fix(NODE-5801): use more specific key typing for multiple KMS provider support

.evergreen/config.yml

@@ -3493,9 +3493,9 @@ tasks:
             - {key: TS_VERSION, value: current}
       - func: install dependencies
       - func: check types
-  - name: check-types-typescript-4.1.6
+  - name: check-types-typescript-4.4
     tags:
-      - check-types-typescript-4.1.6
+      - check-types-typescript-4.4
       - typescript-compilation
     commands:
       - command: expansions.update
@@ -3504,7 +3504,7 @@ tasks:
           updates:
             - {key: NODE_LTS_VERSION, value: '16'}
             - {key: NPM_VERSION, value: '9'}
-            - {key: TS_VERSION, value: 4.1.6}
+            - {key: TS_VERSION, value: '4.4'}
       - func: install dependencies
       - func: check types
   - name: download-and-merge-coverage

.evergreen/generate_evergreen_tasks.js

@@ -497,9 +497,10 @@ SINGLETON_TASKS.push(
 );
 
 function* makeTypescriptTasks() {
-  for (const TS_VERSION of ['next', 'current', '4.1.6']) {
-    // 4.1.6 can consume the public API but not compile the driver
-    if (TS_VERSION !== '4.1.6' && TS_VERSION !== 'next') {
+  for (const TS_VERSION of ['next', 'current', '4.4']) {
+    // We don't compile on next, because compilation errors are likely.  We do expect
+    // that the drivers types continue to work with next though.
+    if (TS_VERSION !== '4.4' && TS_VERSION !== 'next') {
       yield {
         name: `compile-driver-typescript-${TS_VERSION}`,
         tags: [`compile-driver-typescript-${TS_VERSION}`, 'typescript-compilation'],

.evergreen/run-typescript.sh

@@ -32,7 +32,7 @@ export TSC="./node_modules/typescript/bin/tsc"
 export TS_VERSION=$(get_ts_version)
 
 # On old versions of TS we need to put the node types back to 18.11.19
-npm install --no-save --force typescript@"$TS_VERSION" "$(if [[ $TS_VERSION == '4.1.6' ]]; then echo "@types/[email protected]"; else echo ""; fi)"
+npm install --no-save --force typescript@"$TS_VERSION" "$(if [[ $TS_VERSION == '4.4' ]]; then echo "@types/[email protected]"; else echo ""; fi)"
 
 echo "Typescript $($TSC -v)"
 

README.md

@@ -27,9 +27,9 @@ The official [MongoDB](https://www.mongodb.com/) driver for Node.js.
 The GitHub release contains a detached signature file for the NPM package (named
 `mongodb-X.Y.Z.tgz.sig`).
 
-The following command returns the link npm package. 
+The following command returns the link npm package.
 ```shell
-npm view [email protected] dist.tarball 
+npm view [email protected] dist.tarball
 ```
 
 Using the result of the above command, a `curl` command can return the official npm package for the release.
@@ -81,7 +81,7 @@ The following table describes add-on component version compatibility for the Nod
 
 #### Typescript Version
 
-We recommend using the latest version of typescript, however we currently ensure the driver's public types compile against `typescript@4.1.6`.
+We recommend using the latest version of typescript, however we currently ensure the driver's public types compile against `typescript@4.4.0`.
 This is the lowest typescript version guaranteed to work with our driver: older versions may or may not work - use at your own risk.
 Since typescript [does not restrict breaking changes to major versions](https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes), we consider this support best effort.
 If you run into any unexpected compiler failures against our supported TypeScript versions, please let us know by filing an issue on our [JIRA](https://jira.mongodb.org/browse/NODE).

src/client-side-encryption/providers/index.ts

@@ -12,7 +12,7 @@ import { loadGCPCredentials } from './gcp';
  *    `aws:<name>`, `gcp:<name>`, `local:<name>`, `kmip:<name>`, `azure:<name>`
  *  where `name` is an alphanumeric string, underscores allowed.
  */
-export type ClientEncryptionDataKeyProvider = string;
+export type ClientEncryptionDataKeyProvider = keyof KMSProviders;
 
 /** @public */
 export interface AWSKMSProviderConfiguration {
@@ -122,34 +122,31 @@ export interface KMSProviders {
    * Configuration options for using 'aws' as your KMS provider
    */
   aws?: AWSKMSProviderConfiguration | Record<string, never>;
+  [key: `aws:${string}`]: AWSKMSProviderConfiguration;
 
   /**
    * Configuration options for using 'local' as your KMS provider
    */
   local?: LocalKMSProviderConfiguration;
+  [key: `local:${string}`]: LocalKMSProviderConfiguration;
 
   /**
    * Configuration options for using 'kmip' as your KMS provider
    */
   kmip?: KMIPKMSProviderConfiguration;
+  [key: `kmip:${string}`]: KMIPKMSProviderConfiguration;
 
   /**
    * Configuration options for using 'azure' as your KMS provider
    */
   azure?: AzureKMSProviderConfiguration | Record<string, never>;
+  [key: `azure:${string}`]: AzureKMSProviderConfiguration;
 
   /**
    * Configuration options for using 'gcp' as your KMS provider
    */
   gcp?: GCPKMSProviderConfiguration | Record<string, never>;
-
-  [key: string]:
-    | AWSKMSProviderConfiguration
-    | LocalKMSProviderConfiguration
-    | KMIPKMSProviderConfiguration
-    | AzureKMSProviderConfiguration
-    | GCPKMSProviderConfiguration
-    | undefined;
+  [key: `gcp:${string}`]: GCPKMSProviderConfiguration;
 }
 
 /**

test/types/client-side-encryption.test-d.ts

@@ -1,4 +1,4 @@
-import { expectAssignable, expectError, expectType } from 'tsd';
+import { expectAssignable, expectError, expectNotAssignable, expectType } from 'tsd';
 
 import type {
   AWSEncryptionKeyOptions,
@@ -9,13 +9,14 @@ import type {
   KMSProviders,
   RangeOptions
 } from '../..';
+import type { ClientEncryptionDataKeyProvider } from '../mongodb';
 
 type RequiredCreateEncryptedCollectionSettings = Parameters<
   ClientEncryption['createEncryptedCollection']
 >[2];
 
 expectError<RequiredCreateEncryptedCollectionSettings>({});
-expectAssignable<RequiredCreateEncryptedCollectionSettings>({
+expectError<RequiredCreateEncryptedCollectionSettings>({
   provider: 'blah!',
   createCollectionOptions: { encryptedFields: {} }
 });
@@ -32,6 +33,10 @@ expectAssignable<RequiredCreateEncryptedCollectionSettings>({
   provider: 'aws',
   createCollectionOptions: { encryptedFields: {} }
 });
+expectAssignable<RequiredCreateEncryptedCollectionSettings>({
+  provider: 'aws:namedprovider',
+  createCollectionOptions: { encryptedFields: {} }
+});
 expectAssignable<RequiredCreateEncryptedCollectionSettings>({
   provider: 'aws',
   createCollectionOptions: { encryptedFields: {} },
@@ -83,3 +88,18 @@ expectAssignable<RequiredCreateEncryptedCollectionSettings>({
   // automatic
   expectAssignable<KMSProviders['gcp']>({});
 }
+
+{
+  expectAssignable<ClientEncryptionDataKeyProvider>('aws');
+  expectAssignable<ClientEncryptionDataKeyProvider>('gcp');
+  expectAssignable<ClientEncryptionDataKeyProvider>('azure');
+  expectAssignable<ClientEncryptionDataKeyProvider>('local');
+  expectAssignable<ClientEncryptionDataKeyProvider>('kmip');
+  expectAssignable<ClientEncryptionDataKeyProvider>('aws:named');
+  expectAssignable<ClientEncryptionDataKeyProvider>('gcp:named');
+  expectAssignable<ClientEncryptionDataKeyProvider>('azure:named');
+  expectAssignable<ClientEncryptionDataKeyProvider>('local:named');
+  expectAssignable<ClientEncryptionDataKeyProvider>('kmip:named');
+
+  expectNotAssignable<ClientEncryptionDataKeyProvider>('arbitrary string');
+}