GODRIVER-3486 Support auto encryption in unified tests.

[qingyang-hu]

GODRIVER-3486

Summary

Support auto encryption in unified tests.

Background & Motivation

[evergreen-ci-prod]

There is an existing patch(es) for this commit SHA:

• Evergreen patch with PR

Please note that the status that is posted is not in the context of this PR but rather the (latest) existing patch and that may affect some tests that may depend on the particular PR. If your tests do not rely on any PR-specific values (like base or head branch name) then your tests will report the same status. If you would like a patch to run in the context of this PR and abort the other(s), comment 'evergreen retry'.

[mongodb-drivers-pr-bot]

🧪 Performance Results

Commit SHA: 6bf8480

The following benchmark tests for version 6917ebad1e26950007eb6d71 had statistically significant changes (i.e., |z-score| > 1.96):

Benchmark	Measurement	% Change	Patch Value	Stable Region	H-Score	Z-Score
BenchmarkMultiFindMany	ops_per_second_min	-90.4195	3296.1201	Avg: 34404.3316 Med: 34347.1899 Stdev: 15191.2729	0.7228	-2.0478
BenchmarkMultiFindMany	total_bytes_allocated	-17.4971	626270032.0000	Avg: 759088870.4762 Med: 762006024.0000 Stdev: 40013439.8914	0.8331	-3.3194
BenchmarkMultiFindMany	total_mem_allocs	-17.4712	385759.0000	Avg: 467423.3810 Med: 468895.0000 Stdev: 24639.3489	0.8323	-3.3144
BenchmarkSingleFindOneByID	total_mem_allocs	-16.5625	1382867.0000	Avg: 1657367.7589 Med: 1670512.0000 Stdev: 81591.5123	0.8396	-3.3643
BenchmarkSingleFindOneByID	total_bytes_allocated	-15.8627	86186952.0000	Avg: 102436052.0000 Med: 103155352.0000 Stdev: 5019526.4681	0.8321	-3.2372
BenchmarkSingleFindOneByID	total_time_seconds	-9.8991	1.0350	Avg: 1.1487 Med: 1.1566 Stdev: 0.0481	0.7657	-2.3624
BenchmarkMultiInsertLargeDocument	ns_per_op	9.2089	31961697.0000	Avg: 29266565.6000 Med: 29232341.5000 Stdev: 908761.0558	0.8279	2.9657
BenchmarkSingleFindOneByID	ops_per_second_med	-9.0666	3780.4611	Avg: 4157.3960 Med: 4188.7448 Stdev: 145.9043	0.7977	-2.5834
BenchmarkSingleFindOneByID	ns_per_op	9.0607	269396.0000	Avg: 247014.7143 Med: 244841.0000 Stdev: 9136.4493	0.7851	2.4497
BenchmarkBSONDeepDocumentEncoding	ops_per_second_max	7.7393	82196.2847	Avg: 76291.8035 Med: 75511.6530 Stdev: 2566.3776	0.7668	2.3007
BenchmarkSmallDocInsertOne	ops_per_second_max	-7.2102	5761.6962	Avg: 6209.4067 Med: 6237.7584 Stdev: 206.4604	0.7580	-2.1685
BenchmarkBSONFlatDocumentEncoding	ops_per_second_max	6.5790	91249.2016	Avg: 85616.4997 Med: 86125.2261 Stdev: 2190.0387	0.8021	2.5720
BenchmarkBSONDeepDocumentDecoding	ops_per_second_max	6.0037	18354.6860	Avg: 17315.1350 Med: 17213.7779 Stdev: 282.9837	0.8836	3.6735
BenchmarkBSONDeepDocumentDecoding	ops_per_second_med	4.4280	17433.4478	Avg: 16694.2345 Med: 16711.9281 Stdev: 231.4120	0.8429	3.1944
BenchmarkMultiFindMany	ops_per_second_max	4.2706	4385964.9123	Avg: 4206330.6642 Med: 4219409.2827 Stdev: 50965.7878	0.8477	3.5246
BenchmarkBSONFlatDocumentDecoding	ops_per_second_max	3.3955	22191.6471	Avg: 21462.8674 Med: 21487.8164 Stdev: 256.5951	0.8119	2.8402
BenchmarkBSONFullDocumentDecoding	ops_per_second_max	3.3913	15633.5496	Avg: 15120.7578 Med: 15110.7619 Stdev: 118.5376	0.8734	4.3260
BenchmarkMultiFindMany	ops_per_second_med	3.1853	3846153.8462	Avg: 3727424.2933 Med: 3731343.2836 Stdev: 38055.9003	0.8274	3.1199
BenchmarkBSONFullDocumentEncoding	ops_per_second_max	3.1563	48923.6791	Avg: 47426.7393 Med: 47415.8369 Stdev: 452.2491	0.8345	3.3100
BenchmarkBSONDeepDocumentDecoding	total_mem_allocs	2.3918	13440443.0000	Avg: 13126477.6154 Med: 13155457.0000 Stdev: 151987.0500	0.7369	2.0657
BenchmarkBSONDeepDocumentDecoding	total_bytes_allocated	2.3871	291989904.0000	Avg: 285182249.2308 Med: 285809488.0000 Stdev: 3293587.4831	0.7371	2.0669
BenchmarkBSONFullDocumentEncoding	allocated_bytes_per_op	-0.0651	5194.0000	Avg: 5197.3846 Med: 5197.0000 Stdev: 1.4456	0.7692	-2.3413

For a comprehensive view of all microbenchmark results for this PR's commit, please check out the Evergreen perf task for this patch.

[mongodb-drivers-pr-bot]

API Change Report

No changes found!

[Copilot]

Pull Request Overview

This PR adds support for auto encryption in unified tests by implementing the autoEncryptOpts option for client entities, enabling previously skipped client-side encryption tests to run.

• Removes skip entries for 4 client-side encryption unified tests
• Adds AutoEncryptOpts field to entityOptions struct
• Implements createAutoEncryptionOptions function to parse and configure auto encryption settings

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
internal/spectest/skip.go	Removes the skip list for auto encryption unified tests (DRIVERS-3106), enabling 4 previously skipped client-side encryption tests
internal/integration/unified/entity.go	Adds AutoEncryptOpts field to support auto encryption configuration in entity options
internal/integration/unified/client_entity.go	Implements auto encryption support by adding global AWS credential variables and createAutoEncryptionOptions function to parse and apply encryption settings to client entities

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

[nitpick] There is duplicated logic between this function and createAutoEncryptionOptions in json_helpers_test.go (lines 128-176). Consider extracting the common functionality into a shared helper function to reduce code duplication and ensure consistency across test implementations. This would make maintenance easier when new auto encryption options are added.

[Copilot]

The createAutoEncryptionOptions function is missing support for several options that are supported in the similar function in json_helpers_test.go:

• bypassAutoEncryption
• encryptedFieldsMap
• bypassQueryAnalysis
• keyExpirationMS

These options should be added to ensure feature parity and prevent test failures when these options are used in unified tests. For reference, see lines 154-166 in internal/integration/json_helpers_test.go.

[Copilot]

The KMS provider handling is incomplete compared to the existing implementation in json_helpers_test.go. Missing providers include:

• local (with binary key extraction)
• azure (with tenant ID, client ID, and client secret)
• gcp (with email and private key)
• kmip (with endpoint and TLS configuration)
• awsTemporary and awsTemporaryNoSessionToken (for temporary AWS credentials with session tokens)

Additionally, the current implementation doesn't handle placeholder documents (e.g., {"$$placeholder": 1}) that should be replaced with environment variable values. Consider using the getKmsCredential helper function from entity.go (lines 567-602) to properly handle placeholders and environment variables, similar to how it's done in addClientEncryptionEntity.

[Copilot]

Hard-coded AWS credentials from environment variables may fail if the credentials are not set or if placeholder documents are used in tests. The existing pattern in entity.go uses the getKmsCredential helper function to handle both string values and placeholder documents (e.g., {"$$placeholder": 1}). Consider refactoring to use getKmsCredential for consistency and to properly support test specifications that use placeholders.

Suggested change

	"accessKeyId": awsAccessKeyID,
	"secretAccessKey": awsSecretAccessKey,
	"accessKeyId": getKmsCredential("AWS_ACCESS_KEY_ID", "accessKeyId"),
	"secretAccessKey": getKmsCredential("AWS_SECRET_ACCESS_KEY", "secretAccessKey"),

[Copilot]

The error handling for BSON unmarshalling is inconsistent with other error messages in this function. Consider wrapping the error with more context, similar to line 297: return nil, fmt.Errorf("error creating schema map: %w", err) for better debugging.

Suggested change

	return nil, err
	return nil, fmt.Errorf("error creating schema map: %w", err)