1494 lines
45 KiB
JSON
1494 lines
45 KiB
JSON
{
|
|
"description": "rewrapManyDataKey",
|
|
"schemaVersion": "1.8",
|
|
"runOnRequirements": [
|
|
{
|
|
"csfle": true
|
|
}
|
|
],
|
|
"createEntities": [
|
|
{
|
|
"client": {
|
|
"id": "client0",
|
|
"observeEvents": [
|
|
"commandStartedEvent"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"clientEncryption": {
|
|
"id": "clientEncryption0",
|
|
"clientEncryptionOpts": {
|
|
"keyVaultClient": "client0",
|
|
"keyVaultNamespace": "keyvault.datakeys",
|
|
"kmsProviders": {
|
|
"aws": {
|
|
"accessKeyId": {
|
|
"$$placeholder": 1
|
|
},
|
|
"secretAccessKey": {
|
|
"$$placeholder": 1
|
|
}
|
|
},
|
|
"azure": {
|
|
"tenantId": {
|
|
"$$placeholder": 1
|
|
},
|
|
"clientId": {
|
|
"$$placeholder": 1
|
|
},
|
|
"clientSecret": {
|
|
"$$placeholder": 1
|
|
}
|
|
},
|
|
"gcp": {
|
|
"email": {
|
|
"$$placeholder": 1
|
|
},
|
|
"privateKey": {
|
|
"$$placeholder": 1
|
|
}
|
|
},
|
|
"kmip": {
|
|
"endpoint": {
|
|
"$$placeholder": 1
|
|
}
|
|
},
|
|
"local": {
|
|
"key": {
|
|
"$$placeholder": 1
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"database": {
|
|
"id": "database0",
|
|
"client": "client0",
|
|
"databaseName": "keyvault"
|
|
}
|
|
},
|
|
{
|
|
"collection": {
|
|
"id": "collection0",
|
|
"database": "database0",
|
|
"collectionName": "datakeys"
|
|
}
|
|
}
|
|
],
|
|
"initialData": [
|
|
{
|
|
"databaseName": "keyvault",
|
|
"collectionName": "datakeys",
|
|
"documents": [
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"keyAltNames": [
|
|
"aws_key"
|
|
],
|
|
"keyMaterial": {
|
|
"$binary": {
|
|
"base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gFXJqbF0Fy872MD7xl56D/2AAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDO7HPisPUlGzaio9vgIBEIB7/Qow46PMh/8JbEUbdXgTGhLfXPE+KIVW7T8s6YEMlGiRvMu7TV0QCIUJlSHPKZxzlJ2iwuz5yXeOag+EdY+eIQ0RKrsJ3b8UTisZYzGjfzZnxUKLzLoeXremtRCm3x47wCuHKd1dhh6FBbYt5TL2tDaj+vL2GBrKat2L",
|
|
"subType": "00"
|
|
}
|
|
},
|
|
"creationDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"updateDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"status": 1,
|
|
"masterKey": {
|
|
"provider": "aws",
|
|
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
|
|
"region": "us-east-1"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "YXp1cmVhenVyZWF6dXJlYQ==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"keyAltNames": [
|
|
"azure_key"
|
|
],
|
|
"keyMaterial": {
|
|
"$binary": {
|
|
"base64": "pr01l7qDygUkFE/0peFwpnNlv3iIy8zrQK38Q9i12UCN2jwZHDmfyx8wokiIKMb9kAleeY+vnt3Cf1MKu9kcDmI+KxbNDd+V3ytAAGzOVLDJr77CiWjF9f8ntkXRHrAY9WwnVDANYkDwXlyU0Y2GQFTiW65jiQhUtYLYH63Tk48SsJuQvnWw1Q+PzY8ga+QeVec8wbcThwtm+r2IHsCFnc72Gv73qq7weISw+O4mN08z3wOp5FOS2ZM3MK7tBGmPdBcktW7F8ODGsOQ1FU53OrWUnyX2aTi2ftFFFMWVHqQo7EYuBZHru8RRODNKMyQk0BFfKovAeTAVRv9WH9QU7g==",
|
|
"subType": "00"
|
|
}
|
|
},
|
|
"creationDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"updateDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"status": 1,
|
|
"masterKey": {
|
|
"provider": "azure",
|
|
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
|
|
"keyName": "key-name-csfle"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "Z2NwZ2NwZ2NwZ2NwZ2NwZw==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"keyAltNames": [
|
|
"gcp_key"
|
|
],
|
|
"keyMaterial": {
|
|
"$binary": {
|
|
"base64": "CiQAIgLj0USbQtof/pYRLQO96yg/JEtZbD1UxKueaC37yzT5tTkSiQEAhClWB5ZCSgzHgxv8raWjNB4r7e8ePGdsmSuYTYmLC5oHHS/BdQisConzNKFaobEQZHamTCjyhy5NotKF8MWoo+dyfQApwI29+vAGyrUIQCXzKwRnNdNQ+lb3vJtS5bqvLTvSxKHpVca2kqyC9nhonV+u4qru5Q2bAqUgVFc8fL4pBuvlowZFTQ==",
|
|
"subType": "00"
|
|
}
|
|
},
|
|
"creationDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"updateDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"status": 1,
|
|
"masterKey": {
|
|
"provider": "gcp",
|
|
"projectId": "devprod-drivers",
|
|
"location": "global",
|
|
"keyRing": "key-ring-csfle",
|
|
"keyName": "key-name-csfle"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "a21pcGttaXBrbWlwa21pcA==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"keyAltNames": [
|
|
"kmip_key"
|
|
],
|
|
"keyMaterial": {
|
|
"$binary": {
|
|
"base64": "CklVctHzke4mcytd0TxGqvepkdkQN8NUF4+jV7aZQITAKdz6WjdDpq3lMt9nSzWGG2vAEfvRb3mFEVjV57qqGqxjq2751gmiMRHXz0btStbIK3mQ5xbY9kdye4tsixlCryEwQONr96gwlwKKI9Nubl9/8+uRF6tgYjje7Q7OjauEf1SrJwKcoQ3WwnjZmEqAug0kImCpJ/irhdqPzivRiA==",
|
|
"subType": "00"
|
|
}
|
|
},
|
|
"creationDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"updateDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"status": 1,
|
|
"masterKey": {
|
|
"provider": "kmip",
|
|
"keyId": "1"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"keyAltNames": [
|
|
"local_key"
|
|
],
|
|
"keyMaterial": {
|
|
"$binary": {
|
|
"base64": "ABKBldDEoDW323yejOnIRk6YQmlD9d3eQthd16scKL75nz2LjNL9fgPDZWrFFOlqlhMCFaSrNJfGrFUjYk5JFDO7soG5Syb50k1niJoKg4ilsj0L4mpimFUtTpOr2nzZOeQtvAksEXc7gsFgq8gV7t/U3lsaXPY7I0t42DfSE8EGlPdxRjFdHnxh+OR8h7U9b8Qs5K5UuhgyeyxaBZ1Hgw==",
|
|
"subType": "00"
|
|
}
|
|
},
|
|
"creationDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"updateDate": {
|
|
"$date": {
|
|
"$numberLong": "1641024000000"
|
|
}
|
|
},
|
|
"status": 1,
|
|
"masterKey": {
|
|
"provider": "local"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"tests": [
|
|
{
|
|
"description": "no keys to rewrap due to no filter matches",
|
|
"operations": [
|
|
{
|
|
"name": "rewrapManyDataKey",
|
|
"object": "clientEncryption0",
|
|
"arguments": {
|
|
"filter": {
|
|
"keyAltNames": "no_matching_keys"
|
|
},
|
|
"opts": {
|
|
"provider": "local"
|
|
}
|
|
},
|
|
"expectResult": {
|
|
"bulkWriteResult": {
|
|
"$$exists": false
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"expectEvents": [
|
|
{
|
|
"client": "client0",
|
|
"events": [
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"find": "datakeys",
|
|
"filter": {
|
|
"keyAltNames": "no_matching_keys"
|
|
},
|
|
"readConcern": {
|
|
"level": "majority"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": "rewrap with new AWS KMS provider",
|
|
"operations": [
|
|
{
|
|
"name": "rewrapManyDataKey",
|
|
"object": "clientEncryption0",
|
|
"arguments": {
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "aws_key"
|
|
}
|
|
},
|
|
"opts": {
|
|
"provider": "aws",
|
|
"masterKey": {
|
|
"key": "arn:aws:kms:us-east-1:579766882180:key/061334ae-07a8-4ceb-a813-8135540e837d",
|
|
"region": "us-east-1"
|
|
}
|
|
}
|
|
},
|
|
"expectResult": {
|
|
"bulkWriteResult": {
|
|
"insertedCount": 0,
|
|
"matchedCount": 4,
|
|
"modifiedCount": 4,
|
|
"deletedCount": 0,
|
|
"upsertedCount": 0,
|
|
"upsertedIds": {},
|
|
"insertedIds": {
|
|
"$$unsetOrMatches": {}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"expectEvents": [
|
|
{
|
|
"client": "client0",
|
|
"events": [
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"find": "datakeys",
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "aws_key"
|
|
}
|
|
},
|
|
"readConcern": {
|
|
"level": "majority"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"update": "datakeys",
|
|
"ordered": true,
|
|
"updates": [
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "aws",
|
|
"key": "arn:aws:kms:us-east-1:579766882180:key/061334ae-07a8-4ceb-a813-8135540e837d",
|
|
"region": "us-east-1"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "aws",
|
|
"key": "arn:aws:kms:us-east-1:579766882180:key/061334ae-07a8-4ceb-a813-8135540e837d",
|
|
"region": "us-east-1"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "aws",
|
|
"key": "arn:aws:kms:us-east-1:579766882180:key/061334ae-07a8-4ceb-a813-8135540e837d",
|
|
"region": "us-east-1"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "aws",
|
|
"key": "arn:aws:kms:us-east-1:579766882180:key/061334ae-07a8-4ceb-a813-8135540e837d",
|
|
"region": "us-east-1"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
}
|
|
],
|
|
"writeConcern": {
|
|
"w": "majority"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": "rewrap with new Azure KMS provider",
|
|
"operations": [
|
|
{
|
|
"name": "rewrapManyDataKey",
|
|
"object": "clientEncryption0",
|
|
"arguments": {
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "azure_key"
|
|
}
|
|
},
|
|
"opts": {
|
|
"provider": "azure",
|
|
"masterKey": {
|
|
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
|
|
"keyName": "key-name-csfle"
|
|
}
|
|
}
|
|
},
|
|
"expectResult": {
|
|
"bulkWriteResult": {
|
|
"insertedCount": 0,
|
|
"matchedCount": 4,
|
|
"modifiedCount": 4,
|
|
"deletedCount": 0,
|
|
"upsertedCount": 0,
|
|
"upsertedIds": {},
|
|
"insertedIds": {
|
|
"$$unsetOrMatches": {}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"expectEvents": [
|
|
{
|
|
"client": "client0",
|
|
"events": [
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"find": "datakeys",
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "azure_key"
|
|
}
|
|
},
|
|
"readConcern": {
|
|
"level": "majority"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"update": "datakeys",
|
|
"ordered": true,
|
|
"updates": [
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "azure",
|
|
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "azure",
|
|
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "azure",
|
|
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "azure",
|
|
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
}
|
|
],
|
|
"writeConcern": {
|
|
"w": "majority"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": "rewrap with new GCP KMS provider",
|
|
"operations": [
|
|
{
|
|
"name": "rewrapManyDataKey",
|
|
"object": "clientEncryption0",
|
|
"arguments": {
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "gcp_key"
|
|
}
|
|
},
|
|
"opts": {
|
|
"provider": "gcp",
|
|
"masterKey": {
|
|
"projectId": "devprod-drivers",
|
|
"location": "global",
|
|
"keyRing": "key-ring-csfle",
|
|
"keyName": "key-name-csfle"
|
|
}
|
|
}
|
|
},
|
|
"expectResult": {
|
|
"bulkWriteResult": {
|
|
"insertedCount": 0,
|
|
"matchedCount": 4,
|
|
"modifiedCount": 4,
|
|
"deletedCount": 0,
|
|
"upsertedCount": 0,
|
|
"upsertedIds": {},
|
|
"insertedIds": {
|
|
"$$unsetOrMatches": {}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"expectEvents": [
|
|
{
|
|
"client": "client0",
|
|
"events": [
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"find": "datakeys",
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "gcp_key"
|
|
}
|
|
},
|
|
"readConcern": {
|
|
"level": "majority"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"update": "datakeys",
|
|
"ordered": true,
|
|
"updates": [
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "gcp",
|
|
"projectId": "devprod-drivers",
|
|
"location": "global",
|
|
"keyRing": "key-ring-csfle",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "gcp",
|
|
"projectId": "devprod-drivers",
|
|
"location": "global",
|
|
"keyRing": "key-ring-csfle",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "gcp",
|
|
"projectId": "devprod-drivers",
|
|
"location": "global",
|
|
"keyRing": "key-ring-csfle",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "gcp",
|
|
"projectId": "devprod-drivers",
|
|
"location": "global",
|
|
"keyRing": "key-ring-csfle",
|
|
"keyName": "key-name-csfle"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
}
|
|
],
|
|
"writeConcern": {
|
|
"w": "majority"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": "rewrap with new KMIP KMS provider",
|
|
"operations": [
|
|
{
|
|
"name": "rewrapManyDataKey",
|
|
"object": "clientEncryption0",
|
|
"arguments": {
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "kmip_key"
|
|
}
|
|
},
|
|
"opts": {
|
|
"provider": "kmip"
|
|
}
|
|
},
|
|
"expectResult": {
|
|
"bulkWriteResult": {
|
|
"insertedCount": 0,
|
|
"matchedCount": 4,
|
|
"modifiedCount": 4,
|
|
"deletedCount": 0,
|
|
"upsertedCount": 0,
|
|
"upsertedIds": {},
|
|
"insertedIds": {
|
|
"$$unsetOrMatches": {}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"expectEvents": [
|
|
{
|
|
"client": "client0",
|
|
"events": [
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"find": "datakeys",
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "kmip_key"
|
|
}
|
|
},
|
|
"readConcern": {
|
|
"level": "majority"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"update": "datakeys",
|
|
"ordered": true,
|
|
"updates": [
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "kmip",
|
|
"keyId": {
|
|
"$$type": "string"
|
|
}
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "kmip",
|
|
"keyId": {
|
|
"$$type": "string"
|
|
}
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "kmip",
|
|
"keyId": {
|
|
"$$type": "string"
|
|
}
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "kmip",
|
|
"keyId": {
|
|
"$$type": "string"
|
|
}
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
}
|
|
],
|
|
"writeConcern": {
|
|
"w": "majority"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": "rewrap with new local KMS provider",
|
|
"operations": [
|
|
{
|
|
"name": "rewrapManyDataKey",
|
|
"object": "clientEncryption0",
|
|
"arguments": {
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "local_key"
|
|
}
|
|
},
|
|
"opts": {
|
|
"provider": "local"
|
|
}
|
|
},
|
|
"expectResult": {
|
|
"bulkWriteResult": {
|
|
"insertedCount": 0,
|
|
"matchedCount": 4,
|
|
"modifiedCount": 4,
|
|
"deletedCount": 0,
|
|
"upsertedCount": 0,
|
|
"upsertedIds": {},
|
|
"insertedIds": {
|
|
"$$unsetOrMatches": {}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"expectEvents": [
|
|
{
|
|
"client": "client0",
|
|
"events": [
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"find": "datakeys",
|
|
"filter": {
|
|
"keyAltNames": {
|
|
"$ne": "local_key"
|
|
}
|
|
},
|
|
"readConcern": {
|
|
"level": "majority"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"update": "datakeys",
|
|
"ordered": true,
|
|
"updates": [
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "local"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "local"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "local"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"provider": "local"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
}
|
|
],
|
|
"writeConcern": {
|
|
"w": "majority"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": "rewrap with current KMS provider",
|
|
"operations": [
|
|
{
|
|
"name": "rewrapManyDataKey",
|
|
"object": "clientEncryption0",
|
|
"arguments": {
|
|
"filter": {}
|
|
},
|
|
"expectResult": {
|
|
"bulkWriteResult": {
|
|
"insertedCount": 0,
|
|
"matchedCount": 5,
|
|
"modifiedCount": 5,
|
|
"deletedCount": 0,
|
|
"upsertedCount": 0,
|
|
"upsertedIds": {},
|
|
"insertedIds": {
|
|
"$$unsetOrMatches": {}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "find",
|
|
"object": "collection0",
|
|
"arguments": {
|
|
"filter": {},
|
|
"projection": {
|
|
"masterKey": 1
|
|
},
|
|
"sort": {
|
|
"keyAltNames": 1
|
|
}
|
|
},
|
|
"expectResult": [
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "YXdzYXdzYXdzYXdzYXdzYQ==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"masterKey": {
|
|
"provider": "aws",
|
|
"key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
|
|
"region": "us-east-1"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "YXp1cmVhenVyZWF6dXJlYQ==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"masterKey": {
|
|
"provider": "azure",
|
|
"keyVaultEndpoint": "key-vault-csfle.vault.azure.net",
|
|
"keyName": "key-name-csfle"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "Z2NwZ2NwZ2NwZ2NwZ2NwZw==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"masterKey": {
|
|
"provider": "gcp",
|
|
"projectId": "devprod-drivers",
|
|
"location": "global",
|
|
"keyRing": "key-ring-csfle",
|
|
"keyName": "key-name-csfle"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "a21pcGttaXBrbWlwa21pcA==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"masterKey": {
|
|
"provider": "kmip",
|
|
"keyId": "1"
|
|
}
|
|
},
|
|
{
|
|
"_id": {
|
|
"$binary": {
|
|
"base64": "bG9jYWxrZXlsb2NhbGtleQ==",
|
|
"subType": "04"
|
|
}
|
|
},
|
|
"masterKey": {
|
|
"provider": "local"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"expectEvents": [
|
|
{
|
|
"client": "client0",
|
|
"events": [
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"find": "datakeys",
|
|
"filter": {},
|
|
"readConcern": {
|
|
"level": "majority"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"commandStartedEvent": {
|
|
"databaseName": "keyvault",
|
|
"command": {
|
|
"update": "datakeys",
|
|
"ordered": true,
|
|
"updates": [
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"$$type": "object"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"$$type": "object"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"$$type": "object"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"$$type": "object"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
},
|
|
{
|
|
"q": {
|
|
"_id": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"u": {
|
|
"$set": {
|
|
"masterKey": {
|
|
"$$type": "object"
|
|
},
|
|
"keyMaterial": {
|
|
"$$type": "binData"
|
|
}
|
|
},
|
|
"$currentDate": {
|
|
"updateDate": true
|
|
}
|
|
},
|
|
"multi": {
|
|
"$$unsetOrMatches": false
|
|
},
|
|
"upsert": {
|
|
"$$unsetOrMatches": false
|
|
}
|
|
}
|
|
],
|
|
"writeConcern": {
|
|
"w": "majority"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"commandStartedEvent": {
|
|
"commandName": "find"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|