Use existing KMS conveniences

vector-of-bool · vector-of-bool · commit e200808c1ce2 · 2023-03-13T22:50:11.000Z
diff --git a/src/libmongoc/tests/test-mongoc-client-side-encryption.c b/src/libmongoc/tests/test-mongoc-client-side-encryption.c
@@ -6244,18 +6244,11 @@ test_auto_datakeys (void *unused)
 }
 
 static void
-_do_cec_test (void (*test) (const char *kmsProvider, const bson_t *masterKey))
+_do_cec_test (void (*test) (const char *kmsProvider))
 {
    // Run the test using the "local" key:
-   test ("local", NULL);
-   // Run the test using an AWS key:
-   bsonBuildDecl (masterKey,
-                  kv ("region", cstr ("us-east-1")),
-                  kv ("key",
-                      cstr ("arn:aws:kms:us-east-1:579766882180:key/"
-                            "89fcc2c4-08b0-4bd9-9f25-e30687b580d0")));
-   test ("aws", &masterKey);
-   bson_destroy (&masterKey);
+   test ("local");
+   test ("aws");
 }
 
 // Declare a createEncryptedCollection test case (See usage below)
@@ -6268,13 +6261,11 @@ _do_cec_test (void (*test) (const char *kmsProvider, const bson_t *masterKey))
    }                                      \
    static void name##_impl (__VA_ARGS__)
 
-CEC_TEST (test_create_encrypted_collection_simple,
-          const char *kmsProvider,
-          const bson_t *opt_masterKey)
+CEC_TEST (test_create_encrypted_collection_simple, const char *kmsProvider)
 {
    bson_error_t error = {0};
    mongoc_client_t *const client = test_framework_new_default_client ();
-   bson_t *const kmsProviders = _make_kms_providers (false, true);
+   bson_t *const kmsProviders = _make_kms_providers (true, true);
 
    const char *const dbName = "cec-test-db";
 
@@ -6315,17 +6306,13 @@ CEC_TEST (test_create_encrypted_collection_simple,
                                            kv ("bsonType", cstr ("string")),
                                            kv ("keyId", null)))))));
    mongoc_database_t *const db = mongoc_client_get_database (client, dbName);
+   bson_t *const mkey = _make_kms_masterkey (kmsProvider);
    mongoc_collection_t *const coll =
-      mongoc_client_encryption_create_encrypted_collection (ce,
-                                                            db,
-                                                            "test-coll",
-                                                            &ccOpts,
-                                                            NULL,
-                                                            kmsProvider,
-                                                            opt_masterKey,
-                                                            &error);
+      mongoc_client_encryption_create_encrypted_collection (
+         ce, db, "test-coll", &ccOpts, NULL, kmsProvider, mkey, &error);
    ASSERT_OR_PRINT (coll, error);
    bson_destroy (&ccOpts);
+   bson_destroy (mkey);
 
    bsonBuildDecl (doc, kv ("ssn", cstr ("123-45-6789")));
    const bool okay =
@@ -6350,11 +6337,10 @@ test_create_encrypted_collection_no_encryptedFields_helper (
    mongoc_client_t *client,
    const char *dbName,
    const char *collName,
-   const char *kmsProvider,
-   const bson_t *const opt_masterKey)
+   const char *kmsProvider)
 {
    bson_error_t error = {0};
-   bson_t *const kmsProviders = _make_kms_providers (false, true);
+   bson_t *const kmsProviders = _make_kms_providers (true, true);
 
    // Drop prior data
    {
@@ -6388,14 +6374,16 @@ test_create_encrypted_collection_no_encryptedFields_helper (
    // Create the encrypted collection
    bsonBuildDecl (ccOpts, do());
    mongoc_database_t *const db = mongoc_client_get_database (client, dbName);
+   bson_t *const mkey = _make_kms_masterkey (kmsProvider);
    mongoc_collection_t *const coll =
       mongoc_client_encryption_create_encrypted_collection (
-         ce, db, collName, &ccOpts, NULL, kmsProvider, opt_masterKey, &error);
+         ce, db, collName, &ccOpts, NULL, kmsProvider, mkey, &error);
    ASSERT_ERROR_CONTAINS (error,
                           MONGOC_ERROR_COMMAND,
                           MONGOC_ERROR_COMMAND_INVALID_ARG,
                           "No 'encryptedFields' are defined");
    bson_destroy (&ccOpts);
+   bson_destroy (mkey);
 
    bson_destroy (kmsProviders);
    mongoc_collection_destroy (coll);
@@ -6405,8 +6393,7 @@ test_create_encrypted_collection_no_encryptedFields_helper (
 }
 
 CEC_TEST (test_create_encrypted_collection_no_encryptedFields,
-          const char *kmsProvider,
-          const bson_t *const opt_masterKey)
+          const char *kmsProvider)
 {
    const char *dbName = "cec-test-db";
    const char *collName = "test-coll";
@@ -6415,7 +6402,7 @@ CEC_TEST (test_create_encrypted_collection_no_encryptedFields,
    {
       mongoc_client_t *const client = test_framework_new_default_client ();
       test_create_encrypted_collection_no_encryptedFields_helper (
-         client, dbName, collName, kmsProvider, opt_masterKey);
+         client, dbName, collName, kmsProvider);
       mongoc_client_destroy (client);
    }
 
@@ -6427,7 +6414,7 @@ CEC_TEST (test_create_encrypted_collection_no_encryptedFields,
       mongoc_auto_encryption_opts_t *aeOpts =
          mongoc_auto_encryption_opts_new ();
       bson_t *const kmsProviders =
-         _make_kms_providers (false /* with aws */, true /* with local */);
+         _make_kms_providers (true /* with aws */, true /* with local */);
       char *namespace = bson_strdup_printf ("%s.%s", dbName, collName);
       bson_t *encryptedFieldsMap =
          tmp_bson ("{'%s': {'fields': []}}", namespace);
@@ -6442,7 +6429,7 @@ CEC_TEST (test_create_encrypted_collection_no_encryptedFields,
          mongoc_client_enable_auto_encryption (client, aeOpts, &error), error);
 
       test_create_encrypted_collection_no_encryptedFields_helper (
-         client, dbName, collName, kmsProvider, opt_masterKey);
+         client, dbName, collName, kmsProvider);
 
       bson_free (namespace);
       bson_destroy (kmsProviders);
@@ -6452,12 +6439,11 @@ CEC_TEST (test_create_encrypted_collection_no_encryptedFields,
 }
 
 CEC_TEST (test_create_encrypted_collection_bad_keyId,
-          const char *const kmsProvider,
-          const bson_t *const opt_masterKey)
+          const char *const kmsProvider)
 {
    bson_error_t error = {0};
    mongoc_client_t *const client = test_framework_new_default_client ();
-   bson_t *const kmsProviders = _make_kms_providers (false, true);
+   bson_t *const kmsProviders = _make_kms_providers (true, true);
 
    const char *const dbName = "cec-test-db";
 
@@ -6498,20 +6484,16 @@ CEC_TEST (test_create_encrypted_collection_bad_keyId,
                                            kv ("bsonType", cstr ("string")),
                                            kv ("keyId", bool (true))))))));
    mongoc_database_t *const db = mongoc_client_get_database (client, dbName);
+   bson_t *const mkey = _make_kms_masterkey (kmsProvider);
    mongoc_collection_t *const coll =
-      mongoc_client_encryption_create_encrypted_collection (ce,
-                                                            db,
-                                                            "test-coll",
-                                                            &ccOpts,
-                                                            NULL,
-                                                            kmsProvider,
-                                                            opt_masterKey,
-                                                            &error);
+      mongoc_client_encryption_create_encrypted_collection (
+         ce, db, "test-coll", &ccOpts, NULL, kmsProvider, mkey, &error);
    ASSERT_ERROR_CONTAINS (error,
                           MONGOC_ERROR_QUERY,
                           MONGOC_ERROR_PROTOCOL_INVALID_REPLY,
                           "create.encryptedFields.fields.keyId");
    bson_destroy (&ccOpts);
+   bson_destroy (mkey);
 
    bson_destroy (kmsProviders);
    mongoc_collection_destroy (coll);
@@ -6523,12 +6505,11 @@ CEC_TEST (test_create_encrypted_collection_bad_keyId,
 
 // Implements Prose Test 21. Case: 4.
 CEC_TEST (test_create_encrypted_collection_insert,
-          const char *const kmsProvider,
-          const bson_t *const opt_masterKey)
+          const char *const kmsProvider)
 {
    bson_error_t error = {0};
    mongoc_client_t *const client = test_framework_new_default_client ();
-   bson_t *const kmsProviders = _make_kms_providers (false, true);
+   bson_t *const kmsProviders = _make_kms_providers (true, true);
 
    const char *const dbName = "cec-test-db";
 
@@ -6570,17 +6551,13 @@ CEC_TEST (test_create_encrypted_collection_insert,
                                            kv ("keyId", null)))))));
    mongoc_database_t *const db = mongoc_client_get_database (client, dbName);
    bson_t new_opts;
+   bson_t *const mkey = _make_kms_masterkey (kmsProvider);
    mongoc_collection_t *const coll =
-      mongoc_client_encryption_create_encrypted_collection (ce,
-                                                            db,
-                                                            "testing1",
-                                                            &ccOpts,
-                                                            &new_opts,
-                                                            kmsProvider,
-                                                            opt_masterKey,
-                                                            &error);
+      mongoc_client_encryption_create_encrypted_collection (
+         ce, db, "testing1", &ccOpts, &new_opts, kmsProvider, mkey, &error);
    ASSERT_OR_PRINT (coll, error);
    bson_destroy (&ccOpts);
+   bson_destroy (mkey);
 
    // Extract the encryption key ID that was generated by
    // CreateEncryptedCollection:
