test(NODE-6771): sync non-lb-connection-establishment test (#4426)

Co-authored-by: bailey <[email protected]>
Co-authored-by: Durran Jordan <[email protected]>

.evergreen/setup-fle.sh

@@ -4,10 +4,9 @@ bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup-secrets.sh
 source secrets-export.sh
 
 if [ -z "${RUN_WITH_MONGOCRYPTD}" ]; then
-  # Set up crypt shared lib if we don't want to use mongocryptd
-  bash .evergreen/prepare-crypt-shared-lib.sh
-  source crypt_shared.sh
-  echo "CRYPT_SHARED_LIB_PATH: $CRYPT_SHARED_LIB_PATH"
+  echo "crypt shared: $CRYPT_SHARED_LIB_PATH"
 else
+  rm $CRYPT_SHARED_LIB_PATH
+  unset CRYPT_SHARED_LIB_PATH
   echo "CRYPT_SHARED_LIB_PATH not set; using mongocryptd"
 fi

test/integration/client-side-encryption/client_side_encryption.prose.test.js

@@ -1146,7 +1146,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
                 mongocryptdSpawnArgs: [
                   '--pidfilepath=bypass-spawning-mongocryptd.pid',
                   '--port=27021'
-                ]
+                ],
+                cryptSharedLibSearchPaths: []
               }
             }
           }

test/integration/client-side-encryption/driver.test.ts

@@ -718,6 +718,7 @@ describe('CSOT', function () {
                 keyVaultClient,
                 keyVaultNamespace: 'keyvault.datakeys',
                 kmsProviders: getLocalKmsProvider(),
+                extraOptions: getEncryptExtraOptions(),
                 schemaMap: {
                   'test.test': {
                     bsonType: 'object',
@@ -771,14 +772,15 @@ describe('CSOT', function () {
               autoEncryption: {
                 keyVaultClient,
                 keyVaultNamespace: 'admin.datakeys',
-                kmsProviders: getLocalKmsProvider()
+                kmsProviders: getLocalKmsProvider(),
+                extraOptions: getEncryptExtraOptions()
               }
             }
           );
         });
 
         afterEach(async function () {
-          await encryptedClient.close();
+          await encryptedClient?.close();
         });
 
         it('the command succeeds', metadata, async function () {

test/integration/client-side-operations-timeout/client_side_operations_timeout.unit.test.ts

@@ -200,7 +200,8 @@ describe('CSOT spec unit tests', function () {
                     mongocryptdSpawnArgs: [
                       `--pidfilepath=${new ObjectId().toHexString()}.pid`,
                       '--port=27020'
-                    ]
+                    ],
+                    cryptSharedLibSearchPaths: []
                   },
                   keyVaultNamespace: 'admin.datakeys',
                   kmsProviders: {

test/integration/crud/crud.prose.test.ts

@@ -13,6 +13,7 @@ import {
   MongoInvalidArgumentError,
   MongoServerError
 } from '../../mongodb';
+import { getEncryptExtraOptions } from '../../tools/utils';
 import { filterForCommands } from '../shared';
 
 describe('CRUD Prose Spec Tests', () => {
@@ -1023,7 +1024,8 @@ describe('CRUD Prose Spec Tests', () => {
                 accessKeyId: 'foo',
                 secretAccessKey: 'bar'
               }
-            }
+            },
+            extraOptions: getEncryptExtraOptions()
           }
         }
       );

test/spec/load-balancers/non-lb-connection-establishment.json

@@ -57,6 +57,19 @@
   "tests": [
     {
       "description": "operations against non-load balanced clusters fail if URI contains loadBalanced=true",
+      "runOnRequirements": [
+        {
+          "maxServerVersion": "8.0.99",
+          "topologies": [
+            "single"
+          ]
+        },
+        {
+          "topologies": [
+            "sharded"
+          ]
+        }
+      ],
       "operations": [
         {
           "name": "runCommand",

test/spec/load-balancers/non-lb-connection-establishment.yml

@@ -42,6 +42,11 @@ tests:
   # If the server is not configured to be behind a load balancer and the URI contains loadBalanced=true, the driver
   # should error during the connection handshake because the server's hello response does not contain a serviceId field.
   - description: operations against non-load balanced clusters fail if URI contains loadBalanced=true
+    runOnRequirements:
+      - maxServerVersion: 8.0.99 # DRIVERS-3108: Skip test on >=8.1 mongod. SERVER-85804 changes a non-LB mongod to close connection.
+        topologies: [ single ]
+      - topologies: [ sharded ]
+
     operations:
       - name: runCommand
         object: *lbTrueDatabase

test/tools/runner/filters/client_encryption_filter.ts

@@ -4,9 +4,44 @@ import * as process from 'process';
 import { satisfies } from 'semver';
 
 import { kmsCredentialsPresent } from '../../../csfle-kms-providers';
-import { type MongoClient } from '../../../mongodb';
+import { type AutoEncrypter, MongoClient } from '../../../mongodb';
 import { Filter } from './filter';
 
+function getCryptSharedVersion(): AutoEncrypter['cryptSharedLibVersionInfo'] | null {
+  try {
+    const mc = new MongoClient('mongodb://localhost:27017', {
+      autoEncryption: {
+        kmsProviders: {
+          local: {
+            key: Buffer.alloc(96)
+          }
+        },
+        extraOptions: {
+          cryptSharedLibPath: process.env.CRYPT_SHARED_LIB_PATH
+        }
+      }
+    });
+    return mc.autoEncrypter.cryptSharedLibVersionInfo;
+  } catch {
+    try {
+      const mc = new MongoClient('mongodb://localhost:27017', {
+        autoEncryption: {
+          kmsProviders: {
+            local: {
+              key: Buffer.alloc(96)
+            }
+          }
+        }
+      });
+      return mc.autoEncrypter.cryptSharedLibVersionInfo;
+    } catch {
+      // squash errors
+    }
+  }
+
+  return null;
+}
+
 /**
  * Filter for whether or not a test needs / doesn't need Client Side Encryption
  *
@@ -24,15 +59,18 @@ export class ClientSideEncryptionFilter extends Filter {
   enabled: boolean;
   static version = null;
   static libmongocrypt: string | null = null;
+  static cryptShared: AutoEncrypter['cryptSharedLibVersionInfo'] | null = null;
 
   override async initializeFilter(client: MongoClient, context: Record<string, any>) {
-    let mongodbClientEncryption;
+    let mongodbClientEncryption: typeof import('mongodb-client-encryption');
     try {
       // eslint-disable-next-line @typescript-eslint/no-require-imports
       mongodbClientEncryption = require('mongodb-client-encryption');
       ClientSideEncryptionFilter.libmongocrypt = (
         mongodbClientEncryption as typeof import('mongodb-client-encryption')
       ).MongoCrypt.libmongocryptVersion;
+
+      ClientSideEncryptionFilter.cryptShared = getCryptSharedVersion();
     } catch (failedToGetFLELib) {
       if (process.env.TEST_CSFLE) {
         console.error({ failedToGetFLELib });
@@ -53,7 +91,8 @@ export class ClientSideEncryptionFilter extends Filter {
       enabled: this.enabled,
       mongodbClientEncryption,
       version: ClientSideEncryptionFilter.version,
-      libmongocrypt: ClientSideEncryptionFilter.libmongocrypt
+      libmongocrypt: ClientSideEncryptionFilter.libmongocrypt,
+      cryptShared: ClientSideEncryptionFilter.cryptShared
     };
   }
 

test/tools/runner/hooks/configuration.ts

@@ -176,9 +176,7 @@ const testConfigBeforeHook = async function () {
     auth: process.env.AUTH === 'auth',
     tls: process.env.SSL === 'ssl',
     csfle: {
-      enabled: this.configuration.clientSideEncryption.enabled,
-      version: this.configuration.clientSideEncryption.version,
-      libmongocrypt: this.configuration.clientSideEncryption.libmongocrypt
+      ...this.configuration.clientSideEncryption
     },
     serverApi: MONGODB_API_VERSION,
     atlas: process.env.ATLAS_CONNECTIVITY != null,