mongo 2.11.6 → 2.12.0.rc0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +2 -2
- data.tar.gz.sig +0 -0
- data/CONTRIBUTING.md +1 -1
- data/lib/mongo.rb +3 -0
- data/lib/mongo/address.rb +13 -2
- data/lib/mongo/auth.rb +1 -0
- data/lib/mongo/auth/credential_cache.rb +51 -0
- data/lib/mongo/auth/scram/conversation.rb +20 -16
- data/lib/mongo/auth/user.rb +0 -8
- data/lib/mongo/auth/user/view.rb +4 -4
- data/lib/mongo/background_thread.rb +1 -1
- data/lib/mongo/bulk_write.rb +5 -5
- data/lib/mongo/client.rb +126 -11
- data/lib/mongo/client_encryption.rb +103 -0
- data/lib/mongo/cluster.rb +2 -2
- data/lib/mongo/cluster/reapers/cursor_reaper.rb +18 -6
- data/lib/mongo/cluster/sdam_flow.rb +54 -58
- data/lib/mongo/cluster/srv_monitor.rb +1 -1
- data/lib/mongo/collection.rb +3 -3
- data/lib/mongo/collection/view.rb +1 -1
- data/lib/mongo/collection/view/aggregation.rb +1 -1
- data/lib/mongo/collection/view/change_stream.rb +12 -3
- data/lib/mongo/collection/view/iterable.rb +14 -5
- data/lib/mongo/collection/view/map_reduce.rb +2 -2
- data/lib/mongo/collection/view/readable.rb +7 -9
- data/lib/mongo/collection/view/writable.rb +7 -7
- data/lib/mongo/crypt.rb +33 -0
- data/lib/mongo/crypt/auto_decryption_context.rb +42 -0
- data/lib/mongo/crypt/auto_encrypter.rb +169 -0
- data/lib/mongo/crypt/auto_encryption_context.rb +44 -0
- data/lib/mongo/crypt/binary.rb +155 -0
- data/lib/mongo/crypt/binding.rb +1162 -0
- data/lib/mongo/crypt/context.rb +135 -0
- data/lib/mongo/crypt/data_key_context.rb +162 -0
- data/lib/mongo/crypt/encryption_io.rb +283 -0
- data/lib/mongo/crypt/explicit_decryption_context.rb +40 -0
- data/lib/mongo/crypt/explicit_encrypter.rb +117 -0
- data/lib/mongo/crypt/explicit_encryption_context.rb +89 -0
- data/lib/mongo/crypt/handle.rb +293 -0
- data/lib/mongo/crypt/hooks.rb +90 -0
- data/lib/mongo/crypt/kms_context.rb +67 -0
- data/lib/mongo/crypt/status.rb +131 -0
- data/lib/mongo/cursor.rb +64 -32
- data/lib/mongo/database.rb +13 -6
- data/lib/mongo/database/view.rb +13 -4
- data/lib/mongo/dbref.rb +9 -2
- data/lib/mongo/error.rb +5 -1
- data/lib/mongo/error/crypt_error.rb +31 -0
- data/lib/mongo/error/{failed_stringprep_validation.rb → failed_string_prep_validation.rb} +0 -0
- data/lib/mongo/error/invalid_cursor_operation.rb +27 -0
- data/lib/mongo/error/kms_error.rb +22 -0
- data/lib/mongo/error/max_bson_size.rb +14 -3
- data/lib/mongo/error/mongocryptd_spawn_error.rb +22 -0
- data/lib/mongo/error/no_server_available.rb +8 -3
- data/lib/mongo/error/operation_failure.rb +1 -0
- data/lib/mongo/grid/file.rb +0 -5
- data/lib/mongo/grid/file/chunk.rb +0 -2
- data/lib/mongo/grid/file/info.rb +2 -1
- data/lib/mongo/grid/fs_bucket.rb +13 -15
- data/lib/mongo/grid/stream/write.rb +3 -9
- data/lib/mongo/index/view.rb +3 -3
- data/lib/mongo/monitoring/event/command_started.rb +6 -1
- data/lib/mongo/operation/collections_info.rb +6 -3
- data/lib/mongo/operation/delete/op_msg.rb +1 -1
- data/lib/mongo/operation/find/op_msg.rb +4 -1
- data/lib/mongo/operation/get_more/op_msg.rb +4 -1
- data/lib/mongo/operation/insert/command.rb +2 -2
- data/lib/mongo/operation/insert/legacy.rb +2 -2
- data/lib/mongo/operation/insert/op_msg.rb +3 -3
- data/lib/mongo/operation/result.rb +36 -27
- data/lib/mongo/operation/shared/executable.rb +10 -8
- data/lib/mongo/operation/shared/executable_no_validate.rb +2 -2
- data/lib/mongo/operation/shared/op_msg_or_command.rb +2 -2
- data/lib/mongo/operation/shared/op_msg_or_find_command.rb +2 -2
- data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +2 -2
- data/lib/mongo/operation/shared/write.rb +17 -10
- data/lib/mongo/operation/update/op_msg.rb +1 -1
- data/lib/mongo/protocol/compressed.rb +6 -5
- data/lib/mongo/protocol/insert.rb +3 -1
- data/lib/mongo/protocol/message.rb +72 -8
- data/lib/mongo/protocol/msg.rb +191 -37
- data/lib/mongo/protocol/query.rb +7 -9
- data/lib/mongo/protocol/serializers.rb +6 -2
- data/lib/mongo/server.rb +10 -4
- data/lib/mongo/server/connection.rb +20 -9
- data/lib/mongo/server/connection_base.rb +81 -12
- data/lib/mongo/server/connection_common.rb +61 -0
- data/lib/mongo/server/connection_pool.rb +37 -1
- data/lib/mongo/server/description.rb +9 -11
- data/lib/mongo/server/monitor.rb +2 -0
- data/lib/mongo/server/monitor/connection.rb +3 -18
- data/lib/mongo/server/pending_connection.rb +2 -1
- data/lib/mongo/session.rb +2 -2
- data/lib/mongo/session/session_pool.rb +8 -3
- data/lib/mongo/socket.rb +29 -16
- data/lib/mongo/socket/ssl.rb +23 -8
- data/lib/mongo/socket/tcp.rb +12 -3
- data/lib/mongo/timeout.rb +49 -0
- data/lib/mongo/uri.rb +30 -1
- data/lib/mongo/version.rb +1 -1
- data/mongo.gemspec +1 -1
- data/spec/README.md +134 -7
- data/spec/integration/auth_spec.rb +53 -0
- data/spec/integration/{client_options_spec.rb → client_authentication_options_spec.rb} +10 -10
- data/spec/integration/client_construction_spec.rb +76 -1
- data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +351 -0
- data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +301 -0
- data/spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb +71 -0
- data/spec/integration/client_side_encryption/auto_encryption_old_wire_version_spec.rb +76 -0
- data/spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb +216 -0
- data/spec/integration/client_side_encryption/auto_encryption_spec.rb +600 -0
- data/spec/integration/client_side_encryption/bson_size_limit_spec.rb +183 -0
- data/spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb +74 -0
- data/spec/integration/client_side_encryption/client_close_spec.rb +59 -0
- data/spec/integration/client_side_encryption/corpus_spec.rb +228 -0
- data/spec/integration/client_side_encryption/custom_endpoint_spec.rb +132 -0
- data/spec/integration/client_side_encryption/data_key_spec.rb +163 -0
- data/spec/integration/client_side_encryption/explicit_encryption_spec.rb +114 -0
- data/spec/integration/client_side_encryption/external_key_vault_spec.rb +137 -0
- data/spec/integration/client_side_encryption/views_spec.rb +42 -0
- data/spec/integration/client_update_spec.rb +120 -0
- data/spec/integration/command_monitoring_spec.rb +3 -1
- data/spec/integration/command_spec.rb +44 -10
- data/spec/integration/connection_spec.rb +57 -0
- data/spec/integration/reconnect_spec.rb +7 -6
- data/spec/integration/size_limit_spec.rb +94 -0
- data/spec/integration/srv_monitoring_spec.rb +14 -6
- data/spec/lite_spec_helper.rb +31 -22
- data/spec/mongo/auth/cr_spec.rb +8 -0
- data/spec/mongo/auth/ldap_spec.rb +5 -1
- data/spec/mongo/auth/scram/conversation_spec.rb +5 -6
- data/spec/mongo/auth/scram/negotiation_spec.rb +74 -75
- data/spec/mongo/auth/scram_spec.rb +45 -35
- data/spec/mongo/auth/x509_spec.rb +5 -1
- data/spec/mongo/client_construction_spec.rb +206 -3
- data/spec/mongo/client_encryption_spec.rb +408 -0
- data/spec/mongo/cluster/cursor_reaper_spec.rb +12 -8
- data/spec/mongo/cluster/socket_reaper_spec.rb +14 -3
- data/spec/mongo/collection/view/aggregation_spec.rb +0 -2
- data/spec/mongo/collection/view/change_stream_spec.rb +7 -7
- data/spec/mongo/collection/view/map_reduce_spec.rb +3 -3
- data/spec/mongo/collection/view_spec.rb +1 -1
- data/spec/mongo/collection_spec.rb +4 -33
- data/spec/mongo/crypt/auto_decryption_context_spec.rb +90 -0
- data/spec/mongo/crypt/auto_encrypter_spec.rb +182 -0
- data/spec/mongo/crypt/auto_encryption_context_spec.rb +107 -0
- data/spec/mongo/crypt/binary_spec.rb +115 -0
- data/spec/mongo/crypt/binding/binary_spec.rb +56 -0
- data/spec/mongo/crypt/binding/context_spec.rb +257 -0
- data/spec/mongo/crypt/binding/helpers_spec.rb +46 -0
- data/spec/mongo/crypt/binding/mongocrypt_spec.rb +144 -0
- data/spec/mongo/crypt/binding/status_spec.rb +99 -0
- data/spec/mongo/crypt/binding/version_spec.rb +22 -0
- data/spec/mongo/crypt/binding_unloaded_spec.rb +20 -0
- data/spec/mongo/crypt/data_key_context_spec.rb +213 -0
- data/spec/mongo/crypt/encryption_io_spec.rb +136 -0
- data/spec/mongo/crypt/explicit_decryption_context_spec.rb +72 -0
- data/spec/mongo/crypt/explicit_encryption_context_spec.rb +170 -0
- data/spec/mongo/crypt/handle_spec.rb +198 -0
- data/spec/mongo/crypt/helpers/mongo_crypt_spec_helper.rb +108 -0
- data/spec/mongo/crypt/status_spec.rb +152 -0
- data/spec/mongo/cursor_spec.rb +24 -4
- data/spec/mongo/database_spec.rb +20 -0
- data/spec/mongo/error/crypt_error_spec.rb +26 -0
- data/spec/mongo/error/max_bson_size_spec.rb +35 -0
- data/spec/mongo/error/no_server_available_spec.rb +11 -1
- data/spec/mongo/error/operation_failure_spec.rb +6 -6
- data/spec/mongo/operation/aggregate_spec.rb +1 -1
- data/spec/mongo/operation/collections_info_spec.rb +1 -1
- data/spec/mongo/operation/command_spec.rb +3 -3
- data/spec/mongo/operation/create_index_spec.rb +3 -3
- data/spec/mongo/operation/create_user_spec.rb +3 -3
- data/spec/mongo/operation/delete/bulk_spec.rb +6 -6
- data/spec/mongo/operation/delete/op_msg_spec.rb +1 -6
- data/spec/mongo/operation/delete_spec.rb +7 -7
- data/spec/mongo/operation/drop_index_spec.rb +2 -2
- data/spec/mongo/operation/find/legacy_spec.rb +1 -1
- data/spec/mongo/operation/get_more_spec.rb +1 -1
- data/spec/mongo/operation/indexes_spec.rb +1 -1
- data/spec/mongo/operation/insert/bulk_spec.rb +7 -7
- data/spec/mongo/operation/insert/op_msg_spec.rb +3 -6
- data/spec/mongo/operation/insert_spec.rb +12 -12
- data/spec/mongo/operation/map_reduce_spec.rb +2 -2
- data/spec/mongo/operation/remove_user_spec.rb +3 -3
- data/spec/mongo/operation/update/bulk_spec.rb +6 -6
- data/spec/mongo/operation/update/op_msg_spec.rb +3 -6
- data/spec/mongo/operation/update_spec.rb +7 -7
- data/spec/mongo/operation/update_user_spec.rb +1 -1
- data/spec/mongo/protocol/compressed_spec.rb +2 -3
- data/spec/mongo/protocol/delete_spec.rb +9 -8
- data/spec/mongo/protocol/get_more_spec.rb +9 -8
- data/spec/mongo/protocol/insert_spec.rb +9 -8
- data/spec/mongo/protocol/kill_cursors_spec.rb +6 -5
- data/spec/mongo/protocol/msg_spec.rb +57 -53
- data/spec/mongo/protocol/query_spec.rb +12 -12
- data/spec/mongo/protocol/registry_spec.rb +1 -1
- data/spec/mongo/protocol/reply_spec.rb +1 -1
- data/spec/mongo/protocol/update_spec.rb +10 -9
- data/spec/mongo/server/connection_pool_spec.rb +1 -1
- data/spec/mongo/server/connection_spec.rb +28 -7
- data/spec/mongo/socket_spec.rb +1 -1
- data/spec/mongo/timeout_spec.rb +85 -0
- data/spec/mongo/uri/srv_protocol_spec.rb +2 -2
- data/spec/mongo/uri_spec.rb +52 -5
- data/spec/mongo/write_concern_spec.rb +13 -1
- data/spec/{support → runners}/auth.rb +14 -1
- data/spec/{support → runners}/change_streams.rb +1 -1
- data/spec/{support → runners}/change_streams/operation.rb +0 -0
- data/spec/{support → runners}/cmap.rb +1 -1
- data/spec/{support → runners}/cmap/verifier.rb +0 -0
- data/spec/{support → runners}/command_monitoring.rb +0 -0
- data/spec/runners/connection_string.rb +358 -4
- data/spec/{support → runners}/crud.rb +9 -9
- data/spec/{support → runners}/crud/context.rb +0 -0
- data/spec/{support → runners}/crud/operation.rb +7 -3
- data/spec/{support → runners}/crud/outcome.rb +0 -0
- data/spec/{support → runners}/crud/requirement.rb +1 -1
- data/spec/{support → runners}/crud/spec.rb +12 -1
- data/spec/{support → runners}/crud/test.rb +0 -0
- data/spec/{support → runners}/crud/test_base.rb +0 -0
- data/spec/{support → runners}/crud/verifier.rb +10 -12
- data/spec/{support → runners}/gridfs.rb +0 -0
- data/spec/{support → runners}/sdam_monitoring.rb +0 -0
- data/spec/{support → runners}/server_discovery_and_monitoring.rb +0 -0
- data/spec/{support → runners}/server_selection.rb +0 -0
- data/spec/{support → runners}/server_selection_rtt.rb +0 -0
- data/spec/{support → runners}/transactions.rb +4 -4
- data/spec/{support → runners}/transactions/context.rb +0 -0
- data/spec/{support → runners}/transactions/operation.rb +0 -0
- data/spec/{support → runners}/transactions/spec.rb +0 -0
- data/spec/{support → runners}/transactions/test.rb +37 -5
- data/spec/spec_helper.rb +0 -5
- data/spec/spec_tests/auth_spec.rb +3 -3
- data/spec/spec_tests/client_side_encryption_spec.rb +13 -0
- data/spec/spec_tests/connection_string_spec.rb +1 -1
- data/spec/spec_tests/data/auth/connection-string.yml +13 -0
- data/spec/spec_tests/data/client_side_encryption/aggregate.yml +134 -0
- data/spec/spec_tests/data/client_side_encryption/badQueries.yml +526 -0
- data/spec/spec_tests/data/client_side_encryption/badSchema.yml +73 -0
- data/spec/spec_tests/data/client_side_encryption/basic.yml +116 -0
- data/spec/spec_tests/data/client_side_encryption/bulk.yml +85 -0
- data/spec/spec_tests/data/client_side_encryption/bypassAutoEncryption.yml +100 -0
- data/spec/spec_tests/data/client_side_encryption/bypassedCommand.yml +42 -0
- data/spec/spec_tests/data/client_side_encryption/count.yml +61 -0
- data/spec/spec_tests/data/client_side_encryption/countDocuments.yml +59 -0
- data/spec/spec_tests/data/client_side_encryption/delete.yml +105 -0
- data/spec/spec_tests/data/client_side_encryption/distinct.yml +73 -0
- data/spec/spec_tests/data/client_side_encryption/explain.yml +64 -0
- data/spec/spec_tests/data/client_side_encryption/find.yml +119 -0
- data/spec/spec_tests/data/client_side_encryption/findOneAndDelete.yml +57 -0
- data/spec/spec_tests/data/client_side_encryption/findOneAndReplace.yml +57 -0
- data/spec/spec_tests/data/client_side_encryption/findOneAndUpdate.yml +57 -0
- data/spec/spec_tests/data/client_side_encryption/getMore.yml +68 -0
- data/spec/spec_tests/data/client_side_encryption/insert.yml +102 -0
- data/spec/spec_tests/data/client_side_encryption/keyAltName.yml +71 -0
- data/spec/spec_tests/data/client_side_encryption/localKMS.yml +54 -0
- data/spec/spec_tests/data/client_side_encryption/localSchema.yml +72 -0
- data/spec/spec_tests/data/client_side_encryption/malformedCiphertext.yml +69 -0
- data/spec/spec_tests/data/client_side_encryption/maxWireVersion.yml +20 -0
- data/spec/spec_tests/data/client_side_encryption/missingKey.yml +49 -0
- data/spec/spec_tests/data/client_side_encryption/replaceOne.yml +61 -0
- data/spec/spec_tests/data/client_side_encryption/types.yml +527 -0
- data/spec/spec_tests/data/client_side_encryption/unsupportedCommand.yml +25 -0
- data/spec/spec_tests/data/client_side_encryption/updateMany.yml +77 -0
- data/spec/spec_tests/data/client_side_encryption/updateOne.yml +168 -0
- data/spec/spec_tests/data/read_write_concern/connection-string/write-concern.yml +1 -4
- data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +21 -0
- data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -4
- data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +1 -1
- data/spec/spec_tests/data/sdam/rs/primary_mismatched_me_not_removed.yml +73 -0
- data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +1 -2
- data/spec/spec_tests/data/sdam/rs/repeated.yml +101 -0
- data/spec/spec_tests/data/sdam/rs/{primary_address_change.yml → ruby_primary_address_change.yml} +2 -0
- data/spec/spec_tests/data/sdam/rs/{secondary_wrong_set_name_with_primary_second.yml → ruby_secondary_wrong_set_name_with_primary_second.yml} +0 -0
- data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +27 -0
- data/spec/spec_tests/data/sdam/sharded/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
- data/spec/spec_tests/data/sdam/sharded/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
- data/spec/spec_tests/data/sdam/single/{primary_address_change.yml → ruby_primary_different_address.yml} +1 -1
- data/spec/spec_tests/data/sdam/single/{primary_mismatched_me.yml → ruby_primary_mismatched_me.yml} +1 -1
- data/spec/spec_tests/data/sdam_monitoring/{replica_set_with_primary_change.yml → replica_set_primary_address_change.yml} +27 -5
- data/spec/spec_tests/data/sdam_monitoring/replica_set_with_me_mismatch.yml +26 -74
- data/spec/spec_tests/data/sdam_monitoring/replica_set_with_removal.yml +20 -16
- data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +73 -0
- data/spec/spec_tests/data/transactions/pin-mongos.yml +2 -3
- data/spec/spec_tests/data/uri_options/auth-options.yml +10 -0
- data/spec/spec_tests/data/uri_options/tls-options.yml +75 -4
- data/spec/spec_tests/read_write_concern_connection_string_spec.rb +1 -1
- data/spec/spec_tests/uri_options_spec.rb +6 -8
- data/spec/stress/connection_pool_timing_spec.rb +6 -3
- data/spec/support/certificates/README.md +4 -0
- data/spec/support/certificates/server-second-level-bundle.pem +77 -77
- data/spec/support/certificates/server-second-level.crt +52 -52
- data/spec/support/certificates/server-second-level.key +25 -25
- data/spec/support/certificates/server-second-level.pem +77 -77
- data/spec/support/client_registry.rb +19 -3
- data/spec/support/cluster_config.rb +9 -1
- data/spec/support/common_shortcuts.rb +12 -0
- data/spec/support/constraints.rb +16 -0
- data/spec/support/crypt.rb +140 -0
- data/spec/support/crypt/corpus/corpus-key-aws.json +33 -0
- data/spec/support/crypt/corpus/corpus-key-local.json +31 -0
- data/spec/support/crypt/corpus/corpus-schema.json +2057 -0
- data/spec/support/crypt/corpus/corpus.json +3657 -0
- data/spec/support/crypt/corpus/corpus_encrypted.json +4152 -0
- data/spec/support/crypt/data_keys/key_document_aws.json +34 -0
- data/spec/support/crypt/data_keys/key_document_local.json +31 -0
- data/spec/support/crypt/external/external-key.json +31 -0
- data/spec/support/crypt/external/external-schema.json +19 -0
- data/spec/support/crypt/limits/limits-doc.json +102 -0
- data/spec/support/crypt/limits/limits-key.json +31 -0
- data/spec/support/crypt/limits/limits-schema.json +1405 -0
- data/spec/support/crypt/schema_maps/schema_map_aws.json +17 -0
- data/spec/support/crypt/schema_maps/schema_map_aws_key_alt_names.json +12 -0
- data/spec/support/crypt/schema_maps/schema_map_local.json +18 -0
- data/spec/support/crypt/schema_maps/schema_map_local_key_alt_names.json +12 -0
- data/spec/support/lite_constraints.rb +17 -1
- data/spec/support/matchers.rb +19 -0
- data/spec/support/shared/protocol.rb +2 -0
- data/spec/support/spec_config.rb +43 -13
- data/spec/support/utils.rb +132 -10
- metadata +277 -81
- metadata.gz.sig +0 -0
- data/spec/integration/grid_fs_bucket_spec.rb +0 -48
- data/spec/integration/zlib_compression_spec.rb +0 -25
- data/spec/spec_tests/data/sdam/sharded/single_mongos.yml +0 -33
- data/spec/support/connection_string.rb +0 -354
@@ -0,0 +1,526 @@
|
|
1
|
+
runOn:
|
2
|
+
- minServerVersion: "4.1.10"
|
3
|
+
database_name: &database_name "default"
|
4
|
+
collection_name: &collection_name "default"
|
5
|
+
|
6
|
+
data:
|
7
|
+
- &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
|
8
|
+
- &doc1_encrypted { _id: 2, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACDdw4KFz3ZLquhsbt7RmDjD0N67n0uSXx7IGnQNCLeIKvot6s/ouI21Eo84IOtb6lhwUNPlSEBNY0/hbszWAKJg==', 'subType': '06'}} }
|
9
|
+
json_schema: {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
|
10
|
+
key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}]
|
11
|
+
|
12
|
+
# TODO: I could see an argument against having these tests of mongocryptd as part
|
13
|
+
# of driver tests. When mongocryptd introduces support for these operators, these
|
14
|
+
# tests will fail. But it's also easy enough to remove these tests when that happens.
|
15
|
+
|
16
|
+
tests:
|
17
|
+
- description: "$text unconditionally fails"
|
18
|
+
clientOptions:
|
19
|
+
autoEncryptOpts:
|
20
|
+
kmsProviders:
|
21
|
+
aws: {} # Credentials filled in from environment.
|
22
|
+
operations:
|
23
|
+
- name: find
|
24
|
+
arguments:
|
25
|
+
filter:
|
26
|
+
{ $text: { $search: "search text" } }
|
27
|
+
result:
|
28
|
+
errorContains: "Unsupported match expression operator for encryption"
|
29
|
+
- description: "$where unconditionally fails"
|
30
|
+
clientOptions:
|
31
|
+
autoEncryptOpts:
|
32
|
+
kmsProviders:
|
33
|
+
aws: {} # Credentials filled in from environment.
|
34
|
+
operations:
|
35
|
+
- name: find
|
36
|
+
arguments:
|
37
|
+
filter:
|
38
|
+
{ $where: { $code: "function() { return true }" } }
|
39
|
+
result:
|
40
|
+
errorContains: "Unsupported match expression operator for encryption"
|
41
|
+
- description: "$bit operators succeed on unencrypted, error on encrypted"
|
42
|
+
clientOptions:
|
43
|
+
autoEncryptOpts:
|
44
|
+
kmsProviders:
|
45
|
+
aws: {} # Credentials filled in from environment.
|
46
|
+
operations:
|
47
|
+
- name: find
|
48
|
+
arguments:
|
49
|
+
filter: { unencrypted: { $bitsAllClear: 35 }}
|
50
|
+
result: []
|
51
|
+
- name: find
|
52
|
+
arguments:
|
53
|
+
filter: { encrypted_string: { $bitsAllClear: 35 }}
|
54
|
+
result:
|
55
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
56
|
+
- name: find
|
57
|
+
arguments:
|
58
|
+
filter: { unencrypted: { $bitsAllSet: 35 }}
|
59
|
+
result: []
|
60
|
+
- name: find
|
61
|
+
arguments:
|
62
|
+
filter: { encrypted_string: { $bitsAllSet: 35 }}
|
63
|
+
result:
|
64
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
65
|
+
- name: find
|
66
|
+
arguments:
|
67
|
+
filter: { unencrypted: { $bitsAnyClear: 35 }}
|
68
|
+
result: []
|
69
|
+
- name: find
|
70
|
+
arguments:
|
71
|
+
filter: { encrypted_string: { $bitsAnyClear: 35 }}
|
72
|
+
result:
|
73
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
74
|
+
- name: find
|
75
|
+
arguments:
|
76
|
+
filter: { unencrypted: { $bitsAnySet: 35 }}
|
77
|
+
result: []
|
78
|
+
- name: find
|
79
|
+
arguments:
|
80
|
+
filter: { encrypted_string: { $bitsAnySet: 35 }}
|
81
|
+
result:
|
82
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
83
|
+
- description: "geo operators succeed on unencrypted, error on encrypted"
|
84
|
+
clientOptions:
|
85
|
+
autoEncryptOpts:
|
86
|
+
kmsProviders:
|
87
|
+
aws: {} # Credentials filled in from environment.
|
88
|
+
operations:
|
89
|
+
- name: find
|
90
|
+
arguments:
|
91
|
+
filter: { unencrypted: { $near: [0,0] }}
|
92
|
+
result:
|
93
|
+
# Still an error because no geo index, but from mongod - not mongocryptd.
|
94
|
+
errorContains: "unable to find index"
|
95
|
+
- name: find
|
96
|
+
arguments:
|
97
|
+
filter: { encrypted_string: { $near: [0,0] }}
|
98
|
+
result:
|
99
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
100
|
+
- name: find
|
101
|
+
arguments:
|
102
|
+
filter: { unencrypted: { $nearSphere: [0,0] }}
|
103
|
+
result:
|
104
|
+
# Still an error because no geo index, but from mongod - not mongocryptd.
|
105
|
+
errorContains: "unable to find index"
|
106
|
+
- name: find
|
107
|
+
arguments:
|
108
|
+
filter: { encrypted_string: { $nearSphere: [0,0] }}
|
109
|
+
result:
|
110
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
111
|
+
- name: find
|
112
|
+
arguments:
|
113
|
+
filter: { unencrypted: { $geoIntersects: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
|
114
|
+
result: []
|
115
|
+
- name: find
|
116
|
+
arguments:
|
117
|
+
filter: { encrypted_string: { $geoIntersects: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
|
118
|
+
result:
|
119
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
120
|
+
- name: find
|
121
|
+
arguments:
|
122
|
+
filter: { unencrypted: { $geoWithin: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
|
123
|
+
result: []
|
124
|
+
- name: find
|
125
|
+
arguments:
|
126
|
+
filter: { encrypted_string: { $geoWithin: { $geometry: { type: "Polygon", coordinates: [[ [0,0], [1,0], [1,1], [0,0] ]] }} }}
|
127
|
+
result:
|
128
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
129
|
+
- description: "inequality operators succeed on unencrypted, error on encrypted"
|
130
|
+
clientOptions:
|
131
|
+
autoEncryptOpts:
|
132
|
+
kmsProviders:
|
133
|
+
aws: {} # Credentials filled in from environment.
|
134
|
+
operations:
|
135
|
+
- name: find
|
136
|
+
arguments:
|
137
|
+
filter: { unencrypted: { $gt: 1 }}
|
138
|
+
result: []
|
139
|
+
- name: find
|
140
|
+
arguments:
|
141
|
+
filter: { encrypted_string: { $gt: 1 }}
|
142
|
+
result:
|
143
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
144
|
+
- name: find
|
145
|
+
arguments:
|
146
|
+
filter: { unencrypted: { $lt: 1 }}
|
147
|
+
result: []
|
148
|
+
- name: find
|
149
|
+
arguments:
|
150
|
+
filter: { encrypted_string: { $lt: 1 }}
|
151
|
+
result:
|
152
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
153
|
+
- name: find
|
154
|
+
arguments:
|
155
|
+
filter: { unencrypted: { $gte: 1 }}
|
156
|
+
result: []
|
157
|
+
- name: find
|
158
|
+
arguments:
|
159
|
+
filter: { encrypted_string: { $gte: 1 }}
|
160
|
+
result:
|
161
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
162
|
+
- name: find
|
163
|
+
arguments:
|
164
|
+
filter: { unencrypted: { $lte: 1 }}
|
165
|
+
result: []
|
166
|
+
- name: find
|
167
|
+
arguments:
|
168
|
+
filter: { encrypted_string: { $lte: 1 }}
|
169
|
+
result:
|
170
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
171
|
+
- description: "other misc operators succeed on unencrypted, error on encrypted"
|
172
|
+
clientOptions:
|
173
|
+
autoEncryptOpts:
|
174
|
+
kmsProviders:
|
175
|
+
aws: {} # Credentials filled in from environment.
|
176
|
+
operations:
|
177
|
+
- name: find
|
178
|
+
arguments:
|
179
|
+
filter: { unencrypted: { $mod: [3, 1] }}
|
180
|
+
result: []
|
181
|
+
- name: find
|
182
|
+
arguments:
|
183
|
+
filter: { encrypted_string: { $mod: [3, 1] }}
|
184
|
+
result:
|
185
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
186
|
+
- name: find
|
187
|
+
arguments:
|
188
|
+
filter: { unencrypted: { $regex: "pattern", $options: "" }}
|
189
|
+
result: []
|
190
|
+
- name: find
|
191
|
+
arguments:
|
192
|
+
filter: { encrypted_string: { $regex: "pattern", $options: "" }}
|
193
|
+
result:
|
194
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
195
|
+
- name: find
|
196
|
+
arguments:
|
197
|
+
filter: { unencrypted: { $size: 2 }}
|
198
|
+
result: []
|
199
|
+
- name: find
|
200
|
+
arguments:
|
201
|
+
filter: { encrypted_string: { $size: 2 }}
|
202
|
+
result:
|
203
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
204
|
+
- name: find
|
205
|
+
arguments:
|
206
|
+
filter: { unencrypted: { $type: 2 }}
|
207
|
+
result: []
|
208
|
+
- name: find
|
209
|
+
arguments:
|
210
|
+
filter: { encrypted_string: { $type: 2 }}
|
211
|
+
result:
|
212
|
+
errorContains: "Invalid match expression operator on encrypted field"
|
213
|
+
- name: find
|
214
|
+
arguments:
|
215
|
+
filter: { unencrypted: { $eq: null }}
|
216
|
+
result:
|
217
|
+
- &doc0 { _id: 1, encrypted_string: "string0" }
|
218
|
+
- &doc1 { _id: 2, encrypted_string: "string1" }
|
219
|
+
- name: find
|
220
|
+
arguments:
|
221
|
+
filter: { encrypted_string: { $eq: null }}
|
222
|
+
result:
|
223
|
+
errorContains: "Illegal equality to null predicate for encrypted field"
|
224
|
+
- name: find
|
225
|
+
arguments:
|
226
|
+
filter: { unencrypted: { $in: [null] }}
|
227
|
+
result:
|
228
|
+
- *doc0
|
229
|
+
- *doc1
|
230
|
+
- name: find
|
231
|
+
arguments:
|
232
|
+
filter: { encrypted_string: { $in: [null] }}
|
233
|
+
result:
|
234
|
+
errorContains: "Illegal equality to null inside $in against an encrypted field"
|
235
|
+
- description: "$addToSet succeeds on unencrypted, error on encrypted"
|
236
|
+
clientOptions:
|
237
|
+
autoEncryptOpts:
|
238
|
+
kmsProviders:
|
239
|
+
aws: {} # Credentials filled in from environment.
|
240
|
+
operations:
|
241
|
+
- name: updateOne
|
242
|
+
arguments:
|
243
|
+
filter: { }
|
244
|
+
update: { $addToSet: { "unencrypted": ["a"]}}
|
245
|
+
result:
|
246
|
+
matchedCount: 1
|
247
|
+
modifiedCount: 1
|
248
|
+
upsertedCount: 0
|
249
|
+
- name: updateOne
|
250
|
+
arguments:
|
251
|
+
filter: { }
|
252
|
+
update: { $addToSet: { "encrypted_string": ["a"]}}
|
253
|
+
result:
|
254
|
+
errorContains: "$addToSet not allowed on encrypted values"
|
255
|
+
- description: "$inc succeeds on unencrypted, error on encrypted"
|
256
|
+
clientOptions:
|
257
|
+
autoEncryptOpts:
|
258
|
+
kmsProviders:
|
259
|
+
aws: {} # Credentials filled in from environment.
|
260
|
+
operations:
|
261
|
+
- name: updateOne
|
262
|
+
arguments:
|
263
|
+
filter: { }
|
264
|
+
update: { $inc: { "unencrypted": 1}}
|
265
|
+
result:
|
266
|
+
matchedCount: 1
|
267
|
+
modifiedCount: 1
|
268
|
+
upsertedCount: 0
|
269
|
+
- name: updateOne
|
270
|
+
arguments:
|
271
|
+
filter: { }
|
272
|
+
update: { $inc: { "encrypted_string": 1}}
|
273
|
+
result:
|
274
|
+
errorContains: "$inc and $mul not allowed on encrypted values"
|
275
|
+
- description: "$mul succeeds on unencrypted, error on encrypted"
|
276
|
+
clientOptions:
|
277
|
+
autoEncryptOpts:
|
278
|
+
kmsProviders:
|
279
|
+
aws: {} # Credentials filled in from environment.
|
280
|
+
operations:
|
281
|
+
- name: updateOne
|
282
|
+
arguments:
|
283
|
+
filter: { }
|
284
|
+
update: { $mul: { "unencrypted": 1}}
|
285
|
+
result:
|
286
|
+
matchedCount: 1
|
287
|
+
modifiedCount: 1
|
288
|
+
upsertedCount: 0
|
289
|
+
- name: updateOne
|
290
|
+
arguments:
|
291
|
+
filter: { }
|
292
|
+
update: { $mul: { "encrypted_string": 1}}
|
293
|
+
result:
|
294
|
+
errorContains: "$inc and $mul not allowed on encrypted values"
|
295
|
+
- description: "$max succeeds on unencrypted, error on encrypted"
|
296
|
+
clientOptions:
|
297
|
+
autoEncryptOpts:
|
298
|
+
kmsProviders:
|
299
|
+
aws: {} # Credentials filled in from environment.
|
300
|
+
operations:
|
301
|
+
- name: updateOne
|
302
|
+
arguments:
|
303
|
+
filter: { }
|
304
|
+
update: { $max: { "unencrypted": 1}}
|
305
|
+
result:
|
306
|
+
matchedCount: 1
|
307
|
+
modifiedCount: 1
|
308
|
+
upsertedCount: 0
|
309
|
+
- name: updateOne
|
310
|
+
arguments:
|
311
|
+
filter: { }
|
312
|
+
update: { $max: { "encrypted_string": 1}}
|
313
|
+
result:
|
314
|
+
errorContains: "$max and $min not allowed on encrypted values"
|
315
|
+
- description: "$min succeeds on unencrypted, error on encrypted"
|
316
|
+
clientOptions:
|
317
|
+
autoEncryptOpts:
|
318
|
+
kmsProviders:
|
319
|
+
aws: {} # Credentials filled in from environment.
|
320
|
+
operations:
|
321
|
+
- name: updateOne
|
322
|
+
arguments:
|
323
|
+
filter: { }
|
324
|
+
update: { $min: { "unencrypted": 1}}
|
325
|
+
result:
|
326
|
+
matchedCount: 1
|
327
|
+
modifiedCount: 1
|
328
|
+
upsertedCount: 0
|
329
|
+
- name: updateOne
|
330
|
+
arguments:
|
331
|
+
filter: { }
|
332
|
+
update: { $min: { "encrypted_string": 1}}
|
333
|
+
result:
|
334
|
+
errorContains: "$max and $min not allowed on encrypted values"
|
335
|
+
- description: "$currentDate succeeds on unencrypted, error on encrypted"
|
336
|
+
clientOptions:
|
337
|
+
autoEncryptOpts:
|
338
|
+
kmsProviders:
|
339
|
+
aws: {} # Credentials filled in from environment.
|
340
|
+
operations:
|
341
|
+
- name: updateOne
|
342
|
+
arguments:
|
343
|
+
filter: { }
|
344
|
+
update: { $currentDate: { "unencrypted": true}}
|
345
|
+
result:
|
346
|
+
matchedCount: 1
|
347
|
+
modifiedCount: 1
|
348
|
+
upsertedCount: 0
|
349
|
+
- name: updateOne
|
350
|
+
arguments:
|
351
|
+
filter: { }
|
352
|
+
update: { $currentDate: { "encrypted_string": true }}
|
353
|
+
result:
|
354
|
+
errorContains: "$currentDate not allowed on encrypted values"
|
355
|
+
- description: "$pop succeeds on unencrypted, error on encrypted"
|
356
|
+
clientOptions:
|
357
|
+
autoEncryptOpts:
|
358
|
+
kmsProviders:
|
359
|
+
aws: {} # Credentials filled in from environment.
|
360
|
+
operations:
|
361
|
+
- name: updateOne
|
362
|
+
arguments:
|
363
|
+
filter: { }
|
364
|
+
update: { $pop: { "unencrypted": 1}}
|
365
|
+
result:
|
366
|
+
matchedCount: 1
|
367
|
+
modifiedCount: 0
|
368
|
+
upsertedCount: 0
|
369
|
+
- name: updateOne
|
370
|
+
arguments:
|
371
|
+
filter: { }
|
372
|
+
update: { $pop: { "encrypted_string": 1 }}
|
373
|
+
result:
|
374
|
+
errorContains: "$pop not allowed on encrypted values"
|
375
|
+
- description: "$pull succeeds on unencrypted, error on encrypted"
|
376
|
+
clientOptions:
|
377
|
+
autoEncryptOpts:
|
378
|
+
kmsProviders:
|
379
|
+
aws: {} # Credentials filled in from environment.
|
380
|
+
operations:
|
381
|
+
- name: updateOne
|
382
|
+
arguments:
|
383
|
+
filter: { }
|
384
|
+
update: { $pull: { "unencrypted": 1}}
|
385
|
+
result:
|
386
|
+
matchedCount: 1
|
387
|
+
modifiedCount: 0
|
388
|
+
upsertedCount: 0
|
389
|
+
- name: updateOne
|
390
|
+
arguments:
|
391
|
+
filter: { }
|
392
|
+
update: { $pull: { "encrypted_string": 1 }}
|
393
|
+
result:
|
394
|
+
errorContains: "$pull not allowed on encrypted values"
|
395
|
+
- description: "$pullAll succeeds on unencrypted, error on encrypted"
|
396
|
+
clientOptions:
|
397
|
+
autoEncryptOpts:
|
398
|
+
kmsProviders:
|
399
|
+
aws: {} # Credentials filled in from environment.
|
400
|
+
operations:
|
401
|
+
- name: updateOne
|
402
|
+
arguments:
|
403
|
+
filter: { }
|
404
|
+
update: { $pullAll: { "unencrypted": [1] }}
|
405
|
+
result:
|
406
|
+
matchedCount: 1
|
407
|
+
modifiedCount: 0
|
408
|
+
upsertedCount: 0
|
409
|
+
- name: updateOne
|
410
|
+
arguments:
|
411
|
+
filter: { }
|
412
|
+
update: { $pullAll: { "encrypted_string": [1] }}
|
413
|
+
result:
|
414
|
+
errorContains: "$pullAll not allowed on encrypted values"
|
415
|
+
- description: "$push succeeds on unencrypted, error on encrypted"
|
416
|
+
clientOptions:
|
417
|
+
autoEncryptOpts:
|
418
|
+
kmsProviders:
|
419
|
+
aws: {} # Credentials filled in from environment.
|
420
|
+
operations:
|
421
|
+
- name: updateOne
|
422
|
+
arguments:
|
423
|
+
filter: { }
|
424
|
+
update: { $push: { "unencrypted": 1}}
|
425
|
+
result:
|
426
|
+
matchedCount: 1
|
427
|
+
modifiedCount: 1
|
428
|
+
upsertedCount: 0
|
429
|
+
- name: updateOne
|
430
|
+
arguments:
|
431
|
+
filter: { }
|
432
|
+
update: { $push: { "encrypted_string": 1 }}
|
433
|
+
result:
|
434
|
+
errorContains: "$push not allowed on encrypted values"
|
435
|
+
- description: "array filters on encrypted fields does not error in mongocryptd, but errors in mongod"
|
436
|
+
clientOptions:
|
437
|
+
autoEncryptOpts:
|
438
|
+
kmsProviders:
|
439
|
+
aws: {} # Credentials filled in from environment.
|
440
|
+
operations:
|
441
|
+
- name: updateOne
|
442
|
+
arguments:
|
443
|
+
filter: { }
|
444
|
+
update: { $set : { "encrypted_string.$[i].x": 1 }}
|
445
|
+
arrayFilters: [{ i.x: 1 }]
|
446
|
+
result:
|
447
|
+
errorContains: "Array update operations not allowed on encrypted values"
|
448
|
+
- description: "positional operator succeeds on unencrypted, errors on encrypted"
|
449
|
+
clientOptions:
|
450
|
+
autoEncryptOpts:
|
451
|
+
kmsProviders:
|
452
|
+
aws: {} # Credentials filled in from environment.
|
453
|
+
operations:
|
454
|
+
- name: updateOne
|
455
|
+
arguments:
|
456
|
+
filter: { "unencrypted": 1 }
|
457
|
+
update: { $set : { "unencrypted.$": 1 }}
|
458
|
+
result:
|
459
|
+
matchedCount: 0
|
460
|
+
modifiedCount: 0
|
461
|
+
upsertedCount: 0
|
462
|
+
- name: updateOne
|
463
|
+
arguments:
|
464
|
+
filter: { "encrypted_string": "abc" }
|
465
|
+
update: { $set : { "encrypted_string.$": "abc" }}
|
466
|
+
result:
|
467
|
+
errorContains: "Cannot encrypt fields below '$' positional update operator"
|
468
|
+
- description: "an update that would produce an array on an encrypted field errors"
|
469
|
+
clientOptions:
|
470
|
+
autoEncryptOpts:
|
471
|
+
kmsProviders:
|
472
|
+
aws: {} # Credentials filled in from environment.
|
473
|
+
operations:
|
474
|
+
- name: updateOne
|
475
|
+
arguments:
|
476
|
+
filter: { }
|
477
|
+
update: { $set : { "encrypted_string": [1,2] }}
|
478
|
+
result:
|
479
|
+
errorContains: "Cannot encrypt element of type array"
|
480
|
+
- description: "an insert with encrypted field on _id errors"
|
481
|
+
clientOptions:
|
482
|
+
autoEncryptOpts:
|
483
|
+
kmsProviders:
|
484
|
+
aws: {} # Credentials filled in from environment.
|
485
|
+
schemaMap:
|
486
|
+
"default.default": {'properties': {'_id': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}}
|
487
|
+
operations:
|
488
|
+
- name: insertOne
|
489
|
+
arguments:
|
490
|
+
document: { _id: 1 }
|
491
|
+
result:
|
492
|
+
errorContains: "Invalid schema containing the 'encrypt' keyword."
|
493
|
+
- description: "an insert with an array value for an encrypted field fails"
|
494
|
+
clientOptions:
|
495
|
+
autoEncryptOpts:
|
496
|
+
kmsProviders:
|
497
|
+
aws: {} # Credentials filled in from environment.
|
498
|
+
operations:
|
499
|
+
- name: insertOne
|
500
|
+
arguments:
|
501
|
+
document: { encrypted_string: [ "123", "456"] }
|
502
|
+
result:
|
503
|
+
errorContains: "Cannot encrypt element of type array"
|
504
|
+
- description: "an insert with a Timestamp(0,0) value in the top-level fails"
|
505
|
+
clientOptions:
|
506
|
+
autoEncryptOpts:
|
507
|
+
kmsProviders:
|
508
|
+
aws: {} # Credentials filled in from environment.
|
509
|
+
operations:
|
510
|
+
- name: insertOne
|
511
|
+
arguments:
|
512
|
+
document: { random: {"$timestamp": {"t": 0, "i": 0 }} }
|
513
|
+
result:
|
514
|
+
errorContains: "A command that inserts cannot supply Timestamp(0, 0) for an encrypted"
|
515
|
+
- description: "distinct with the key referring to a field where the keyID is a JSON Pointer errors"
|
516
|
+
clientOptions:
|
517
|
+
autoEncryptOpts:
|
518
|
+
kmsProviders:
|
519
|
+
aws: {} # Credentials filled in from environment.
|
520
|
+
operations:
|
521
|
+
- name: distinct
|
522
|
+
arguments:
|
523
|
+
filter: {}
|
524
|
+
fieldName: "encrypted_w_altname"
|
525
|
+
result:
|
526
|
+
errorContains: "The distinct key is not allowed to be marked for encryption with a non-UUID keyId"
|