1runOn:
2 - minServerVersion: "4.1.10"
3database_name: &database_name "default"
4collection_name: &collection_name "default"
5
6data: []
7json_schema: {'properties': {'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}}, 'bsonType': 'object'}
8key_vault_data: [{'_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'Ce9HSz/HKKGkIt4uyy+jDuKGA+rLC2cycykMo6vc8jXxqa1UVDYHWq1r+vZKbnnSRBfB981akzRKZCFpC05CTyFqDhXv6OnMjpG97OZEREGIsHEYiJkBW0jJJvfLLgeLsEpBzsro9FztGGXASxyxFRZFhXvHxyiLOKrdWfs7X1O/iK3pEoHMx6uSNSfUOgbebLfIqW7TO++iQS5g1xovXA==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}}]
9
10tests:
11 - description: "Insert a document with auto encryption using local KMS provider"
12 clientOptions:
13 autoEncryptOpts:
14 kmsProviders:
15 aws: {} # Credentials filled in from environment.
16 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
17 operations:
18 - name: insertOne
19 arguments:
20 document: &doc0 { _id: 1, encrypted_string: "string0", random: "abc" }
21 expectations:
22 # Auto encryption will request the collection info.
23 - command_started_event:
24 command:
25 listCollections: 1
26 filter:
27 name: *collection_name
28 command_name: listCollections
29 # Then key is fetched from the key vault.
30 - command_started_event:
31 command:
32 find: datakeys
33 filter: { $or: [ { _id: { $in: [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] } }, { keyAltNames: { $in: [] } } ] }
34 $db: keyvault
35 command_name: find
36 - command_started_event:
37 command:
38 insert: *collection_name
39 documents:
40 - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACV/+zJmpqMU47yxS/xIVAviGi7wHDuFwaULAixEAoIh0xHz73UYOM3D8D44gcJn67EROjbz4ITpYzzlCJovDL0Q==', 'subType': '06'}}, random: { $$type: "binData" } }
41 ordered: true
42 command_name: insert
43 outcome:
44 collection:
45 # Outcome is checked using a separate MongoClient without auto encryption.
46 data:
47 - *doc0_encryptedView as plain text