bson/testdata/client-side-encryption/unified/createDataKey-kms_providers-invalid.yml

description: createDataKey-kms_providers-invalid

schemaVersion: "1.8"

runOnRequirements:
  - csfle: true

createEntities:
  - client:
      id: &client0 client0
      observeEvents:
        - commandStartedEvent
        - commandSucceededEvent
        - commandFailedEvent
  - clientEncryption:
      id: &clientEncryption0 clientEncryption0
      clientEncryptionOpts:
        keyVaultClient: *client0
        keyVaultNamespace: keyvault.datakeys
        kmsProviders:
          aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 } }

tests:
  - description: create data key without required master key fields
    operations:
      - name: createDataKey
        object: *clientEncryption0
        arguments:
          kmsProvider: aws
          opts:
            masterKey: {}
        expectError:
          isClientError: true
    expectEvents:
      - client: *client0
        events: []

  - description: create data key with invalid master key field
    operations:
      - name: createDataKey
        object: *clientEncryption0
        arguments:
          kmsProvider: local
          opts:
            masterKey:
              invalid: 1
        expectError:
          isClientError: true
    expectEvents:
      - client: *client0
        events: []

  - description: create data key with invalid master key
    operations:
      - name: createDataKey
        object: *clientEncryption0
        arguments:
          kmsProvider: aws
          opts:
            masterKey:
              key: arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0
              region: invalid
        expectError:
          isClientError: true
    expectEvents:
      - client: *client0
        events: []