
+  let payload_defaults: Binary;
+
+  beforeEach(async function () {
+    // Create a MongoClient named `keyVaultClient`.
+    keyVaultClient = this.configuration.newClient();
+
+    // Create a ClientEncryption object named `clientEncryption` with these options:
+    // ```typescript
+    // class ClientEncryptionOpts {
+    //   keyVaultClient: keyVaultClient,
+    //   keyVaultNamespace: "keyvault.datakeys",
+    //   kmsProviders: { "local": { "key": "<base64 decoding of LOCAL_MASTERKEY>" } },
+    // }
+    // ```
+    clientEncryption = new ClientEncryption(keyVaultClient, {
+      keyVaultNamespace: 'keyvault.datakeys',
+      kmsProviders: getKmsProviders()
+    });
+
+    // Create a key with `clientEncryption.createDataKey`. Store the returned key ID in a variable named `keyId`.
+    keyId = await clientEncryption.createDataKey('local');
+
+    // Call `clientEncryption.encrypt` to encrypt the int32 value `123` with these options:
+    // ```typescript
+    // class EncryptOpts {
+    //   keyId : keyId,
+    //   algorithm: "Range",
+    //   contentionFactor: 0,
+    //   rangeOpts: RangeOpts {
+    //       min: 0,
+    //       max: 1000
+    //   }
+    // }
+    // ```
+    // Store the result in a variable named `payload_defaults`.
+    payload_defaults = await clientEncryption.encrypt(new Int32(123), {
+      keyId,
+      algorithm: 'Range',
+      contentionFactor: 0,
+      rangeOptions: {
+        min: 0,
+        max: 1000
+      }
+    });
+  });
+
+  afterEach(async function () {
+    await keyVaultClient.close();
+  });
+
+  it('Case 1: Uses libmongocrypt defaults', metaData, async function () {
+    // Call `clientEncryption.encrypt` to encrypt the int32 value `123` with these options:
+    // ```typescript
+    // class EncryptOpts {
+    //   keyId : keyId,
+    //   algorithm: "Range",
+    //   contentionFactor: 0,
+    //   rangeOpts: RangeOpts {
+    //       min: 0,
+    //       max: 1000,
+    //       sparsity: 2,
+    //       trimFactor: 6
+    //   }
+    // }
+    // ```
+    const encrypted = await clientEncryption.encrypt(new Int32(123), {
+      keyId: keyId,
+      algorithm: 'Range',
+      contentionFactor: 0,
+      rangeOptions: {
+        min: 0,
+        max: 1000,
+        sparsity: new Long(2),
+        trimFactor: new Int32(6)
+      }
+    });
+
+    // Assert the returned payload size equals the size of `payload_defaults`.
+    expect(encrypted.length()).to.equal(payload_defaults.length());
+  });
+
+  it('Case 2: can find encrypted range and return the maximum', metaData, async function () {
+    // Call `clientEncryption.encrypt` to encrypt the int32 value `123` with these options:
+    // ```typescript
+    // class EncryptOpts {
+    //   keyId : keyId,
+    //   algorithm: "Range",
+    //   contentionFactor: 0,
+    //   rangeOpts: RangeOpts {
+    //       min: 0,
+    //       max: 1000,
+    //       trimFactor: 0
+    //   }
+    // }
+    // ```
+    const encrypted = await clientEncryption.encrypt(new Int32(123), {
+      keyId: keyId,
+      algorithm: 'Range',
+      contentionFactor: 0,
+      rangeOptions: {
+        min: 0,
+        max: 1000,
+        trimFactor: new Int32(0)
+      }
+    });
+
+    // Assert the returned payload size is greater than the size of `payload_defaults`.
+    expect(encrypted.length()).to.be.greaterThan(payload_defaults.length());
+  });
+});

test/spec/client-side-encryption/tests/legacy/fle2v2-Compact.json

@@ -1,7 +1,7 @@
 {
   "runOn": [
     {
-      "minServerVersion": "8.0.0",
+      "minServerVersion": "7.0.0",
       "topology": [
         "replicaset",
         "sharded",
@@ -130,6 +130,9 @@
             "command": {
               "compactStructuredEncryptionData": "default"
             }
+          },
+          "result": {
+            "ok": 1
           }
         }
       ],

test/spec/client-side-encryption/tests/legacy/fle2v2-Compact.yml

@@ -1,7 +1,6 @@
-# Requires libmongocrypt 1.8.0.
+# Requires libmongocrypt 1.8.0. libmongocrypt 1.10.0 has a bug (MONGOCRYPT-699) that may cause this test to fail on server version 7.
 runOn:
-  # TODO(NODE-6128): lower server version to 7.0.0
-  - minServerVersion: "8.0.0"
+  - minServerVersion: "7.0.0"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
@@ -23,6 +22,8 @@ tests:
         arguments:
           command:
             compactStructuredEncryptionData: *collection_name
+        result:
+          ok: 1
     expectations:
       - command_started_event:
           command:
@@ -80,4 +81,4 @@ tests:
           command:
             compactStructuredEncryptionData: *collection_name
         result:
-          errorContains: "'compactStructuredEncryptionData.compactionTokens' is missing"
+          errorContains: "'compactStructuredEncryptionData.compactionTokens' is missing"