rewrapManyDataKey-encrypt_failure.yml

Documentation: go.mongodb.org/mongo-driver/testdata/client-side-encryption/unified

     1description: rewrapManyDataKey-encrypt_failure
     2
     3schemaVersion: "1.8"
     4
     5runOnRequirements:
     6  - csfle: true
     7
     8createEntities:
     9  - client:
    10      id: &client0 client0
    11      observeEvents:
    12        - commandStartedEvent
    13  - clientEncryption:
    14      id: &clientEncryption0 clientEncryption0
    15      clientEncryptionOpts:
    16        keyVaultClient: *client0
    17        keyVaultNamespace: keyvault.datakeys
    18        kmsProviders:
    19          aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 } }
    20          azure: { tenantId: { $$placeholder: 1 }, clientId: { $$placeholder: 1 }, clientSecret: { $$placeholder: 1 } }
    21          gcp: { email: { $$placeholder: 1 }, privateKey: { $$placeholder: 1 } }
    22          kmip: { endpoint: { $$placeholder: 1 } }
    23          local: { key: { $$placeholder: 1 } }
    24  - database:
    25      id: &database0 database0
    26      client: *client0
    27      databaseName: &database0Name keyvault
    28  - collection:
    29      id: &collection0 collection0
    30      database: *database0
    31      collectionName: &collection0Name datakeys
    32
    33initialData:
    34  - databaseName: *database0Name
    35    collectionName: *collection0Name
    36    documents:
    37      - _id: { $binary: { base64: bG9jYWxrZXlsb2NhbGtleQ==, subType: "04" } }
    38        keyAltNames: ["local_key"]
    39        keyMaterial: { $binary: { base64: ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==, subType: "00" } }
    40        creationDate: { $date: { $numberLong: "1641024000000" } }
    41        updateDate: { $date: { $numberLong: "1641024000000" } }
    42        status: 1
    43        masterKey:
    44          provider: local
    45
    46tests:
    47  - description: "rewrap with invalid masterKey for AWS KMS provider"
    48    operations:
    49      - name: rewrapManyDataKey
    50        object: *clientEncryption0
    51        arguments:
    52          filter: {}
    53          opts:
    54            provider: aws
    55            masterKey:
    56              # "us-east-1" changed to "us-east-2" in both key and region.
    57              key: arn:aws:kms:us-east-2:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0
    58              region: us-east-2
    59        expectError:
    60          isClientError: true
    61    expectEvents:
    62      - client: *client0
    63        events:
    64          - commandStartedEvent:
    65              commandName: find
    66              databaseName: *database0Name
    67              command:
    68                find: *collection0Name
    69                filter: {}
    70                readConcern: { level: majority }
    71
    72  - description: "rewrap with invalid masterKey for Azure KMS provider"
    73    operations:
    74      - name: rewrapManyDataKey
    75        object: *clientEncryption0
    76        arguments:
    77          filter: {}
    78          opts:
    79            provider: azure
    80            masterKey:
    81              # "key" changed to "invalid" in both keyVaultEndpoint and keyName.
    82              keyVaultEndpoint: invalid-vault-csfle.vault.azure.net
    83              keyName: invalid-name-csfle
    84        expectError:
    85          isClientError: true
    86    expectEvents:
    87      - client: *client0
    88        events:
    89          - commandStartedEvent:
    90              commandName: find
    91              databaseName: *database0Name
    92              command:
    93                find: *collection0Name
    94                filter: {}
    95                readConcern: { level: majority }
    96
    97  - description: "rewrap with invalid masterKey for GCP KMS provider"
    98    operations:
    99      - name: rewrapManyDataKey
   100        object: *clientEncryption0
   101        arguments:
   102          filter: {}
   103          opts:
   104            provider: gcp
   105            masterKey:
   106              # "key" changed to "invalid" in both keyRing and keyName.
   107              projectId: devprod-drivers
   108              location: global
   109              keyRing: invalid-ring-csfle
   110              keyName: invalid-name-csfle
   111        expectError:
   112          isClientError: true
   113    expectEvents:
   114      - client: *client0
   115        events:
   116          - commandStartedEvent:
   117              commandName: find
   118              databaseName: *database0Name
   119              command:
   120                find: *collection0Name
   121                filter: {}
   122                readConcern: { level: majority }
View as plain text