From ef2ecc4eac233e0b3e0cd9e64301b362a7749915 Mon Sep 17 00:00:00 2001 From: Shane Harvey Date: Fri, 17 Apr 2020 13:00:29 -0700 Subject: [PATCH] PYTHON-2207 Do not use the admin database for the key vault in FLE tests Admin collections cannot be dropped in sharded clusters in 4.5+. --- .../spec/aggregate.json | 8 +- test/client-side-encryption/spec/basic.json | 8 +- test/client-side-encryption/spec/bulk.json | 4 +- .../spec/bypassAutoEncryption.json | 4 +- test/client-side-encryption/spec/count.json | 4 +- .../spec/countDocuments.json | 4 +- test/client-side-encryption/spec/delete.json | 8 +- .../client-side-encryption/spec/distinct.json | 4 +- test/client-side-encryption/spec/explain.json | 4 +- test/client-side-encryption/spec/find.json | 8 +- .../spec/findOneAndDelete.json | 4 +- .../spec/findOneAndReplace.json | 4 +- .../spec/findOneAndUpdate.json | 4 +- test/client-side-encryption/spec/getMore.json | 4 +- test/client-side-encryption/spec/insert.json | 8 +- .../spec/keyAltName.json | 4 +- .../client-side-encryption/spec/localKMS.json | 4 +- .../spec/localSchema.json | 4 +- .../spec/missingKey.json | 6 +- .../spec/replaceOne.json | 4 +- test/client-side-encryption/spec/types.json | 32 ++++---- .../spec/updateMany.json | 4 +- .../spec/updateOne.json | 4 +- test/test_encryption.py | 76 +++++++++---------- 24 files changed, 109 insertions(+), 109 deletions(-) diff --git a/test/client-side-encryption/spec/aggregate.json b/test/client-side-encryption/spec/aggregate.json index 6bc924271..a9e79f9ed 100644 --- a/test/client-side-encryption/spec/aggregate.json +++ b/test/client-side-encryption/spec/aggregate.json @@ -157,7 +157,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -187,7 +187,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -280,7 +280,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -310,7 +310,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/basic.json b/test/client-side-encryption/spec/basic.json index 371894e8c..3f9895fd5 100644 --- a/test/client-side-encryption/spec/basic.json +++ b/test/client-side-encryption/spec/basic.json @@ -151,7 +151,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -181,7 +181,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -290,7 +290,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -320,7 +320,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/bulk.json b/test/client-side-encryption/spec/bulk.json index 7a401d5e8..ead90985a 100644 --- a/test/client-side-encryption/spec/bulk.json +++ b/test/client-side-encryption/spec/bulk.json @@ -185,7 +185,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -215,7 +215,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/bypassAutoEncryption.json b/test/client-side-encryption/spec/bypassAutoEncryption.json index 42f447322..9d09cb3fa 100644 --- a/test/client-side-encryption/spec/bypassAutoEncryption.json +++ b/test/client-side-encryption/spec/bypassAutoEncryption.json @@ -196,7 +196,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -369,7 +369,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/count.json b/test/client-side-encryption/spec/count.json index 9ac5104a0..24f46a110 100644 --- a/test/client-side-encryption/spec/count.json +++ b/test/client-side-encryption/spec/count.json @@ -156,7 +156,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -186,7 +186,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/countDocuments.json b/test/client-side-encryption/spec/countDocuments.json index d4ae0aeb4..3cf5fbca8 100644 --- a/test/client-side-encryption/spec/countDocuments.json +++ b/test/client-side-encryption/spec/countDocuments.json @@ -157,7 +157,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -187,7 +187,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/delete.json b/test/client-side-encryption/spec/delete.json index bb9c06155..30fb453a9 100644 --- a/test/client-side-encryption/spec/delete.json +++ b/test/client-side-encryption/spec/delete.json @@ -158,7 +158,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -188,7 +188,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -283,7 +283,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -313,7 +313,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/distinct.json b/test/client-side-encryption/spec/distinct.json index c47303058..7a5f75c4a 100644 --- a/test/client-side-encryption/spec/distinct.json +++ b/test/client-side-encryption/spec/distinct.json @@ -168,7 +168,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -198,7 +198,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/explain.json b/test/client-side-encryption/spec/explain.json index 6872cedf2..5ad46bc23 100644 --- a/test/client-side-encryption/spec/explain.json +++ b/test/client-side-encryption/spec/explain.json @@ -162,7 +162,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -192,7 +192,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/find.json b/test/client-side-encryption/spec/find.json index 93cef311c..b7c5258a1 100644 --- a/test/client-side-encryption/spec/find.json +++ b/test/client-side-encryption/spec/find.json @@ -167,7 +167,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -197,7 +197,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -309,7 +309,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -339,7 +339,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/findOneAndDelete.json b/test/client-side-encryption/spec/findOneAndDelete.json index 2d9f963f2..6261d8601 100644 --- a/test/client-side-encryption/spec/findOneAndDelete.json +++ b/test/client-side-encryption/spec/findOneAndDelete.json @@ -155,7 +155,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -185,7 +185,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/findOneAndReplace.json b/test/client-side-encryption/spec/findOneAndReplace.json index 1512fb955..d91bc0599 100644 --- a/test/client-side-encryption/spec/findOneAndReplace.json +++ b/test/client-side-encryption/spec/findOneAndReplace.json @@ -154,7 +154,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -184,7 +184,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/findOneAndUpdate.json b/test/client-side-encryption/spec/findOneAndUpdate.json index a5b41f845..fad70609a 100644 --- a/test/client-side-encryption/spec/findOneAndUpdate.json +++ b/test/client-side-encryption/spec/findOneAndUpdate.json @@ -156,7 +156,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -186,7 +186,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/getMore.json b/test/client-side-encryption/spec/getMore.json index 637f69d50..cf2344222 100644 --- a/test/client-side-encryption/spec/getMore.json +++ b/test/client-side-encryption/spec/getMore.json @@ -186,7 +186,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -216,7 +216,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/insert.json b/test/client-side-encryption/spec/insert.json index beb98c5eb..78fa8feba 100644 --- a/test/client-side-encryption/spec/insert.json +++ b/test/client-side-encryption/spec/insert.json @@ -138,7 +138,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -168,7 +168,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -265,7 +265,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -295,7 +295,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/keyAltName.json b/test/client-side-encryption/spec/keyAltName.json index 7088d0b0b..d062bed45 100644 --- a/test/client-side-encryption/spec/keyAltName.json +++ b/test/client-side-encryption/spec/keyAltName.json @@ -138,7 +138,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -163,7 +163,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/localKMS.json b/test/client-side-encryption/spec/localKMS.json index febc1ccfc..e4d25309c 100644 --- a/test/client-side-encryption/spec/localKMS.json +++ b/test/client-side-encryption/spec/localKMS.json @@ -121,7 +121,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -151,7 +151,7 @@ } ] }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "find" } diff --git a/test/client-side-encryption/spec/localSchema.json b/test/client-side-encryption/spec/localSchema.json index f939dbc12..7071d6fef 100644 --- a/test/client-side-encryption/spec/localSchema.json +++ b/test/client-side-encryption/spec/localSchema.json @@ -143,7 +143,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -173,7 +173,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/missingKey.json b/test/client-side-encryption/spec/missingKey.json index a7237f179..ac8e8320b 100644 --- a/test/client-side-encryption/spec/missingKey.json +++ b/test/client-side-encryption/spec/missingKey.json @@ -102,7 +102,7 @@ "description": "Insert with encryption on a missing key", "clientOptions": { "autoEncryptOpts": { - "keyVaultNamespace": "admin.different", + "keyVaultNamespace": "keyvault.different", "kmsProviders": { "aws": {} } @@ -147,7 +147,7 @@ "filter": { "name": "different" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -177,7 +177,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/replaceOne.json b/test/client-side-encryption/spec/replaceOne.json index 1287fdea1..5cdb3d40f 100644 --- a/test/client-side-encryption/spec/replaceOne.json +++ b/test/client-side-encryption/spec/replaceOne.json @@ -155,7 +155,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -185,7 +185,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/types.json b/test/client-side-encryption/spec/types.json index 08928381e..47e4c27a2 100644 --- a/test/client-side-encryption/spec/types.json +++ b/test/client-side-encryption/spec/types.json @@ -110,7 +110,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -140,7 +140,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -261,7 +261,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -291,7 +291,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -412,7 +412,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -442,7 +442,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -663,7 +663,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -693,7 +693,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -814,7 +814,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -844,7 +844,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -1064,7 +1064,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -1094,7 +1094,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -1221,7 +1221,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -1251,7 +1251,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } @@ -1376,7 +1376,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -1406,7 +1406,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/updateMany.json b/test/client-side-encryption/spec/updateMany.json index 43c6dd717..fd1f4d12b 100644 --- a/test/client-side-encryption/spec/updateMany.json +++ b/test/client-side-encryption/spec/updateMany.json @@ -171,7 +171,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -201,7 +201,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/client-side-encryption/spec/updateOne.json b/test/client-side-encryption/spec/updateOne.json index d6a6de79e..bed763d72 100644 --- a/test/client-side-encryption/spec/updateOne.json +++ b/test/client-side-encryption/spec/updateOne.json @@ -157,7 +157,7 @@ "filter": { "name": "datakeys" }, - "$db": "admin" + "$db": "keyvault" }, "command_name": "listCollections" } @@ -187,7 +187,7 @@ } ] }, - "$db": "admin", + "$db": "keyvault", "readConcern": { "level": "majority" } diff --git a/test/test_encryption.py b/test/test_encryption.py index 91018d74b..0903eadca 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -68,13 +68,13 @@ class TestAutoEncryptionOpts(PyMongoTestCase): @unittest.skipIf(_HAVE_PYMONGOCRYPT, 'pymongocrypt is installed') def test_init_requires_pymongocrypt(self): with self.assertRaises(ConfigurationError): - AutoEncryptionOpts({}, 'admin.datakeys') + AutoEncryptionOpts({}, 'keyvault.datakeys') @unittest.skipUnless(_HAVE_PYMONGOCRYPT, 'pymongocrypt is not installed') def test_init(self): - opts = AutoEncryptionOpts({}, 'admin.datakeys') + opts = AutoEncryptionOpts({}, 'keyvault.datakeys') self.assertEqual(opts._kms_providers, {}) - self.assertEqual(opts._key_vault_namespace, 'admin.datakeys') + self.assertEqual(opts._key_vault_namespace, 'keyvault.datakeys') self.assertEqual(opts._key_vault_client, None) self.assertEqual(opts._schema_map, None) self.assertEqual(opts._bypass_auto_encryption, False) @@ -88,20 +88,20 @@ class TestAutoEncryptionOpts(PyMongoTestCase): def test_init_spawn_args(self): # User can override idleShutdownTimeoutSecs opts = AutoEncryptionOpts( - {}, 'admin.datakeys', + {}, 'keyvault.datakeys', mongocryptd_spawn_args=['--idleShutdownTimeoutSecs=88']) self.assertEqual( opts._mongocryptd_spawn_args, ['--idleShutdownTimeoutSecs=88']) # idleShutdownTimeoutSecs is added by default opts = AutoEncryptionOpts( - {}, 'admin.datakeys', mongocryptd_spawn_args=[]) + {}, 'keyvault.datakeys', mongocryptd_spawn_args=[]) self.assertEqual( opts._mongocryptd_spawn_args, ['--idleShutdownTimeoutSecs=60']) # Also added when other options are given opts = AutoEncryptionOpts( - {}, 'admin.datakeys', + {}, 'keyvault.datakeys', mongocryptd_spawn_args=['--quiet', '--port=27020']) self.assertEqual( opts._mongocryptd_spawn_args, @@ -120,7 +120,7 @@ class TestClientOptions(PyMongoTestCase): @unittest.skipUnless(_HAVE_PYMONGOCRYPT, 'pymongocrypt is not installed') def test_kwargs(self): - opts = AutoEncryptionOpts(KMS_PROVIDERS, 'admin.datakeys') + opts = AutoEncryptionOpts(KMS_PROVIDERS, 'keyvault.datakeys') client = MongoClient(auto_encryption_opts=opts, connect=False) self.addCleanup(client.close) self.assertEqual(get_client_opts(client).auto_encryption_opts, opts) @@ -178,7 +178,7 @@ class TestClientSimple(EncryptionIntegrationTest): # Create the encrypted field's data key. key_vault = create_key_vault( - self.client.admin.datakeys, + self.client.keyvault.datakeys, json_data('custom', 'key-document-local.json')) self.addCleanup(key_vault.drop) @@ -239,19 +239,19 @@ class TestClientSimple(EncryptionIntegrationTest): create_with_schema(self.db.test, json_schema) self.addCleanup(self.db.test.drop) - opts = AutoEncryptionOpts(KMS_PROVIDERS, 'admin.datakeys') + opts = AutoEncryptionOpts(KMS_PROVIDERS, 'keyvault.datakeys') self._test_auto_encrypt(opts) def test_auto_encrypt_local_schema_map(self): # Configure the encrypted field via the local schema_map option. schemas = {'pymongo_test.test': json_data('custom', 'schema.json')} opts = AutoEncryptionOpts( - KMS_PROVIDERS, 'admin.datakeys', schema_map=schemas) + KMS_PROVIDERS, 'keyvault.datakeys', schema_map=schemas) self._test_auto_encrypt(opts) def test_use_after_close(self): - opts = AutoEncryptionOpts(KMS_PROVIDERS, 'admin.datakeys') + opts = AutoEncryptionOpts(KMS_PROVIDERS, 'keyvault.datakeys') client = rs_or_single_client(auto_encryption_opts=opts) self.addCleanup(client.close) @@ -271,7 +271,7 @@ class TestClientMaxWireVersion(IntegrationTest): @client_context.require_version_max(4, 0, 99) def test_raise_max_wire_version_error(self): - opts = AutoEncryptionOpts(KMS_PROVIDERS, 'admin.datakeys') + opts = AutoEncryptionOpts(KMS_PROVIDERS, 'keyvault.datakeys') client = rs_or_single_client(auto_encryption_opts=opts) self.addCleanup(client.close) msg = 'Auto-encryption requires a minimum MongoDB version of 4.2' @@ -285,7 +285,7 @@ class TestClientMaxWireVersion(IntegrationTest): client.test.test.bulk_write([InsertOne({})]) def test_raise_unsupported_error(self): - opts = AutoEncryptionOpts(KMS_PROVIDERS, 'admin.datakeys') + opts = AutoEncryptionOpts(KMS_PROVIDERS, 'keyvault.datakeys') client = rs_or_single_client(auto_encryption_opts=opts) self.addCleanup(client.close) msg = 'find_raw_batches does not support auto encryption' @@ -308,10 +308,10 @@ class TestExplicitSimple(EncryptionIntegrationTest): def test_encrypt_decrypt(self): client_encryption = ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', client_context.client, OPTS) + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, OPTS) self.addCleanup(client_encryption.close) # Use standard UUID representation. - key_vault = client_context.client.admin.get_collection( + key_vault = client_context.client.keyvault.get_collection( 'datakeys', codec_options=OPTS) self.addCleanup(key_vault.drop) @@ -345,7 +345,7 @@ class TestExplicitSimple(EncryptionIntegrationTest): def test_validation(self): client_encryption = ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', client_context.client, OPTS) + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, OPTS) self.addCleanup(client_encryption.close) msg = 'value to decrypt must be a bson.binary.Binary with subtype 6' @@ -363,7 +363,7 @@ class TestExplicitSimple(EncryptionIntegrationTest): def test_bson_errors(self): client_encryption = ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', client_context.client, OPTS) + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, OPTS) self.addCleanup(client_encryption.close) # Attempt to encrypt an unencodable object. @@ -377,11 +377,11 @@ class TestExplicitSimple(EncryptionIntegrationTest): def test_codec_options(self): with self.assertRaisesRegex(TypeError, 'codec_options must be'): ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', client_context.client, None) + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, None) opts = CodecOptions(uuid_representation=JAVA_LEGACY) client_encryption_legacy = ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', client_context.client, opts) + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, opts) self.addCleanup(client_encryption_legacy.close) # Create the encrypted field's data key. @@ -398,7 +398,7 @@ class TestExplicitSimple(EncryptionIntegrationTest): # Encrypt the same UUID with STANDARD codec options. client_encryption = ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', client_context.client, OPTS) + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, OPTS) self.addCleanup(client_encryption.close) encrypted_standard = client_encryption.encrypt( value, Algorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic, @@ -416,7 +416,7 @@ class TestExplicitSimple(EncryptionIntegrationTest): def test_close(self): client_encryption = ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', client_context.client, OPTS) + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, OPTS) client_encryption.close() # Close can be called multiple times. client_encryption.close() @@ -431,7 +431,7 @@ class TestExplicitSimple(EncryptionIntegrationTest): def test_with_statement(self): with ClientEncryption( - KMS_PROVIDERS, 'admin.datakeys', + KMS_PROVIDERS, 'keyvault.datakeys', client_context.client, OPTS) as client_encryption: pass with self.assertRaisesRegex( @@ -464,7 +464,7 @@ class TestSpec(SpecRunner): if not any(AWS_CREDS.values()): self.skipTest('AWS environment credentials are not set') if 'key_vault_namespace' not in opts: - opts['key_vault_namespace'] = 'admin.datakeys' + opts['key_vault_namespace'] = 'keyvault.datakeys' opts = dict(opts) return AutoEncryptionOpts(**opts) @@ -497,7 +497,7 @@ class TestSpec(SpecRunner): key_vault_data = scenario_def['key_vault_data'] if key_vault_data: coll = client_context.client.get_database( - 'admin', + 'keyvault', write_concern=WriteConcern(w='majority'), codec_options=OPTS)['datakeys'] coll.drop() @@ -590,7 +590,7 @@ class TestDataKeyDoubleEncryption(EncryptionIntegrationTest): client = rs_or_single_client(event_listeners=[listener]) self.addCleanup(client.close) client.db.coll.drop() - vault = create_key_vault(client.admin.datakeys) + vault = create_key_vault(client.keyvault.datakeys) self.addCleanup(vault.drop) # Configure the encrypted field via the local schema_map option. @@ -609,13 +609,13 @@ class TestDataKeyDoubleEncryption(EncryptionIntegrationTest): } } opts = AutoEncryptionOpts( - self.kms_providers(), 'admin.datakeys', schema_map=schemas) + self.kms_providers(), 'keyvault.datakeys', schema_map=schemas) client_encrypted = rs_or_single_client( auto_encryption_opts=opts, uuidRepresentation='standard') self.addCleanup(client_encrypted.close) client_encryption = ClientEncryption( - self.kms_providers(), 'admin.datakeys', client, OPTS) + self.kms_providers(), 'keyvault.datakeys', client, OPTS) self.addCleanup(client_encryption.close) # Local create data key. @@ -700,7 +700,7 @@ class TestExternalKeyVault(EncryptionIntegrationTest): def _test_external_key_vault(self, with_external_key_vault): self.client.db.coll.drop() vault = create_key_vault( - self.client.admin.datakeys, + self.client.keyvault.datakeys, json_data('corpus', 'corpus-key-local.json'), json_data('corpus', 'corpus-key-aws.json')) self.addCleanup(vault.drop) @@ -714,7 +714,7 @@ class TestExternalKeyVault(EncryptionIntegrationTest): else: key_vault_client = client_context.client opts = AutoEncryptionOpts( - self.kms_providers(), 'admin.datakeys', schema_map=schemas, + self.kms_providers(), 'keyvault.datakeys', schema_map=schemas, key_vault_client=key_vault_client) client_encrypted = rs_or_single_client( @@ -722,7 +722,7 @@ class TestExternalKeyVault(EncryptionIntegrationTest): self.addCleanup(client_encrypted.close) client_encryption = ClientEncryption( - self.kms_providers(), 'admin.datakeys', key_vault_client, OPTS) + self.kms_providers(), 'keyvault.datakeys', key_vault_client, OPTS) self.addCleanup(client_encryption.close) if with_external_key_vault: @@ -768,7 +768,7 @@ class TestViews(EncryptionIntegrationTest): self.client.db.create_collection('view', viewOn='coll') self.addCleanup(self.client.db.view.drop) - opts = AutoEncryptionOpts(self.kms_providers(), 'admin.datakeys') + opts = AutoEncryptionOpts(self.kms_providers(), 'keyvault.datakeys') client_encrypted = rs_or_single_client( auto_encryption_opts=opts, uuidRepresentation='standard') self.addCleanup(client_encrypted.close) @@ -822,7 +822,7 @@ class TestCorpus(EncryptionIntegrationTest): self.addCleanup(coll.drop) vault = create_key_vault( - self.client.admin.datakeys, + self.client.keyvault.datakeys, json_data('corpus', 'corpus-key-local.json'), json_data('corpus', 'corpus-key-aws.json')) self.addCleanup(vault.drop) @@ -832,7 +832,7 @@ class TestCorpus(EncryptionIntegrationTest): self.addCleanup(client_encrypted.close) client_encryption = ClientEncryption( - self.kms_providers(), 'admin.datakeys', client_context.client, + self.kms_providers(), 'keyvault.datakeys', client_context.client, OPTS) self.addCleanup(client_encryption.close) @@ -906,7 +906,7 @@ class TestCorpus(EncryptionIntegrationTest): self.assertEqual(value['value'], corpus[key]['value'], key) def test_corpus(self): - opts = AutoEncryptionOpts(self.kms_providers(), 'admin.datakeys') + opts = AutoEncryptionOpts(self.kms_providers(), 'keyvault.datakeys') self._test_corpus(opts) def test_corpus_local_schema(self): @@ -914,7 +914,7 @@ class TestCorpus(EncryptionIntegrationTest): schemas = {'db.coll': self.fix_up_schema( json_data('corpus', 'corpus-schema.json'))} opts = AutoEncryptionOpts( - self.kms_providers(), 'admin.datakeys', schema_map=schemas) + self.kms_providers(), 'keyvault.datakeys', schema_map=schemas) self._test_corpus(opts) @@ -939,14 +939,14 @@ class TestBsonSizeBatches(EncryptionIntegrationTest): # Create the key vault. coll = client_context.client.get_database( - 'admin', + 'keyvault', write_concern=WriteConcern(w='majority'), codec_options=OPTS)['datakeys'] coll.drop() coll.insert_one(json_data('limits', 'limits-key.json')) opts = AutoEncryptionOpts( - {'local': {'key': LOCAL_MASTER_KEY}}, 'admin.datakeys') + {'local': {'key': LOCAL_MASTER_KEY}}, 'keyvault.datakeys') cls.listener = OvertCommandListener() cls.client_encrypted = rs_or_single_client( auto_encryption_opts=opts, event_listeners=[cls.listener]) @@ -1033,7 +1033,7 @@ class TestCustomEndpoint(EncryptionIntegrationTest): def setUpClass(cls): super(TestCustomEndpoint, cls).setUpClass() cls.client_encryption = ClientEncryption( - {'aws': AWS_CREDS}, 'admin.datakeys', client_context.client, OPTS) + {'aws': AWS_CREDS}, 'keyvault.datakeys', client_context.client, OPTS) def _test_create_data_key(self, master_key): data_key_id = self.client_encryption.create_data_key(