1# Requires libmongocrypt 1.8.0.
2runOn:
3 - minServerVersion: "7.0.0"
4 # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
5 # FLE 2 Encrypted collections are not supported on standalone.
6 topology: [ "replicaset", "sharded", "load-balanced" ]
7database_name: &database_name "default"
8collection_name: &collection_name "default"
9data: []
10encrypted_fields: &encrypted_fields {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
11key_vault_data: [{'_id': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}} ]
12
13tests:
14 - description: "BypassQueryAnalysis decrypts"
15 clientOptions:
16 autoEncryptOpts:
17 kmsProviders:
18 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
19 bypassQueryAnalysis: true
20 operations:
21 - name: insertOne
22 arguments:
23 document: &doc0_encrypted {
24 "_id": 1,
25 "encryptedIndexed": {
26 "$binary": {
27 # Payload has an IndexKey of key1 and UserKey of key1.
28 "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
29 "subType": "06"
30 }
31 }
32 }
33 - name: find
34 arguments:
35 filter: { "_id": 1 }
36 result: [{"_id": 1, "encryptedIndexed": "123" }]
37 expectations:
38 - command_started_event:
39 command:
40 listCollections: 1
41 filter:
42 name: *collection_name
43 command_name: listCollections
44 - command_started_event:
45 command:
46 insert: *collection_name
47 documents:
48 - *doc0_encrypted
49 ordered: true
50 encryptionInformation:
51 type: 1
52 schema:
53 "default.default":
54 # libmongocrypt applies escCollection and ecocCollection to outgoing command.
55 escCollection: "enxcol_.default.esc"
56 ecocCollection: "enxcol_.default.ecoc"
57 <<: *encrypted_fields
58 command_name: insert
59 - command_started_event:
60 command:
61 find: *collection_name
62 filter: { "_id": 1 }
63 command_name: find
64 - command_started_event:
65 command:
66 find: datakeys
67 filter: {
68 "$or": [
69 {
70 "_id": {
71 "$in": [
72 {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}
73 ]
74 }
75 },
76 {
77 "keyAltNames": {
78 "$in": []
79 }
80 }
81 ]
82 }
83 $db: keyvault
84 readConcern: { level: "majority" }
85 command_name: find
86 outcome:
87 collection:
88 data:
89 - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }View as plain text