{ "runOn": [ { "minServerVersion": "4.1.10" } ], "database_name": "default", "collection_name": "default", "data": [ { "_id": 1, "encrypted_string": { "$binary": { "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", "subType": "06" } } } ], "json_schema": { "properties": { "encrypted_w_altname": { "encrypt": { "keyId": "/altname", "bsonType": "string", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" } }, "encrypted_string": { "encrypt": { "keyId": [ { "$binary": { "base64": "AAAAAAAAAAAAAAAAAAAAAA==", "subType": "04" } } ], "bsonType": "string", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" } }, "random": { "encrypt": { "keyId": [ { "$binary": { "base64": "AAAAAAAAAAAAAAAAAAAAAA==", "subType": "04" } } ], "bsonType": "string", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" } }, "encrypted_string_equivalent": { "encrypt": { "keyId": [ { "$binary": { "base64": "AAAAAAAAAAAAAAAAAAAAAA==", "subType": "04" } } ], "bsonType": "string", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" } } }, "bsonType": "object" }, "key_vault_data": [ { "status": 1, "_id": { "$binary": { "base64": "AAAAAAAAAAAAAAAAAAAAAA==", "subType": "04" } }, "masterKey": { "provider": "aws", "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", "region": "us-east-1" }, "updateDate": { "$date": { "$numberLong": "1552949630483" } }, "keyMaterial": { "$binary": { "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO", "subType": "00" } }, "creationDate": { "$date": { "$numberLong": "1552949630483" } }, "keyAltNames": [ "altname", "another_altname" ] } ], "tests": [ { "description": "updateOne with deterministic encryption", "clientOptions": { "autoEncryptOpts": { "kmsProviders": { "aws": {} } } }, "operations": [ { "name": "updateOne", "arguments": { "filter": { "encrypted_string": "string0" }, "update": { "$set": { "encrypted_string": "string1", "random": "abc" } } }, "result": { "matchedCount": 1, "modifiedCount": 1, "upsertedCount": 0 } } ], "expectations": [ { "command_started_event": { "command": { "listCollections": 1, "filter": { "name": "default" } }, "command_name": "listCollections" } }, { "command_started_event": { "command": { "find": "datakeys", "filter": { "$or": [ { "_id": { "$in": [ { "$binary": { "base64": "AAAAAAAAAAAAAAAAAAAAAA==", "subType": "04" } } ] } }, { "keyAltNames": { "$in": [] } } ] }, "$db": "keyvault", "readConcern": { "level": "majority" } }, "command_name": "find" } }, { "command_started_event": { "command": { "update": "default", "updates": [ { "q": { "encrypted_string": { "$eq": { "$binary": { "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", "subType": "06" } } } }, "u": { "$set": { "encrypted_string": { "$binary": { "base64": "AQAAAAAAAAAAAAAAAAAAAAACDdw4KFz3ZLquhsbt7RmDjD0N67n0uSXx7IGnQNCLeIKvot6s/ouI21Eo84IOtb6lhwUNPlSEBNY0/hbszWAKJg==", "subType": "06" } }, "random": { "$$type": "binData" } } } } ], "ordered": true }, "command_name": "update" } } ], "outcome": { "collection": { "data": [ { "_id": 1, "encrypted_string": { "$binary": { "base64": "AQAAAAAAAAAAAAAAAAAAAAACDdw4KFz3ZLquhsbt7RmDjD0N67n0uSXx7IGnQNCLeIKvot6s/ouI21Eo84IOtb6lhwUNPlSEBNY0/hbszWAKJg==", "subType": "06" } }, "random": { "$$type": "binData" } } ] } } }, { "description": "updateOne fails when filtering on a random field", "clientOptions": { "autoEncryptOpts": { "kmsProviders": { "aws": {} } } }, "operations": [ { "name": "updateOne", "arguments": { "filter": { "random": "abc" }, "update": { "$set": { "encrypted_string": "string1" } } }, "result": { "errorContains": "Cannot query on fields encrypted with the randomized encryption" } } ] }, { "description": "$unset works with an encrypted field", "clientOptions": { "autoEncryptOpts": { "kmsProviders": { "aws": {} } } }, "operations": [ { "name": "updateOne", "arguments": { "filter": {}, "update": { "$unset": { "encrypted_string": "" } } }, "result": { "matchedCount": 1, "modifiedCount": 1, "upsertedCount": 0 } } ], "expectations": [ { "command_started_event": { "command": { "listCollections": 1, "filter": { "name": "default" } }, "command_name": "listCollections" } }, { "command_started_event": { "command": { "update": "default", "updates": [ { "q": {}, "u": { "$unset": { "encrypted_string": "" } } } ], "ordered": true }, "command_name": "update" } } ], "outcome": { "collection": { "data": [ { "_id": 1 } ] } } }, { "description": "$rename works if target value has same encryption options", "clientOptions": { "autoEncryptOpts": { "kmsProviders": { "aws": {} } } }, "operations": [ { "name": "updateOne", "arguments": { "filter": {}, "update": { "$rename": { "encrypted_string": "encrypted_string_equivalent" } } }, "result": { "matchedCount": 1, "modifiedCount": 1, "upsertedCount": 0 } } ], "expectations": [ { "command_started_event": { "command": { "listCollections": 1, "filter": { "name": "default" } }, "command_name": "listCollections" } }, { "command_started_event": { "command": { "update": "default", "updates": [ { "q": {}, "u": { "$rename": { "encrypted_string": "encrypted_string_equivalent" } } } ], "ordered": true }, "command_name": "update" } } ], "outcome": { "collection": { "data": [ { "_id": 1, "encrypted_string_equivalent": { "$binary": { "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", "subType": "06" } } } ] } } }, { "description": "$rename fails if target value has different encryption options", "clientOptions": { "autoEncryptOpts": { "kmsProviders": { "aws": {} } } }, "operations": [ { "name": "updateOne", "arguments": { "filter": {}, "update": { "$rename": { "encrypted_string": "random" } } }, "result": { "errorContains": "$rename between two encrypted fields must have the same metadata or both be unencrypted" } } ] }, { "description": "an invalid update (no $ operators) is validated and errors", "clientOptions": { "autoEncryptOpts": { "kmsProviders": { "aws": {} } } }, "operations": [ { "name": "updateOne", "arguments": { "filter": {}, "update": { "encrypted_string": "random" } }, "result": { "errorContains": "" } } ] } ] }