1runOn:
2 - minServerVersion: "4.1.10"
3database_name: &database_name "default"
4collection_name: &collection_name "default"
5
6data: []
7# configure an empty schema
8json_schema: {}
9key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}]
10
11tests:
12 - description: "A local schema should override"
13 clientOptions:
14 autoEncryptOpts:
15 schemaMap:
16 "default.default": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
17 kmsProviders:
18 aws: {} # Credentials filled in from environment.
19 operations:
20 - name: insertOne
21 arguments:
22 document: &doc0 { _id: 1, encrypted_string: "string0" }
23 - name: find
24 arguments:
25 filter: { _id: 1 }
26 result: [*doc0]
27 expectations:
28 # Then key is fetched from the key vault.
29 - command_started_event:
30 command:
31 find: datakeys
32 filter: {"$or": [{"_id": {"$in": [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] }}, {"keyAltNames": {"$in": []}}]}
33 $db: keyvault
34 readConcern: { level: "majority" }
35 command_name: find
36 - command_started_event:
37 command:
38 insert: *collection_name
39 documents:
40 - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
41 ordered: true
42 command_name: insert
43 - command_started_event:
44 command:
45 find: *collection_name
46 filter: { _id: 1 }
47 command_name: find
48 outcome:
49 collection:
50 # Outcome is checked using a separate MongoClient without auto encryption.
51 data:
52 - *doc0_encrypted
53 - description: "A local schema with no encryption is an error"
54 clientOptions:
55 autoEncryptOpts:
56 schemaMap:
57 "default.default": {'properties': {'test': {'bsonType': 'string'}}, 'bsonType': 'object', 'required': ['test']}
58 kmsProviders:
59 aws: {} # Credentials filled in from environment.
60 operations:
61 - name: insertOne
62 arguments:
63 document: { _id: 1, encrypted_string: "string0" }
64 result:
65 errorContains: "JSON schema keyword 'required' is only allowed with a remote schema"View as plain text