test: add config tests

Author: durran

src/client-side-encryption/client_encryption.ts

@@ -35,6 +35,7 @@ import {
 import {
   type ClientEncryptionDataKeyProvider,
   type CredentialProviders,
+  isEmptyCredentials,
   type KMSProviders,
   refreshKMSCredentials
 } from './providers/index';
@@ -131,6 +132,15 @@ export class ClientEncryption {
     this._timeoutMS = timeoutMS;
     this._credentialProviders = options.credentialProviders;
 
+    if (
+      options.credentialProviders?.aws &&
+      !isEmptyCredentials('aws', options.kmsProviders || {})
+    ) {
+      throw new MongoCryptInvalidArgumentError(
+        'Cannot provide both a custom credential provider and credentials. Please specify one or the other.'
+      );
+    }
+
     if (options.keyVaultNamespace == null) {
       throw new MongoCryptInvalidArgumentError('Missing required option `keyVaultNamespace`');
     }

test/integration/client-side-encryption/driver.test.ts

@@ -50,6 +50,67 @@ describe('Client Side Encryption Functional', function () {
   const keyVaultCollName = 'datakeys';
   const keyVaultNamespace = `${keyVaultDbName}.${keyVaultCollName}`;
 
+  describe('ClientEncryption', metadata, function () {
+    describe('#constructor', function () {
+      context('when a custom credential provider and credentials are provided', function () {
+        let client;
+
+        before(function () {
+          client = this.configuration.newClient({});
+        });
+
+        it('throws an error', function () {
+          expect(() => {
+            new ClientEncryption(client, {
+              keyVaultNamespace: 'test.keyvault',
+              kmsProviders: {
+                aws: { secretAccessKey: 'test', accessKeyId: 'test' }
+              },
+              credentialProviders: {
+                aws: async () => {
+                  return {
+                    sessionToken: 'test',
+                    secretAccessKey: 'test',
+                    accessKeyId: 'test'
+                  };
+                }
+              }
+            });
+          }).to.throw(/custom credential provider and credentials/);
+        });
+      });
+    });
+  });
+
+  describe('AutoEncrypter', metadata, function () {
+    context('when a custom credential provider and credentials are provided', function () {
+      it('throws an error', function () {
+        expect(() => {
+          this.configuration.newClient(
+            {},
+            {
+              autoEncryption: {
+                keyVaultNamespace: 'test.keyvault',
+                kmsProviders: {
+                  aws: { secretAccessKey: 'test', accessKeyId: 'test' }
+                },
+                credentialProviders: {
+                  aws: async () => {
+                    return {
+                      sessionToken: 'test',
+                      secretAccessKey: 'test',
+                      accessKeyId: 'test'
+                    };
+                  }
+                }
+              }
+            }
+          );
+        }).to.throw(/custom credential provider and credentials/);
+      });
+    });
+  });
+
   describe('Collection', metadata, function () {
     describe('#bulkWrite()', metadata, function () {
       context('when encryption errors', function () {