CSHARP-4153: Add FLE 2 API to AutoEncryptionOpts.

Author: DmitryLukyanov

evergreen/evergreen.yml

@@ -1661,21 +1661,21 @@ buildvariants:
 
 - matrix_name: "csfle-with-mocked-kms-tests-windows"
   matrix_spec: { os: "windows-64", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
-  display_name: "CSFLE Mocked KMS ${os}"
+  display_name: "CSFLE Mocked KMS ${version} ${os}"
   tasks:
     - name: test-kms-tls-mocked-net472
     - name: test-kms-tls-mocked-netstandard20
     - name: test-kms-tls-mocked-netstandard21
 
 - matrix_name: "csfle-with-mocked-kms-tests-linux"
   matrix_spec: { os: "ubuntu-1804", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
-  display_name: "CSFLE Mocked KMS ${os}"
+  display_name: "CSFLE Mocked KMS ${version} ${os}"
   tasks:
     - name: test-kms-tls-mocked-netstandard20
     - name: test-kms-tls-mocked-netstandard21
 
 - matrix_name: "csfle-with-mocked-kms-tests-macOS"
   matrix_spec: { os: "macos-1014", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
-  display_name: "CSFLE Mocked KMS ${os}"
+  display_name: "CSFLE Mocked KMS ${version} ${os}"
   tasks:
     - name: test-kms-tls-mocked-netstandard21

src/MongoDB.Driver.Core/Core/Clusters/Cluster.cs

@@ -187,6 +187,7 @@ protected virtual void Dispose(bool disposing)
                 UpdateClusterDescription(newClusterDescription);
 
                 _rapidHeartbeatTimer.Dispose();
+                _cryptClient?.Dispose();
             }
         }
 
@@ -222,9 +223,13 @@ public virtual void Initialize()
             ThrowIfDisposed();
             if (_state.TryChange(State.Initial, State.Open))
             {
-                if (_settings.KmsProviders != null || _settings.SchemaMap != null)
+                if (_settings.KmsProviders != null || _settings.SchemaMap != null || _settings.EncryptedFieldsMap != null || _settings.BypassQueryAnalysis.HasValue)
                 {
-                    _cryptClient = CryptClientCreator.CreateCryptClient(_settings.KmsProviders, _settings.SchemaMap);
+                    _cryptClient = CryptClientCreator.CreateCryptClient(
+                        _settings.BypassQueryAnalysis,
+                        encryptedFieldsMap: _settings.EncryptedFieldsMap,
+                        _settings.KmsProviders,
+                        _settings.SchemaMap);
                 }
             }
         }

src/MongoDB.Driver.Core/Core/Clusters/CryptClientCreator.cs

@@ -33,27 +33,37 @@ public sealed class CryptClientCreator
         /// <summary>
         /// Create a CryptClient instance.
         /// </summary>
+        /// <param name="bypassQueryAnalysis">The bypass query analysis flag.</param>
+        /// <param name="encryptedFieldsMap">The encrypted fields map.</param>
         /// <param name="kmsProviders">The kms providers.</param>
         /// <param name="schemaMap">The schema map.</param>
         /// <returns>The CryptClient instance.</returns>
         public static CryptClient CreateCryptClient(
+            bool? bypassQueryAnalysis,
+            IReadOnlyDictionary<string, BsonDocument> encryptedFieldsMap,
             IReadOnlyDictionary<string, IReadOnlyDictionary<string, object>> kmsProviders,
             IReadOnlyDictionary<string, BsonDocument> schemaMap)
         {
-            var helper = new CryptClientCreator(kmsProviders, schemaMap);
+            var helper = new CryptClientCreator(bypassQueryAnalysis, encryptedFieldsMap, kmsProviders, schemaMap);
             var cryptOptions = helper.CreateCryptOptions();
             return helper.CreateCryptClient(cryptOptions);
         }
 #pragma warning restore
         #endregion
 
+        private readonly bool? _bypassQueryAnalysis;
+        private readonly IReadOnlyDictionary<string, BsonDocument> _encryptedFieldsMap;
         private readonly IReadOnlyDictionary<string, IReadOnlyDictionary<string, object>> _kmsProviders;
         private readonly IReadOnlyDictionary<string, BsonDocument> _schemaMap;
 
         private CryptClientCreator(
+            bool? bypassQueryAnalysis,
+            IReadOnlyDictionary<string, BsonDocument> encryptedFieldsMap,
             IReadOnlyDictionary<string, IReadOnlyDictionary<string, object>> kmsProviders,
             IReadOnlyDictionary<string, BsonDocument> schemaMap)
         {
+            _bypassQueryAnalysis = bypassQueryAnalysis;
+            _encryptedFieldsMap = encryptedFieldsMap;
             _kmsProviders = Ensure.IsNotNull(kmsProviders, nameof(kmsProviders));
             _schemaMap = schemaMap;
         }
@@ -85,19 +95,16 @@ private CryptOptions CreateCryptOptions()
             byte[] schemaBytes = null;
             if (_schemaMap != null)
             {
-                var schemaMapElements = _schemaMap.Select(c => new BsonElement(c.Key, c.Value));
-                var schemaDocument = new BsonDocument(schemaMapElements);
-#pragma warning disable 618
-                var writerSettings = new BsonBinaryWriterSettings();
-                if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2)
-                {
-                    writerSettings.GuidRepresentation = GuidRepresentation.Unspecified;
-                }
-#pragma warning restore 618
-                schemaBytes = schemaDocument.ToBson(writerSettings: writerSettings);
+                schemaBytes = GetBytesFromMap(_schemaMap);
+            }
+
+            byte[] encryptedFieldsBytes = null;
+            if (_encryptedFieldsMap != null)
+            {
+                encryptedFieldsBytes = GetBytesFromMap(_encryptedFieldsMap);
             }
 
-            return new CryptOptions(kmsProviders, schemaBytes);
+            return new CryptOptions(kmsProviders, encryptedFieldsMap: encryptedFieldsBytes, schema: schemaBytes, bypassQueryAnalysis: _bypassQueryAnalysis.GetValueOrDefault(false));
         }
 
         private BsonDocument CreateProviderDocument(string kmsType, IReadOnlyDictionary<string, object> data)
@@ -110,5 +117,19 @@ private BsonDocument CreateProviderDocument(string kmsType, IReadOnlyDictionary<
             var providerDocument = new BsonDocument(kmsType, providerContent);
             return providerDocument;
         }
+
+        private byte[] GetBytesFromMap(IReadOnlyDictionary<string, BsonDocument> map)
+        {
+            var mapElements = map.Select(c => new BsonElement(c.Key, c.Value));
+            var mapDocument = new BsonDocument(mapElements);
+#pragma warning disable 618
+            var writerSettings = new BsonBinaryWriterSettings();
+            if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2)
+            {
+                writerSettings.GuidRepresentation = GuidRepresentation.Unspecified;
+            }
+#pragma warning restore 618
+            return mapDocument.ToBson(writerSettings: writerSettings);
+        }
     }
 }

src/MongoDB.Driver.Core/Core/Clusters/LoadBalancedCluster.cs

@@ -170,9 +170,9 @@ public void Initialize()
                 var stopwatch = Stopwatch.StartNew();
                 _openingEventHandler?.Invoke(new ClusterOpeningEvent(ClusterId, Settings));
 
-                if (_settings.KmsProviders != null || _settings.SchemaMap != null)
+                if (_settings.KmsProviders != null || _settings.SchemaMap != null || _settings.EncryptedFieldsMap != null || _settings.BypassQueryAnalysis.HasValue)
                 {
-                    _cryptClient = CryptClientCreator.CreateCryptClient(_settings.KmsProviders, _settings.SchemaMap);
+                    _cryptClient = CryptClientCreator.CreateCryptClient(_settings.BypassQueryAnalysis, _settings.EncryptedFieldsMap, _settings.KmsProviders, _settings.SchemaMap);
                 }
 
                 var endPoint = _settings.EndPoints.Single();

src/MongoDB.Driver.Core/Core/Configuration/ClusterSettings.cs

@@ -35,11 +35,13 @@ public class ClusterSettings
         #endregion
 
         // fields
+        private readonly bool? _bypassQueryAnalysis;
 #pragma warning disable CS0618 // Type or member is obsolete
         private readonly ClusterConnectionMode _connectionMode;
         private readonly ConnectionModeSwitch _connectionModeSwitch;
 #pragma warning restore CS0618 // Type or member is obsolete
         private readonly bool? _directConnection;
+        private readonly IReadOnlyDictionary<string, BsonDocument> _encryptedFieldsMap;
         private readonly IReadOnlyList<EndPoint> _endPoints;
         private readonly IReadOnlyDictionary<string, IReadOnlyDictionary<string, object>> _kmsProviders;
         private readonly bool _loadBalanced;
@@ -74,6 +76,8 @@ public class ClusterSettings
         /// <param name="schemaMap">The schema map.</param>
         /// <param name="scheme">The connection string scheme.</param>
         /// <param name="srvMaxHosts">Limits the number of SRV records used to populate the seedlist during initial discovery, as well as the number of additional hosts that may be added during SRV polling.</param>
+        /// <param name="encryptedFieldsMap">The encrypted fields map.</param>
+        /// <param name="bypassQueryAnalysis">The bypass query analysis flag.</param>
         public ClusterSettings(
 #pragma warning disable CS0618 // Type or member is obsolete
             Optional<ClusterConnectionMode> connectionMode = default(Optional<ClusterConnectionMode>),
@@ -92,13 +96,17 @@ public ClusterSettings(
             Optional<IServerSelector> postServerSelector = default(Optional<IServerSelector>),
             Optional<IReadOnlyDictionary<string, BsonDocument>> schemaMap = default(Optional<IReadOnlyDictionary<string, BsonDocument>>),
             Optional<ConnectionStringScheme> scheme = default(Optional<ConnectionStringScheme>),
-            Optional<int> srvMaxHosts = default)
+            Optional<int> srvMaxHosts = default,
+            Optional<IReadOnlyDictionary<string, BsonDocument>> encryptedFieldsMap = default,
+            Optional<bool?> bypassQueryAnalysis = default)
         {
+            _bypassQueryAnalysis = bypassQueryAnalysis.WithDefault(null);
 #pragma warning disable CS0618 // Type or member is obsolete
             _connectionMode = connectionMode.WithDefault(ClusterConnectionMode.Automatic);
             _connectionModeSwitch = connectionModeSwitch.WithDefault(ConnectionModeSwitch.NotSet);
 #pragma warning restore CS0618 // Type or member is obsolete
             _directConnection = directConnection.WithDefault(null);
+            _encryptedFieldsMap = encryptedFieldsMap.WithDefault(null);
             _endPoints = Ensure.IsNotNull(endPoints.WithDefault(__defaultEndPoints), nameof(endPoints)).ToList();
             _kmsProviders = kmsProviders.WithDefault(null);
             _loadBalanced = loadBalanced.WithDefault(false);
@@ -117,6 +125,11 @@ public ClusterSettings(
         }
 
         // properties
+        /// <summary>
+        /// Gets a value indicating whether to bypass query analysis.
+        /// </summary>
+        public bool? BypassQueryAnalysis => _bypassQueryAnalysis;
+
         /// <summary>
         /// Gets the connection mode.
         /// </summary>
@@ -162,6 +175,11 @@ public bool? DirectConnection
             }
         }
 
+        /// <summary>
+        /// Gets the encrypted fields map.
+        /// </summary>
+        public IReadOnlyDictionary<string, BsonDocument> EncryptedFieldsMap => _encryptedFieldsMap;
+
         /// <summary>
         /// Gets the end points.
         /// </summary>
@@ -319,6 +337,8 @@ public IServerSelector PostServerSelector
         /// <param name="scheme">The connection string scheme.</param>
         /// <param name="srvMaxHosts">Limits the number of SRV records used to populate the seedlist during initial discovery, as well as the number of additional hosts that may be added during SRV polling.</param>
         /// <returns>A new ClusterSettings instance.</returns>
+        /// <param name="encryptedFieldsMap">The encrypted fields map.</param>
+        /// <param name="bypassQueryAnalysis">The bypass query analysis flag.</param>
         public ClusterSettings With(
 #pragma warning disable CS0618 // Type or member is obsolete
             Optional<ClusterConnectionMode> connectionMode = default(Optional<ClusterConnectionMode>),
@@ -337,7 +357,9 @@ public ClusterSettings With(
             Optional<IServerSelector> postServerSelector = default(Optional<IServerSelector>),
             Optional<IReadOnlyDictionary<string, BsonDocument>> schemaMap = default(Optional<IReadOnlyDictionary<string, BsonDocument>>),
             Optional<ConnectionStringScheme> scheme = default(Optional<ConnectionStringScheme>),
-            Optional<int> srvMaxHosts = default)
+            Optional<int> srvMaxHosts = default,
+            Optional<IReadOnlyDictionary<string, BsonDocument>> encryptedFieldsMap = default,
+            Optional<bool?> bypassQueryAnalysis = default)
         {
             return new ClusterSettings(
                 connectionMode: connectionMode.WithDefault(_connectionMode),
@@ -355,7 +377,9 @@ public ClusterSettings With(
                 postServerSelector: Optional.Create(postServerSelector.WithDefault(_postServerSelector)),
                 schemaMap: Optional.Create(schemaMap.WithDefault(_schemaMap)),
                 scheme: scheme.WithDefault(_scheme),
-                srvMaxHosts: srvMaxHosts.WithDefault(_srvMaxHosts));
+                srvMaxHosts: srvMaxHosts.WithDefault(_srvMaxHosts),
+                encryptedFieldsMap: Optional.Create(encryptedFieldsMap.WithDefault(_encryptedFieldsMap)),
+                bypassQueryAnalysis: bypassQueryAnalysis.WithDefault(_bypassQueryAnalysis));
         }
 
         // internal methods

src/MongoDB.Driver.Legacy/MongoServerSettings.cs

@@ -1191,13 +1191,15 @@ internal ClusterKey ToClusterKey()
             return new ClusterKey(
                 _allowInsecureTls,
                 _applicationName,
+                bypassQueryAnalysis: null, // not supported for legacy
                 _clusterConfigurator,
                 _compressors,
                 _connectionMode,
                 _connectionModeSwitch,
                 _connectTimeout,
                 _credentials.ToList(),
                 _directConnection,
+                encryptedFieldsMap: null, // not supported for legacy
                 _heartbeatInterval,
                 _heartbeatTimeout,
                 _ipv6,

src/MongoDB.Driver/ClusterKey.cs

@@ -29,6 +29,7 @@ internal class ClusterKey
         // fields
         private readonly bool _allowInsecureTls;
         private readonly string _applicationName;
+        private readonly bool? _bypassQueryAnalysis;
         private readonly Action<ClusterBuilder> _clusterConfigurator;
         private readonly IReadOnlyList<CompressorConfiguration> _compressors;
 #pragma warning disable CS0618 // Type or member is obsolete
@@ -38,6 +39,7 @@ internal class ClusterKey
         private readonly TimeSpan _connectTimeout;
         private readonly IReadOnlyList<MongoCredential> _credentials;
         private readonly bool? _directConnection;
+        private readonly IReadOnlyDictionary<string, BsonDocument> _encryptedFieldsMap;
         private readonly int _hashCode;
         private readonly TimeSpan _heartbeatInterval;
         private readonly TimeSpan _heartbeatTimeout;
@@ -70,6 +72,7 @@ internal class ClusterKey
         public ClusterKey(
             bool allowInsecureTls,
             string applicationName,
+            bool? bypassQueryAnalysis,
             Action<ClusterBuilder> clusterConfigurator,
             IReadOnlyList<CompressorConfiguration> compressors,
 #pragma warning disable CS0618 // Type or member is obsolete
@@ -79,6 +82,7 @@ public ClusterKey(
             TimeSpan connectTimeout,
             IReadOnlyList<MongoCredential> credentials,
             bool? directConnection,
+            IReadOnlyDictionary<string, BsonDocument> encryptedFieldsMap,
             TimeSpan heartbeatInterval,
             TimeSpan heartbeatTimeout,
             bool ipv6,
@@ -110,13 +114,15 @@ public ClusterKey(
 
             _allowInsecureTls = allowInsecureTls;
             _applicationName = applicationName;
+            _bypassQueryAnalysis = bypassQueryAnalysis;
             _clusterConfigurator = clusterConfigurator;
             _compressors = compressors;
             _connectionMode = connectionMode;
             _connectionModeSwitch = connectionModeSwitch;
             _connectTimeout = connectTimeout;
             _credentials = credentials;
             _directConnection = directConnection;
+            _encryptedFieldsMap = encryptedFieldsMap;
             _heartbeatInterval = heartbeatInterval;
             _heartbeatTimeout = heartbeatTimeout;
             _ipv6 = ipv6;
@@ -150,6 +156,7 @@ public ClusterKey(
         // properties
         public bool AllowInsecureTls => _allowInsecureTls;
         public string ApplicationName { get { return _applicationName; } }
+        public bool? BypassQueryAnalysis { get { return _bypassQueryAnalysis; } }
         public Action<ClusterBuilder> ClusterConfigurator { get { return _clusterConfigurator; } }
         public IReadOnlyList<CompressorConfiguration> Compressors { get { return _compressors; } }
         [Obsolete("Use DirectConnection instead.")]
@@ -181,6 +188,7 @@ public bool? DirectConnection
                 return _directConnection;
             }
         }
+        public IReadOnlyDictionary<string, BsonDocument> EncryptedFieldsMap { get { return _encryptedFieldsMap; } }
         public TimeSpan HeartbeatInterval { get { return _heartbeatInterval; } }
         public TimeSpan HeartbeatTimeout { get { return _heartbeatTimeout; } }
         public bool IPv6 { get { return _ipv6; } }
@@ -229,13 +237,15 @@ public override bool Equals(object obj)
                 _hashCode == rhs._hashCode && // fail fast
                 _allowInsecureTls == rhs._allowInsecureTls &&
                 _applicationName == rhs._applicationName &&
+                _bypassQueryAnalysis == rhs._bypassQueryAnalysis &&
                 object.ReferenceEquals(_clusterConfigurator, rhs._clusterConfigurator) &&
                 _compressors.SequenceEqual(rhs._compressors) &&
                 _connectionMode == rhs._connectionMode &&
                 _connectionModeSwitch == rhs._connectionModeSwitch &&
                 _connectTimeout == rhs._connectTimeout &&
                 _credentials.SequenceEqual(rhs._credentials) &&
                 _directConnection.Equals(rhs._directConnection) &&
+                _encryptedFieldsMap.IsEquivalentTo(rhs._encryptedFieldsMap, object.Equals) &&
                 _heartbeatInterval == rhs._heartbeatInterval &&
                 _heartbeatTimeout == rhs._heartbeatTimeout &&
                 _ipv6 == rhs._ipv6 &&

src/MongoDB.Driver/ClusterRegistry.cs

@@ -86,9 +86,11 @@ private ClusterSettings ConfigureCluster(ClusterSettings settings, ClusterKey cl
             Optional<ClusterConnectionMode> connectionMode = connectionModeSwitch == ConnectionModeSwitch.UseConnectionMode ? clusterKey.ConnectionMode.ToCore() : default;
             Optional<bool?> directConnection = connectionModeSwitch == ConnectionModeSwitch.UseDirectConnection ? clusterKey.DirectConnection : default;
             return settings.With(
+                bypassQueryAnalysis: clusterKey.BypassQueryAnalysis,
                 connectionMode: connectionMode,
                 connectionModeSwitch: connectionModeSwitch,
                 directConnection: directConnection,
+                encryptedFieldsMap: Optional.Create(clusterKey.EncryptedFieldsMap),
                 endPoints: Optional.Enumerable(endPoints),
                 kmsProviders: Optional.Create(clusterKey.KmsProviders),
                 loadBalanced: clusterKey.LoadBalanced,