Text file src/go.mongodb.org/mongo-driver/testdata/client-side-encryption/legacy/basic.yml

Documentation: go.mongodb.org/mongo-driver/testdata/client-side-encryption/legacy

     1runOn:
     2  - minServerVersion: "4.1.10"
     3database_name: &database_name "default"
     4collection_name: &collection_name "default"
     5
     6data: []
     7json_schema: {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
     8key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}]
     9
    10tests:
    11  - description: "Insert with deterministic encryption, then find it"
    12    clientOptions:
    13      autoEncryptOpts:
    14        kmsProviders:
    15          aws: {} # Credentials filled in from environment.
    16    operations:
    17      - name: insertOne
    18        arguments:
    19          document: &doc0 { _id: 1, encrypted_string: "string0" }
    20      - name: find
    21        arguments:
    22          filter: { _id: 1 }
    23        result: [*doc0]
    24    expectations:
    25      # Auto encryption will request the collection info.
    26      - command_started_event:
    27          command:
    28            listCollections: 1
    29            filter:
    30              name: *collection_name
    31          command_name: listCollections
    32      # Then key is fetched from the key vault.
    33      - command_started_event:
    34          command:
    35            find: datakeys
    36            filter: {"$or": [{"_id": {"$in": [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] }}, {"keyAltNames": {"$in": []}}]}
    37            $db: keyvault
    38            readConcern: { level: "majority" }
    39          command_name: find
    40      - command_started_event:
    41          command:
    42            insert: *collection_name
    43            documents:
    44              - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
    45            ordered: true
    46          command_name: insert
    47      - command_started_event:
    48          command:
    49            find: *collection_name
    50            filter: { _id: 1 }
    51          command_name: find
    52    outcome:
    53      collection:
    54        # Outcome is checked using a separate MongoClient without auto encryption.
    55        data:
    56          - *doc0_encrypted
    57  - description: "Insert with randomized encryption, then find it"
    58    clientOptions:
    59      autoEncryptOpts:
    60        kmsProviders:
    61          aws: {} # Credentials filled in from environment.
    62    operations:
    63      - name: insertOne
    64        arguments:
    65          document: &doc1 { _id: 1, random: "123" }
    66      - name: find
    67        arguments:
    68          filter: { _id: 1 }
    69        result: [*doc1]
    70    expectations:
    71      # Auto encryption will request the collection info.
    72      - command_started_event:
    73          command:
    74            listCollections: 1
    75            filter:
    76              name: *collection_name
    77          command_name: listCollections
    78      # Then key is fetched from the key vault.
    79      - command_started_event:
    80          command:
    81            find: datakeys
    82            filter: {"$or": [{"_id": {"$in": [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] }}, {"keyAltNames": {"$in": []}}]}
    83            $db: keyvault
    84            readConcern: { level: "majority" }
    85          command_name: find
    86      - command_started_event:
    87          command:
    88            insert: *collection_name
    89            documents:
    90              - { _id: 1, random: { $$type: "binData" } }
    91            ordered: true
    92          command_name: insert
    93      - command_started_event:
    94          command:
    95            find: *collection_name
    96            filter: { _id: 1 }
    97          command_name: find
    98    outcome:
    99      collection:
   100        # Outcome is checked using a separate MongoClient without auto encryption.
   101        data:
   102          - { _id: 1, random: { $$type: "binData" } }

View as plain text