mongodb/mongo-python-driver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PYTHON-3241 Add Queryable Encryption API to AutoEncryptionOpts (#957)

Browse Source
This commit is contained in:
Julius Park 2022-06-06 09:33:31 -07:00 committed by GitHub
parent d98e44e27e
commit 6b088ffa4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
70 changed files with 12489 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pymongo/collection.py
View File

@ -35,7 +35,7 @@ from bson.objectid import ObjectId
from bson.raw_bson import RawBSONDocument
from bson.son import SON
from bson.timestamp import Timestamp
from pymongo import common, helpers, message
from pymongo import ASCENDING, common, helpers, message
from pymongo.aggregation import (
_CollectionAggregationCommand,
_CollectionRawAggregationCommand,
@ -44,6 +44,7 @@ from pymongo.bulk import _Bulk
from pymongo.change_stream import CollectionChangeStream
from pymongo.collation import validate_collation_or_none
from pymongo.command_cursor import CommandCursor, RawBatchCommandCursor
from pymongo.common import _ecc_coll_name, _ecoc_coll_name, _esc_coll_name
from pymongo.cursor import Cursor, RawBatchCursor
from pymongo.errors import (
ConfigurationError,
@ -115,6 +116,7 @@ class Collection(common.BaseObject, Generic[_DocumentType]):
write_concern: Optional[WriteConcern] = None,
read_concern: Optional["ReadConcern"] = None,
session: Optional["ClientSession"] = None,
encrypted_fields: Optional[Mapping[str, Any]] = None,
**kwargs: Any,
) -> None:
"""Get / create a Mongo collection.
@ -197,7 +199,6 @@ class Collection(common.BaseObject, Generic[_DocumentType]):
write_concern or database.write_concern,
read_concern or database.read_concern,
)
if not isinstance(name, str):
raise TypeError("name must be an instance of str")
@ -215,7 +216,16 @@ class Collection(common.BaseObject, Generic[_DocumentType]):
self.__name = name
self.__full_name = "%s.%s" % (self.__database.name, self.__name)
if create or kwargs or collation:
self.__create(kwargs, collation, session)
if encrypted_fields:
common.validate_is_mapping("encrypted_fields", encrypted_fields)
opts = {"clusteredIndex": {"key": {"_id": 1}, "unique": True}}
self.__create(_esc_coll_name(encrypted_fields, name), opts, None, session)
self.__create(_ecc_coll_name(encrypted_fields, name), opts, None, session)
self.__create(_ecoc_coll_name(encrypted_fields, name), opts, None, session)
self.__create(name, kwargs, collation, session, encrypted_fields=encrypted_fields)
self.create_index([("__safeContent__", ASCENDING)], session)
else:
self.__create(name, kwargs, collation, session)
self.__write_response_codec_options = self.codec_options._replace(
unicode_decode_error_handler="replace", document_class=dict
@ -286,9 +296,12 @@ class Collection(common.BaseObject, Generic[_DocumentType]):
user_fields=user_fields,
)
def __create(self, options, collation, session):
def __create(self, name, options, collation, session, encrypted_fields=None):
"""Sends a create command with the given options."""
cmd = SON([("create", self.__name)])
cmd = SON([("create", name)])
if encrypted_fields:
cmd["encryptedFields"] = encrypted_fields
if options:
if "size" in options:
options["size"] = float(options["size"])

12
pymongo/common.py
View File

@ -792,6 +792,18 @@ def get_validated_options(
return validated_options
def _esc_coll_name(encrypted_fields, name):
return encrypted_fields.get("escCollection", f"enxcol_.{name}.esc")
def _ecc_coll_name(encrypted_fields, name):
return encrypted_fields.get("eccCollection", f"enxcol_.{name}.ecc")
def _ecoc_coll_name(encrypted_fields, name):
return encrypted_fields.get("ecocCollection", f"enxcol_.{name}.ecoc")
# List of write-concern-related options.
WRITE_CONCERN_OPTIONS = frozenset(["w", "wtimeout", "wtimeoutms", "fsync", "j", "journal"])

117
pymongo/database.py
View File

@ -38,6 +38,7 @@ from pymongo.aggregation import _DatabaseAggregationCommand
from pymongo.change_stream import DatabaseChangeStream
from pymongo.collection import Collection
from pymongo.command_cursor import CommandCursor
from pymongo.common import _ecc_coll_name, _ecoc_coll_name, _esc_coll_name
from pymongo.errors import CollectionInvalid, InvalidName
from pymongo.read_preferences import ReadPreference, _ServerMode
from pymongo.typings import _CollationIn, _DocumentType, _Pipeline
@ -290,6 +291,7 @@ class Database(common.BaseObject, Generic[_DocumentType]):
write_concern: Optional["WriteConcern"] = None,
read_concern: Optional["ReadConcern"] = None,
session: Optional["ClientSession"] = None,
encrypted_fields: Optional[Mapping[str, Any]] = None,
**kwargs: Any,
) -> Collection[_DocumentType]:
"""Create a new :class:`~pymongo.collection.Collection` in this
@ -321,6 +323,29 @@ class Database(common.BaseObject, Generic[_DocumentType]):
:class:`~pymongo.collation.Collation`.
- `session` (optional): a
:class:`~pymongo.client_session.ClientSession`.
- `encrypted_fields`: Document that describes the encrypted fields for Queryable
Encryption.
For example::
{
"escCollection": "enxcol_.encryptedCollection.esc",
"eccCollection": "enxcol_.encryptedCollection.ecc",
"ecocCollection": "enxcol_.encryptedCollection.ecoc",
"fields": [
{
"path": "firstName",
"keyId": Binary.from_uuid(UUID('00000000-0000-0000-0000-000000000000')),
"bsonType": "string",
"queries": {"queryType": "equality"}
},
{
"path": "ssn",
"keyId": Binary.from_uuid(UUID('04104104-1041-0410-4104-104104104104')),
"bsonType": "string"
}
]
} }
- `**kwargs` (optional): additional keyword arguments will
be passed as options for the `create collection command`_
@ -369,6 +394,17 @@ class Database(common.BaseObject, Generic[_DocumentType]):
.. _create collection command:
https://mongodb.com/docs/manual/reference/command/create
"""
if (
not encrypted_fields
and self.client.options.auto_encryption_opts
and self.client.options.auto_encryption_opts._encrypted_fields_map
):
encrypted_fields = self.client.options.auto_encryption_opts._encrypted_fields_map.get(
"%s.%s" % (self.name, name)
)
if encrypted_fields:
common.validate_is_mapping("encrypted_fields", encrypted_fields)
with self.__client._tmp_session(session) as s:
# Skip this check in a transaction where listCollections is not
# supported.
@ -376,7 +412,6 @@ class Database(common.BaseObject, Generic[_DocumentType]):
filter={"name": name}, session=s
):
raise CollectionInvalid("collection %s already exists" % name)
return Collection(
self,
name,
@ -386,6 +421,7 @@ class Database(common.BaseObject, Generic[_DocumentType]):
write_concern,
read_concern,
session=s,
encrypted_fields=encrypted_fields,
**kwargs,
)
@ -874,11 +910,27 @@ class Database(common.BaseObject, Generic[_DocumentType]):
return [result["name"] for result in self.list_collections(session=session, **kwargs)]
def _drop_helper(self, name, session=None, comment=None):
command = SON([("drop", name)])
if comment is not None:
command["comment"] = comment
with self.__client._socket_for_writes(session) as sock_info:
return self._command(
sock_info,
command,
allowable_errors=["ns not found", 26],
write_concern=self._write_concern_for(session),
parse_write_concern_error=True,
session=session,
)
def drop_collection(
self,
name_or_collection: Union[str, Collection],
session: Optional["ClientSession"] = None,
comment: Optional[Any] = None,
encrypted_fields: Optional[Mapping[str, Any]] = None,
) -> Dict[str, Any]:
"""Drop a collection.
@ -889,6 +941,29 @@ class Database(common.BaseObject, Generic[_DocumentType]):
:class:`~pymongo.client_session.ClientSession`.
- `comment` (optional): A user-provided comment to attach to this
command.
- `encrypted_fields`: Document that describes the encrypted fields for Queryable
Encryption.
For example::
{
"escCollection": "enxcol_.encryptedCollection.esc",
"eccCollection": "enxcol_.encryptedCollection.ecc",
"ecocCollection": "enxcol_.encryptedCollection.ecoc",
"fields": [
{
"path": "firstName",
"keyId": Binary.from_uuid(UUID('00000000-0000-0000-0000-000000000000')),
"bsonType": "string",
"queries": {"queryType": "equality"}
},
{
"path": "ssn",
"keyId": Binary.from_uuid(UUID('04104104-1041-0410-4104-104104104104')),
"bsonType": "string"
}
]
}
.. note:: The :attr:`~pymongo.database.Database.write_concern` of
@ -911,20 +986,34 @@ class Database(common.BaseObject, Generic[_DocumentType]):
if not isinstance(name, str):
raise TypeError("name_or_collection must be an instance of str")
command = SON([("drop", name)])
if comment is not None:
command["comment"] = comment
with self.__client._socket_for_writes(session) as sock_info:
return self._command(
sock_info,
command,
allowable_errors=["ns not found", 26],
write_concern=self._write_concern_for(session),
parse_write_concern_error=True,
session=session,
full_name = "%s.%s" % (self.name, name)
if (
not encrypted_fields
and self.client.options.auto_encryption_opts
and self.client.options.auto_encryption_opts._encrypted_fields_map
):
encrypted_fields = self.client.options.auto_encryption_opts._encrypted_fields_map.get(
full_name
)
if not encrypted_fields and self.client.options.auto_encryption_opts:
colls = list(
self.list_collections(filter={"name": name}, session=session, comment=comment)
)
if colls and colls[0]["options"].get("encryptedFields"):
encrypted_fields = colls[0]["options"]["encryptedFields"]
if encrypted_fields:
common.validate_is_mapping("encrypted_fields", encrypted_fields)
self._drop_helper(
_esc_coll_name(encrypted_fields, name), session=session, comment=comment
)
self._drop_helper(
_ecc_coll_name(encrypted_fields, name), session=session, comment=comment
)
self._drop_helper(
_ecoc_coll_name(encrypted_fields, name), session=session, comment=comment
)
return self._drop_helper(name, session, comment)
def validate_collection(
self,

6
pymongo/encryption.py
View File

@ -264,6 +264,11 @@ class _Encrypter(object):
schema_map = None
else:
schema_map = _dict_to_bson(opts._schema_map, False, _DATA_KEY_OPTS)
if opts._encrypted_fields_map is None:
encrypted_fields_map = None
else:
encrypted_fields_map = _dict_to_bson(opts._encrypted_fields_map, False, _DATA_KEY_OPTS)
self._bypass_auto_encryption = opts._bypass_auto_encryption
self._internal_client = None
@ -304,6 +309,7 @@ class _Encrypter(object):
crypt_shared_lib_path=opts._crypt_shared_lib_path,
crypt_shared_lib_required=opts._crypt_shared_lib_required,
bypass_encryption=opts._bypass_auto_encryption,
encrypted_fields_map=encrypted_fields_map,
bypass_query_analysis=opts._bypass_query_analysis,
),
)

33
pymongo/encryption_options.py
View File

@ -23,6 +23,7 @@ try:
except ImportError:
_HAVE_PYMONGOCRYPT = False
from pymongo.common import validate_is_mapping
from pymongo.errors import ConfigurationError
from pymongo.uri_parser import _parse_kms_tls_options
@ -48,6 +49,7 @@ class AutoEncryptionOpts(object):
crypt_shared_lib_path: Optional[str] = None,
crypt_shared_lib_required: bool = False,
bypass_query_analysis: bool = False,
encrypted_fields_map: Optional[Mapping] = None,
) -> None:
"""Options to configure automatic client-side field level encryption.
@ -150,10 +152,33 @@ class AutoEncryptionOpts(object):
outgoing commands. Set `bypass_query_analysis` to use explicit
encryption on indexed fields without the MongoDB Enterprise Advanced
licensed crypt_shared library.
- `encrypted_fields_map`: Map of collection namespace ("db.coll") to documents that
described the encrypted fields for Queryable Encryption. For example::
{
"db.encryptedCollection": {
"escCollection": "enxcol_.encryptedCollection.esc",
"eccCollection": "enxcol_.encryptedCollection.ecc",
"ecocCollection": "enxcol_.encryptedCollection.ecoc",
"fields": [
{
"path": "firstName",
"keyId": Binary.from_uuid(UUID('00000000-0000-0000-0000-000000000000')),
"bsonType": "string",
"queries": {"queryType": "equality"}
},
{
"path": "ssn",
"keyId": Binary.from_uuid(UUID('04104104-1041-0410-4104-104104104104')),
"bsonType": "string"
}
]
}
}
.. versionchanged:: 4.2
Added `crypt_shared_lib_path`, `crypt_shared_lib_required`, and `bypass_query_analysis`
parameters.
Added `encrypted_fields_map` `crypt_shared_lib_path`, `crypt_shared_lib_required`,
and `bypass_query_analysis` parameters.
.. versionchanged:: 4.0
Added the `kms_tls_options` parameter and the "kmip" KMS provider.
@ -166,6 +191,10 @@ class AutoEncryptionOpts(object):
"install a compatible version with: "
"python -m pip install 'pymongo[encryption]'"
)
if encrypted_fields_map:
validate_is_mapping("encrypted_fields_map", encrypted_fields_map)
self._encrypted_fields_map = encrypted_fields_map
self._bypass_query_analysis = bypass_query_analysis
self._crypt_shared_lib_path = crypt_shared_lib_path
self._crypt_shared_lib_required = crypt_shared_lib_required
self._kms_providers = kms_providers

0
test/client-side-encryption/spec/aggregate.json → test/client-side-encryption/spec/legacy/aggregate.json
View File

0
test/client-side-encryption/spec/awsTemporary.json → test/client-side-encryption/spec/legacy/awsTemporary.json
View File

0
test/client-side-encryption/spec/azureKMS.json → test/client-side-encryption/spec/legacy/azureKMS.json
View File

0
test/client-side-encryption/spec/badQueries.json → test/client-side-encryption/spec/legacy/badQueries.json
View File

0
test/client-side-encryption/spec/badSchema.json → test/client-side-encryption/spec/legacy/badSchema.json
View File

0
test/client-side-encryption/spec/basic.json → test/client-side-encryption/spec/legacy/basic.json
View File

0
test/client-side-encryption/spec/bulk.json → test/client-side-encryption/spec/legacy/bulk.json
View File

0
test/client-side-encryption/spec/bypassAutoEncryption.json → test/client-side-encryption/spec/legacy/bypassAutoEncryption.json
View File

0
test/client-side-encryption/spec/bypassedCommand.json → test/client-side-encryption/spec/legacy/bypassedCommand.json
View File

0
test/client-side-encryption/spec/count.json → test/client-side-encryption/spec/legacy/count.json
View File

0
test/client-side-encryption/spec/countDocuments.json → test/client-side-encryption/spec/legacy/countDocuments.json
View File

115
test/client-side-encryption/spec/legacy/create-and-createIndexes.json Normal file
View File

@ -0,0 +1,115 @@
{
"runOn": [
{
"minServerVersion": "4.1.10"
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"tests": [
{
"description": "create is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "unencryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "unencryptedCollection",
"validator": {
"unencrypted_string": "foo"
}
}
},
{
"name": "assertCollectionExists",
"object": "testRunner",
"arguments": {
"database": "default",
"collection": "unencryptedCollection"
}
}
]
},
{
"description": "createIndexes is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "unencryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "unencryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"createIndexes": "unencryptedCollection",
"indexes": [
{
"name": "name",
"key": {
"name": 1
}
}
]
}
}
},
{
"name": "assertIndexExists",
"object": "testRunner",
"arguments": {
"database": "default",
"collection": "unencryptedCollection",
"index": "name"
}
}
]
}
]
}

0
test/client-side-encryption/spec/delete.json → test/client-side-encryption/spec/legacy/delete.json
View File

0
test/client-side-encryption/spec/distinct.json → test/client-side-encryption/spec/legacy/distinct.json
View File

0
test/client-side-encryption/spec/explain.json → test/client-side-encryption/spec/legacy/explain.json
View File

0
test/client-side-encryption/spec/find.json → test/client-side-encryption/spec/legacy/find.json
View File

0
test/client-side-encryption/spec/findOneAndDelete.json → test/client-side-encryption/spec/legacy/findOneAndDelete.json
View File

0
test/client-side-encryption/spec/findOneAndReplace.json → test/client-side-encryption/spec/legacy/findOneAndReplace.json
View File

0
test/client-side-encryption/spec/findOneAndUpdate.json → test/client-side-encryption/spec/legacy/findOneAndUpdate.json
View File

289
test/client-side-encryption/spec/legacy/fle2-BypassQueryAnalysis.json Normal file
View File

@ -0,0 +1,289 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
},
{
"_id": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "BypassQueryAnalysis decrypts",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"bypassQueryAnalysis": true
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": {
"$binary": {
"base64": "BHEBAAAFZAAgAAAAAHb62aV7+mqmaGcotPLdG3KP7S8diFwWMLM/5rYtqLrEBXMAIAAAAAAVJ6OWHRv3OtCozHpt3ZzfBhaxZirLv3B+G8PuaaO4EgVjACAAAAAAsZXWOWA+UiCBbrJNB6bHflB/cn7pWSvwWN2jw4FPeIUFcABQAAAAAMdD1nV2nqeI1eXEQNskDflCy8I7/HvvqDKJ6XxjhrPQWdLqjz+8GosGUsB7A8ee/uG9/guENuL25XD+Fxxkv1LLXtavHOlLF7iW0u9yabqqBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AE0AAAAAq83vqxI0mHYSNBI0VniQEkzZZBBDgeZh+h+gXEmOrSFtVvkUcnHWj/rfPW7iJ0G3UJ8zpuBmUM/VjOMJCY4+eDqdTiPIwX+/vNXegc8FZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsAA==",
"subType": "06"
}
}
}
}
},
{
"name": "find",
"arguments": {
"filter": {
"_id": 1
}
},
"result": [
{
"_id": 1,
"encryptedIndexed": "value123"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$binary": {
"base64": "BHEBAAAFZAAgAAAAAHb62aV7+mqmaGcotPLdG3KP7S8diFwWMLM/5rYtqLrEBXMAIAAAAAAVJ6OWHRv3OtCozHpt3ZzfBhaxZirLv3B+G8PuaaO4EgVjACAAAAAAsZXWOWA+UiCBbrJNB6bHflB/cn7pWSvwWN2jw4FPeIUFcABQAAAAAMdD1nV2nqeI1eXEQNskDflCy8I7/HvvqDKJ6XxjhrPQWdLqjz+8GosGUsB7A8ee/uG9/guENuL25XD+Fxxkv1LLXtavHOlLF7iW0u9yabqqBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AE0AAAAAq83vqxI0mHYSNBI0VniQEkzZZBBDgeZh+h+gXEmOrSFtVvkUcnHWj/rfPW7iJ0G3UJ8zpuBmUM/VjOMJCY4+eDqdTiPIwX+/vNXegc8FZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsAA==",
"subType": "06"
}
}
}
],
"ordered": true
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"_id": 1
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
},
"__safeContent__": [
{
"$binary": {
"base64": "ThpoKfQ8AkOzkFfNC1+9PF0pY2nIzfXvRdxQgjkNbBw=",
"subType": "00"
}
}
]
}
]
}
}
}
]
}

232
test/client-side-encryption/spec/legacy/fle2-Compact.json Normal file
View File

@ -0,0 +1,232 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
},
{
"_id": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "Compact works",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "runCommand",
"object": "database",
"command_name": "compactStructuredEncryptionData",
"arguments": {
"command": {
"compactStructuredEncryptionData": "default"
}
}
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
{
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"compactStructuredEncryptionData": "default",
"compactionTokens": {
"encryptedIndexed": {
"$binary": {
"base64": "noN+05JsuO1oDg59yypIGj45i+eFH6HOTXOPpeZ//Mk=",
"subType": "00"
}
},
"encryptedUnindexed": {
"$binary": {
"base64": "SWO8WEoZ2r2Kx/muQKb7+COizy85nIIUFiHh4K9kcvA=",
"subType": "00"
}
}
}
},
"command_name": "compactStructuredEncryptionData"
}
}
]
},
{
"description": "Compact errors on an unencrypted client",
"operations": [
{
"name": "runCommand",
"object": "database",
"command_name": "compactStructuredEncryptionData",
"arguments": {
"command": {
"compactStructuredEncryptionData": "default"
}
},
"result": {
"errorContains": "'compactStructuredEncryptionData.compactionTokens' is missing"
}
}
]
}
]
}

2239
test/client-side-encryption/spec/legacy/fle2-CreateCollection.json Normal file
View File

File diff suppressed because it is too large Load Diff

148
test/client-side-encryption/spec/legacy/fle2-DecryptExistingData.json Normal file
View File

@ -0,0 +1,148 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [
{
"_id": 1,
"encryptedUnindexed": {
"$binary": {
"base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
"subType": "06"
}
}
}
],
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "FLE2 decrypt of existing data succeeds",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "find",
"arguments": {
"filter": {
"_id": 1
}
},
"result": [
{
"_id": 1,
"encryptedUnindexed": "value123"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"_id": 1
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
}
]
}
]
}

305
test/client-side-encryption/spec/legacy/fle2-Delete.json Normal file
View File

@ -0,0 +1,305 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "Delete can query an FLE2 indexed field",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "value123"
}
}
},
{
"name": "deleteOne",
"arguments": {
"filter": {
"encryptedIndexed": "value123"
}
},
"result": {
"deletedCount": 1
}
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
}
}
],
"ordered": true,
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"delete": "default",
"deletes": [
{
"q": {
"encryptedIndexed": {
"$eq": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
},
"limit": 1
}
],
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
},
"deleteTokens": {
"default.default": {
"encryptedIndexed": {
"e": {
"$binary": {
"base64": "65pz95EthqQpfoHS9nWvdCh05AV+OokP7GUaI+7j8+w=",
"subType": "00"
}
},
"o": {
"$binary": {
"base64": "noN+05JsuO1oDg59yypIGj45i+eFH6HOTXOPpeZ//Mk=",
"subType": "00"
}
}
}
}
}
}
},
"command_name": "delete"
}
}
],
"outcome": {
"collection": {
"data": []
}
}
}
]
}

217
test/client-side-encryption/spec/legacy/fle2-EncryptedFields-vs-EncryptedFieldsMap.json Normal file
View File

@ -0,0 +1,217 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "encryptedFieldsMap is preferred over remote encryptedFields",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.default": {
"escCollection": "esc",
"eccCollection": "ecc",
"ecocCollection": "ecoc",
"fields": []
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedUnindexed": {
"$binary": {
"base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
"subType": "06"
}
}
}
}
},
{
"name": "find",
"arguments": {
"filter": {
"_id": 1
}
},
"result": [
{
"_id": 1,
"encryptedUnindexed": "value123"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedUnindexed": {
"$binary": {
"base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
"subType": "06"
}
}
}
],
"ordered": true
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"_id": 1
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedUnindexed": {
"$binary": {
"base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
"subType": "06"
}
}
}
]
}
}
}
]
}

304
test/client-side-encryption/spec/legacy/fle2-EncryptedFields-vs-jsonSchema.json Normal file
View File

@ -0,0 +1,304 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"json_schema": {
"properties": {},
"bsonType": "object"
},
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "encryptedFields is preferred over jsonSchema",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "123"
}
}
},
{
"name": "find",
"arguments": {
"filter": {
"encryptedIndexed": "123"
}
},
"result": [
{
"_id": 1,
"encryptedIndexed": "123"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
}
}
],
"ordered": true,
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"encryptedIndexed": {
"$eq": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVjACAAAAAAWuidNu47c9A4Clic3DvFhn1AQJVC+FJtoE5bGZuz6PsSY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
},
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "find"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
},
"__safeContent__": [
{
"$binary": {
"base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=",
"subType": "00"
}
}
]
}
]
}
}
}
]
}

105
test/client-side-encryption/spec/legacy/fle2-EncryptedFieldsMap-defaults.json Normal file
View File

@ -0,0 +1,105 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"key_vault_data": [],
"tests": [
{
"description": "default state collections are applied to encryptionInformation",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.default": {
"fields": []
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"foo": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAE8KGPgq7h3n9nH5lfHcia8wtOTLwGkZNLBesb6PULqbBXMAIAAAAACq0558QyD3c3jkR5k0Zc9UpQK8ByhXhtn2d1xVQnuJ3AVjACAAAAAA1003zUWGwD4zVZ0KeihnZOthS3V6CEHUfnJZcIYHefISY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
}
}
],
"expectations": [
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"foo": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAE8KGPgq7h3n9nH5lfHcia8wtOTLwGkZNLBesb6PULqbBXMAIAAAAACq0558QyD3c3jkR5k0Zc9UpQK8ByhXhtn2d1xVQnuJ3AVjACAAAAAA1003zUWGwD4zVZ0KeihnZOthS3V6CEHUfnJZcIYHefISY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
],
"encryptionInformation": {
"type": {
"$numberInt": "1"
},
"schema": {
"default.default": {
"fields": [],
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc"
}
}
},
"ordered": true
},
"command_name": "insert"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"foo": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAE8KGPgq7h3n9nH5lfHcia8wtOTLwGkZNLBesb6PULqbBXMAIAAAAACq0558QyD3c3jkR5k0Zc9UpQK8ByhXhtn2d1xVQnuJ3AVjACAAAAAA1003zUWGwD4zVZ0KeihnZOthS3V6CEHUfnJZcIYHefISY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
]
}
}
}
]
}

602
test/client-side-encryption/spec/legacy/fle2-FindOneAndUpdate.json Normal file
View File

@ -0,0 +1,602 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "findOneAndUpdate can query an FLE2 indexed field",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "value123"
}
}
},
{
"name": "findOneAndUpdate",
"arguments": {
"filter": {
"encryptedIndexed": "value123"
},
"update": {
"$set": {
"foo": "bar"
}
},
"returnDocument": "Before"
},
"result": {
"_id": 1,
"encryptedIndexed": "value123"
}
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
}
}
],
"ordered": true,
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"findAndModify": "default",
"query": {
"encryptedIndexed": {
"$eq": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
},
"update": {
"$set": {
"foo": "bar"
}
},
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
},
"deleteTokens": {
"default.default": {
"encryptedIndexed": {
"e": {
"$binary": {
"base64": "65pz95EthqQpfoHS9nWvdCh05AV+OokP7GUaI+7j8+w=",
"subType": "00"
}
},
"o": {
"$binary": {
"base64": "noN+05JsuO1oDg59yypIGj45i+eFH6HOTXOPpeZ//Mk=",
"subType": "00"
}
}
}
}
}
}
},
"command_name": "findAndModify"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
},
"foo": "bar",
"__safeContent__": [
{
"$binary": {
"base64": "ThpoKfQ8AkOzkFfNC1+9PF0pY2nIzfXvRdxQgjkNbBw=",
"subType": "00"
}
}
]
}
]
}
}
},
{
"description": "findOneAndUpdate can modify an FLE2 indexed field",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "value123"
}
}
},
{
"name": "findOneAndUpdate",
"arguments": {
"filter": {
"encryptedIndexed": "value123"
},
"update": {
"$set": {
"encryptedIndexed": "value456"
}
},
"returnDocument": "Before"
},
"result": {
"_id": 1,
"encryptedIndexed": "value123"
}
},
{
"name": "find",
"arguments": {
"filter": {
"_id": 1
}
},
"result": [
{
"encryptedIndexed": "value456"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
}
}
],
"ordered": true,
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"findAndModify": "default",
"query": {
"encryptedIndexed": {
"$eq": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
},
"update": {
"$set": {
"encryptedIndexed": {
"$$type": "binData"
}
}
},
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
},
"deleteTokens": {
"default.default": {
"encryptedIndexed": {
"e": {
"$binary": {
"base64": "65pz95EthqQpfoHS9nWvdCh05AV+OokP7GUaI+7j8+w=",
"subType": "00"
}
},
"o": {
"$binary": {
"base64": "noN+05JsuO1oDg59yypIGj45i+eFH6HOTXOPpeZ//Mk=",
"subType": "00"
}
}
}
}
}
}
},
"command_name": "findAndModify"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"_id": {
"$eq": 1
}
}
},
"command_name": "find"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
},
"__safeContent__": [
{
"$binary": {
"base64": "rhe7/w8Ob8Unl44rGr/moScx6m5VODQnscDhF4Nkn6g=",
"subType": "00"
}
}
]
}
]
}
}
}
]
}

300
test/client-side-encryption/spec/legacy/fle2-InsertFind-Indexed.json Normal file
View File

@ -0,0 +1,300 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "Insert and find FLE2 indexed field",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "123"
}
}
},
{
"name": "find",
"arguments": {
"filter": {
"encryptedIndexed": "123"
}
},
"result": [
{
"_id": 1,
"encryptedIndexed": "123"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
}
}
],
"ordered": true,
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"encryptedIndexed": {
"$eq": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVjACAAAAAAWuidNu47c9A4Clic3DvFhn1AQJVC+FJtoE5bGZuz6PsSY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
},
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "find"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
},
"__safeContent__": [
{
"$binary": {
"base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=",
"subType": "00"
}
}
]
}
]
}
}
}
]
}

250
test/client-side-encryption/spec/legacy/fle2-InsertFind-Unindexed.json Normal file
View File

@ -0,0 +1,250 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "Insert and find FLE2 unindexed field",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedUnindexed": "value123"
}
}
},
{
"name": "find",
"arguments": {
"filter": {
"_id": 1
}
},
"result": [
{
"_id": 1,
"encryptedUnindexed": "value123"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedUnindexed": {
"$$type": "binData"
}
}
],
"ordered": true
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"_id": {
"$eq": 1
}
}
},
"command_name": "find"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedUnindexed": {
"$$type": "binData"
}
}
]
}
}
},
{
"description": "Query with an unindexed field fails",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedUnindexed": "value123"
}
}
},
{
"name": "find",
"arguments": {
"filter": {
"encryptedUnindexed": "value123"
}
},
"result": {
"errorContains": "Cannot query"
}
}
]
}
]
}

118
test/client-side-encryption/spec/legacy/fle2-MissingKey.json Normal file
View File

@ -0,0 +1,118 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [
{
"encryptedUnindexed": {
"$binary": {
"base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
"subType": "06"
}
}
}
],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [],
"tests": [
{
"description": "FLE2 encrypt fails with mising key",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "123"
}
},
"result": {
"errorContains": "not all keys requested were satisfied"
}
}
]
},
{
"description": "FLE2 decrypt fails with mising key",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "find",
"arguments": {
"filter": {}
},
"result": {
"errorContains": "not all keys requested were satisfied"
}
}
]
}
]
}

86
test/client-side-encryption/spec/legacy/fle2-NoEncryption.json Normal file
View File

@ -0,0 +1,86 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"key_vault_data": [],
"encrypted_fields": {
"fields": []
},
"tests": [
{
"description": "insert with no encryption succeeds",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"foo": "bar"
}
}
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"foo": "bar"
}
],
"ordered": true
},
"command_name": "insert"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"foo": "bar"
}
]
}
}
}
]
}

610
test/client-side-encryption/spec/legacy/fle2-Update.json Normal file
View File

@ -0,0 +1,610 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"encrypted_fields": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
},
"key_vault_data": [
{
"_id": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
],
"tests": [
{
"description": "Update can query an FLE2 indexed field",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "value123"
}
}
},
{
"name": "updateOne",
"arguments": {
"filter": {
"encryptedIndexed": "value123"
},
"update": {
"$set": {
"foo": "bar"
}
}
},
"result": {
"matchedCount": 1,
"modifiedCount": 1,
"upsertedCount": 0
}
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
}
}
],
"ordered": true,
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"update": "default",
"updates": [
{
"q": {
"encryptedIndexed": {
"$eq": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
},
"u": {
"$set": {
"foo": "bar"
}
}
}
],
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
},
"deleteTokens": {
"default.default": {
"encryptedIndexed": {
"e": {
"$binary": {
"base64": "65pz95EthqQpfoHS9nWvdCh05AV+OokP7GUaI+7j8+w=",
"subType": "00"
}
},
"o": {
"$binary": {
"base64": "noN+05JsuO1oDg59yypIGj45i+eFH6HOTXOPpeZ//Mk=",
"subType": "00"
}
}
}
}
}
}
},
"command_name": "update"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
},
"foo": "bar",
"__safeContent__": [
{
"$binary": {
"base64": "ThpoKfQ8AkOzkFfNC1+9PF0pY2nIzfXvRdxQgjkNbBw=",
"subType": "00"
}
}
]
}
]
}
}
},
{
"description": "Update can modify an FLE2 indexed field",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
}
}
},
"operations": [
{
"name": "insertOne",
"arguments": {
"document": {
"_id": 1,
"encryptedIndexed": "value123"
}
}
},
{
"name": "updateOne",
"arguments": {
"filter": {
"encryptedIndexed": "value123"
},
"update": {
"$set": {
"encryptedIndexed": "value456"
}
}
},
"result": {
"matchedCount": 1,
"modifiedCount": 1,
"upsertedCount": 0
}
},
{
"name": "find",
"arguments": {
"filter": {
"_id": 1
}
},
"result": [
{
"encryptedIndexed": "value456"
}
]
}
],
"expectations": [
{
"command_started_event": {
"command": {
"listCollections": 1,
"filter": {
"name": "default"
}
},
"command_name": "listCollections"
}
},
{
"command_started_event": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"command_name": "find"
}
},
{
"command_started_event": {
"command": {
"insert": "default",
"documents": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
}
}
],
"ordered": true,
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"command_name": "insert"
}
},
{
"command_started_event": {
"command": {
"update": "default",
"updates": [
{
"q": {
"encryptedIndexed": {
"$eq": {
"$binary": {
"base64": "BYkAAAAFZAAgAAAAAPtVteJQAlgb2YMa/+7YWH00sbQPyt7L6Rb8OwBdMmL2BXMAIAAAAAAd44hgVKnEnTFlwNVC14oyc9OZOTspeymusqkRQj57nAVjACAAAAAA19X9v9NlWidu/wR5/C/7WUV54DfL5CkNmT5WYrhxdDcSY20AAAAAAAAAAAAA",
"subType": "06"
}
}
}
},
"u": {
"$set": {
"encryptedIndexed": {
"$$type": "binData"
}
}
}
}
],
"encryptionInformation": {
"type": 1,
"schema": {
"default.default": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
},
"deleteTokens": {
"default.default": {
"encryptedIndexed": {
"e": {
"$binary": {
"base64": "65pz95EthqQpfoHS9nWvdCh05AV+OokP7GUaI+7j8+w=",
"subType": "00"
}
},
"o": {
"$binary": {
"base64": "noN+05JsuO1oDg59yypIGj45i+eFH6HOTXOPpeZ//Mk=",
"subType": "00"
}
}
}
}
}
}
},
"command_name": "update"
}
},
{
"command_started_event": {
"command": {
"find": "default",
"filter": {
"_id": {
"$eq": 1
}
}
},
"command_name": "find"
}
}
],
"outcome": {
"collection": {
"data": [
{
"_id": 1,
"encryptedIndexed": {
"$$type": "binData"
},
"__safeContent__": [
{
"$binary": {
"base64": "rhe7/w8Ob8Unl44rGr/moScx6m5VODQnscDhF4Nkn6g=",
"subType": "00"
}
}
]
}
]
}
}
}
]
}

520
test/client-side-encryption/spec/legacy/fle2-validatorAndPartialFieldExpression.json Normal file
View File

@ -0,0 +1,520 @@
{
"runOn": [
{
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
]
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"tests": [
{
"description": "create with a validator on an unencrypted field is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.encryptedCollection": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection",
"validator": {
"unencrypted_string": "foo"
}
}
},
{
"name": "assertCollectionExists",
"object": "testRunner",
"arguments": {
"database": "default",
"collection": "encryptedCollection"
}
}
]
},
{
"description": "create with a validator on an encrypted field is an error",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.encryptedCollection": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection",
"validator": {
"encryptedIndexed": "foo"
}
},
"result": {
"errorContains": "Comparison to encrypted fields not supported"
}
}
]
},
{
"description": "collMod with a validator on an unencrypted field is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.encryptedCollection": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"collMod": "encryptedCollection",
"validator": {
"unencrypted_string": "foo"
}
}
}
}
]
},
{
"description": "collMod with a validator on an encrypted field is an error",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.encryptedCollection": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"collMod": "encryptedCollection",
"validator": {
"encryptedIndexed": "foo"
}
}
},
"result": {
"errorContains": "Comparison to encrypted fields not supported"
}
}
]
},
{
"description": "createIndexes with a partialFilterExpression on an unencrypted field is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.encryptedCollection": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"createIndexes": "encryptedCollection",
"indexes": [
{
"name": "name",
"key": {
"name": 1
},
"partialFilterExpression": {
"unencrypted_string": "foo"
}
}
]
}
}
},
{
"name": "assertIndexExists",
"object": "testRunner",
"arguments": {
"database": "default",
"collection": "encryptedCollection",
"index": "name"
}
}
]
},
{
"description": "createIndexes with a partialFilterExpression on an encrypted field is an error",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"encryptedFieldsMap": {
"default.encryptedCollection": {
"escCollection": "enxcol_.default.esc",
"eccCollection": "enxcol_.default.ecc",
"ecocCollection": "enxcol_.default.ecoc",
"fields": [
{
"keyId": {
"$binary": {
"base64": "EjRWeBI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedIndexed",
"bsonType": "string",
"queries": {
"queryType": "equality",
"contention": {
"$numberLong": "0"
}
}
},
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedUnindexed",
"bsonType": "string"
}
]
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"createIndexes": "encryptedCollection",
"indexes": [
{
"name": "name",
"key": {
"name": 1
},
"partialFilterExpression": {
"encryptedIndexed": "foo"
}
}
]
}
},
"result": {
"errorContains": "Comparison to encrypted fields not supported"
}
}
]
}
]
}

0
test/client-side-encryption/spec/gcpKMS.json → test/client-side-encryption/spec/legacy/gcpKMS.json
View File

0
test/client-side-encryption/spec/getMore.json → test/client-side-encryption/spec/legacy/getMore.json
View File

0
test/client-side-encryption/spec/insert.json → test/client-side-encryption/spec/legacy/insert.json
View File

0
test/client-side-encryption/spec/keyAltName.json → test/client-side-encryption/spec/legacy/keyAltName.json
View File

0
test/client-side-encryption/spec/kmipKMS.json → test/client-side-encryption/spec/legacy/kmipKMS.json
View File

0
test/client-side-encryption/spec/localKMS.json → test/client-side-encryption/spec/legacy/localKMS.json
View File

0
test/client-side-encryption/spec/localSchema.json → test/client-side-encryption/spec/legacy/localSchema.json
View File

0
test/client-side-encryption/spec/malformedCiphertext.json → test/client-side-encryption/spec/legacy/malformedCiphertext.json
View File

0
test/client-side-encryption/spec/maxWireVersion.json → test/client-side-encryption/spec/legacy/maxWireVersion.json
View File

0
test/client-side-encryption/spec/missingKey.json → test/client-side-encryption/spec/legacy/missingKey.json
View File

0
test/client-side-encryption/spec/noSchema.json → test/client-side-encryption/spec/legacy/noSchema.json
View File

0
test/client-side-encryption/spec/replaceOne.json → test/client-side-encryption/spec/legacy/replaceOne.json
View File

0
test/client-side-encryption/spec/types.json → test/client-side-encryption/spec/legacy/types.json
View File

0
test/client-side-encryption/spec/unsupportedCommand.json → test/client-side-encryption/spec/legacy/unsupportedCommand.json
View File

0
test/client-side-encryption/spec/updateMany.json → test/client-side-encryption/spec/legacy/updateMany.json
View File

0
test/client-side-encryption/spec/updateOne.json → test/client-side-encryption/spec/legacy/updateOne.json
View File

642
test/client-side-encryption/spec/legacy/validatorAndPartialFieldExpression.json Normal file
View File

@ -0,0 +1,642 @@
{
"runOn": [
{
"minServerVersion": "6.0.0"
}
],
"database_name": "default",
"collection_name": "default",
"data": [],
"tests": [
{
"description": "create with a validator on an unencrypted field is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"schemaMap": {
"default.encryptedCollection": {
"properties": {
"encrypted_w_altname": {
"encrypt": {
"keyId": "/altname",
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"random": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string_equivalent": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
},
"bsonType": "object"
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection",
"validator": {
"unencrypted_string": "foo"
}
}
},
{
"name": "assertCollectionExists",
"object": "testRunner",
"arguments": {
"database": "default",
"collection": "encryptedCollection"
}
}
]
},
{
"description": "create with a validator on an encrypted field is an error",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"schemaMap": {
"default.encryptedCollection": {
"properties": {
"encrypted_w_altname": {
"encrypt": {
"keyId": "/altname",
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"random": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string_equivalent": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
},
"bsonType": "object"
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection",
"validator": {
"encrypted_string": "foo"
}
},
"result": {
"errorContains": "Comparison to encrypted fields not supported"
}
}
]
},
{
"description": "collMod with a validator on an unencrypted field is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"schemaMap": {
"default.encryptedCollection": {
"properties": {
"encrypted_w_altname": {
"encrypt": {
"keyId": "/altname",
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"random": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string_equivalent": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
},
"bsonType": "object"
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"collMod": "encryptedCollection",
"validator": {
"unencrypted_string": "foo"
}
}
}
}
]
},
{
"description": "collMod with a validator on an encrypted field is an error",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"schemaMap": {
"default.encryptedCollection": {
"properties": {
"encrypted_w_altname": {
"encrypt": {
"keyId": "/altname",
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"random": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string_equivalent": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
},
"bsonType": "object"
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"collMod": "encryptedCollection",
"validator": {
"encrypted_string": "foo"
}
}
},
"result": {
"errorContains": "Comparison to encrypted fields not supported"
}
}
]
},
{
"description": "createIndexes with a partialFilterExpression on an unencrypted field is OK",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"schemaMap": {
"default.encryptedCollection": {
"properties": {
"encrypted_w_altname": {
"encrypt": {
"keyId": "/altname",
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"random": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string_equivalent": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
},
"bsonType": "object"
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"createIndexes": "encryptedCollection",
"indexes": [
{
"name": "name",
"key": {
"name": 1
},
"partialFilterExpression": {
"unencrypted_string": "foo"
}
}
]
}
}
},
{
"name": "assertIndexExists",
"object": "testRunner",
"arguments": {
"database": "default",
"collection": "encryptedCollection",
"index": "name"
}
}
]
},
{
"description": "createIndexes with a partialFilterExpression on an encrypted field is an error",
"clientOptions": {
"autoEncryptOpts": {
"kmsProviders": {
"local": {
"key": {
"$binary": {
"base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
"subType": "00"
}
}
}
},
"schemaMap": {
"default.encryptedCollection": {
"properties": {
"encrypted_w_altname": {
"encrypt": {
"keyId": "/altname",
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"random": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"encrypted_string_equivalent": {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "AAAAAAAAAAAAAAAAAAAAAA==",
"subType": "04"
}
}
],
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
},
"bsonType": "object"
}
}
}
},
"operations": [
{
"name": "dropCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "createCollection",
"object": "database",
"arguments": {
"collection": "encryptedCollection"
}
},
{
"name": "runCommand",
"object": "database",
"arguments": {
"command": {
"createIndexes": "encryptedCollection",
"indexes": [
{
"name": "name",
"key": {
"name": 1
},
"partialFilterExpression": {
"encrypted_string": "foo"
}
}
]
}
},
"result": {
"errorContains": "Comparison to encrypted fields not supported"
}
}
]
}
]
}

603
test/client-side-encryption/spec/unified/addKeyAltName.json Normal file
View File

@ -0,0 +1,603 @@
{
"description": "addKeyAltName",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"local": {}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
],
"tests": [
{
"description": "add keyAltName to non-existent data key",
"operations": [
{
"name": "addKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "AAAjYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "new_key_alt_name"
},
"expectResult": null
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "AAAjYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$addToSet": {
"keyAltNames": "new_key_alt_name"
}
},
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
],
"outcome": [
{
"collectionName": "datakeys",
"databaseName": "keyvault",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
]
},
{
"description": "add new keyAltName to data key with no keyAltNames",
"operations": [
{
"name": "addKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "local_key"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
},
{
"name": "find",
"object": "collection0",
"arguments": {
"filter": {},
"projection": {
"_id": 0,
"keyAltNames": 1
}
},
"expectResult": [
{
"keyAltNames": [
"local_key"
]
}
]
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$addToSet": {
"keyAltNames": "local_key"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"commandName": "find"
}
}
]
}
]
},
{
"description": "add existing keyAltName to existing data key",
"operations": [
{
"name": "addKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "local_key"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
},
{
"name": "addKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "local_key"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
},
{
"name": "find",
"object": "collection0",
"arguments": {
"filter": {},
"projection": {
"_id": 0,
"keyAltNames": 1
}
},
"expectResult": [
{
"keyAltNames": [
"local_key"
]
}
]
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$addToSet": {
"keyAltNames": "local_key"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$addToSet": {
"keyAltNames": "local_key"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"commandName": "find"
}
}
]
}
]
},
{
"description": "add new keyAltName to data key with keyAltNames",
"operations": [
{
"name": "addKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "local_key"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
},
{
"name": "addKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "another_name"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
},
{
"name": "aggregate",
"object": "collection0",
"arguments": {
"pipeline": [
{
"$project": {
"_id": 0,
"keyAltNames": "$keyAltNames"
}
},
{
"$unwind": "$keyAltNames"
},
{
"$sort": {
"keyAltNames": 1
}
}
]
},
"expectResult": [
{
"keyAltNames": "another_name"
},
{
"keyAltNames": "local_key"
}
]
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$addToSet": {
"keyAltNames": "local_key"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$addToSet": {
"keyAltNames": "another_name"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"commandName": "aggregate"
}
}
]
}
]
}
]
}

112
test/client-side-encryption/spec/unified/createKey-kms_providers-invalid.json Normal file
View File

@ -0,0 +1,112 @@
{
"description": "createKey-provider-invalid",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent",
"commandSucceededEvent",
"commandFailedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"aws": {}
}
}
}
}
],
"tests": [
{
"description": "create data key without required master key fields",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "aws",
"opts": {
"masterKey": {}
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": []
}
]
},
{
"description": "create data key with invalid master key field",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local",
"opts": {
"masterKey": {
"invalid": 1
}
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": []
}
]
},
{
"description": "create data key with invalid master key",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "aws",
"opts": {
"masterKey": {
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "invalid"
}
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": []
}
]
}
]
}

711
test/client-side-encryption/spec/unified/createKey.json Normal file
View File

@ -0,0 +1,711 @@
{
"description": "createKey",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"aws": {
"accessKeyId": {
"$$placeholder": 1
},
"secretAccessKey": {
"$$placeholder": 1
}
},
"azure": {
"tenantId": {
"$$placeholder": 1
},
"clientId": {
"$$placeholder": 1
},
"clientSecret": {
"$$placeholder": 1
}
},
"gcp": {
"email": {
"$$placeholder": 1
},
"privateKey": {
"$$placeholder": 1
}
},
"kmip": {
"endpoint": {
"$$placeholder": 1
}
},
"local": {
"key": {
"$$placeholder": 1
}
}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": []
}
],
"tests": [
{
"description": "create data key with AWS KMS provider",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "aws",
"opts": {
"masterKey": {
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
}
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$exists": true
},
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with Azure KMS provider",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "azure",
"opts": {
"masterKey": {
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
"keyName": "key-name-csfle"
}
}
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$exists": true
},
"masterKey": {
"provider": "azure",
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
"keyName": "key-name-csfle"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with GCP KMS provider",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "gcp",
"opts": {
"masterKey": {
"projectId": "devprod-drivers",
"location": "global",
"keyRing": "key-ring-csfle",
"keyName": "key-name-csfle"
}
}
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$exists": true
},
"masterKey": {
"provider": "gcp",
"projectId": "devprod-drivers",
"location": "global",
"keyRing": "key-ring-csfle",
"keyName": "key-name-csfle"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with KMIP KMS provider",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "kmip"
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$exists": true
},
"masterKey": {
"provider": "kmip",
"keyId": {
"$$type": "string"
}
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with local KMS provider",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local"
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$exists": true
},
"masterKey": {
"provider": "local"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with no keyAltName",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local",
"opts": {
"keyAltNames": []
}
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyAltNames": {
"$$exists": false
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$type": "int"
},
"masterKey": {
"$$type": "object"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with single keyAltName",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local",
"opts": {
"keyAltNames": [
"local_key"
]
}
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$type": "int"
},
"masterKey": {
"$$type": "object"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with multiple keyAltNames",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local",
"opts": {
"keyAltNames": [
"abc",
"def"
]
}
},
"expectResult": {
"$$type": "binData"
}
},
{
"name": "aggregate",
"object": "collection0",
"arguments": {
"pipeline": [
{
"$project": {
"_id": 0,
"keyAltNames": 1
}
},
{
"$unwind": "$keyAltNames"
},
{
"$sort": {
"keyAltNames": 1
}
}
]
},
"expectResult": [
{
"keyAltNames": "abc"
},
{
"keyAltNames": "def"
}
]
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyAltNames": {
"$$type": "array"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$type": "int"
},
"masterKey": {
"$$type": "object"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"commandName": "aggregate"
}
}
]
}
]
},
{
"description": "create datakey with custom key material",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local",
"opts": {
"keyMaterial": {
"$binary": {
"base64": "a2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFs",
"subType": "00"
}
}
}
},
"expectResult": {
"$$type": "binData"
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"insert": "datakeys",
"documents": [
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$type": "int"
},
"masterKey": {
"$$type": "object"
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
},
{
"description": "create datakey with invalid custom key material (too short)",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local",
"opts": {
"keyMaterial": {
"$binary": {
"base64": "a2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFsa2V5X21hdGVyaWFs",
"subType": "00"
}
}
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": []
}
]
}
]
}

553
test/client-side-encryption/spec/unified/deleteKey.json Normal file
View File

@ -0,0 +1,553 @@
{
"description": "deleteKey",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"local": {}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
},
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
],
"tests": [
{
"description": "delete non-existent data key",
"operations": [
{
"name": "deleteKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "AAAzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"expectResult": {
"deletedCount": 0
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"delete": "datakeys",
"deletes": [
{
"q": {
"_id": {
"$binary": {
"base64": "AAAzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"limit": 1
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
],
"outcome": [
{
"collectionName": "datakeys",
"databaseName": "keyvault",
"documents": [
{
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
},
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
]
},
{
"description": "delete existing AWS data key",
"operations": [
{
"name": "deleteKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"expectResult": {
"deletedCount": 1
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"delete": "datakeys",
"deletes": [
{
"q": {
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"limit": 1
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
],
"outcome": [
{
"collectionName": "datakeys",
"databaseName": "keyvault",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
]
},
{
"description": "delete existing local data key",
"operations": [
{
"name": "deleteKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"expectResult": {
"deletedCount": 1
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"delete": "datakeys",
"deletes": [
{
"q": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"limit": 1
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
],
"outcome": [
{
"collectionName": "datakeys",
"databaseName": "keyvault",
"documents": [
{
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
}
]
}
]
},
{
"description": "delete existing data key twice",
"operations": [
{
"name": "deleteKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"expectResult": {
"deletedCount": 1
}
},
{
"name": "deleteKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"expectResult": {
"deletedCount": 0
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"delete": "datakeys",
"deletes": [
{
"q": {
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"limit": 1
}
],
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"delete": "datakeys",
"deletes": [
{
"q": {
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"limit": 1
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
],
"outcome": [
{
"collectionName": "datakeys",
"databaseName": "keyvault",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
]
}
]
}

313
test/client-side-encryption/spec/unified/getKey.json Normal file
View File

@ -0,0 +1,313 @@
{
"description": "getKey",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"local": {}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
},
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
],
"tests": [
{
"description": "get non-existent data key",
"operations": [
{
"name": "getKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "AAAzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"expectResult": null
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {
"_id": {
"$binary": {
"base64": "AAAzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "get existing AWS data key",
"operations": [
{
"name": "getKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"expectResult": {
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
}
},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "get existing local data key",
"operations": [
{
"name": "getKey",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
}
]
}

283
test/client-side-encryption/spec/unified/getKeyByAltName.json Normal file
View File

@ -0,0 +1,283 @@
{
"description": "getKeyByAltName",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"local": {}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
},
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
],
"tests": [
{
"description": "get non-existent data key",
"operations": [
{
"name": "getKeyByAltName",
"object": "clientEncryption0",
"arguments": {
"keyAltName": "does_not_exist"
},
"expectResult": null
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {
"keyAltNames": "does_not_exist"
},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "get existing AWS data key",
"operations": [
{
"name": "getKeyByAltName",
"object": "clientEncryption0",
"arguments": {
"keyAltName": "aws_key"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-1"
}
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {
"keyAltNames": "aws_key"
},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "get existing local data key",
"operations": [
{
"name": "getKeyByAltName",
"object": "clientEncryption0",
"arguments": {
"keyAltName": "local_key"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {
"keyAltNames": "local_key"
},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
}
]
}

260
test/client-side-encryption/spec/unified/getKeys.json Normal file
View File

@ -0,0 +1,260 @@
{
"description": "getKeys",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"local": {
"key": {
"$$placeholder": 1
}
}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": []
}
],
"tests": [
{
"description": "getKeys with zero key documents",
"operations": [
{
"name": "getKeys",
"object": "clientEncryption0",
"expectResult": []
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "getKeys with single key documents",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local",
"opts": {
"keyAltNames": [
"abc"
]
}
},
"expectResult": {
"$$type": "binData"
}
},
{
"name": "getKeys",
"object": "clientEncryption0",
"expectResult": [
{
"_id": {
"$$type": "binData"
},
"keyAltNames": [
"abc"
],
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$type": "int"
},
"masterKey": {
"$$type": "object"
}
}
]
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"commandName": "insert"
}
},
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "getKeys with many key documents",
"operations": [
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local"
},
"expectResult": {
"$$type": "binData"
}
},
{
"name": "createKey",
"object": "clientEncryption0",
"arguments": {
"kmsProvider": "local"
},
"expectResult": {
"$$type": "binData"
}
},
{
"name": "getKeys",
"object": "clientEncryption0",
"expectResult": [
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$type": "int"
},
"masterKey": {
"$$type": "object"
}
},
{
"_id": {
"$$type": "binData"
},
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": {
"$$type": "int"
},
"masterKey": {
"$$type": "object"
}
}
]
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"commandName": "insert"
}
},
{
"commandStartedEvent": {
"commandName": "insert"
}
},
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
}
]
}

572
test/client-side-encryption/spec/unified/removeKeyAltName.json Normal file
View File

@ -0,0 +1,572 @@
{
"description": "removeKeyAltName",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"local": {}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"alternate_name",
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
],
"tests": [
{
"description": "remove keyAltName from non-existent data key",
"operations": [
{
"name": "removeKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "AAAjYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "does_not_exist"
},
"expectResult": null
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "AAAjYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$pull": {
"keyAltNames": "does_not_exist"
}
},
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
],
"outcome": [
{
"collectionName": "datakeys",
"databaseName": "keyvault",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"alternate_name",
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
]
},
{
"description": "remove non-existent keyAltName from existing data key",
"operations": [
{
"name": "removeKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "does_not_exist"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"alternate_name",
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$pull": {
"keyAltNames": "does_not_exist"
}
},
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
],
"outcome": [
{
"collectionName": "datakeys",
"databaseName": "keyvault",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"alternate_name",
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
]
},
{
"description": "remove an existing keyAltName from an existing data key",
"operations": [
{
"name": "removeKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "alternate_name"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"alternate_name",
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
},
{
"name": "find",
"object": "collection0",
"arguments": {
"filter": {},
"projection": {
"_id": 0,
"keyAltNames": 1
}
},
"expectResult": [
{
"keyAltNames": [
"local_key"
]
}
]
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$pull": {
"keyAltNames": "alternate_name"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"commandName": "find"
}
}
]
}
]
},
{
"description": "remove the last keyAltName from an existing data key",
"operations": [
{
"name": "removeKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "alternate_name"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"alternate_name",
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
},
{
"name": "removeKeyAltName",
"object": "clientEncryption0",
"arguments": {
"id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltName": "local_key"
},
"expectResult": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$$type": "binData"
},
"creationDate": {
"$$type": "date"
},
"updateDate": {
"$$type": "date"
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$pull": {
"keyAltNames": "alternate_name"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"findAndModify": "datakeys",
"query": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"update": {
"$pull": {
"keyAltNames": "local_key"
}
},
"writeConcern": {
"w": "majority"
}
}
}
},
{
"commandStartedEvent": {
"databaseName": "keyvault",
"command": {
"update": "datakeys",
"updates": [
{
"q": {
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
}
},
"u": {
"$unset": {
"keyAltNames": true
}
}
}
],
"writeConcern": {
"w": "majority"
}
}
}
}
]
}
]
}
]
}

162
test/client-side-encryption/spec/unified/rewrapManyDataKey-decrypt_failure.json Normal file
View File

@ -0,0 +1,162 @@
{
"description": "rewrapManyDataKey-decrypt_failure",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"aws": {
"accessKeyId": {
"$$placeholder": 1
},
"secretAccessKey": {
"$$placeholder": 1
}
},
"azure": {
"tenantId": {
"$$placeholder": 1
},
"clientId": {
"$$placeholder": 1
},
"clientSecret": {
"$$placeholder": 1
}
},
"gcp": {
"email": {
"$$placeholder": 1
},
"privateKey": {
"$$placeholder": 1
}
},
"kmip": {
"endpoint": {
"$$placeholder": 1
}
},
"local": {
"key": {
"$$placeholder": 1
}
}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
"subType": "04"
}
},
"keyAltNames": [
"aws_key"
],
"keyMaterial": {
"$binary": {
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "aws",
"key": "arn:aws:kms:us-east-2:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-2"
}
}
]
}
],
"tests": [
{
"description": "rewrap data key that fails during decryption due to invalid masterKey",
"operations": [
{
"name": "rewrapManyDataKey",
"object": "clientEncryption0",
"arguments": {
"filter": {},
"opts": {
"provider": "local"
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"commandName": "find",
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
}
]
}

250
test/client-side-encryption/spec/unified/rewrapManyDataKey-encrypt_failure.json Normal file
View File

@ -0,0 +1,250 @@
{
"description": "rewrapManyDataKey-encrypt_failure",
"schemaVersion": "1.8",
"runOnRequirements": [
{
"csfle": true
}
],
"createEntities": [
{
"client": {
"id": "client0",
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"clientEncryption": {
"id": "clientEncryption0",
"clientEncryptionOpts": {
"keyVaultClient": "client0",
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"aws": {
"accessKeyId": {
"$$placeholder": 1
},
"secretAccessKey": {
"$$placeholder": 1
}
},
"azure": {
"tenantId": {
"$$placeholder": 1
},
"clientId": {
"$$placeholder": 1
},
"clientSecret": {
"$$placeholder": 1
}
},
"gcp": {
"email": {
"$$placeholder": 1
},
"privateKey": {
"$$placeholder": 1
}
},
"kmip": {
"endpoint": {
"$$placeholder": 1
}
},
"local": {
"key": {
"$$placeholder": 1
}
}
}
}
}
},
{
"database": {
"id": "database0",
"client": "client0",
"databaseName": "keyvault"
}
},
{
"collection": {
"id": "collection0",
"database": "database0",
"collectionName": "datakeys"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
"subType": "04"
}
},
"keyAltNames": [
"local_key"
],
"keyMaterial": {
"$binary": {
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"updateDate": {
"$date": {
"$numberLong": "1641024000000"
}
},
"status": 1,
"masterKey": {
"provider": "local"
}
}
]
}
],
"tests": [
{
"description": "rewrap with invalid masterKey for AWS KMS provider",
"operations": [
{
"name": "rewrapManyDataKey",
"object": "clientEncryption0",
"arguments": {
"filter": {},
"opts": {
"provider": "aws",
"masterKey": {
"key": "arn:aws:kms:us-east-2:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
"region": "us-east-2"
}
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"commandName": "find",
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "rewrap with invalid masterKey for Azure KMS provider",
"operations": [
{
"name": "rewrapManyDataKey",
"object": "clientEncryption0",
"arguments": {
"filter": {},
"opts": {
"provider": "azure",
"masterKey": {
"keyVaultEndpoint": "invalid-vault-csfle.vault.azure.net",
"keyName": "invalid-name-csfle"
}
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"commandName": "find",
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
},
{
"description": "rewrap with invalid masterKey for GCP KMS provider",
"operations": [
{
"name": "rewrapManyDataKey",
"object": "clientEncryption0",
"arguments": {
"filter": {},
"opts": {
"provider": "gcp",
"masterKey": {
"projectId": "devprod-drivers",
"location": "global",
"keyRing": "invalid-ring-csfle",
"keyName": "invalid-name-csfle"
}
}
},
"expectError": {
"isClientError": true
}
}
],
"expectEvents": [
{
"client": "client0",
"events": [
{
"commandStartedEvent": {
"commandName": "find",
"databaseName": "keyvault",
"command": {
"find": "datakeys",
"filter": {},
"readConcern": {
"level": "majority"
}
}
}
}
]
}
]
}
]
}

1373
test/client-side-encryption/spec/unified/rewrapManyDataKey.json Normal file
View File

File diff suppressed because it is too large Load Diff

17
test/test_encryption.py
View File

@ -210,7 +210,7 @@ class EncryptionIntegrationTest(IntegrationTest):
# Location of JSON test files.
BASE = os.path.join(os.path.dirname(os.path.realpath(__file__)), "client-side-encryption")
SPEC_PATH = os.path.join(BASE, "spec")
SPEC_PATH = os.path.join(BASE, "spec", "legacy")
OPTS = CodecOptions()
@ -614,12 +614,13 @@ class TestSpec(SpecRunner):
opts["kms_tls_options"] = KMS_TLS_OPTS
if "key_vault_namespace" not in opts:
opts["key_vault_namespace"] = "keyvault.datakeys"
opts = dict(opts)
return AutoEncryptionOpts(**opts)
def parse_client_options(self, opts):
"""Override clientOptions parsing to support autoEncryptOpts."""
encrypt_opts = opts.pop("autoEncryptOpts")
encrypt_opts = opts.pop("autoEncryptOpts", None)
if encrypt_opts:
opts["auto_encryption_opts"] = self.parse_auto_encrypt_opts(encrypt_opts)
@ -638,18 +639,18 @@ class TestSpec(SpecRunner):
def setup_scenario(self, scenario_def):
"""Override a test's setup."""
key_vault_data = scenario_def["key_vault_data"]
encrypted_fields = scenario_def["encrypted_fields"]
json_schema = scenario_def["json_schema"]
data = scenario_def["data"]
coll = client_context.client.get_database("keyvault", codec_options=OPTS)["datakeys"]
coll.delete_many({})
if key_vault_data:
coll = client_context.client.get_database("keyvault", codec_options=OPTS)["datakeys"]
coll.delete_many({})
coll.insert_many(key_vault_data)
db_name = self.get_scenario_db_name(scenario_def)
coll_name = self.get_scenario_coll_name(scenario_def)
db = client_context.client.get_database(db_name, codec_options=OPTS)
coll = db[coll_name]
coll.drop()
coll = db.drop_collection(coll_name, encrypted_fields=encrypted_fields)
wc = WriteConcern(w="majority")
kwargs: Dict[str, Any] = {}
if json_schema:
@ -657,8 +658,8 @@ class TestSpec(SpecRunner):
kwargs["codec_options"] = OPTS
if not data:
kwargs["write_concern"] = wc
db.create_collection(coll_name, **kwargs)
db.create_collection(coll_name, **kwargs, encrypted_fields=encrypted_fields)
coll = db[coll_name]
if data:
# Load data.
coll.with_options(write_concern=wc).insert_many(scenario_def["data"])

18
test/utils.py
View File

@ -174,15 +174,26 @@ class AllowListEventListener(EventListener):
class OvertCommandListener(EventListener):
"""A CommandListener that ignores sensitive commands."""
ignore_list_collections = False
def started(self, event):
if self.ignore_list_collections and event.command_name.lower() == "listcollections":
self.ignore_list_collections = False
return
if event.command_name.lower() not in _SENSITIVE_COMMANDS:
super(OvertCommandListener, self).started(event)
def succeeded(self, event):
if self.ignore_list_collections and event.command_name.lower() == "listcollections":
self.ignore_list_collections = False
return
if event.command_name.lower() not in _SENSITIVE_COMMANDS:
super(OvertCommandListener, self).succeeded(event)
def failed(self, event):
if self.ignore_list_collections and event.command_name.lower() == "listcollections":
self.ignore_list_collections = False
return
if event.command_name.lower() not in _SENSITIVE_COMMANDS:
super(OvertCommandListener, self).failed(event)
@ -983,6 +994,8 @@ def parse_spec_options(opts):
if "maxCommitTimeMS" in opts:
opts["max_commit_time_ms"] = opts.pop("maxCommitTimeMS")
if "encryptedFields" in opts:
opts["encrypted_fields"] = opts.pop("encryptedFields")
if "hint" in opts:
hint = opts.pop("hint")
if not isinstance(hint, str):
@ -1049,11 +1062,6 @@ def prepare_spec_arguments(spec, arguments, opname, entity_map, with_txn_callbac
arguments["requests"] = requests
elif arg_name == "session":
arguments["session"] = entity_map[arguments["session"]]
elif opname in ("command", "run_admin_command") and arg_name == "command":
# Ensure the first key is the command name.
ordered_command = SON([(spec["command_name"], 1)])
ordered_command.update(arguments["command"])
arguments["command"] = ordered_command
elif opname == "open_download_stream" and arg_name == "id":
arguments["file_id"] = arguments.pop(arg_name)
elif opname != "find" and c2s == "max_time_ms":

27
test/utils_spec_runner.py
View File

@ -229,7 +229,19 @@ class SpecRunner(IntegrationTest):
return True
else:
self.assertEqual(result, expected_result)
def _helper(expected_result, result):
if isinstance(expected_result, abc.Mapping):
for i in expected_result.keys():
self.assertEqual(expected_result[i], result[i])
elif isinstance(expected_result, list):
for i, k in zip(expected_result, result):
_helper(i, k)
else:
self.assertEqual(expected_result, result)
_helper(expected_result, result)
def get_object_name(self, op):
"""Allow subclasses to override handling of 'object'
@ -294,8 +306,16 @@ class SpecRunner(IntegrationTest):
args = {"sessions": sessions, "collection": collection}
args.update(arguments)
arguments = args
result = cmd(**dict(arguments))
try:
if name == "create_collection" and (
"encrypted" in operation["arguments"]["name"]
or "plaintext" in operation["arguments"]["name"]
):
self.listener.ignore_list_collections = True
result = cmd(**dict(arguments))
finally:
self.listener.ignore_list_collections = False
# Cleanup open change stream cursors.
if name == "watch":
self.addCleanup(result.close)
@ -323,8 +343,7 @@ class SpecRunner(IntegrationTest):
expected_result = op.get("result")
if expect_error(op):
with self.assertRaises(self.allowable_errors(op), msg=op["name"]) as context:
self.run_operation(sessions, collection, op.copy())
out = self.run_operation(sessions, collection, op.copy())
if expect_error_message(expected_result):
if isinstance(context.exception, BulkWriteError):
errmsg = str(context.exception.details).lower()