feat(NODE-3777): add csfle kmip support

[durran]

Description

Adds KMIP support to client side encryption. Includes NODE-3967 (remove example.com usages)

What is changing?

• Adds the updated spec tests and allows KMIP to be used as a KMS provider.
• Properly passes through TLS options per KMS provider.

Is there new documentation needed for these changes?

None

What is the motivation for this change?

NODE-3777

Double check the following

• Ran npm run check:lint script
• Self-review completed using the steps outlined here
• PR title follows the correct format: <type>(NODE-xxxx)<!>: <description>
• Changes are covered by tests
• New TODOs have a related JIRA ticket

https://spruce.mongodb.com/version/6203b999a4cf4724f9db3342/tasks?sorts=STATUS%3AASC%3BBASE_STATUS%3ADESC

[durran]

CSFLE tests on the main run fail due to the main suite of tests pointing at mongodb-client-encryption@2.0.0-beta.2 but we need a beta.3 released for those to pass. The https://spruce.mongodb.com/version/61e753873066153369a025de/tasks?sorts=STATUS%3AASC%3BBASE_STATUS%3ADESC patch which points at my PR on mongodb/libmongocrypt#235 for just the CSFLE tests shows they will pass when this happens.

[nbbeeken]

We've got some test clean up needed here, unfotunately it's a little manual becuase chai can't take async functions inside expect(x).to.throw

[nbbeeken]

Interesting that the metadata is not working, could we try skipping inside a beforeEach hook if possible? Currently we have a consistent test count across all runs, it would be nice to keep that for LB too.

It appears we currently don't run FLE against lb because we don't have the CSFLE_KMS_PROVIDERS var defined in that environment, I don't see anything in the evergreen changes that would've brought it in, what made this crop up?

[durran]

I've updated to skip in the before/beforeEach blocks now and removed this conditional.

The CSFLE_KMS_PROVIDERS variable is not in the env, but the metadata isn't skipping for some reason and the test attempts to JSON.parse that env variable anyways causing a parse error on the string 'NOT_PROVIDED'. So I tried to change that string to be empty just to get around it but the before hooks are still running. I suspect there's some funkiness with mocha and async functions but I haven't been able to confirm what the exact issue yet is, and didn't want to rewrite all the tests without async await since it made it way easier to read. But I can do that if we want.

[durran]

I moved the CSFLE tests into manual so now they don't attempt to run with all the other variants so I could remove the skip hook hacks (they also expect to run no auth). I felt this was an appropriate special case and we already have the precedent for this and spec tests with socks5 (and soon kerberos prose spec tests). When moving them I also added the custom dependency variant to run on patches so they will run when opening pull requests now.

[nbbeeken]

We should investigate further why the metadata skip isn't working for us rather than moving csfle to manual, unlike socks5 we were testing against the package published on npm while the custom version variant pulls from master of libmongocrypt, I think its important for us to keep the full integration test with what users have available.

You mentioned the before hooks were still running in LB (and probably now auth variants), sorry I did not recall earlier but this is a known limitation. And you can see how I already had to work around it for some of our FLE tests here

[durran]

We should investigate further why the metadata skip isn't working for us rather than moving csfle to manual, unlike socks5 we were testing against the package published on npm while the custom version variant pulls from master of libmongocrypt, I think its important for us to keep the full integration test with what users have available.

You mentioned the before hooks were still running in LB (and probably now auth variants), sorry I did not recall earlier but this is a known limitation. And you can see how I already had to work around it for some of our FLE tests here

Yeah I also ran across this as well: mochajs/mocha#2456

I can rewrite all those new tests in the other way or should I just make a ticket to come back to them as moving them to manual circumvents the issue?

[dariakp]

We should investigate further why the metadata skip isn't working for us rather than moving csfle to manual, unlike socks5 we were testing against the package published on npm while the custom version variant pulls from master of libmongocrypt, I think its important for us to keep the full integration test with what users have available.
You mentioned the before hooks were still running in LB (and probably now auth variants), sorry I did not recall earlier but this is a known limitation. And you can see how I already had to work around it for some of our FLE tests here

Yeah I also ran across this as well: mochajs/mocha#2456

I can rewrite all those new tests in the other way or should I just make a ticket to come back to them as moving them to manual circumvents the issue?

I think it would be better not to move them to manual if we don't have to, because like Neal mentioned, it is potentially losing us some coverage and increasing work that we'll have to do to revamp the manual suite. So if we can avoid introducing that tech debt now, that's better than relying on eventually getting it fixed.

[durran]

I have moved the csfle tests back to integration and refactored the tests to do all the client related activity in the it blocks and not in the before/after. Everything is passing now and no metadata issues on the main test runs and no explicit skips.

[baileympearson]

Would ../shared work here?

[nbbeeken]

No need to block this PR but wanna bump this to beta.4 :)

[dariakp]

LGTM, but we can probably put the ../../integration/shared requires back to just ../shared in both the prose.deadlock and prose test files now