feat(NODE-4179): allow secureContext in KMS TLS options

[durran]

Description

Allows users to pass a secureContext option to the TLS options in client encryption and auto encryption.

What is changing?

• Allows a secureContext option to the tlsOptions:<provider> option in autoEncryption options on the MongoClient or the options for ClientEncryption.
• Adds tests that ensure a secureContext option takes precedence over the driver tls* options, that the tls* options aren't attempted to be read from the file, and that it works end-to-end.

Is there new documentation needed for these changes?

Yes, update the MongoDB manual to show the precedence of the options.

What is the motivation for this change?

NODE-4179

Release Highlight

Allow a secureContext for Auto Encryption and Client Encryption TLS options

This can be provided in the tlsOptions option both both objects.

import * as tls from 'tls'; import { ClientEncryption, MongoClient } from 'mongodb'; const caFile = await fs.readFile(process.env.CSFLE_TLS_CA_FILE); const certFile = await fs.readFile(process.env.CSFLE_TLS_CLIENT_CERT_FILE); const secureContextOptions = { ca: caFile, key: certFile, cert: certFile }; const options = { keyVaultNamespace: 'db.coll', kmsProviders: { aws: {} } }, tlsOptions: { aws: { secureContext: tls.createSecureContext(secureContextOptions), } } }; const client = this.configuration.newClient({}, { autoEncryption: { ...options, schemaMap } }); const clientEncryption = new ClientEncryption(client, options);

Double check the following

• Ran npm run check:lint script
• Self-review completed using the steps outlined here
• PR title follows the correct format: type(NODE-xxxx)[!]: description
  • Example: feat(NODE-1234)!: rewriting everything in coffeescript
• Changes are covered by tests
• New TODOs have a related JIRA ticket