# frozen_string_literal: true # encoding: utf-8 require 'mongo' require 'base64' require 'lite_spec_helper' describe Mongo::Crypt::DataKeyContext do require_libmongocrypt include_context 'define shared FLE helpers' let(:mongocrypt) do Mongo::Crypt::Handle.new(kms_providers) end let(:io) { double("Mongo::Crypt::EncryptionIO") } let(:context) { described_class.new(mongocrypt, io, kms_provider_name, options) } let(:base_options) { {} } let(:options) { base_options } describe '#initialize' do shared_examples 'it properly sets key_alt_names' do context 'with one key_alt_names' do let(:options) { base_options.merge(key_alt_names: ['keyAltName1']) } it 'does not raise an exception' do expect do context end.not_to raise_error end end context 'with multiple key_alt_names' do let(:options) { base_options.merge(key_alt_names: ['keyAltName1', 'keyAltName2']) } it 'does not raise an exception' do expect do context end.not_to raise_error end end context 'with empty key_alt_names' do let(:options) { base_options.merge(key_alt_names: []) } it 'does not raise an exception' do expect do context end.not_to raise_error end end context 'with invalid key_alt_names' do let(:options) { base_options.merge(key_alt_names: ['keyAltName1', 3]) } it 'does raises an exception' do expect do context end.to raise_error(ArgumentError, /All values of the :key_alt_names option Array must be Strings/) end end context 'with non-array key_alt_names' do let(:options) { base_options.merge(key_alt_names: "keyAltName1") } it 'does raises an exception' do expect do context end.to raise_error(ArgumentError, /key_alt_names option must be an Array/) end end end context 'with invalid kms provider'do let(:kms_providers) { local_kms_providers } let(:kms_provider_name) { 'invalid' } it 'raises an exception' do expect do context end.to raise_exception(/invalid is an invalid kms provider/) end end context 'with local kms provider and empty options' do include_context 'with local kms_providers' it_behaves_like 'it properly sets key_alt_names' it 'does not raise an exception' do expect do context end.not_to raise_error end end context 'with aws kms provider' do include_context 'with AWS kms_providers' let(:base_options) { { master_key: { region: 'us-east-2', key: 'arn' } } } it_behaves_like 'it properly sets key_alt_names' context 'with empty options' do let(:options) { {} } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /options Hash must contain a key named :master_key with a Hash value/) end end context 'with an invalid master key option' do let(:options) { { master_key: 'key' } } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /:master_key option must be a Hash/) end end context 'where master key is an empty hash' do let(:options) { { master_key: {} } } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /The value of :region option of the :master_key options hash cannot be nil/) end end context 'with a nil region option' do let(:options) { { master_key: { region: nil } } } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /The value of :region option of the :master_key options hash cannot be nil/) end end context 'with an invalid region option' do let(:options) { { master_key: { region: 5 } } } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /5 is an invalid AWS master_key region/) end end context 'with an invalid key option' do let(:options) { { master_key: { region: 'us-east-2', key: nil } } } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /The value of :key option of the :master_key options hash cannot be nil/) end end context 'with an invalid key option' do let(:options) { { master_key: { region: 'us-east-2', key: 5 } } } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /5 is an invalid AWS master_key key/) end end context 'with an invalid endpoint option' do let(:options) { { master_key: { region: 'us-east-2', key: 'arn', endpoint: 5 } } } it 'raises an exception' do expect do context end.to raise_error(ArgumentError, /5 is an invalid AWS master_key endpoint/) end end context 'with valid options' do it 'does not raise an exception' do expect do context end.not_to raise_error end end context 'with valid endpoint' do let(:options) { { master_key: { region: 'us-east-2', key: 'arn', endpoint: 'kms.us-east-2.amazonaws.com:443' } } } it 'does not raise an exception' do expect do context end.not_to raise_error end end end end describe '#run_state_machine' do # TODO: test with AWS KMS provider context 'with local KMS provider' do include_context 'with local kms_providers' it 'creates a data key' do expect(context.run_state_machine).to be_a_kind_of(Hash) end end end end