# Requires libmongocrypt 1.8.0. runOn: # Require server version 6.0.0 to get behavior added in SERVER-64911. - minServerVersion: "7.0.0" # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol. # FLE 2 Encrypted collections are not supported on standalone. topology: [ "replicaset", "sharded", "load-balanced" ] database_name: &database_name "default" collection_name: &collection_name "default" data: [] tests: - description: "create with a validator on an unencrypted field is OK" clientOptions: autoEncryptOpts: kmsProviders: local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}} encryptedFieldsMap: "default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]} operations: # Drop to remove a collection that may exist from previous test runs. - name: dropCollection object: database arguments: collection: "encryptedCollection" - name: createCollection object: database arguments: collection: "encryptedCollection" validator: unencrypted_string: "foo" - name: assertCollectionExists object: testRunner arguments: database: *database_name collection: "encryptedCollection" - description: "create with a validator on an encrypted field is an error" clientOptions: autoEncryptOpts: kmsProviders: local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}} encryptedFieldsMap: "default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]} operations: # Drop to remove a collection that may exist from previous test runs. - name: dropCollection object: database arguments: collection: "encryptedCollection" - name: createCollection object: database arguments: collection: "encryptedCollection" validator: encryptedIndexed: "foo" result: errorContains: "Comparison to encrypted fields not supported" - description: "collMod with a validator on an unencrypted field is OK" clientOptions: autoEncryptOpts: kmsProviders: local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}} encryptedFieldsMap: "default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]} operations: # Drop to remove a collection that may exist from previous test runs. - name: dropCollection object: database arguments: collection: "encryptedCollection" - name: createCollection object: database arguments: collection: "encryptedCollection" - name: runCommand object: database arguments: command: collMod: "encryptedCollection" validator: unencrypted_string: "foo" - description: "collMod with a validator on an encrypted field is an error" clientOptions: autoEncryptOpts: kmsProviders: local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}} encryptedFieldsMap: "default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]} operations: # Drop to remove a collection that may exist from previous test runs. - name: dropCollection object: database arguments: collection: "encryptedCollection" - name: createCollection object: database arguments: collection: "encryptedCollection" - name: runCommand object: database arguments: command: collMod: "encryptedCollection" validator: encryptedIndexed: "foo" result: errorContains: "Comparison to encrypted fields not supported" - description: "createIndexes with a partialFilterExpression on an unencrypted field is OK" clientOptions: autoEncryptOpts: kmsProviders: local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}} encryptedFieldsMap: "default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]} operations: # Drop to remove a collection that may exist from previous test runs. - name: dropCollection object: database arguments: collection: "encryptedCollection" - name: createCollection object: database arguments: collection: "encryptedCollection" - name: runCommand object: database arguments: command: createIndexes: "encryptedCollection" indexes: - name: "name" key: { name: 1 } partialFilterExpression: unencrypted_string: "foo" - name: assertIndexExists object: testRunner arguments: database: *database_name collection: "encryptedCollection" index: name - description: "createIndexes with a partialFilterExpression on an encrypted field is an error" clientOptions: autoEncryptOpts: kmsProviders: local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}} encryptedFieldsMap: "default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]} operations: # Drop to remove a collection that may exist from previous test runs. - name: dropCollection object: database arguments: collection: "encryptedCollection" - name: createCollection object: database arguments: collection: "encryptedCollection" - name: runCommand object: database arguments: command: createIndexes: "encryptedCollection" indexes: - name: "name" key: { name: 1 } partialFilterExpression: encryptedIndexed: "foo" result: errorContains: "Comparison to encrypted fields not supported"