1# Requires libmongocrypt 1.8.0.
2runOn:
3 - minServerVersion: "7.0.0"
4 # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
5 # FLE 2 Encrypted collections are not supported on standalone.
6 topology: [ "replicaset", "sharded", "load-balanced" ]
7
8database_name: &database_name "default"
9collection_name: &collection_name "default"
10
11tests:
12 - description: "state collections and index are created"
13 clientOptions:
14 autoEncryptOpts:
15 kmsProviders:
16 aws: {} # Credentials filled in from environment.
17 encryptedFieldsMap:
18 default.encryptedCollection: &encrypted_fields {
19 "fields": [
20 {
21 "path": "firstName",
22 "bsonType": "string",
23 "keyId": { "$binary": { "subType": "04", "base64": "AAAAAAAAAAAAAAAAAAAAAA==" }}
24 }
25 ]
26 }
27
28 operations:
29 # Do an initial drop to remove collections that may exist from previous test runs.
30 - name: dropCollection
31 object: database
32 arguments:
33 collection: &encrypted_collection_name "encryptedCollection"
34 - name: createCollection
35 object: database
36 arguments:
37 collection: *encrypted_collection_name
38 - name: assertCollectionExists
39 object: testRunner
40 arguments:
41 database: *database_name
42 collection: &esc_collection_name "enxcol_.encryptedCollection.esc"
43 # ecc collection is no longer created for QEv2
44 - name: assertCollectionNotExists
45 object: testRunner
46 arguments:
47 database: *database_name
48 collection: &ecc_collection_name "enxcol_.encryptedCollection.ecc"
49 - name: assertCollectionExists
50 object: testRunner
51 arguments:
52 database: *database_name
53 collection: &ecoc_collection_name "enxcol_.encryptedCollection.ecoc"
54 - name: assertCollectionExists
55 object: testRunner
56 arguments:
57 database: *database_name
58 collection: *encrypted_collection_name
59 - name: assertIndexExists
60 object: testRunner
61 arguments:
62 database: *database_name
63 collection: *encrypted_collection_name
64 index: __safeContent___1
65
66 expectations:
67 # events from dropCollection ... begin
68 - command_started_event:
69 command:
70 drop: *esc_collection_name
71 command_name: drop
72 database_name: *database_name
73 - command_started_event:
74 command:
75 drop: *ecoc_collection_name
76 command_name: drop
77 database_name: *database_name
78 - command_started_event:
79 command:
80 drop: *encrypted_collection_name
81 command_name: drop
82 database_name: *database_name
83 # events from dropCollection ... end
84 # events from createCollection ... begin
85 # State collections are created first.
86 - command_started_event:
87 command:
88 create: *esc_collection_name
89 clusteredIndex: {key: {_id: 1}, unique: true}
90 command_name: create
91 database_name: *database_name
92 - command_started_event:
93 command:
94 create: *ecoc_collection_name
95 clusteredIndex: {key: {_id: 1}, unique: true}
96 command_name: create
97 database_name: *database_name
98 # Data collection is created after.
99 - command_started_event:
100 command:
101 create: *encrypted_collection_name
102 encryptedFields: &encrypted_fields_expectation {
103 # Expect state collections are not included in the encryptedFields sent to the server.
104 "escCollection": null,
105 "ecocCollection": null,
106 "eccCollection": null,
107 "fields": [
108 {
109 "path": "firstName",
110 "bsonType": "string",
111 "keyId": { "$binary": { "subType": "04", "base64": "AAAAAAAAAAAAAAAAAAAAAA==" }}
112 }
113 ]
114 }
115 command_name: create
116 database_name: *database_name
117 # Index on __safeContents__ is then created.
118 - command_started_event:
119 command:
120 createIndexes: *encrypted_collection_name
121 indexes:
122 - name: __safeContent___1
123 key: { __safeContent__: 1 }
124 command_name: createIndexes
125 database_name: *database_name
126 # events from createCollection ... end
127 - description: "default state collection names are applied"
128 clientOptions:
129 autoEncryptOpts:
130 kmsProviders:
131 aws: {} # Credentials filled in from environment.
132 encryptedFieldsMap:
133 default.encryptedCollection: *encrypted_fields
134
135 operations:
136 # Do an initial drop to remove collections that may exist from previous test runs.
137 - name: dropCollection
138 object: database
139 arguments:
140 collection: *encrypted_collection_name
141 - name: createCollection
142 object: database
143 arguments:
144 collection: *encrypted_collection_name
145 - name: assertCollectionExists
146 object: testRunner
147 arguments:
148 database: *database_name
149 collection: *esc_collection_name
150 # ecc collection is no longer created for QEv2
151 - name: assertCollectionNotExists
152 object: testRunner
153 arguments:
154 database: *database_name
155 collection: *ecc_collection_name
156 - name: assertCollectionExists
157 object: testRunner
158 arguments:
159 database: *database_name
160 collection: *ecoc_collection_name
161 - name: assertCollectionExists
162 object: testRunner
163 arguments:
164 database: *database_name
165 collection: *encrypted_collection_name
166 - name: assertIndexExists
167 object: testRunner
168 arguments:
169 database: *database_name
170 collection: *encrypted_collection_name
171 index: __safeContent___1
172
173 expectations:
174 # events from dropCollection ... begin
175 - command_started_event:
176 command:
177 drop: *esc_collection_name
178 command_name: drop
179 database_name: *database_name
180 - command_started_event:
181 command:
182 drop: *ecoc_collection_name
183 command_name: drop
184 database_name: *database_name
185 - command_started_event:
186 command:
187 drop: *encrypted_collection_name
188 command_name: drop
189 database_name: *database_name
190 # events from dropCollection ... end
191 # events from createCollection ... begin
192 # State collections are created first.
193 - command_started_event:
194 command:
195 create: *esc_collection_name
196 clusteredIndex: {key: {_id: 1}, unique: true}
197 command_name: create
198 database_name: *database_name
199 - command_started_event:
200 command:
201 create: *ecoc_collection_name
202 clusteredIndex: {key: {_id: 1}, unique: true}
203 command_name: create
204 database_name: *database_name
205 # Data collection is created after.
206 - command_started_event:
207 command:
208 create: *encrypted_collection_name
209 encryptedFields: *encrypted_fields_expectation
210 command_name: create
211 database_name: *database_name
212 # Index on __safeContents__ is then created.
213 - command_started_event:
214 command:
215 createIndexes: *encrypted_collection_name
216 indexes:
217 - name: __safeContent___1
218 key: { __safeContent__: 1 }
219 command_name: createIndexes
220 database_name: *database_name
221 # events from createCollection ... end
222 - description: "drop removes all state collections"
223 clientOptions:
224 autoEncryptOpts:
225 kmsProviders:
226 aws: {} # Credentials filled in from environment.
227 encryptedFieldsMap:
228 default.encryptedCollection: *encrypted_fields
229
230 operations:
231 # Do an initial drop to remove collections that may exist from previous test runs.
232 - name: dropCollection
233 object: database
234 arguments:
235 collection: *encrypted_collection_name
236 - name: createCollection
237 object: database
238 arguments:
239 collection: *encrypted_collection_name
240 - name: assertCollectionExists
241 object: testRunner
242 arguments:
243 database: *database_name
244 collection: *esc_collection_name
245 # ecc collection is no longer created for QEv2
246 - name: assertCollectionNotExists
247 object: testRunner
248 arguments:
249 database: *database_name
250 collection: *ecc_collection_name
251 - name: assertCollectionExists
252 object: testRunner
253 arguments:
254 database: *database_name
255 collection: *ecoc_collection_name
256 - name: assertCollectionExists
257 object: testRunner
258 arguments:
259 database: *database_name
260 collection: *encrypted_collection_name
261 - name: assertIndexExists
262 object: testRunner
263 arguments:
264 database: *database_name
265 collection: *encrypted_collection_name
266 index: __safeContent___1
267 - name: dropCollection
268 object: database
269 arguments:
270 collection: *encrypted_collection_name
271 # ecc collection is no longer created for QEv2
272 - name: assertCollectionNotExists
273 object: testRunner
274 arguments:
275 database: *database_name
276 collection: *ecoc_collection_name
277 # ecc collection is no longer created for QEv2
278 - name: assertCollectionNotExists
279 object: testRunner
280 arguments:
281 database: *database_name
282 collection: *encrypted_collection_name
283 - name: assertIndexNotExists
284 object: testRunner
285 arguments:
286 database: *database_name
287 collection: *encrypted_collection_name
288 index: __safeContent___1
289
290 expectations:
291 # events from dropCollection ... begin
292 - command_started_event:
293 command:
294 drop: *esc_collection_name
295 command_name: drop
296 database_name: *database_name
297 - command_started_event:
298 command:
299 drop: *ecoc_collection_name
300 command_name: drop
301 database_name: *database_name
302 - command_started_event:
303 command:
304 drop: *encrypted_collection_name
305 command_name: drop
306 database_name: *database_name
307 # events from dropCollection ... end
308 # events from createCollection ... begin
309 # State collections are created first.
310 - command_started_event:
311 command:
312 create: *esc_collection_name
313 clusteredIndex: {key: {_id: 1}, unique: true}
314 command_name: create
315 database_name: *database_name
316 - command_started_event:
317 command:
318 create: *ecoc_collection_name
319 clusteredIndex: {key: {_id: 1}, unique: true}
320 command_name: create
321 database_name: *database_name
322 # Data collection is created after.
323 - command_started_event:
324 command:
325 create: *encrypted_collection_name
326 encryptedFields: *encrypted_fields
327 command_name: create
328 database_name: *database_name
329 # Index on __safeContents__ is then created.
330 - command_started_event:
331 command:
332 createIndexes: *encrypted_collection_name
333 indexes:
334 - name: __safeContent___1
335 key: { __safeContent__: 1 }
336 command_name: createIndexes
337 database_name: *database_name
338 # events from createCollection ... end
339 # events from dropCollection ... begin
340 - command_started_event:
341 command:
342 drop: *esc_collection_name
343 command_name: drop
344 database_name: *database_name
345 - command_started_event:
346 command:
347 drop: *ecoc_collection_name
348 command_name: drop
349 database_name: *database_name
350 - command_started_event:
351 command:
352 drop: *encrypted_collection_name
353 command_name: drop
354 database_name: *database_name
355 # events from dropCollection ... end
356 - description: "CreateCollection without encryptedFields."
357 clientOptions:
358 autoEncryptOpts:
359 kmsProviders:
360 aws: {} # Credentials filled in from environment.
361 encryptedFieldsMap:
362 default.encryptedCollection: *encrypted_fields
363 operations:
364 # Do an initial drop to remove collections that may exist from previous test runs.
365 - name: dropCollection
366 object: database
367 arguments:
368 collection: "plaintextCollection"
369 - name: createCollection
370 object: database
371 arguments:
372 collection: "plaintextCollection"
373 - name: assertCollectionExists
374 object: testRunner
375 arguments:
376 database: *database_name
377 collection: "plaintextCollection"
378
379 expectations:
380 # events from dropCollection ... begin
381 # expect listCollections to be sent on drop to check for remote encryptedFields.
382 - command_started_event:
383 command:
384 listCollections: 1
385 filter: { name: "plaintextCollection" }
386 command_name: listCollections
387 database_name: *database_name
388 - command_started_event:
389 command:
390 drop: "plaintextCollection"
391 command_name: drop
392 database_name: *database_name
393 # events from dropCollection ... end
394 - command_started_event:
395 command:
396 create: "plaintextCollection"
397 command_name: create
398 database_name: *database_name
399 - description: "CreateCollection from encryptedFieldsMap."
400 clientOptions:
401 autoEncryptOpts:
402 kmsProviders:
403 aws: {} # Credentials filled in from environment.
404 encryptedFieldsMap:
405 default.encryptedCollection: *encrypted_fields
406 operations:
407 # Do an initial drop to remove collections that may exist from previous test runs.
408 - name: dropCollection
409 object: database
410 arguments:
411 collection: *encrypted_collection_name
412 - name: createCollection
413 object: database
414 arguments:
415 collection: *encrypted_collection_name
416 - name: assertCollectionExists
417 object: testRunner
418 arguments:
419 database: *database_name
420 collection: *esc_collection_name
421 # ecc collection is no longer created for QEv2
422 - name: assertCollectionNotExists
423 object: testRunner
424 arguments:
425 database: *database_name
426 collection: *ecc_collection_name
427 - name: assertCollectionExists
428 object: testRunner
429 arguments:
430 database: *database_name
431 collection: *ecoc_collection_name
432 - name: assertCollectionExists
433 object: testRunner
434 arguments:
435 database: *database_name
436 collection: *encrypted_collection_name
437 - name: assertIndexExists
438 object: testRunner
439 arguments:
440 database: *database_name
441 collection: *encrypted_collection_name
442 index: __safeContent___1
443
444 expectations:
445 # events from dropCollection ... begin
446 - command_started_event:
447 command:
448 drop: *esc_collection_name
449 command_name: drop
450 database_name: *database_name
451 - command_started_event:
452 command:
453 drop: *ecoc_collection_name
454 command_name: drop
455 database_name: *database_name
456 - command_started_event:
457 command:
458 drop: *encrypted_collection_name
459 command_name: drop
460 database_name: *database_name
461 # events from dropCollection ... end
462 # events from createCollection ... begin
463 # State collections are created first.
464 - command_started_event:
465 command:
466 create: *esc_collection_name
467 clusteredIndex: {key: {_id: 1}, unique: true}
468 command_name: create
469 database_name: *database_name
470 - command_started_event:
471 command:
472 create: *ecoc_collection_name
473 clusteredIndex: {key: {_id: 1}, unique: true}
474 command_name: create
475 database_name: *database_name
476 # Data collection is created after.
477 - command_started_event:
478 command:
479 create: *encrypted_collection_name
480 encryptedFields: *encrypted_fields_expectation
481 command_name: create
482 database_name: *database_name
483 # Index on __safeContents__ is then created.
484 - command_started_event:
485 command:
486 createIndexes: *encrypted_collection_name
487 indexes:
488 - name: __safeContent___1
489 key: { __safeContent__: 1 }
490 command_name: createIndexes
491 database_name: *database_name
492 # events from createCollection ... end
493 - description: "CreateCollection from encryptedFields."
494 clientOptions:
495 autoEncryptOpts:
496 kmsProviders:
497 aws: {} # Credentials filled in from environment.
498 operations:
499 # Do initial drops to remove collections that may exist from previous test runs.
500 - name: dropCollection
501 object: database
502 arguments:
503 collection: *encrypted_collection_name
504 encryptedFields: *encrypted_fields
505 - name: createCollection
506 object: database
507 arguments:
508 collection: *encrypted_collection_name
509 encryptedFields: *encrypted_fields
510 - name: assertCollectionExists
511 object: testRunner
512 arguments:
513 database: *database_name
514 collection: *esc_collection_name
515 # ecc collection is no longer created for QEv2
516 - name: assertCollectionNotExists
517 object: testRunner
518 arguments:
519 database: *database_name
520 collection: *ecc_collection_name
521 - name: assertCollectionExists
522 object: testRunner
523 arguments:
524 database: *database_name
525 collection: *ecoc_collection_name
526 - name: assertCollectionExists
527 object: testRunner
528 arguments:
529 database: *database_name
530 collection: *encrypted_collection_name
531 - name: assertIndexExists
532 object: testRunner
533 arguments:
534 database: *database_name
535 collection: *encrypted_collection_name
536 index: __safeContent___1
537
538 expectations:
539 # events from dropCollection ... begin
540 - command_started_event:
541 command:
542 drop: *esc_collection_name
543 command_name: drop
544 database_name: *database_name
545 - command_started_event:
546 command:
547 drop: *ecoc_collection_name
548 command_name: drop
549 database_name: *database_name
550 - command_started_event:
551 command:
552 drop: *encrypted_collection_name
553 command_name: drop
554 database_name: *database_name
555 # events from dropCollection ... end
556 # events from createCollection ... begin
557 # State collections are created first.
558 - command_started_event:
559 command:
560 create: *esc_collection_name
561 clusteredIndex: {key: {_id: 1}, unique: true}
562 command_name: create
563 database_name: *database_name
564 - command_started_event:
565 command:
566 create: *ecoc_collection_name
567 clusteredIndex: {key: {_id: 1}, unique: true}
568 command_name: create
569 database_name: *database_name
570 # Data collection is created after.
571 - command_started_event:
572 command:
573 create: *encrypted_collection_name
574 encryptedFields: *encrypted_fields_expectation
575 command_name: create
576 database_name: *database_name
577 # libmongocrypt requests listCollections to get a schema for the "createIndexes" command.
578 - command_started_event:
579 command:
580 listCollections: 1
581 filter: { name: *encrypted_collection_name }
582 command_name: listCollections
583 database_name: *database_name
584 # Index on __safeContents__ is then created.
585 - command_started_event:
586 command:
587 createIndexes: *encrypted_collection_name
588 indexes:
589 - name: __safeContent___1
590 key: { __safeContent__: 1 }
591 command_name: createIndexes
592 database_name: *database_name
593 # events from createCollection ... end
594
595 - description: "DropCollection from encryptedFieldsMap"
596 clientOptions:
597 autoEncryptOpts:
598 kmsProviders:
599 aws: {} # Credentials filled in from environment.
600 encryptedFieldsMap:
601 default.encryptedCollection: *encrypted_fields
602 operations:
603 - name: dropCollection
604 object: database
605 arguments:
606 collection: *encrypted_collection_name
607 expectations:
608 # events from dropCollection ... begin
609 - command_started_event:
610 command:
611 drop: *esc_collection_name
612 command_name: drop
613 database_name: *database_name
614 - command_started_event:
615 command:
616 drop: *ecoc_collection_name
617 command_name: drop
618 database_name: *database_name
619 - command_started_event:
620 command:
621 drop: *encrypted_collection_name
622 command_name: drop
623 database_name: *database_name
624 # events from dropCollection ... end
625 - description: "DropCollection from encryptedFields"
626 clientOptions:
627 autoEncryptOpts:
628 kmsProviders:
629 aws: {} # Credentials filled in from environment.
630 encryptedFieldsMap: {}
631 operations:
632 # Do initial drops to remove collections that may exist from previous test runs.
633 - name: dropCollection
634 object: database
635 arguments:
636 collection: *encrypted_collection_name
637 encryptedFields: *encrypted_fields
638 - name: createCollection
639 object: database
640 arguments:
641 collection: *encrypted_collection_name
642 encryptedFields: *encrypted_fields
643 - name: assertCollectionExists
644 object: testRunner
645 arguments:
646 database: *database_name
647 collection: *esc_collection_name
648 # ecc collection is no longer created for QEv2
649 - name: assertCollectionNotExists
650 object: testRunner
651 arguments:
652 database: *database_name
653 collection: *ecc_collection_name
654 - name: assertCollectionExists
655 object: testRunner
656 arguments:
657 database: *database_name
658 collection: *ecoc_collection_name
659 - name: assertCollectionExists
660 object: testRunner
661 arguments:
662 database: *database_name
663 collection: *encrypted_collection_name
664 - name: assertIndexExists
665 object: testRunner
666 arguments:
667 database: *database_name
668 collection: *encrypted_collection_name
669 index: __safeContent___1
670 - name: dropCollection
671 object: database
672 arguments:
673 collection: *encrypted_collection_name
674 encryptedFields: *encrypted_fields
675 # ecc collection is no longer created for QEv2
676 - name: assertCollectionNotExists
677 object: testRunner
678 arguments:
679 database: *database_name
680 collection: *esc_collection_name
681 # ecc collection is no longer created for QEv2
682 - name: assertCollectionNotExists
683 object: testRunner
684 arguments:
685 database: *database_name
686 collection: *ecoc_collection_name
687 # ecc collection is no longer created for QEv2
688 - name: assertCollectionNotExists
689 object: testRunner
690 arguments:
691 database: *database_name
692 collection: *encrypted_collection_name
693 expectations:
694 # events from dropCollection ... begin
695 - command_started_event:
696 command:
697 drop: *esc_collection_name
698 command_name: drop
699 database_name: *database_name
700 - command_started_event:
701 command:
702 drop: *ecoc_collection_name
703 command_name: drop
704 database_name: *database_name
705 - command_started_event:
706 command:
707 drop: *encrypted_collection_name
708 command_name: drop
709 database_name: *database_name
710 # events from dropCollection ... end
711 # events from createCollection ... begin
712 - command_started_event:
713 command:
714 create: *esc_collection_name
715 clusteredIndex: {key: {_id: 1}, unique: true}
716 command_name: create
717 database_name: *database_name
718 - command_started_event:
719 command:
720 create: *ecoc_collection_name
721 clusteredIndex: {key: {_id: 1}, unique: true}
722 command_name: create
723 database_name: *database_name
724 - command_started_event:
725 command:
726 create: *encrypted_collection_name
727 encryptedFields: *encrypted_fields_expectation
728 command_name: create
729 database_name: *database_name
730 # libmongocrypt requests listCollections to get a schema for the "createIndexes" command.
731 - command_started_event:
732 command:
733 listCollections: 1
734 filter: { name: *encrypted_collection_name }
735 command_name: listCollections
736 database_name: *database_name
737 # Index on __safeContents__ is then created.
738 - command_started_event:
739 command:
740 createIndexes: *encrypted_collection_name
741 indexes:
742 - name: __safeContent___1
743 key: { __safeContent__: 1 }
744 command_name: createIndexes
745 database_name: *database_name
746 # events from createCollection ... end
747 # events from dropCollection ... begin
748 - command_started_event:
749 command:
750 drop: *esc_collection_name
751 command_name: drop
752 database_name: *database_name
753 - command_started_event:
754 command:
755 drop: *ecoc_collection_name
756 command_name: drop
757 database_name: *database_name
758 - command_started_event:
759 command:
760 drop: *encrypted_collection_name
761 command_name: drop
762 database_name: *database_name
763 # events from dropCollection ... end
764
765 - description: "DropCollection from remote encryptedFields"
766 clientOptions:
767 autoEncryptOpts:
768 kmsProviders:
769 aws: {} # Credentials filled in from environment.
770 encryptedFieldsMap: {}
771
772 operations:
773 # Do initial drops to remove collections that may exist from previous test runs.
774 - name: dropCollection
775 object: database
776 arguments:
777 collection: *encrypted_collection_name
778 encryptedFields: *encrypted_fields
779 - name: createCollection
780 object: database
781 arguments:
782 collection: *encrypted_collection_name
783 encryptedFields: *encrypted_fields
784 - name: assertCollectionExists
785 object: testRunner
786 arguments:
787 database: *database_name
788 collection: *esc_collection_name
789 # ecc collection is no longer created for QEv2
790 - name: assertCollectionNotExists
791 object: testRunner
792 arguments:
793 database: *database_name
794 collection: *ecc_collection_name
795 - name: assertCollectionExists
796 object: testRunner
797 arguments:
798 database: *database_name
799 collection: *ecoc_collection_name
800 - name: assertCollectionExists
801 object: testRunner
802 arguments:
803 database: *database_name
804 collection: *encrypted_collection_name
805 - name: assertIndexExists
806 object: testRunner
807 arguments:
808 database: *database_name
809 collection: *encrypted_collection_name
810 index: __safeContent___1
811 - name: dropCollection
812 object: database
813 arguments:
814 collection: *encrypted_collection_name
815 # ecc collection is no longer created for QEv2
816 - name: assertCollectionNotExists
817 object: testRunner
818 arguments:
819 database: *database_name
820 collection: *esc_collection_name
821 # ecc collection is no longer created for QEv2
822 - name: assertCollectionNotExists
823 object: testRunner
824 arguments:
825 database: *database_name
826 collection: *ecoc_collection_name
827 # ecc collection is no longer created for QEv2
828 - name: assertCollectionNotExists
829 object: testRunner
830 arguments:
831 database: *database_name
832 collection: *encrypted_collection_name
833
834 expectations:
835 # events from dropCollection ... begin
836 - command_started_event:
837 command:
838 drop: *esc_collection_name
839 command_name: drop
840 database_name: *database_name
841 - command_started_event:
842 command:
843 drop: *ecoc_collection_name
844 command_name: drop
845 database_name: *database_name
846 - command_started_event:
847 command:
848 drop: *encrypted_collection_name
849 command_name: drop
850 database_name: *database_name
851 # events from dropCollection ... end
852 # events from createCollection ... begin
853 - command_started_event:
854 command:
855 create: *esc_collection_name
856 clusteredIndex: {key: {_id: 1}, unique: true}
857 command_name: create
858 database_name: *database_name
859 - command_started_event:
860 command:
861 create: *ecoc_collection_name
862 clusteredIndex: {key: {_id: 1}, unique: true}
863 command_name: create
864 database_name: *database_name
865 - command_started_event:
866 command:
867 create: *encrypted_collection_name
868 encryptedFields: *encrypted_fields_expectation
869 command_name: create
870 database_name: *database_name
871 # libmongocrypt requests listCollections to get a schema for the "createIndexes" command.
872 - command_started_event:
873 command:
874 listCollections: 1
875 filter: { name: *encrypted_collection_name }
876 command_name: listCollections
877 database_name: *database_name
878 # Index on __safeContents__ is then created.
879 - command_started_event:
880 command:
881 createIndexes: *encrypted_collection_name
882 indexes:
883 - name: __safeContent___1
884 key: { __safeContent__: 1 }
885 command_name: createIndexes
886 database_name: *database_name
887 # events from createCollection ... end
888 # events from dropCollection ... begin
889 - command_started_event:
890 command:
891 listCollections: 1
892 filter: { name: *encrypted_collection_name }
893 command_name: listCollections
894 database_name: *database_name
895 - command_started_event:
896 command:
897 drop: *esc_collection_name
898 command_name: drop
899 database_name: *database_name
900 - command_started_event:
901 command:
902 drop: *ecoc_collection_name
903 command_name: drop
904 database_name: *database_name
905 - command_started_event:
906 command:
907 drop: *encrypted_collection_name
908 command_name: drop
909 database_name: *database_name
910 # events from dropCollection ... end
911 - description: "encryptedFields are consulted for metadata collection names"
912 clientOptions:
913 autoEncryptOpts:
914 kmsProviders:
915 aws: {} # Credentials filled in from environment.
916 encryptedFieldsMap:
917 default.encryptedCollection: {
918 "escCollection": "invalid_esc_name",
919 "ecocCollection": "invalid_ecoc_name",
920 "fields": [
921 {
922 "path": "firstName",
923 "bsonType": "string",
924 "keyId": { "$binary": { "subType": "04", "base64": "AAAAAAAAAAAAAAAAAAAAAA==" }}
925 }
926 ]
927 }
928
929 operations:
930 # Do an initial drop to remove collections that may exist from previous test runs.
931 - name: dropCollection
932 object: database
933 arguments:
934 collection: *encrypted_collection_name
935 - name: createCollection
936 object: database
937 arguments:
938 collection: *encrypted_collection_name
939 result:
940 # Expect error due to server constraints added in SERVER-74069
941 errorContains: "Encrypted State Collection name should follow"
View as plain text