1runOn:
2 - minServerVersion: "4.1.10"
3database_name: &database_name "default"
4collection_name: &collection_name "default"
5
6data: [{_id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }]
7json_schema: {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
8key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}]
9
10tests:
11 - description: "Insert with bypassAutoEncryption"
12 clientOptions:
13 autoEncryptOpts:
14 bypassAutoEncryption: true
15 kmsProviders:
16 aws: {} # Credentials filled in from environment.
17 operations:
18 - name: insertOne
19 arguments:
20 document: { _id: 2, encrypted_string: "string0" }
21 bypassDocumentValidation: true
22 - name: find
23 arguments:
24 filter: { }
25 result:
26 - { _id: 1, encrypted_string: "string0" }
27 - { _id: 2, encrypted_string: "string0" }
28 expectations:
29 - command_started_event:
30 command:
31 insert: *collection_name
32 documents:
33 # No encryption.
34 - { _id: 2, encrypted_string: "string0" }
35 ordered: true
36 command_name: insert
37 - command_started_event:
38 command:
39 find: *collection_name
40 filter: { }
41 command_name: find
42 - command_started_event:
43 command:
44 find: datakeys
45 filter: {"$or": [{"_id": {"$in": [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] }}, {"keyAltNames": {"$in": []}}]}
46 $db: keyvault
47 readConcern: { level: "majority" }
48 command_name: find
49 outcome:
50 collection:
51 # Outcome is checked using a separate MongoClient without auto encryption.
52 data:
53 - { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
54 - { _id: 2, encrypted_string: "string0" }
55 - description: "Insert with bypassAutoEncryption for local schema"
56 clientOptions:
57 autoEncryptOpts:
58 schemaMap:
59 "default.default": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
60 bypassAutoEncryption: true
61 kmsProviders:
62 aws: {} # Credentials filled in from environment.
63 operations:
64 - name: insertOne
65 arguments:
66 document: { _id: 2, encrypted_string: "string0" }
67 bypassDocumentValidation: true
68 - name: find
69 arguments:
70 filter: { }
71 result:
72 - { _id: 1, encrypted_string: "string0" }
73 - { _id: 2, encrypted_string: "string0" }
74 expectations:
75 - command_started_event:
76 command:
77 insert: *collection_name
78 documents:
79 # No encryption.
80 - { _id: 2, encrypted_string: "string0" }
81 ordered: true
82 command_name: insert
83 - command_started_event:
84 command:
85 find: *collection_name
86 filter: { }
87 command_name: find
88 - command_started_event:
89 command:
90 find: datakeys
91 filter: {"$or": [{"_id": {"$in": [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] }}, {"keyAltNames": {"$in": []}}]}
92 $db: keyvault
93 readConcern: { level: "majority" }
94 command_name: find
95 outcome:
96 collection:
97 # Outcome is checked using a separate MongoClient without auto encryption.
98 data:
99 - { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
100 - { _id: 2, encrypted_string: "string0" }View as plain text