go/bson
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bson/testdata/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.yml
Francesco Bellini 4b4cceb81c Initial commit
2025-03-17 20:58:26 +01:00

169 lines
8.3 KiB
YAML
Raw Blame History

# Requires libmongocrypt 1.8.0.
runOn:
# Require server version 6.0.0 to get behavior added in SERVER-64911.
- minServerVersion: "7.0.0"
# Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
tests:
- description: "create with a validator on an unencrypted field is OK"
clientOptions:
autoEncryptOpts:
kmsProviders:
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
encryptedFieldsMap:
"default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
operations:
# Drop to remove a collection that may exist from previous test runs.
- name: dropCollection
object: database
arguments:
collection: "encryptedCollection"
- name: createCollection
object: database
arguments:
collection: "encryptedCollection"
validator:
unencrypted_string: "foo"
- name: assertCollectionExists
object: testRunner
arguments:
database: *database_name
collection: "encryptedCollection"
- description: "create with a validator on an encrypted field is an error"
clientOptions:
autoEncryptOpts:
kmsProviders:
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
encryptedFieldsMap:
"default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
operations:
# Drop to remove a collection that may exist from previous test runs.
- name: dropCollection
object: database
arguments:
collection: "encryptedCollection"
- name: createCollection
object: database
arguments:
collection: "encryptedCollection"
validator:
encryptedIndexed: "foo"
result:
errorContains: "Comparison to encrypted fields not supported"
- description: "collMod with a validator on an unencrypted field is OK"
clientOptions:
autoEncryptOpts:
kmsProviders:
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
encryptedFieldsMap:
"default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
operations:
# Drop to remove a collection that may exist from previous test runs.
- name: dropCollection
object: database
arguments:
collection: "encryptedCollection"
- name: createCollection
object: database
arguments:
collection: "encryptedCollection"
- name: runCommand
object: database
arguments:
command:
collMod: "encryptedCollection"
validator:
unencrypted_string: "foo"
- description: "collMod with a validator on an encrypted field is an error"
clientOptions:
autoEncryptOpts:
kmsProviders:
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
encryptedFieldsMap:
"default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
operations:
# Drop to remove a collection that may exist from previous test runs.
- name: dropCollection
object: database
arguments:
collection: "encryptedCollection"
- name: createCollection
object: database
arguments:
collection: "encryptedCollection"
- name: runCommand
object: database
arguments:
command:
collMod: "encryptedCollection"
validator:
encryptedIndexed: "foo"
result:
errorContains: "Comparison to encrypted fields not supported"
- description: "createIndexes with a partialFilterExpression on an unencrypted field is OK"
clientOptions:
autoEncryptOpts:
kmsProviders:
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
encryptedFieldsMap:
"default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
operations:
# Drop to remove a collection that may exist from previous test runs.
- name: dropCollection
object: database
arguments:
collection: "encryptedCollection"
- name: createCollection
object: database
arguments:
collection: "encryptedCollection"
- name: runCommand
object: database
arguments:
command:
createIndexes: "encryptedCollection"
indexes:
- name: "name"
key: { name: 1 }
partialFilterExpression:
unencrypted_string: "foo"
- name: assertIndexExists
object: testRunner
arguments:
database: *database_name
collection: "encryptedCollection"
index: name
- description: "createIndexes with a partialFilterExpression on an encrypted field is an error"
clientOptions:
autoEncryptOpts:
kmsProviders:
local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
encryptedFieldsMap:
"default.encryptedCollection": {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
operations:
# Drop to remove a collection that may exist from previous test runs.
- name: dropCollection
object: database
arguments:
collection: "encryptedCollection"
- name: createCollection
object: database
arguments:
collection: "encryptedCollection"
- name: runCommand
object: database
arguments:
command:
createIndexes: "encryptedCollection"
indexes:
- name: "name"
key: { name: 1 }
partialFilterExpression:
encryptedIndexed: "foo"
result:
errorContains: "Comparison to encrypted fields not supported"
Reference in New Issue View Git Blame Copy Permalink