mongo 2.18.0.beta1 → 2.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/mongo/bulk_write.rb +8 -2
- data/lib/mongo/client.rb +19 -5
- data/lib/mongo/client_encryption.rb +86 -4
- data/lib/mongo/cluster.rb +6 -4
- data/lib/mongo/collection/view/aggregation.rb +3 -0
- data/lib/mongo/collection/view/change_stream.rb +9 -0
- data/lib/mongo/collection/view/iterable.rb +1 -0
- data/lib/mongo/collection/view/readable.rb +11 -3
- data/lib/mongo/collection.rb +9 -1
- data/lib/mongo/config.rb +11 -0
- data/lib/mongo/crypt/auto_encrypter.rb +49 -21
- data/lib/mongo/crypt/binding.rb +73 -48
- data/lib/mongo/crypt/data_key_context.rb +6 -1
- data/lib/mongo/crypt/encryption_io.rb +66 -0
- data/lib/mongo/crypt/explicit_encrypter.rb +116 -5
- data/lib/mongo/crypt/explicit_encryption_context.rb +3 -8
- data/lib/mongo/crypt/handle.rb +26 -8
- data/lib/mongo/crypt/kms/aws.rb +11 -3
- data/lib/mongo/crypt/kms/azure.rb +14 -6
- data/lib/mongo/crypt/kms/gcp.rb +12 -5
- data/lib/mongo/crypt/kms/kmip.rb +15 -9
- data/lib/mongo/crypt/kms/local.rb +9 -1
- data/lib/mongo/crypt/kms/master_key_document.rb +1 -1
- data/lib/mongo/crypt/rewrap_many_data_key_context.rb +46 -0
- data/lib/mongo/crypt/rewrap_many_data_key_result.rb +37 -0
- data/lib/mongo/crypt/status.rb +8 -2
- data/lib/mongo/crypt.rb +2 -0
- data/lib/mongo/database.rb +10 -27
- data/lib/mongo/error/missing_file_chunk.rb +8 -2
- data/lib/mongo/grid/stream/read.rb +6 -0
- data/lib/mongo/index/view.rb +1 -0
- data/lib/mongo/operation/create/op_msg.rb +1 -13
- data/lib/mongo/operation/distinct/op_msg.rb +4 -1
- data/lib/mongo/protocol/msg.rb +0 -16
- data/lib/mongo/server/connection_pool.rb +5 -4
- data/lib/mongo/server/monitor/connection.rb +10 -4
- data/lib/mongo/server/monitor.rb +4 -0
- data/lib/mongo/server/push_monitor.rb +4 -0
- data/lib/mongo/version.rb +1 -1
- data/lib/mongo.rb +2 -0
- data/spec/README.md +14 -0
- data/spec/integration/change_stream_spec.rb +1 -1
- data/spec/integration/client_construction_spec.rb +73 -7
- data/spec/integration/client_side_encryption/auto_encryption_command_monitoring_spec.rb +165 -164
- data/spec/integration/client_side_encryption/decryption_events_prose_spec.rb +158 -0
- data/spec/integration/client_side_encryption/explicit_queryable_encryption_spec.rb +5 -5
- data/spec/integration/client_side_encryption/kms_tls_options_spec.rb +50 -8
- data/spec/integration/client_side_encryption/unique_index_on_key_alt_names_prose_spec.rb +85 -0
- data/spec/integration/ocsp_verifier_spec.rb +1 -1
- data/spec/integration/reconnect_spec.rb +2 -0
- data/spec/integration/sdam_events_spec.rb +40 -0
- data/spec/integration/srv_monitoring_spec.rb +1 -0
- data/spec/integration/srv_spec.rb +1 -0
- data/spec/lite_spec_helper.rb +5 -4
- data/spec/mongo/bulk_write_spec.rb +13 -0
- data/spec/mongo/client_construction_spec.rb +45 -2
- data/spec/mongo/client_encryption_spec.rb +0 -12
- data/spec/mongo/client_spec.rb +1 -1
- data/spec/mongo/collection/view/aggregation_spec.rb +119 -0
- data/spec/mongo/collection/view/readable_spec.rb +630 -5
- data/spec/mongo/collection_spec.rb +32 -0
- data/spec/mongo/crypt/auto_encrypter_spec.rb +110 -0
- data/spec/mongo/crypt/binding/context_spec.rb +3 -35
- data/spec/mongo/crypt/data_key_context_spec.rb +1 -1
- data/spec/mongo/crypt/explicit_encryption_context_spec.rb +8 -3
- data/spec/mongo/crypt/handle_spec.rb +39 -3
- data/spec/mongo/crypt/kms/credentials_spec.rb +0 -47
- data/spec/mongo/index/view_spec.rb +56 -0
- data/spec/mongo/operation/create/op_msg_spec.rb +0 -42
- data/spec/mongo/server/connection_pool_spec.rb +26 -4
- data/spec/mongo/socket/ssl_spec.rb +3 -3
- data/spec/runners/crud/requirement.rb +6 -1
- data/spec/runners/crud/test.rb +1 -1
- data/spec/runners/transactions/spec.rb +2 -2
- data/spec/runners/transactions/test.rb +4 -20
- data/spec/runners/transactions.rb +2 -2
- data/spec/runners/unified/assertions.rb +32 -2
- data/spec/runners/unified/change_stream_operations.rb +3 -0
- data/spec/runners/unified/client_side_encryption_operations.rb +83 -0
- data/spec/runners/unified/crud_operations.rb +17 -2
- data/spec/runners/unified/ddl_operations.rb +27 -2
- data/spec/runners/unified/grid_fs_operations.rb +21 -0
- data/spec/runners/unified/test.rb +59 -1
- data/spec/shared/lib/mrss/docker_runner.rb +2 -0
- data/spec/shared/lib/mrss/eg_config_utils.rb +51 -0
- data/spec/shared/lib/mrss/lite_constraints.rb +10 -2
- data/spec/shared/shlib/set_env.sh +3 -0
- data/spec/solo/clean_exit_spec.rb +5 -0
- data/spec/spec_tests/client_side_encryption_spec.rb +1 -1
- data/spec/spec_tests/client_side_encryption_unified_spec.rb +16 -0
- data/spec/spec_tests/data/change_streams_unified/change-streams-showExpandedEvents.yml +298 -0
- data/spec/spec_tests/data/client_side_encryption/create-and-createIndexes.yml +58 -0
- data/spec/spec_tests/data/client_side_encryption/fle2-Delete.yml +1 -1
- data/spec/spec_tests/data/client_side_encryption/fle2-EncryptedFields-vs-jsonSchema.yml +1 -1
- data/spec/spec_tests/data/client_side_encryption/fle2-FindOneAndUpdate.yml +2 -2
- data/spec/spec_tests/data/client_side_encryption/fle2-InsertFind-Indexed.yml +1 -1
- data/spec/spec_tests/data/client_side_encryption/fle2-Update.yml +2 -2
- data/spec/spec_tests/data/client_side_encryption/unified/addKeyAltName.yml +194 -0
- data/spec/spec_tests/data/client_side_encryption/unified/createDataKey-kms_providers-invalid.yml +67 -0
- data/spec/spec_tests/data/client_side_encryption/unified/createDataKey.yml +309 -0
- data/spec/spec_tests/data/client_side_encryption/unified/deleteKey.yml +159 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKey.yml +105 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKeyByAltName.yml +104 -0
- data/spec/spec_tests/data/client_side_encryption/unified/getKeys.yml +122 -0
- data/spec/spec_tests/data/client_side_encryption/unified/removeKeyAltName.yml +157 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-decrypt_failure.yml +69 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey-encrypt_failure.yml +122 -0
- data/spec/spec_tests/data/client_side_encryption/unified/rewrapManyDataKey.yml +432 -0
- data/spec/spec_tests/data/client_side_encryption/validatorAndPartialFieldExpression.yml +166 -0
- data/spec/spec_tests/data/command_monitoring_unified/bulkWrite.yml +68 -0
- data/spec/spec_tests/data/command_monitoring_unified/command.yml +50 -0
- data/spec/spec_tests/data/command_monitoring_unified/deleteMany.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/deleteOne.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/find.yml +254 -0
- data/spec/spec_tests/data/command_monitoring_unified/insertMany.yml +79 -0
- data/spec/spec_tests/data/command_monitoring_unified/insertOne.yml +77 -0
- data/spec/spec_tests/data/command_monitoring_unified/unacknowledgedBulkWrite.yml +55 -0
- data/spec/spec_tests/data/command_monitoring_unified/updateMany.yml +87 -0
- data/spec/spec_tests/data/command_monitoring_unified/updateOne.yml +118 -0
- data/spec/spec_tests/data/crud_unified/distinct-comment.yml +98 -0
- data/spec/spec_tests/data/gridfs_unified/delete.yml +198 -0
- data/spec/spec_tests/data/gridfs_unified/download.yml +241 -0
- data/spec/spec_tests/data/gridfs_unified/downloadByName.yml +159 -0
- data/spec/spec_tests/data/gridfs_unified/upload-disableMD5.yml +92 -0
- data/spec/spec_tests/data/gridfs_unified/upload.yml +288 -0
- data/spec/spec_tests/gridfs_unified_spec.rb +13 -0
- data/spec/stress/connection_pool_timing_spec.rb +2 -2
- data/spec/support/background_thread_registry.rb +3 -13
- data/spec/support/certificates/atlas-ocsp-ca.crt +40 -47
- data/spec/support/certificates/atlas-ocsp.crt +101 -106
- data/spec/support/crypt.rb +57 -13
- data/spec/support/macros.rb +10 -0
- data/spec/support/spec_config.rb +4 -0
- data.tar.gz.sig +0 -0
- metadata +1271 -1219
- metadata.gz.sig +0 -0
- data/spec/spec_tests/command_monitoring_spec.rb +0 -71
- data/spec/spec_tests/data/command_monitoring/bulkWrite.yml +0 -49
- data/spec/spec_tests/data/command_monitoring/command.yml +0 -61
- data/spec/spec_tests/data/command_monitoring/deleteMany.yml +0 -55
- data/spec/spec_tests/data/command_monitoring/deleteOne.yml +0 -55
- data/spec/spec_tests/data/command_monitoring/find.yml +0 -266
- data/spec/spec_tests/data/command_monitoring/insertMany.yml +0 -75
- data/spec/spec_tests/data/command_monitoring/insertOne.yml +0 -51
- data/spec/spec_tests/data/command_monitoring/unacknowledgedBulkWrite.yml +0 -34
- data/spec/spec_tests/data/command_monitoring/updateMany.yml +0 -65
- data/spec/spec_tests/data/command_monitoring/updateOne.yml +0 -90
|
@@ -0,0 +1,432 @@
|
|
|
1
|
+
# To ensure consistent ordering for expectResult matching purposes, find
|
|
2
|
+
# commands sort the resulting documents in ascending order by the single-element
|
|
3
|
+
# keyAltNames array to ensure alphabetic order by original KMS provider as
|
|
4
|
+
# defined in initialData.
|
|
5
|
+
description: rewrapManyDataKey-kms_providers
|
|
6
|
+
|
|
7
|
+
schemaVersion: "1.8"
|
|
8
|
+
|
|
9
|
+
runOnRequirements:
|
|
10
|
+
- csfle: true
|
|
11
|
+
|
|
12
|
+
createEntities:
|
|
13
|
+
- client:
|
|
14
|
+
id: &client0 client0
|
|
15
|
+
observeEvents:
|
|
16
|
+
- commandStartedEvent
|
|
17
|
+
- clientEncryption:
|
|
18
|
+
id: &clientEncryption0 clientEncryption0
|
|
19
|
+
clientEncryptionOpts:
|
|
20
|
+
keyVaultClient: *client0
|
|
21
|
+
keyVaultNamespace: keyvault.datakeys
|
|
22
|
+
kmsProviders:
|
|
23
|
+
aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 } }
|
|
24
|
+
azure: { tenantId: { $$placeholder: 1 }, clientId: { $$placeholder: 1 }, clientSecret: { $$placeholder: 1 } }
|
|
25
|
+
gcp: { email: { $$placeholder: 1 }, privateKey: { $$placeholder: 1 } }
|
|
26
|
+
kmip: { endpoint: { $$placeholder: 1 } }
|
|
27
|
+
local: { key: { $$placeholder: 1 } }
|
|
28
|
+
- database:
|
|
29
|
+
id: &database0 database0
|
|
30
|
+
client: *client0
|
|
31
|
+
databaseName: &database0Name keyvault
|
|
32
|
+
- collection:
|
|
33
|
+
id: &collection0 collection0
|
|
34
|
+
database: *database0
|
|
35
|
+
collectionName: &collection0Name datakeys
|
|
36
|
+
|
|
37
|
+
initialData:
|
|
38
|
+
- databaseName: *database0Name
|
|
39
|
+
collectionName: *collection0Name
|
|
40
|
+
documents:
|
|
41
|
+
- _id: &aws_key_id { $binary: { base64: YXdzYXdzYXdzYXdzYXdzYQ==, subType: "04" } }
|
|
42
|
+
keyAltNames: ["aws_key"]
|
|
43
|
+
keyMaterial: { $binary: { base64: AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L, subType: "00" } }
|
|
44
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
45
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
46
|
+
status: 1
|
|
47
|
+
masterKey: &aws_masterkey
|
|
48
|
+
provider: aws
|
|
49
|
+
key: arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0
|
|
50
|
+
region: us-east-1
|
|
51
|
+
- _id: &azure_key_id { $binary: { base64: YXp1cmVhenVyZWF6dXJlYQ==, subType: "04" } }
|
|
52
|
+
keyAltNames: ["azure_key"]
|
|
53
|
+
keyMaterial: { $binary: { base64: AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEGkNTybTc7Eyif0f+qqE0lAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDB2j78AeuIQxcRh8cQIBEIB7vj9buHEaT7XHFIsKBJiyzZRmNnjvqMK5LSdzonKdx97jlqauvPvTDXSsdQDcspUs5oLrGmAXpbFResscxmbwZoKgUtWiuIOpeAcYuszCiMKt15s1WIMLDXUhYtfCmhRhekvgHnRAaK4HJMlGE+lKJXYI84E0b86Cd/g+, subType: "00" } }
|
|
54
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
55
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
56
|
+
status: 1
|
|
57
|
+
masterKey: &azure_masterkey
|
|
58
|
+
provider: azure
|
|
59
|
+
keyVaultEndpoint: key-vault-csfle.vault.azure.net
|
|
60
|
+
keyName: key-name-csfle
|
|
61
|
+
- _id: &gcp_key_id { $binary: { base64: Z2NwZ2NwZ2NwZ2NwZ2NwZw==, subType: "04" } }
|
|
62
|
+
keyAltNames: ["gcp_key"]
|
|
63
|
+
keyMaterial: { $binary: { base64: CiQAIgLj0USbQtof/pYRLQO96yg/JEtZbD1UxKueaC37yzT5tTkSiQEAhClWB5ZCSgzHgxv8raWjNB4r7e8ePGdsmSuYTYmLC5oHHS/BdQisConzNKFaobEQZHamTCjyhy5NotKF8MWoo+dyfQApwI29+vAGyrUIQCXzKwRnNdNQ+lb3vJtS5bqvLTvSxKHpVca2kqyC9nhonV+u4qru5Q2bAqUgVFc8fL4pBuvlowZFTQ==, subType: "00" } }
|
|
64
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
65
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
66
|
+
status: 1
|
|
67
|
+
masterKey: &gcp_masterkey
|
|
68
|
+
provider: gcp
|
|
69
|
+
projectId: devprod-drivers
|
|
70
|
+
location: global
|
|
71
|
+
keyRing: key-ring-csfle
|
|
72
|
+
keyName: key-name-csfle
|
|
73
|
+
- _id: &kmip_key_id { $binary: { base64: a21pcGttaXBrbWlwa21pcA==, subType: "04" } }
|
|
74
|
+
keyAltNames: ["kmip_key"]
|
|
75
|
+
keyMaterial: { $binary: { base64: VoI9J8HusQ3u2gT9i8Awgg/6W4/igvLwRzn3SRDGx0Dl/1ayDMubphOw0ONPVKfuvS6HL3e4gAoCJ/uEz2KLFTVsEqYCpMhfAhgXxm8Ena8vDcOkCzFX+euvN/N2ES3wpzAD18b3qIH0MbBwKJP82d5GQ4pVfGnPW8Ujp9aO1qC/s0EqNqYyzJ1SyzhV9lAjHHGIENYJx+bBrekg2EeZBA==, subType: "00" } }
|
|
76
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
77
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
78
|
+
status: 1
|
|
79
|
+
masterKey: &kmip_masterkey
|
|
80
|
+
provider: kmip
|
|
81
|
+
keyId: "1"
|
|
82
|
+
- _id: &local_key_id { $binary: { base64: bG9jYWxrZXlsb2NhbGtleQ==, subType: "04" } }
|
|
83
|
+
keyAltNames: ["local_key"]
|
|
84
|
+
keyMaterial: { $binary: { base64: ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==, subType: "00" } }
|
|
85
|
+
creationDate: { $date: { $numberLong: "1641024000000" } }
|
|
86
|
+
updateDate: { $date: { $numberLong: "1641024000000" } }
|
|
87
|
+
status: 1
|
|
88
|
+
masterKey: &local_masterkey
|
|
89
|
+
provider: local
|
|
90
|
+
|
|
91
|
+
tests:
|
|
92
|
+
- description: "no keys to rewrap due to no filter matches"
|
|
93
|
+
operations:
|
|
94
|
+
- name: rewrapManyDataKey
|
|
95
|
+
object: *clientEncryption0
|
|
96
|
+
arguments:
|
|
97
|
+
filter: { keyAltNames: no_matching_keys }
|
|
98
|
+
opts:
|
|
99
|
+
provider: local
|
|
100
|
+
expectResult:
|
|
101
|
+
# If no bulk write operation, then no bulk write result.
|
|
102
|
+
bulkWriteResult: { $$exists: false }
|
|
103
|
+
expectEvents:
|
|
104
|
+
- client: *client0
|
|
105
|
+
events:
|
|
106
|
+
- commandStartedEvent:
|
|
107
|
+
databaseName: *database0Name
|
|
108
|
+
command:
|
|
109
|
+
find: *collection0Name
|
|
110
|
+
filter: { keyAltNames: no_matching_keys }
|
|
111
|
+
readConcern: { level: majority }
|
|
112
|
+
|
|
113
|
+
- description: "rewrap with new AWS KMS provider"
|
|
114
|
+
operations:
|
|
115
|
+
- name: rewrapManyDataKey
|
|
116
|
+
object: *clientEncryption0
|
|
117
|
+
arguments:
|
|
118
|
+
filter: { keyAltNames: { $ne: aws_key } }
|
|
119
|
+
opts:
|
|
120
|
+
provider: aws
|
|
121
|
+
# Different key: 89fcc2c4-08b0-4bd9-9f25-e30687b580d0 -> 061334ae-07a8-4ceb-a813-8135540e837d.
|
|
122
|
+
masterKey: &new_aws_masterkey
|
|
123
|
+
key: arn:aws:kms:us-east-1:579766882180:key/061334ae-07a8-4ceb-a813-8135540e837d
|
|
124
|
+
region: us-east-1
|
|
125
|
+
expectResult:
|
|
126
|
+
bulkWriteResult:
|
|
127
|
+
insertedCount: 0
|
|
128
|
+
matchedCount: 4
|
|
129
|
+
modifiedCount: 4
|
|
130
|
+
deletedCount: 0
|
|
131
|
+
upsertedCount: 0
|
|
132
|
+
upsertedIds: {}
|
|
133
|
+
expectEvents:
|
|
134
|
+
- client: *client0
|
|
135
|
+
events:
|
|
136
|
+
- commandStartedEvent:
|
|
137
|
+
databaseName: *database0Name
|
|
138
|
+
command:
|
|
139
|
+
find: *collection0Name
|
|
140
|
+
filter: { keyAltNames: { $ne: aws_key } }
|
|
141
|
+
readConcern: { level: majority }
|
|
142
|
+
- commandStartedEvent:
|
|
143
|
+
databaseName: *database0Name
|
|
144
|
+
command:
|
|
145
|
+
update: *collection0Name
|
|
146
|
+
ordered: true
|
|
147
|
+
updates:
|
|
148
|
+
- q: { _id: { $$type: binData } }
|
|
149
|
+
u: { $set: { masterKey: { provider: aws, <<: *new_aws_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
150
|
+
multi: { $$unsetOrMatches: false }
|
|
151
|
+
upsert: { $$unsetOrMatches: false }
|
|
152
|
+
- q: { _id: { $$type: binData } }
|
|
153
|
+
u: { $set: { masterKey: { provider: aws, <<: *new_aws_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
154
|
+
multi: { $$unsetOrMatches: false }
|
|
155
|
+
upsert: { $$unsetOrMatches: false }
|
|
156
|
+
- q: { _id: { $$type: binData } }
|
|
157
|
+
u: { $set: { masterKey: { provider: aws, <<: *new_aws_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
158
|
+
multi: { $$unsetOrMatches: false }
|
|
159
|
+
upsert: { $$unsetOrMatches: false }
|
|
160
|
+
- q: { _id: { $$type: binData } }
|
|
161
|
+
u: { $set: { masterKey: { provider: aws, <<: *new_aws_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
162
|
+
multi: { $$unsetOrMatches: false }
|
|
163
|
+
upsert: { $$unsetOrMatches: false }
|
|
164
|
+
writeConcern: { w: majority }
|
|
165
|
+
|
|
166
|
+
- description: "rewrap with new Azure KMS provider"
|
|
167
|
+
operations:
|
|
168
|
+
- name: rewrapManyDataKey
|
|
169
|
+
object: *clientEncryption0
|
|
170
|
+
arguments:
|
|
171
|
+
filter: { keyAltNames: { $ne: azure_key } }
|
|
172
|
+
opts:
|
|
173
|
+
provider: azure
|
|
174
|
+
masterKey: &new_azure_masterkey
|
|
175
|
+
keyVaultEndpoint: key-vault-csfle.vault.azure.net
|
|
176
|
+
keyName: key-name-csfle
|
|
177
|
+
expectResult:
|
|
178
|
+
bulkWriteResult:
|
|
179
|
+
insertedCount: 0
|
|
180
|
+
matchedCount: 4
|
|
181
|
+
modifiedCount: 4
|
|
182
|
+
deletedCount: 0
|
|
183
|
+
upsertedCount: 0
|
|
184
|
+
upsertedIds: {}
|
|
185
|
+
expectEvents:
|
|
186
|
+
- client: *client0
|
|
187
|
+
events:
|
|
188
|
+
- commandStartedEvent:
|
|
189
|
+
databaseName: *database0Name
|
|
190
|
+
command:
|
|
191
|
+
find: *collection0Name
|
|
192
|
+
filter: { keyAltNames: { $ne: azure_key } }
|
|
193
|
+
readConcern: { level: majority }
|
|
194
|
+
- commandStartedEvent:
|
|
195
|
+
databaseName: *database0Name
|
|
196
|
+
command:
|
|
197
|
+
update: *collection0Name
|
|
198
|
+
ordered: true
|
|
199
|
+
updates:
|
|
200
|
+
- q: { _id: { $$type: binData } }
|
|
201
|
+
u: { $set: { masterKey: { provider: azure, <<: *new_azure_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
202
|
+
multi: { $$unsetOrMatches: false }
|
|
203
|
+
upsert: { $$unsetOrMatches: false }
|
|
204
|
+
- q: { _id: { $$type: binData } }
|
|
205
|
+
u: { $set: { masterKey: { provider: azure, <<: *new_azure_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
206
|
+
multi: { $$unsetOrMatches: false }
|
|
207
|
+
upsert: { $$unsetOrMatches: false }
|
|
208
|
+
- q: { _id: { $$type: binData } }
|
|
209
|
+
u: { $set: { masterKey: { provider: azure, <<: *new_azure_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
210
|
+
multi: { $$unsetOrMatches: false }
|
|
211
|
+
upsert: { $$unsetOrMatches: false }
|
|
212
|
+
- q: { _id: { $$type: binData } }
|
|
213
|
+
u: { $set: { masterKey: { provider: azure, <<: *new_azure_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
214
|
+
multi: { $$unsetOrMatches: false }
|
|
215
|
+
upsert: { $$unsetOrMatches: false }
|
|
216
|
+
writeConcern: { w: majority }
|
|
217
|
+
|
|
218
|
+
- description: "rewrap with new GCP KMS provider"
|
|
219
|
+
operations:
|
|
220
|
+
- name: rewrapManyDataKey
|
|
221
|
+
object: *clientEncryption0
|
|
222
|
+
arguments:
|
|
223
|
+
filter: { keyAltNames: { $ne: gcp_key } }
|
|
224
|
+
opts:
|
|
225
|
+
provider: gcp
|
|
226
|
+
masterKey: &new_gcp_masterkey
|
|
227
|
+
projectId: devprod-drivers
|
|
228
|
+
location: global
|
|
229
|
+
keyRing: key-ring-csfle
|
|
230
|
+
keyName: key-name-csfle
|
|
231
|
+
expectResult:
|
|
232
|
+
bulkWriteResult:
|
|
233
|
+
insertedCount: 0
|
|
234
|
+
matchedCount: 4
|
|
235
|
+
modifiedCount: 4
|
|
236
|
+
deletedCount: 0
|
|
237
|
+
upsertedCount: 0
|
|
238
|
+
upsertedIds: {}
|
|
239
|
+
expectEvents:
|
|
240
|
+
- client: *client0
|
|
241
|
+
events:
|
|
242
|
+
- commandStartedEvent:
|
|
243
|
+
databaseName: *database0Name
|
|
244
|
+
command:
|
|
245
|
+
find: *collection0Name
|
|
246
|
+
filter: { keyAltNames: { $ne: gcp_key } }
|
|
247
|
+
readConcern: { level: majority }
|
|
248
|
+
- commandStartedEvent:
|
|
249
|
+
databaseName: *database0Name
|
|
250
|
+
command:
|
|
251
|
+
update: *collection0Name
|
|
252
|
+
ordered: true
|
|
253
|
+
updates:
|
|
254
|
+
- q: { _id: { $$type: binData } }
|
|
255
|
+
u: { $set: { masterKey: { provider: gcp, <<: *new_gcp_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
256
|
+
multi: { $$unsetOrMatches: false }
|
|
257
|
+
upsert: { $$unsetOrMatches: false }
|
|
258
|
+
- q: { _id: { $$type: binData } }
|
|
259
|
+
u: { $set: { masterKey: { provider: gcp, <<: *new_gcp_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
260
|
+
multi: { $$unsetOrMatches: false }
|
|
261
|
+
upsert: { $$unsetOrMatches: false }
|
|
262
|
+
- q: { _id: { $$type: binData } }
|
|
263
|
+
u: { $set: { masterKey: { provider: gcp, <<: *new_gcp_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
264
|
+
multi: { $$unsetOrMatches: false }
|
|
265
|
+
upsert: { $$unsetOrMatches: false }
|
|
266
|
+
- q: { _id: { $$type: binData } }
|
|
267
|
+
u: { $set: { masterKey: { provider: gcp, <<: *new_gcp_masterkey }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
268
|
+
multi: { $$unsetOrMatches: false }
|
|
269
|
+
upsert: { $$unsetOrMatches: false }
|
|
270
|
+
writeConcern: { w: majority }
|
|
271
|
+
|
|
272
|
+
- description: "rewrap with new KMIP KMS provider"
|
|
273
|
+
operations:
|
|
274
|
+
- name: rewrapManyDataKey
|
|
275
|
+
object: *clientEncryption0
|
|
276
|
+
arguments:
|
|
277
|
+
filter: { keyAltNames: { $ne: kmip_key } }
|
|
278
|
+
opts:
|
|
279
|
+
provider: kmip
|
|
280
|
+
expectResult:
|
|
281
|
+
bulkWriteResult:
|
|
282
|
+
insertedCount: 0
|
|
283
|
+
matchedCount: 4
|
|
284
|
+
modifiedCount: 4
|
|
285
|
+
deletedCount: 0
|
|
286
|
+
upsertedCount: 0
|
|
287
|
+
upsertedIds: {}
|
|
288
|
+
expectEvents:
|
|
289
|
+
- client: *client0
|
|
290
|
+
events:
|
|
291
|
+
- commandStartedEvent:
|
|
292
|
+
databaseName: *database0Name
|
|
293
|
+
command:
|
|
294
|
+
find: *collection0Name
|
|
295
|
+
filter: { keyAltNames: { $ne: kmip_key } }
|
|
296
|
+
readConcern: { level: majority }
|
|
297
|
+
- commandStartedEvent:
|
|
298
|
+
databaseName: *database0Name
|
|
299
|
+
command:
|
|
300
|
+
update: *collection0Name
|
|
301
|
+
ordered: true
|
|
302
|
+
updates:
|
|
303
|
+
- q: { _id: { $$type: binData } }
|
|
304
|
+
u: { $set: { masterKey: { provider: kmip, keyId: { $$type: string } }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
305
|
+
multi: { $$unsetOrMatches: false }
|
|
306
|
+
upsert: { $$unsetOrMatches: false }
|
|
307
|
+
- q: { _id: { $$type: binData } }
|
|
308
|
+
u: { $set: { masterKey: { provider: kmip, keyId: { $$type: string } }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
309
|
+
multi: { $$unsetOrMatches: false }
|
|
310
|
+
upsert: { $$unsetOrMatches: false }
|
|
311
|
+
- q: { _id: { $$type: binData } }
|
|
312
|
+
u: { $set: { masterKey: { provider: kmip, keyId: { $$type: string } }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
313
|
+
multi: { $$unsetOrMatches: false }
|
|
314
|
+
upsert: { $$unsetOrMatches: false }
|
|
315
|
+
- q: { _id: { $$type: binData } }
|
|
316
|
+
u: { $set: { masterKey: { provider: kmip, keyId: { $$type: string } }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
317
|
+
multi: { $$unsetOrMatches: false }
|
|
318
|
+
upsert: { $$unsetOrMatches: false }
|
|
319
|
+
writeConcern: { w: majority }
|
|
320
|
+
|
|
321
|
+
- description: "rewrap with new local KMS provider"
|
|
322
|
+
operations:
|
|
323
|
+
- name: rewrapManyDataKey
|
|
324
|
+
object: *clientEncryption0
|
|
325
|
+
arguments:
|
|
326
|
+
filter: { keyAltNames: { $ne: local_key } }
|
|
327
|
+
opts:
|
|
328
|
+
provider: local
|
|
329
|
+
expectResult:
|
|
330
|
+
bulkWriteResult:
|
|
331
|
+
insertedCount: 0
|
|
332
|
+
matchedCount: 4
|
|
333
|
+
modifiedCount: 4
|
|
334
|
+
deletedCount: 0
|
|
335
|
+
upsertedCount: 0
|
|
336
|
+
upsertedIds: {}
|
|
337
|
+
expectEvents:
|
|
338
|
+
- client: *client0
|
|
339
|
+
events:
|
|
340
|
+
- commandStartedEvent:
|
|
341
|
+
databaseName: *database0Name
|
|
342
|
+
command:
|
|
343
|
+
find: *collection0Name
|
|
344
|
+
filter: { keyAltNames: { $ne: local_key } }
|
|
345
|
+
readConcern: { level: majority }
|
|
346
|
+
- commandStartedEvent:
|
|
347
|
+
databaseName: *database0Name
|
|
348
|
+
command:
|
|
349
|
+
update: *collection0Name
|
|
350
|
+
ordered: true
|
|
351
|
+
updates:
|
|
352
|
+
- q: { _id: { $$type: binData } }
|
|
353
|
+
u: { $set: { masterKey: { provider: local }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
354
|
+
multi: { $$unsetOrMatches: false }
|
|
355
|
+
upsert: { $$unsetOrMatches: false }
|
|
356
|
+
- q: { _id: { $$type: binData } }
|
|
357
|
+
u: { $set: { masterKey: { provider: local }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
358
|
+
multi: { $$unsetOrMatches: false }
|
|
359
|
+
upsert: { $$unsetOrMatches: false }
|
|
360
|
+
- q: { _id: { $$type: binData } }
|
|
361
|
+
u: { $set: { masterKey: { provider: local }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
362
|
+
multi: { $$unsetOrMatches: false }
|
|
363
|
+
upsert: { $$unsetOrMatches: false }
|
|
364
|
+
- q: { _id: { $$type: binData } }
|
|
365
|
+
u: { $set: { masterKey: { provider: local }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
366
|
+
multi: { $$unsetOrMatches: false }
|
|
367
|
+
upsert: { $$unsetOrMatches: false }
|
|
368
|
+
writeConcern: { w: majority }
|
|
369
|
+
|
|
370
|
+
- description: "rewrap with current KMS provider"
|
|
371
|
+
operations:
|
|
372
|
+
- name: rewrapManyDataKey
|
|
373
|
+
object: *clientEncryption0
|
|
374
|
+
arguments:
|
|
375
|
+
filter: {}
|
|
376
|
+
expectResult:
|
|
377
|
+
bulkWriteResult:
|
|
378
|
+
insertedCount: 0
|
|
379
|
+
matchedCount: 5
|
|
380
|
+
modifiedCount: 5
|
|
381
|
+
deletedCount: 0
|
|
382
|
+
upsertedCount: 0
|
|
383
|
+
upsertedIds: {}
|
|
384
|
+
- name: find
|
|
385
|
+
object: *collection0
|
|
386
|
+
arguments:
|
|
387
|
+
filter: {}
|
|
388
|
+
projection: { masterKey: 1 }
|
|
389
|
+
sort: { keyAltNames: 1 }
|
|
390
|
+
expectResult:
|
|
391
|
+
- { _id: *aws_key_id, masterKey: *aws_masterkey }
|
|
392
|
+
- { _id: *azure_key_id, masterKey: *azure_masterkey }
|
|
393
|
+
- { _id: *gcp_key_id, masterKey: *gcp_masterkey }
|
|
394
|
+
- { _id: *kmip_key_id, masterKey: *kmip_masterkey }
|
|
395
|
+
- { _id: *local_key_id, masterKey: *local_masterkey }
|
|
396
|
+
expectEvents:
|
|
397
|
+
- client: *client0
|
|
398
|
+
events:
|
|
399
|
+
- commandStartedEvent:
|
|
400
|
+
databaseName: *database0Name
|
|
401
|
+
command:
|
|
402
|
+
find: *collection0Name
|
|
403
|
+
filter: {}
|
|
404
|
+
readConcern: { level: majority }
|
|
405
|
+
- commandStartedEvent:
|
|
406
|
+
databaseName: *database0Name
|
|
407
|
+
command:
|
|
408
|
+
update: *collection0Name
|
|
409
|
+
ordered: true
|
|
410
|
+
updates:
|
|
411
|
+
- q: { _id: { $$type: binData } }
|
|
412
|
+
u: { $set: { masterKey: { $$type: object }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
413
|
+
multi: { $$unsetOrMatches: false }
|
|
414
|
+
upsert: { $$unsetOrMatches: false }
|
|
415
|
+
- q: { _id: { $$type: binData } }
|
|
416
|
+
u: { $set: { masterKey: { $$type: object }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
417
|
+
multi: { $$unsetOrMatches: false }
|
|
418
|
+
upsert: { $$unsetOrMatches: false }
|
|
419
|
+
- q: { _id: { $$type: binData } }
|
|
420
|
+
u: { $set: { masterKey: { $$type: object }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
421
|
+
multi: { $$unsetOrMatches: false }
|
|
422
|
+
upsert: { $$unsetOrMatches: false }
|
|
423
|
+
- q: { _id: { $$type: binData } }
|
|
424
|
+
u: { $set: { masterKey: { $$type: object }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
425
|
+
multi: { $$unsetOrMatches: false }
|
|
426
|
+
upsert: { $$unsetOrMatches: false }
|
|
427
|
+
- q: { _id: { $$type: binData } }
|
|
428
|
+
u: { $set: { masterKey: { $$type: object }, keyMaterial: { $$type: binData } }, $currentDate: { updateDate: true } }
|
|
429
|
+
multi: { $$unsetOrMatches: false }
|
|
430
|
+
upsert: { $$unsetOrMatches: false }
|
|
431
|
+
writeConcern: { w: majority }
|
|
432
|
+
- commandStartedEvent: { commandName: find }
|
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
# This test requires libmongocrypt 1.5.0-alpha2.
|
|
2
|
+
runOn:
|
|
3
|
+
# Require server version 6.0.0 to get behavior added in SERVER-64911.
|
|
4
|
+
- minServerVersion: "6.0.0"
|
|
5
|
+
|
|
6
|
+
database_name: &database_name "default"
|
|
7
|
+
collection_name: &collection_name "default"
|
|
8
|
+
data: []
|
|
9
|
+
tests:
|
|
10
|
+
- description: "create with a validator on an unencrypted field is OK"
|
|
11
|
+
clientOptions:
|
|
12
|
+
autoEncryptOpts:
|
|
13
|
+
kmsProviders:
|
|
14
|
+
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
|
|
15
|
+
schemaMap:
|
|
16
|
+
"default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
|
|
17
|
+
operations:
|
|
18
|
+
# Drop to remove a collection that may exist from previous test runs.
|
|
19
|
+
- name: dropCollection
|
|
20
|
+
object: database
|
|
21
|
+
arguments:
|
|
22
|
+
collection: "encryptedCollection"
|
|
23
|
+
- name: createCollection
|
|
24
|
+
object: database
|
|
25
|
+
arguments:
|
|
26
|
+
collection: "encryptedCollection"
|
|
27
|
+
validator:
|
|
28
|
+
unencrypted_string: "foo"
|
|
29
|
+
- name: assertCollectionExists
|
|
30
|
+
object: testRunner
|
|
31
|
+
arguments:
|
|
32
|
+
database: *database_name
|
|
33
|
+
collection: "encryptedCollection"
|
|
34
|
+
- description: "create with a validator on an encrypted field is an error"
|
|
35
|
+
clientOptions:
|
|
36
|
+
autoEncryptOpts:
|
|
37
|
+
kmsProviders:
|
|
38
|
+
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
|
|
39
|
+
schemaMap:
|
|
40
|
+
"default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
|
|
41
|
+
operations:
|
|
42
|
+
# Drop to remove a collection that may exist from previous test runs.
|
|
43
|
+
- name: dropCollection
|
|
44
|
+
object: database
|
|
45
|
+
arguments:
|
|
46
|
+
collection: "encryptedCollection"
|
|
47
|
+
- name: createCollection
|
|
48
|
+
object: database
|
|
49
|
+
arguments:
|
|
50
|
+
collection: "encryptedCollection"
|
|
51
|
+
validator:
|
|
52
|
+
encrypted_string: "foo"
|
|
53
|
+
result:
|
|
54
|
+
errorContains: "Comparison to encrypted fields not supported"
|
|
55
|
+
- description: "collMod with a validator on an unencrypted field is OK"
|
|
56
|
+
clientOptions:
|
|
57
|
+
autoEncryptOpts:
|
|
58
|
+
kmsProviders:
|
|
59
|
+
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
|
|
60
|
+
schemaMap:
|
|
61
|
+
"default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
|
|
62
|
+
operations:
|
|
63
|
+
# Drop to remove a collection that may exist from previous test runs.
|
|
64
|
+
- name: dropCollection
|
|
65
|
+
object: database
|
|
66
|
+
arguments:
|
|
67
|
+
collection: "encryptedCollection"
|
|
68
|
+
- name: createCollection
|
|
69
|
+
object: database
|
|
70
|
+
arguments:
|
|
71
|
+
collection: "encryptedCollection"
|
|
72
|
+
- name: runCommand
|
|
73
|
+
object: database
|
|
74
|
+
arguments:
|
|
75
|
+
command:
|
|
76
|
+
collMod: "encryptedCollection"
|
|
77
|
+
validator:
|
|
78
|
+
unencrypted_string: "foo"
|
|
79
|
+
- description: "collMod with a validator on an encrypted field is an error"
|
|
80
|
+
clientOptions:
|
|
81
|
+
autoEncryptOpts:
|
|
82
|
+
kmsProviders:
|
|
83
|
+
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
|
|
84
|
+
schemaMap:
|
|
85
|
+
"default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
|
|
86
|
+
operations:
|
|
87
|
+
# Drop to remove a collection that may exist from previous test runs.
|
|
88
|
+
- name: dropCollection
|
|
89
|
+
object: database
|
|
90
|
+
arguments:
|
|
91
|
+
collection: "encryptedCollection"
|
|
92
|
+
- name: createCollection
|
|
93
|
+
object: database
|
|
94
|
+
arguments:
|
|
95
|
+
collection: "encryptedCollection"
|
|
96
|
+
- name: runCommand
|
|
97
|
+
object: database
|
|
98
|
+
arguments:
|
|
99
|
+
command:
|
|
100
|
+
collMod: "encryptedCollection"
|
|
101
|
+
validator:
|
|
102
|
+
encrypted_string: "foo"
|
|
103
|
+
result:
|
|
104
|
+
errorContains: "Comparison to encrypted fields not supported"
|
|
105
|
+
- description: "createIndexes with a partialFilterExpression on an unencrypted field is OK"
|
|
106
|
+
clientOptions:
|
|
107
|
+
autoEncryptOpts:
|
|
108
|
+
kmsProviders:
|
|
109
|
+
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
|
|
110
|
+
schemaMap:
|
|
111
|
+
"default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
|
|
112
|
+
operations:
|
|
113
|
+
# Drop to remove a collection that may exist from previous test runs.
|
|
114
|
+
- name: dropCollection
|
|
115
|
+
object: database
|
|
116
|
+
arguments:
|
|
117
|
+
collection: "encryptedCollection"
|
|
118
|
+
- name: createCollection
|
|
119
|
+
object: database
|
|
120
|
+
arguments:
|
|
121
|
+
collection: "encryptedCollection"
|
|
122
|
+
- name: runCommand
|
|
123
|
+
object: database
|
|
124
|
+
arguments:
|
|
125
|
+
command:
|
|
126
|
+
createIndexes: "encryptedCollection"
|
|
127
|
+
indexes:
|
|
128
|
+
- name: "name"
|
|
129
|
+
key: { name: 1 }
|
|
130
|
+
partialFilterExpression:
|
|
131
|
+
unencrypted_string: "foo"
|
|
132
|
+
- name: assertIndexExists
|
|
133
|
+
object: testRunner
|
|
134
|
+
arguments:
|
|
135
|
+
database: *database_name
|
|
136
|
+
collection: "encryptedCollection"
|
|
137
|
+
index: name
|
|
138
|
+
- description: "createIndexes with a partialFilterExpression on an encrypted field is an error"
|
|
139
|
+
clientOptions:
|
|
140
|
+
autoEncryptOpts:
|
|
141
|
+
kmsProviders:
|
|
142
|
+
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
|
|
143
|
+
schemaMap:
|
|
144
|
+
"default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
|
|
145
|
+
operations:
|
|
146
|
+
# Drop to remove a collection that may exist from previous test runs.
|
|
147
|
+
- name: dropCollection
|
|
148
|
+
object: database
|
|
149
|
+
arguments:
|
|
150
|
+
collection: "encryptedCollection"
|
|
151
|
+
- name: createCollection
|
|
152
|
+
object: database
|
|
153
|
+
arguments:
|
|
154
|
+
collection: "encryptedCollection"
|
|
155
|
+
- name: runCommand
|
|
156
|
+
object: database
|
|
157
|
+
arguments:
|
|
158
|
+
command:
|
|
159
|
+
createIndexes: "encryptedCollection"
|
|
160
|
+
indexes:
|
|
161
|
+
- name: "name"
|
|
162
|
+
key: { name: 1 }
|
|
163
|
+
partialFilterExpression:
|
|
164
|
+
encrypted_string: "foo"
|
|
165
|
+
result:
|
|
166
|
+
errorContains: "Comparison to encrypted fields not supported"
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
description: "bulkWrite"
|
|
2
|
+
|
|
3
|
+
schemaVersion: "1.0"
|
|
4
|
+
|
|
5
|
+
createEntities:
|
|
6
|
+
- client:
|
|
7
|
+
id: &client client
|
|
8
|
+
observeEvents:
|
|
9
|
+
- commandStartedEvent
|
|
10
|
+
- commandSucceededEvent
|
|
11
|
+
- commandFailedEvent
|
|
12
|
+
- database:
|
|
13
|
+
id: &database database
|
|
14
|
+
client: *client
|
|
15
|
+
databaseName: &databaseName command-monitoring-tests
|
|
16
|
+
- collection:
|
|
17
|
+
id: &collection collection
|
|
18
|
+
database: *database
|
|
19
|
+
collectionName: &collectionName test
|
|
20
|
+
|
|
21
|
+
initialData:
|
|
22
|
+
- collectionName: *collectionName
|
|
23
|
+
databaseName: *databaseName
|
|
24
|
+
documents:
|
|
25
|
+
- { _id: 1, x: 11 }
|
|
26
|
+
- { _id: 2, x: 22 }
|
|
27
|
+
- { _id: 3, x: 33 }
|
|
28
|
+
|
|
29
|
+
tests:
|
|
30
|
+
- description: "A successful mixed bulk write"
|
|
31
|
+
operations:
|
|
32
|
+
- name: bulkWrite
|
|
33
|
+
object: *collection
|
|
34
|
+
arguments:
|
|
35
|
+
requests:
|
|
36
|
+
- insertOne:
|
|
37
|
+
document: { _id: 4, x: 44 }
|
|
38
|
+
- updateOne:
|
|
39
|
+
filter: { _id: 3 }
|
|
40
|
+
update: { $set: { x: 333 } }
|
|
41
|
+
expectEvents:
|
|
42
|
+
- client: *client
|
|
43
|
+
events:
|
|
44
|
+
- commandStartedEvent:
|
|
45
|
+
command:
|
|
46
|
+
insert: *collectionName
|
|
47
|
+
documents:
|
|
48
|
+
- { _id: 4, x: 44 }
|
|
49
|
+
ordered: true
|
|
50
|
+
commandName: insert
|
|
51
|
+
databaseName: *databaseName
|
|
52
|
+
- commandSucceededEvent:
|
|
53
|
+
reply: { ok: 1, n: 1 }
|
|
54
|
+
commandName: insert
|
|
55
|
+
- commandStartedEvent:
|
|
56
|
+
command:
|
|
57
|
+
update: *collectionName
|
|
58
|
+
updates:
|
|
59
|
+
- q: {_id: 3 }
|
|
60
|
+
u: { $set: { x: 333 } }
|
|
61
|
+
upsert: { $$unsetOrMatches: false }
|
|
62
|
+
multi: { $$unsetOrMatches: false }
|
|
63
|
+
ordered: true
|
|
64
|
+
commandName: update
|
|
65
|
+
databaseName: *databaseName
|
|
66
|
+
- commandSucceededEvent:
|
|
67
|
+
reply: { ok: 1, n: 1 }
|
|
68
|
+
commandName: update
|