mongodb
diff --git a/‎pymongo/encryption.py
Lines changed: 43 additions & 29 deletions b/‎pymongo/encryption.py
Lines changed: 43 additions & 29 deletions
diff --git a/‎pymongo/encryption_options.py
Lines changed: 2 additions & 1 deletion b/‎pymongo/encryption_options.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎pymongo/mongo_client.py
Lines changed: 23 additions & 1 deletion b/‎pymongo/mongo_client.py
Lines changed: 23 additions & 1 deletion
diff --git a/‎test/client-side-encryption/spec/aggregate.json
Lines changed: 0 additions & 24 deletions b/‎test/client-side-encryption/spec/aggregate.json
Lines changed: 0 additions & 24 deletions
diff --git a/‎test/client-side-encryption/spec/awsTemporary.json
Lines changed: 0 additions & 12 deletions b/‎test/client-side-encryption/spec/awsTemporary.json
Lines changed: 0 additions & 12 deletions
diff --git a/‎test/client-side-encryption/spec/azureKMS.json
Lines changed: 0 additions & 12 deletions b/‎test/client-side-encryption/spec/azureKMS.json
Lines changed: 0 additions & 12 deletions
diff --git a/‎test/client-side-encryption/spec/basic.json
Lines changed: 0 additions & 24 deletions b/‎test/client-side-encryption/spec/basic.json
Lines changed: 0 additions & 24 deletions
diff --git a/‎test/client-side-encryption/spec/bulk.json
Lines changed: 0 additions & 12 deletions b/‎test/client-side-encryption/spec/bulk.json
Lines changed: 0 additions & 12 deletions
diff --git a/‎test/client-side-encryption/spec/count.json
Lines changed: 0 additions & 12 deletions b/‎test/client-side-encryption/spec/count.json
Lines changed: 0 additions & 12 deletions
diff --git a/‎test/client-side-encryption/spec/countDocuments.json
Lines changed: 0 additions & 12 deletions b/‎test/client-side-encryption/spec/countDocuments.json
Lines changed: 0 additions & 12 deletions
diff --git a/‎test/client-side-encryption/spec/delete.json
Lines changed: 0 additions & 24 deletions b/‎test/client-side-encryption/spec/delete.json
Lines changed: 0 additions & 24 deletions
diff --git a/‎test/client-side-encryption/spec/distinct.json
Lines changed: 0 additions & 12 deletions b/‎test/client-side-encryption/spec/distinct.json
Lines changed: 0 additions & 12 deletions
@@ -247,23 +247,57 @@ def close(self):
 
 
 class _Encrypter(object):
-    def __init__(self, io_callbacks, opts):
-        """Encrypts and decrypts MongoDB commands.
+    """Encrypts and decrypts MongoDB commands.
 
-        This class is used to support automatic encryption and decryption of
-        MongoDB commands.
+    This class is used to support automatic encryption and decryption of
+    MongoDB commands."""
+    def __init__(self, client, opts):
+        """Create a _Encrypter for a client.
 
         :Parameters:
-          - `io_callbacks`: A :class:`MongoCryptCallback`.
+          - `client`: The encrypted MongoClient.
           - `opts`: The encrypted client's :class:`AutoEncryptionOpts`.
         """
         if opts._schema_map is None:
             schema_map = None
         else:
             schema_map = _dict_to_bson(opts._schema_map, False, _DATA_KEY_OPTS)
+        self._bypass_auto_encryption = opts._bypass_auto_encryption
+        self._internal_client = None
+
+        def _get_internal_client(encrypter, mongo_client):
+            if mongo_client.max_pool_size is None:
+                # Unlimited pool size, use the same client.
+                return mongo_client
+            # Else - limited pool size, use an internal client.
+            if encrypter._internal_client is not None:
+                return encrypter._internal_client
+            internal_client = mongo_client._duplicate(
+                minPoolSize=0, auto_encryption_opts=None)
+            encrypter._internal_client = internal_client
+            return internal_client
+
+        if opts._key_vault_client is not None:
+            key_vault_client = opts._key_vault_client
+        else:
+            key_vault_client = _get_internal_client(self, client)
+
+        if opts._bypass_auto_encryption:
+            metadata_client = None
+        else:
+            metadata_client = _get_internal_client(self, client)
+
+        db, coll = opts._key_vault_namespace.split('.', 1)
+        key_vault_coll = key_vault_client[db][coll]
+
+        mongocryptd_client = MongoClient(
+            opts._mongocryptd_uri, connect=False,
+            serverSelectionTimeoutMS=_MONGOCRYPTD_TIMEOUT_MS)
+
+        io_callbacks = _EncryptionIO(
+            metadata_client, key_vault_coll, mongocryptd_client, opts)
         self._auto_encrypter = AutoEncrypter(io_callbacks, MongoCryptOptions(
             opts._kms_providers, schema_map))
-        self._bypass_auto_encryption = opts._bypass_auto_encryption
         self._closed = False
 
     def encrypt(self, database, cmd, check_keys, codec_options):
@@ -313,29 +347,9 @@ def close(self):
         """Cleanup resources."""
         self._closed = True
         self._auto_encrypter.close()
-
-    @staticmethod
-    def create(client, opts):
-        """Create a _CommandEncyptor for a client.
-
-        :Parameters:
-          - `client`: The encrypted MongoClient.
-          - `opts`: The encrypted client's :class:`AutoEncryptionOpts`.
-
-        :Returns:
-          A :class:`_CommandEncrypter` for this client.
-        """
-        key_vault_client = opts._key_vault_client or client
-        db, coll = opts._key_vault_namespace.split('.', 1)
-        key_vault_coll = key_vault_client[db][coll]
-
-        mongocryptd_client = MongoClient(
-            opts._mongocryptd_uri, connect=False,
-            serverSelectionTimeoutMS=_MONGOCRYPTD_TIMEOUT_MS)
-
-        io_callbacks = _EncryptionIO(
-            client, key_vault_coll, mongocryptd_client, opts)
-        return _Encrypter(io_callbacks, opts)
+        if self._internal_client:
+            self._internal_client.close()
+            self._internal_client = None
 
 
 class Algorithm(object):
 
@@ -29,7 +29,8 @@ class AutoEncryptionOpts(object):
     """Options to configure automatic client-side field level encryption."""
 
     def __init__(self, kms_providers, key_vault_namespace,
-                 key_vault_client=None, schema_map=None,
+                 key_vault_client=None,
+                 schema_map=None,
                  bypass_auto_encryption=False,
                  mongocryptd_uri='mongodb://localhost:27020',
                  mongocryptd_bypass_spawn=False,
 
@@ -489,6 +489,15 @@ def __init__(
             configures this client to automatically encrypt collection commands
             and automatically decrypt results. See
             :ref:`automatic-client-side-encryption` for an example.
+            If a :class:`MongoClient` is configured with
+            ``auto_encryption_opts`` and a non-None ``maxPoolSize``, a
+            separate internal ``MongoClient`` is created if any of the
+            following are true:
+
+              - A ``key_vault_client`` is not passed to
+                :class:`~pymongo.encryption_options.AutoEncryptionOpts`
+              - ``bypass_auto_encrpytion=False`` is passed to
+                :class:`~pymongo.encryption_options.AutoEncryptionOpts`
 
           | **Versioned API options:**
           | (If not set explicitly, Versioned API will not be enabled.)
@@ -607,6 +616,14 @@ def __init__(
 
                client.__my_database__
         """
+        self.__init_kwargs = {'host': host,
+                              'port': port,
+                              'document_class': document_class,
+                              'tz_aware': tz_aware,
+                              'connect': connect,
+                              'type_registry': type_registry,
+                              **kwargs}
+
         if host is None:
             host = self.HOST
         if isinstance(host, str):
@@ -750,9 +767,14 @@ def target():
         self._encrypter = None
         if self.__options.auto_encryption_opts:
             from pymongo.encryption import _Encrypter
-            self._encrypter = _Encrypter.create(
+            self._encrypter = _Encrypter(
                 self, self.__options.auto_encryption_opts)
 
+    def _duplicate(self, **kwargs):
+        args = self.__init_kwargs.copy()
+        args.update(kwargs)
+        return MongoClient(**args)
+
     def _server_property(self, attr_name):
         """An attribute of the current server's description.
 
 
@@ -150,18 +150,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
@@ -273,18 +261,6 @@
             "command_name": "aggregate"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -130,18 +130,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -139,18 +139,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -144,18 +144,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
@@ -283,18 +271,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -178,18 +178,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -149,18 +149,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -150,18 +150,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -151,18 +151,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
@@ -276,18 +264,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {
 
@@ -161,18 +161,6 @@
             "command_name": "listCollections"
           }
         },
-        {
-          "command_started_event": {
-            "command": {
-              "listCollections": 1,
-              "filter": {
-                "name": "datakeys"
-              },
-              "$db": "keyvault"
-            },
-            "command_name": "listCollections"
-          }
-        },
         {
           "command_started_event": {
             "command": {