mongo 2.18.0.beta1 → 2.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/mongo/bulk_write.rb +8 -2
- data/lib/mongo/client.rb +19 -5
- data/lib/mongo/client_encryption.rb +86 -4
- data/lib/mongo/cluster.rb +6 -4
- data/lib/mongo/collection/view/aggregation.rb +3 -0
- data/lib/mongo/collection/view/change_stream.rb +9 -0
- data/lib/mongo/collection/view/iterable.rb +1 -0
- data/lib/mongo/collection/view/readable.rb +11 -3
- data/lib/mongo/collection.rb +9 -1
- data/lib/mongo/config.rb +11 -0
- data/lib/mongo/crypt/auto_encrypter.rb +49 -21
- data/lib/mongo/crypt/binding.rb +73 -48
- data/lib/mongo/crypt/data_key_context.rb +6 -1
- data/lib/mongo/crypt/encryption_io.rb +66 -0
- data/lib/mongo/crypt/explicit_encrypter.rb +116 -5
- data/lib/mongo/crypt/explicit_encryption_context.rb +3 -8
- data/lib/mongo/crypt/handle.rb +26 -8
- data/lib/mongo/crypt/kms/aws.rb +11 -3
- data/lib/mongo/crypt/kms/azure.rb +14 -6
- data/lib/mongo/crypt/kms/gcp.rb +12 -5
- data/lib/mongo/crypt/kms/kmip.rb +15 -9
- data/lib/mongo/crypt/kms/local.rb +9 -1
- data/lib/mongo/crypt/kms/master_key_document.rb +1 -1
- data/lib/mongo/crypt/rewrap_many_data_key_context.rb +46 -0
- data/lib/mongo/crypt/rewrap_many_data_key_result.rb +37 -0
- data/lib/mongo/crypt/status.rb +8 -2
- data/lib/mongo/crypt.rb +2 -0
- data/lib/mongo/database.rb +10 -27
- data/lib/mongo/error/missing_file_chunk.rb +8 -2
- data/lib/mongo/grid/stream/read.rb +6 -0
- data/lib/mongo/index/view.rb +1 -0
- data/lib/mongo/operation/create/op_msg.rb +1 -13
- data/lib/mongo/operation/distinct/op_msg.rb +4 -1
- data/lib/mongo/protocol/msg.rb +0 -16
- data/lib/mongo/server/connection_pool.rb +5 -4
- data/lib/mongo/server/monitor/connection.rb +10 -4
- data/lib/mongo/server/monitor.rb +4 -0
- data/lib/mongo/server/push_monitor.rb +4 -0
- data/lib/mongo/version.rb +1 -1
- data/lib/mongo.rb +2 -0
- data/spec/README.md +14 -0
- data/spec/integration/change_stream_spec.rb +1 -1
- data/spec/integration/client_construction_spec.rb +73 -7
- data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +165 -164
- data/spec/integration/client_side_encryption/decryption_events_prose_spec.rb +158 -0
- data/spec/integration/client_side_encryption/explicit_queryable_encryption_spec.rb +5 -5
- data/spec/integration/client_side_encryption/kms_tls_options_spec.rb +50 -8
- data/spec/integration/client_side_encryption/unique_index_on_key_alt_names_prose_spec.rb +85 -0
- data/spec/integration/ocsp_verifier_spec.rb +1 -1
- data/spec/integration/reconnect_spec.rb +2 -0
- data/spec/integration/sdam_events_spec.rb +40 -0
- data/spec/integration/srv_monitoring_spec.rb +1 -0
- data/spec/integration/srv_spec.rb +1 -0
- data/spec/lite_spec_helper.rb +5 -4
- data/spec/mongo/bulk_write_spec.rb +13 -0
- data/spec/mongo/client_construction_spec.rb +45 -2
- data/spec/mongo/client_encryption_spec.rb +0 -12
- data/spec/mongo/client_spec.rb +1 -1
- data/spec/mongo/collection/view/aggregation_spec.rb +119 -0
- data/spec/mongo/collection/view/readable_spec.rb +630 -5
- data/spec/mongo/collection_spec.rb +32 -0
- data/spec/mongo/crypt/auto_encrypter_spec.rb +110 -0
- data/spec/mongo/crypt/binding/context_spec.rb +3 -35
- data/spec/mongo/crypt/data_key_context_spec.rb +1 -1
- data/spec/mongo/crypt/explicit_encryption_context_spec.rb +8 -3
- data/spec/mongo/crypt/handle_spec.rb +39 -3
- data/spec/mongo/crypt/kms/credentials_spec.rb +0 -47
- data/spec/mongo/index/view_spec.rb +56 -0
- data/spec/mongo/operation/create/op_msg_spec.rb +0 -42
- data/spec/mongo/server/connection_pool_spec.rb +26 -4
- data/spec/mongo/socket/ssl_spec.rb +3 -3
- data/spec/runners/crud/requirement.rb +6 -1
- data/spec/runners/crud/test.rb +1 -1
- data/spec/runners/transactions/spec.rb +2 -2
- data/spec/runners/transactions/test.rb +4 -20
- data/spec/runners/transactions.rb +2 -2
- data/spec/runners/unified/assertions.rb +32 -2
- data/spec/runners/unified/change_stream_operations.rb +3 -0
- data/spec/runners/unified/client_side_encryption_operations.rb +83 -0
- data/spec/runners/unified/crud_operations.rb +17 -2
- data/spec/runners/unified/ddl_operations.rb +27 -2
- data/spec/runners/unified/grid_fs_operations.rb +21 -0
- data/spec/runners/unified/test.rb +59 -1
- data/spec/shared/lib/mrss/docker_runner.rb +2 -0
- data/spec/shared/lib/mrss/eg_config_utils.rb +51 -0
- data/spec/shared/lib/mrss/lite_constraints.rb +10 -2
- data/spec/shared/shlib/set_env.sh +3 -0
- data/spec/solo/clean_exit_spec.rb +5 -0
- data/spec/spec_tests/client_side_encryption_spec.rb +1 -1
- data/spec/spec_tests/client_side_encryption_unified_spec.rb +16 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-showExpandedEvents.yml +298 -0
- data/spec/spec_tests/data/client_side_encryption/create-and-createIndexes.yml +58 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Delete.yml +1 -1
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-jsonSchema.yml +1 -1
- data/spec/spec_tests/data/client_side_encryption/fle2-FindOneAndUpdate.yml +2 -2
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Indexed.yml +1 -1
- data/spec/spec_tests/data/client_side_encryption/fle2-Update.yml +2 -2
- data/spec/spec_tests/data/client_side_encryption/unified/addKeyAltName.yml +194 -0
- data/spec/spec_tests/data/client_side_encryption/unified/createDataKey-kms_providers-invalid.yml +67 -0
- data/spec/spec_tests/data/client_side_encryption/unified/createDataKey.yml +309 -0
- data/spec/spec_tests/data/client_side_encryption/unified/deleteKey.yml +159 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKey.yml +105 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKeyByAltName.yml +104 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKeys.yml +122 -0
- data/spec/spec_tests/data/client_side_encryption/unified/removeKeyAltName.yml +157 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-decrypt_failure.yml +69 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-encrypt_failure.yml +122 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey.yml +432 -0
- data/spec/spec_tests/data/client_side_encryption/validatorAndPartialFieldExpression.yml +166 -0
- data/spec/spec_tests/data/command_monitoring_unified/bulkWrite.yml +68 -0
- data/spec/spec_tests/data/command_monitoring_unified/command.yml +50 -0
- data/spec/spec_tests/data/command_monitoring_unified/deleteMany.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/deleteOne.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/find.yml +254 -0
- data/spec/spec_tests/data/command_monitoring_unified/insertMany.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/insertOne.yml +77 -0
- data/spec/spec_tests/data/command_monitoring_unified/unacknowledgedBulkWrite.yml +55 -0
- data/spec/spec_tests/data/command_monitoring_unified/updateMany.yml +87 -0
- data/spec/spec_tests/data/command_monitoring_unified/updateOne.yml +118 -0
- data/spec/spec_tests/data/crud_unified/distinct-comment.yml +98 -0
- data/spec/spec_tests/data/gridfs_unified/delete.yml +198 -0
- data/spec/spec_tests/data/gridfs_unified/download.yml +241 -0
- data/spec/spec_tests/data/gridfs_unified/downloadByName.yml +159 -0
- data/spec/spec_tests/data/gridfs_unified/upload-disableMD5.yml +92 -0
- data/spec/spec_tests/data/gridfs_unified/upload.yml +288 -0
- data/spec/spec_tests/gridfs_unified_spec.rb +13 -0
- data/spec/stress/connection_pool_timing_spec.rb +2 -2
- data/spec/support/background_thread_registry.rb +3 -13
- data/spec/support/certificates/atlas-ocsp-ca.crt +40 -47
- data/spec/support/certificates/atlas-ocsp.crt +101 -106
- data/spec/support/crypt.rb +57 -13
- data/spec/support/macros.rb +10 -0
- data/spec/support/spec_config.rb +4 -0
- data.tar.gz.sig +0 -0
- metadata +1271 -1219
- metadata.gz.sig +0 -0
- data/spec/spec_tests/command_monitoring_spec.rb +0 -71
- data/spec/spec_tests/data/command_monitoring/bulkWrite.yml +0 -49
- data/spec/spec_tests/data/command_monitoring/command.yml +0 -61
- data/spec/spec_tests/data/command_monitoring/deleteMany.yml +0 -55
- data/spec/spec_tests/data/command_monitoring/deleteOne.yml +0 -55
- data/spec/spec_tests/data/command_monitoring/find.yml +0 -266
- data/spec/spec_tests/data/command_monitoring/insertMany.yml +0 -75
- data/spec/spec_tests/data/command_monitoring/insertOne.yml +0 -51
- data/spec/spec_tests/data/command_monitoring/unacknowledgedBulkWrite.yml +0 -34
- data/spec/spec_tests/data/command_monitoring/updateMany.yml +0 -65
- data/spec/spec_tests/data/command_monitoring/updateOne.yml +0 -90
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
description: getKeys
|
|
2
|
+
|
|
3
|
+
schemaVersion: "1.8"
|
|
4
|
+
|
|
5
|
+
runOnRequirements:
|
|
6
|
+
- csfle: true
|
|
7
|
+
|
|
8
|
+
createEntities:
|
|
9
|
+
- client:
|
|
10
|
+
id: &client0 client0
|
|
11
|
+
observeEvents:
|
|
12
|
+
- commandStartedEvent
|
|
13
|
+
- clientEncryption:
|
|
14
|
+
id: &clientEncryption0 clientEncryption0
|
|
15
|
+
clientEncryptionOpts:
|
|
16
|
+
keyVaultClient: *client0
|
|
17
|
+
keyVaultNamespace: keyvault.datakeys
|
|
18
|
+
kmsProviders:
|
|
19
|
+
local: { key: { $$placeholder: 1 } }
|
|
20
|
+
- database:
|
|
21
|
+
id: &database0 database0
|
|
22
|
+
client: *client0
|
|
23
|
+
databaseName: &database0Name keyvault
|
|
24
|
+
- collection:
|
|
25
|
+
id: &collection0 collection0
|
|
26
|
+
database: *database0
|
|
27
|
+
collectionName: &collection0Name datakeys
|
|
28
|
+
|
|
29
|
+
initialData:
|
|
30
|
+
- databaseName: *database0Name
|
|
31
|
+
collectionName: *collection0Name
|
|
32
|
+
documents: []
|
|
33
|
+
|
|
34
|
+
tests:
|
|
35
|
+
- description: getKeys with zero key documents
|
|
36
|
+
operations:
|
|
37
|
+
- name: getKeys
|
|
38
|
+
object: *clientEncryption0
|
|
39
|
+
expectResult: []
|
|
40
|
+
expectEvents:
|
|
41
|
+
- client: *client0
|
|
42
|
+
events:
|
|
43
|
+
- commandStartedEvent:
|
|
44
|
+
databaseName: *database0Name
|
|
45
|
+
command:
|
|
46
|
+
find: *collection0Name
|
|
47
|
+
filter: {}
|
|
48
|
+
readConcern: { level: majority }
|
|
49
|
+
|
|
50
|
+
- description: getKeys with single key documents
|
|
51
|
+
operations:
|
|
52
|
+
- name: createDataKey
|
|
53
|
+
object: *clientEncryption0
|
|
54
|
+
arguments:
|
|
55
|
+
kmsProvider: local
|
|
56
|
+
opts:
|
|
57
|
+
keyAltNames: ["abc"]
|
|
58
|
+
expectResult: { $$type: binData }
|
|
59
|
+
- name: getKeys
|
|
60
|
+
object: *clientEncryption0
|
|
61
|
+
expectResult:
|
|
62
|
+
- _id: { $$type: binData }
|
|
63
|
+
keyAltNames: ["abc"]
|
|
64
|
+
keyMaterial: { $$type: binData }
|
|
65
|
+
creationDate: { $$type: date }
|
|
66
|
+
updateDate: { $$type: date }
|
|
67
|
+
status: { $$type: int }
|
|
68
|
+
masterKey: { $$type: object }
|
|
69
|
+
expectEvents:
|
|
70
|
+
- client: *client0
|
|
71
|
+
events:
|
|
72
|
+
- commandStartedEvent:
|
|
73
|
+
commandName: insert
|
|
74
|
+
- commandStartedEvent:
|
|
75
|
+
databaseName: *database0Name
|
|
76
|
+
command:
|
|
77
|
+
find: *collection0Name
|
|
78
|
+
filter: {}
|
|
79
|
+
readConcern: { level: majority }
|
|
80
|
+
|
|
81
|
+
- description: getKeys with many key documents
|
|
82
|
+
operations:
|
|
83
|
+
- name: createDataKey
|
|
84
|
+
object: *clientEncryption0
|
|
85
|
+
arguments:
|
|
86
|
+
kmsProvider: local
|
|
87
|
+
expectResult: { $$type: binData }
|
|
88
|
+
- name: createDataKey
|
|
89
|
+
object: *clientEncryption0
|
|
90
|
+
arguments:
|
|
91
|
+
kmsProvider: local
|
|
92
|
+
expectResult: { $$type: binData }
|
|
93
|
+
- name: getKeys
|
|
94
|
+
object: *clientEncryption0
|
|
95
|
+
expectResult:
|
|
96
|
+
# Cannot expect deterministic order of results, so only assert that
|
|
97
|
+
# exactly two key documents are returned.
|
|
98
|
+
- _id: { $$type: binData }
|
|
99
|
+
keyMaterial: { $$type: binData }
|
|
100
|
+
creationDate: { $$type: date }
|
|
101
|
+
updateDate: { $$type: date }
|
|
102
|
+
status: { $$type: int }
|
|
103
|
+
masterKey: { $$type: object }
|
|
104
|
+
- _id: { $$type: binData }
|
|
105
|
+
keyMaterial: { $$type: binData }
|
|
106
|
+
creationDate: { $$type: date }
|
|
107
|
+
updateDate: { $$type: date }
|
|
108
|
+
status: { $$type: int }
|
|
109
|
+
masterKey: { $$type: object }
|
|
110
|
+
expectEvents:
|
|
111
|
+
- client: *client0
|
|
112
|
+
events:
|
|
113
|
+
- commandStartedEvent:
|
|
114
|
+
commandName: insert
|
|
115
|
+
- commandStartedEvent:
|
|
116
|
+
commandName: insert
|
|
117
|
+
- commandStartedEvent:
|
|
118
|
+
databaseName: *database0Name
|
|
119
|
+
command:
|
|
120
|
+
find: *collection0Name
|
|
121
|
+
filter: {}
|
|
122
|
+
readConcern: { level: majority }
|
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
description: removeKeyAltName
|
|
2
|
+
|
|
3
|
+
schemaVersion: "1.8"
|
|
4
|
+
|
|
5
|
+
runOnRequirements:
|
|
6
|
+
- csfle: true
|
|
7
|
+
|
|
8
|
+
createEntities:
|
|
9
|
+
- client:
|
|
10
|
+
id: &client0 client0
|
|
11
|
+
observeEvents:
|
|
12
|
+
- commandStartedEvent
|
|
13
|
+
- clientEncryption:
|
|
14
|
+
id: &clientEncryption0 clientEncryption0
|
|
15
|
+
clientEncryptionOpts:
|
|
16
|
+
keyVaultClient: *client0
|
|
17
|
+
keyVaultNamespace: keyvault.datakeys
|
|
18
|
+
kmsProviders:
|
|
19
|
+
local: { key: { $$placeholder: 1 } }
|
|
20
|
+
- database:
|
|
21
|
+
id: &database0 database0
|
|
22
|
+
client: *client0
|
|
23
|
+
databaseName: &database0Name keyvault
|
|
24
|
+
- collection:
|
|
25
|
+
id: &collection0 collection0
|
|
26
|
+
database: *database0
|
|
27
|
+
collectionName: &collection0Name datakeys
|
|
28
|
+
|
|
29
|
+
initialData:
|
|
30
|
+
- databaseName: *database0Name
|
|
31
|
+
collectionName: *collection0Name
|
|
32
|
+
documents:
|
|
33
|
+
- &local_key_doc
|
|
34
|
+
_id: &local_key_id { $binary: { base64: bG9jYWxrZXlsb2NhbGtleQ==, subType: "04" } }
|
|
35
|
+
keyAltNames: [alternate_name, local_key]
|
|
36
|
+
keyMaterial: { $binary: { base64: ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==, subType: "00" } }
|
|
37
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
38
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
39
|
+
status: 1
|
|
40
|
+
masterKey:
|
|
41
|
+
provider: local
|
|
42
|
+
|
|
43
|
+
tests:
|
|
44
|
+
- description: remove keyAltName from non-existent data key
|
|
45
|
+
operations:
|
|
46
|
+
- name: removeKeyAltName
|
|
47
|
+
object: *clientEncryption0
|
|
48
|
+
arguments:
|
|
49
|
+
# First 3 letters of local_key_id replaced with 'A' (value: "#alkeylocalkey").
|
|
50
|
+
id: &non_existent_id { $binary: { base64: AAAjYWxrZXlsb2NhbGtleQ==, subType: "04" } }
|
|
51
|
+
keyAltName: does_not_exist
|
|
52
|
+
expectResult: { $$unsetOrMatches: null }
|
|
53
|
+
expectEvents:
|
|
54
|
+
- client: *client0
|
|
55
|
+
events:
|
|
56
|
+
- commandStartedEvent:
|
|
57
|
+
databaseName: *database0Name
|
|
58
|
+
command:
|
|
59
|
+
findAndModify: *collection0Name
|
|
60
|
+
query: { _id: *non_existent_id }
|
|
61
|
+
update: [{ $set: { keyAltNames: { $cond: [{ $eq: [$keyAltNames, [does_not_exist]] }, $$REMOVE, { $filter: { input: $keyAltNames, cond: { $ne: [$$this, does_not_exist] } } }] } } }]
|
|
62
|
+
writeConcern: { w: majority }
|
|
63
|
+
outcome:
|
|
64
|
+
- collectionName: *collection0Name
|
|
65
|
+
databaseName: *database0Name
|
|
66
|
+
documents:
|
|
67
|
+
- *local_key_doc
|
|
68
|
+
|
|
69
|
+
- description: remove non-existent keyAltName from existing data key
|
|
70
|
+
operations:
|
|
71
|
+
- name: removeKeyAltName
|
|
72
|
+
object: *clientEncryption0
|
|
73
|
+
arguments:
|
|
74
|
+
id: *local_key_id
|
|
75
|
+
keyAltName: does_not_exist
|
|
76
|
+
expectResult: *local_key_doc
|
|
77
|
+
expectEvents:
|
|
78
|
+
- client: *client0
|
|
79
|
+
events:
|
|
80
|
+
- commandStartedEvent:
|
|
81
|
+
databaseName: *database0Name
|
|
82
|
+
command:
|
|
83
|
+
findAndModify: *collection0Name
|
|
84
|
+
query: { _id: *local_key_id }
|
|
85
|
+
update: [{ $set: { keyAltNames: { $cond: [{ $eq: [$keyAltNames, [does_not_exist]] }, $$REMOVE, { $filter: { input: $keyAltNames, cond: { $ne: [$$this, does_not_exist] } } }] } } }]
|
|
86
|
+
writeConcern: { w: majority }
|
|
87
|
+
outcome:
|
|
88
|
+
- collectionName: *collection0Name
|
|
89
|
+
databaseName: *database0Name
|
|
90
|
+
documents:
|
|
91
|
+
- *local_key_doc
|
|
92
|
+
|
|
93
|
+
- description: remove an existing keyAltName from an existing data key
|
|
94
|
+
operations:
|
|
95
|
+
- name: removeKeyAltName
|
|
96
|
+
object: *clientEncryption0
|
|
97
|
+
arguments:
|
|
98
|
+
id: *local_key_id
|
|
99
|
+
keyAltName: alternate_name
|
|
100
|
+
expectResult: *local_key_doc
|
|
101
|
+
- name: find
|
|
102
|
+
object: *collection0
|
|
103
|
+
arguments:
|
|
104
|
+
filter: {}
|
|
105
|
+
projection: { _id: 0, keyAltNames: 1 }
|
|
106
|
+
expectResult:
|
|
107
|
+
- keyAltNames: [local_key]
|
|
108
|
+
expectEvents:
|
|
109
|
+
- client: *client0
|
|
110
|
+
events:
|
|
111
|
+
- commandStartedEvent:
|
|
112
|
+
databaseName: *database0Name
|
|
113
|
+
command:
|
|
114
|
+
findAndModify: *collection0Name
|
|
115
|
+
query: { _id: *local_key_id }
|
|
116
|
+
update: [{ $set: { keyAltNames: { $cond: [{ $eq: [$keyAltNames, [alternate_name]] }, $$REMOVE, { $filter: { input: $keyAltNames, cond: { $ne: [$$this, alternate_name] } } }] } } }]
|
|
117
|
+
writeConcern: { w: majority }
|
|
118
|
+
- commandStartedEvent: { commandName: find }
|
|
119
|
+
|
|
120
|
+
- description: remove the last keyAltName from an existing data key
|
|
121
|
+
operations:
|
|
122
|
+
- name: removeKeyAltName
|
|
123
|
+
object: *clientEncryption0
|
|
124
|
+
arguments:
|
|
125
|
+
id: *local_key_id
|
|
126
|
+
keyAltName: alternate_name
|
|
127
|
+
expectResult: *local_key_doc
|
|
128
|
+
- name: removeKeyAltName
|
|
129
|
+
object: *clientEncryption0
|
|
130
|
+
arguments:
|
|
131
|
+
id: *local_key_id
|
|
132
|
+
keyAltName: local_key
|
|
133
|
+
expectResult:
|
|
134
|
+
_id: *local_key_id
|
|
135
|
+
keyAltNames: [local_key]
|
|
136
|
+
keyMaterial: { $$type: binData }
|
|
137
|
+
creationDate: { $$type: date }
|
|
138
|
+
updateDate: { $$type: date }
|
|
139
|
+
status: 1
|
|
140
|
+
masterKey:
|
|
141
|
+
provider: local
|
|
142
|
+
expectEvents:
|
|
143
|
+
- client: *client0
|
|
144
|
+
events:
|
|
145
|
+
- commandStartedEvent:
|
|
146
|
+
databaseName: *database0Name
|
|
147
|
+
command:
|
|
148
|
+
findAndModify: *collection0Name
|
|
149
|
+
query: { _id: *local_key_id }
|
|
150
|
+
update: [{ $set: { keyAltNames: { $cond: [{ $eq: [$keyAltNames, [alternate_name]] }, $$REMOVE, { $filter: { input: $keyAltNames, cond: { $ne: [$$this, alternate_name] } } }] } } }]
|
|
151
|
+
writeConcern: { w: majority }
|
|
152
|
+
- commandStartedEvent:
|
|
153
|
+
databaseName: *database0Name
|
|
154
|
+
command:
|
|
155
|
+
findAndModify: *collection0Name
|
|
156
|
+
query: { _id: *local_key_id }
|
|
157
|
+
update: [{ $set: { keyAltNames: { $cond: [{ $eq: [$keyAltNames, [local_key]] }, $$REMOVE, { $filter: { input: $keyAltNames, cond: { $ne: [$$this, local_key] } } }] } } }]
|
data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-decrypt_failure.yml
ADDED
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
description: rewrapManyDataKey-decrypt_failure
|
|
2
|
+
|
|
3
|
+
schemaVersion: "1.8"
|
|
4
|
+
|
|
5
|
+
runOnRequirements:
|
|
6
|
+
- csfle: true
|
|
7
|
+
|
|
8
|
+
createEntities:
|
|
9
|
+
- client:
|
|
10
|
+
id: &client0 client0
|
|
11
|
+
observeEvents:
|
|
12
|
+
- commandStartedEvent
|
|
13
|
+
- clientEncryption:
|
|
14
|
+
id: &clientEncryption0 clientEncryption0
|
|
15
|
+
clientEncryptionOpts:
|
|
16
|
+
keyVaultClient: *client0
|
|
17
|
+
keyVaultNamespace: keyvault.datakeys
|
|
18
|
+
kmsProviders:
|
|
19
|
+
aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 } }
|
|
20
|
+
azure: { tenantId: { $$placeholder: 1 }, clientId: { $$placeholder: 1 }, clientSecret: { $$placeholder: 1 } }
|
|
21
|
+
gcp: { email: { $$placeholder: 1 }, privateKey: { $$placeholder: 1 } }
|
|
22
|
+
kmip: { endpoint: { $$placeholder: 1 } }
|
|
23
|
+
local: { key: { $$placeholder: 1 } }
|
|
24
|
+
- database:
|
|
25
|
+
id: &database0 database0
|
|
26
|
+
client: *client0
|
|
27
|
+
databaseName: &database0Name keyvault
|
|
28
|
+
- collection:
|
|
29
|
+
id: &collection0 collection0
|
|
30
|
+
database: *database0
|
|
31
|
+
collectionName: &collection0Name datakeys
|
|
32
|
+
|
|
33
|
+
initialData:
|
|
34
|
+
- databaseName: *database0Name
|
|
35
|
+
collectionName: *collection0Name
|
|
36
|
+
documents:
|
|
37
|
+
- _id: { $binary: { base64: YXdzYXdzYXdzYXdzYXdzYQ==, subType: "04" } }
|
|
38
|
+
keyAltNames: ["aws_key"]
|
|
39
|
+
keyMaterial: { $binary: { base64: AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L, subType: "00" } }
|
|
40
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
41
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
42
|
+
status: 1
|
|
43
|
+
masterKey:
|
|
44
|
+
provider: aws
|
|
45
|
+
# "us-east-1" changed to "us-east-2" in both key and region.
|
|
46
|
+
key: arn:aws:kms:us-east-2:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0
|
|
47
|
+
region: us-east-2
|
|
48
|
+
|
|
49
|
+
tests:
|
|
50
|
+
- description: "rewrap data key that fails during decryption due to invalid masterKey"
|
|
51
|
+
operations:
|
|
52
|
+
- name: rewrapManyDataKey
|
|
53
|
+
object: *clientEncryption0
|
|
54
|
+
arguments:
|
|
55
|
+
filter: {}
|
|
56
|
+
opts:
|
|
57
|
+
provider: local
|
|
58
|
+
expectError:
|
|
59
|
+
isClientError: true
|
|
60
|
+
expectEvents:
|
|
61
|
+
- client: *client0
|
|
62
|
+
events:
|
|
63
|
+
- commandStartedEvent:
|
|
64
|
+
commandName: find
|
|
65
|
+
databaseName: *database0Name
|
|
66
|
+
command:
|
|
67
|
+
find: *collection0Name
|
|
68
|
+
filter: {}
|
|
69
|
+
readConcern: { level: majority }
|
data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-encrypt_failure.yml
ADDED
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
description: rewrapManyDataKey-encrypt_failure
|
|
2
|
+
|
|
3
|
+
schemaVersion: "1.8"
|
|
4
|
+
|
|
5
|
+
runOnRequirements:
|
|
6
|
+
- csfle: true
|
|
7
|
+
|
|
8
|
+
createEntities:
|
|
9
|
+
- client:
|
|
10
|
+
id: &client0 client0
|
|
11
|
+
observeEvents:
|
|
12
|
+
- commandStartedEvent
|
|
13
|
+
- clientEncryption:
|
|
14
|
+
id: &clientEncryption0 clientEncryption0
|
|
15
|
+
clientEncryptionOpts:
|
|
16
|
+
keyVaultClient: *client0
|
|
17
|
+
keyVaultNamespace: keyvault.datakeys
|
|
18
|
+
kmsProviders:
|
|
19
|
+
aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 } }
|
|
20
|
+
azure: { tenantId: { $$placeholder: 1 }, clientId: { $$placeholder: 1 }, clientSecret: { $$placeholder: 1 } }
|
|
21
|
+
gcp: { email: { $$placeholder: 1 }, privateKey: { $$placeholder: 1 } }
|
|
22
|
+
kmip: { endpoint: { $$placeholder: 1 } }
|
|
23
|
+
local: { key: { $$placeholder: 1 } }
|
|
24
|
+
- database:
|
|
25
|
+
id: &database0 database0
|
|
26
|
+
client: *client0
|
|
27
|
+
databaseName: &database0Name keyvault
|
|
28
|
+
- collection:
|
|
29
|
+
id: &collection0 collection0
|
|
30
|
+
database: *database0
|
|
31
|
+
collectionName: &collection0Name datakeys
|
|
32
|
+
|
|
33
|
+
initialData:
|
|
34
|
+
- databaseName: *database0Name
|
|
35
|
+
collectionName: *collection0Name
|
|
36
|
+
documents:
|
|
37
|
+
- _id: { $binary: { base64: bG9jYWxrZXlsb2NhbGtleQ==, subType: "04" } }
|
|
38
|
+
keyAltNames: ["local_key"]
|
|
39
|
+
keyMaterial: { $binary: { base64: ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==, subType: "00" } }
|
|
40
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
41
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
42
|
+
status: 1
|
|
43
|
+
masterKey:
|
|
44
|
+
provider: local
|
|
45
|
+
|
|
46
|
+
tests:
|
|
47
|
+
- description: "rewrap with invalid masterKey for AWS KMS provider"
|
|
48
|
+
operations:
|
|
49
|
+
- name: rewrapManyDataKey
|
|
50
|
+
object: *clientEncryption0
|
|
51
|
+
arguments:
|
|
52
|
+
filter: {}
|
|
53
|
+
opts:
|
|
54
|
+
provider: aws
|
|
55
|
+
masterKey:
|
|
56
|
+
# "us-east-1" changed to "us-east-2" in both key and region.
|
|
57
|
+
key: arn:aws:kms:us-east-2:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0
|
|
58
|
+
region: us-east-2
|
|
59
|
+
expectError:
|
|
60
|
+
isClientError: true
|
|
61
|
+
expectEvents:
|
|
62
|
+
- client: *client0
|
|
63
|
+
events:
|
|
64
|
+
- commandStartedEvent:
|
|
65
|
+
commandName: find
|
|
66
|
+
databaseName: *database0Name
|
|
67
|
+
command:
|
|
68
|
+
find: *collection0Name
|
|
69
|
+
filter: {}
|
|
70
|
+
readConcern: { level: majority }
|
|
71
|
+
|
|
72
|
+
- description: "rewrap with invalid masterKey for Azure KMS provider"
|
|
73
|
+
operations:
|
|
74
|
+
- name: rewrapManyDataKey
|
|
75
|
+
object: *clientEncryption0
|
|
76
|
+
arguments:
|
|
77
|
+
filter: {}
|
|
78
|
+
opts:
|
|
79
|
+
provider: azure
|
|
80
|
+
masterKey:
|
|
81
|
+
# "key" changed to "invalid" in both keyVaultEndpoint and keyName.
|
|
82
|
+
keyVaultEndpoint: invalid-vault-csfle.vault.azure.net
|
|
83
|
+
keyName: invalid-name-csfle
|
|
84
|
+
expectError:
|
|
85
|
+
isClientError: true
|
|
86
|
+
expectEvents:
|
|
87
|
+
- client: *client0
|
|
88
|
+
events:
|
|
89
|
+
- commandStartedEvent:
|
|
90
|
+
commandName: find
|
|
91
|
+
databaseName: *database0Name
|
|
92
|
+
command:
|
|
93
|
+
find: *collection0Name
|
|
94
|
+
filter: {}
|
|
95
|
+
readConcern: { level: majority }
|
|
96
|
+
|
|
97
|
+
- description: "rewrap with invalid masterKey for GCP KMS provider"
|
|
98
|
+
operations:
|
|
99
|
+
- name: rewrapManyDataKey
|
|
100
|
+
object: *clientEncryption0
|
|
101
|
+
arguments:
|
|
102
|
+
filter: {}
|
|
103
|
+
opts:
|
|
104
|
+
provider: gcp
|
|
105
|
+
masterKey:
|
|
106
|
+
# "key" changed to "invalid" in both keyRing and keyName.
|
|
107
|
+
projectId: devprod-drivers
|
|
108
|
+
location: global
|
|
109
|
+
keyRing: invalid-ring-csfle
|
|
110
|
+
keyName: invalid-name-csfle
|
|
111
|
+
expectError:
|
|
112
|
+
isClientError: true
|
|
113
|
+
expectEvents:
|
|
114
|
+
- client: *client0
|
|
115
|
+
events:
|
|
116
|
+
- commandStartedEvent:
|
|
117
|
+
commandName: find
|
|
118
|
+
databaseName: *database0Name
|
|
119
|
+
command:
|
|
120
|
+
find: *collection0Name
|
|
121
|
+
filter: {}
|
|
122
|
+
readConcern: { level: majority }
|