1# This test requires libmongocrypt 1.5.0-alpha2.
2runOn:
3 # Require server version 6.0.0 to get behavior added in SERVER-64911.
4 - minServerVersion: "6.0.0"
5
6database_name: &database_name "default"
7collection_name: &collection_name "default"
8data: []
9tests:
10 - description: "create with a validator on an unencrypted field is OK"
11 clientOptions:
12 autoEncryptOpts:
13 kmsProviders:
14 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
15 schemaMap:
16 "default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
17 operations:
18 # Drop to remove a collection that may exist from previous test runs.
19 - name: dropCollection
20 object: database
21 arguments:
22 collection: "encryptedCollection"
23 - name: createCollection
24 object: database
25 arguments:
26 collection: "encryptedCollection"
27 validator:
28 unencrypted_string: "foo"
29 - name: assertCollectionExists
30 object: testRunner
31 arguments:
32 database: *database_name
33 collection: "encryptedCollection"
34 - description: "create with a validator on an encrypted field is an error"
35 clientOptions:
36 autoEncryptOpts:
37 kmsProviders:
38 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
39 schemaMap:
40 "default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
41 operations:
42 # Drop to remove a collection that may exist from previous test runs.
43 - name: dropCollection
44 object: database
45 arguments:
46 collection: "encryptedCollection"
47 - name: createCollection
48 object: database
49 arguments:
50 collection: "encryptedCollection"
51 validator:
52 encrypted_string: "foo"
53 result:
54 errorContains: "Comparison to encrypted fields not supported"
55 - description: "collMod with a validator on an unencrypted field is OK"
56 clientOptions:
57 autoEncryptOpts:
58 kmsProviders:
59 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
60 schemaMap:
61 "default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
62 operations:
63 # Drop to remove a collection that may exist from previous test runs.
64 - name: dropCollection
65 object: database
66 arguments:
67 collection: "encryptedCollection"
68 - name: createCollection
69 object: database
70 arguments:
71 collection: "encryptedCollection"
72 - name: runCommand
73 object: database
74 arguments:
75 command:
76 collMod: "encryptedCollection"
77 validator:
78 unencrypted_string: "foo"
79 - description: "collMod with a validator on an encrypted field is an error"
80 clientOptions:
81 autoEncryptOpts:
82 kmsProviders:
83 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
84 schemaMap:
85 "default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
86 operations:
87 # Drop to remove a collection that may exist from previous test runs.
88 - name: dropCollection
89 object: database
90 arguments:
91 collection: "encryptedCollection"
92 - name: createCollection
93 object: database
94 arguments:
95 collection: "encryptedCollection"
96 - name: runCommand
97 object: database
98 arguments:
99 command:
100 collMod: "encryptedCollection"
101 validator:
102 encrypted_string: "foo"
103 result:
104 errorContains: "Comparison to encrypted fields not supported"
105 - description: "createIndexes with a partialFilterExpression on an unencrypted field is OK"
106 clientOptions:
107 autoEncryptOpts:
108 kmsProviders:
109 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
110 schemaMap:
111 "default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
112 operations:
113 # Drop to remove a collection that may exist from previous test runs.
114 - name: dropCollection
115 object: database
116 arguments:
117 collection: "encryptedCollection"
118 - name: createCollection
119 object: database
120 arguments:
121 collection: "encryptedCollection"
122 - name: runCommand
123 object: database
124 arguments:
125 command:
126 createIndexes: "encryptedCollection"
127 indexes:
128 - name: "name"
129 key: { name: 1 }
130 partialFilterExpression:
131 unencrypted_string: "foo"
132 - name: assertIndexExists
133 object: testRunner
134 arguments:
135 database: *database_name
136 collection: "encryptedCollection"
137 index: name
138 - description: "createIndexes with a partialFilterExpression on an encrypted field is an error"
139 clientOptions:
140 autoEncryptOpts:
141 kmsProviders:
142 local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
143 schemaMap:
144 "default.encryptedCollection": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
145 operations:
146 # Drop to remove a collection that may exist from previous test runs.
147 - name: dropCollection
148 object: database
149 arguments:
150 collection: "encryptedCollection"
151 - name: createCollection
152 object: database
153 arguments:
154 collection: "encryptedCollection"
155 - name: runCommand
156 object: database
157 arguments:
158 command:
159 createIndexes: "encryptedCollection"
160 indexes:
161 - name: "name"
162 key: { name: 1 }
163 partialFilterExpression:
164 encrypted_string: "foo"
165 result:
166 errorContains: "Comparison to encrypted fields not supported"View as plain text