From 198c1acef379fa2a9e59ad461cf1df77b6fbe497 Mon Sep 17 00:00:00 2001 From: mdb-ad <198671546+mdb-ad@users.noreply.github.com> Date: Wed, 29 Oct 2025 23:03:06 -0700 Subject: [PATCH 1/6] keyAltName test --- .../unified/fle2v2-InsertFind-keyAltName.json | 335 ++++++++++++++++++ .../unified/fle2v2-InsertFind-keyAltName.yml | 171 +++++++++ 2 files changed, 506 insertions(+) create mode 100644 source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json create mode 100644 source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json new file mode 100644 index 0000000000..2cfc3573fd --- /dev/null +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json @@ -0,0 +1,335 @@ +{ + "description": "fle2v2-InsertFind-Indexed", + "schemaVersion": "1.25", + "runOnRequirements": [ + { + "minServerVersion": "7.0.0", + "topologies": [ + "replicaset", + "sharded", + "load-balanced" + ], + "csfle": { + "minLibmongocryptVersion": "1.15.1" + } + } + ], + "createEntities": [ + { + "client": { + "id": "client0", + "autoEncryptOpts": { + "keyVaultNamespace": "keyvault.datakeys", + "kmsProviders": { + "local": { + "key": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk" + } + }, + "encryptedFieldsMap": { + "default.default": { + "fields": [ + { + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + }, + "keyAltName": "altname" + } + ] + } + } + }, + "observeEvents": [ + "commandStartedEvent" + ] + } + }, + { + "database": { + "id": "db", + "client": "client0", + "databaseName": "default" + } + }, + { + "collection": { + "id": "coll", + "database": "db", + "collectionName": "default" + } + }, + { + "client": { + "id": "client_unencrypted", + "observeEvents": [ + "commandStartedEvent" + ] + } + }, + { + "database": { + "id": "db_unencrypted", + "client": "client_unencrypted", + "databaseName": "default" + } + }, + { + "collection": { + "id": "coll_unencrypted", + "database": "db_unencrypted", + "collectionName": "default" + } + } + ], + "initialData": [ + { + "databaseName": "default", + "collectionName": "default", + "documents": [], + "createOptions": { + "encryptedFields": { + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + } + } + }, + { + "databaseName": "keyvault", + "collectionName": "datakeys", + "documents": [ + { + "_id": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "keyMaterial": { + "$binary": { + "base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==", + "subType": "00" + } + }, + "creationDate": { + "$date": { + "$numberLong": "1648914851981" + } + }, + "updateDate": { + "$date": { + "$numberLong": "1648914851981" + } + }, + "status": { + "$numberInt": "0" + }, + "masterKey": { + "provider": "local" + }, + "keyAltNames": [ + "altname" + ] + } + ] + } + ], + "tests": [ + { + "description": "Insert and find FLE2 indexed field", + "operations": [ + { + "name": "insertOne", + "arguments": { + "document": { + "_id": 1, + "encryptedIndexed": "123" + } + }, + "object": "coll" + }, + { + "name": "find", + "arguments": { + "filter": { + "encryptedIndexed": "123" + } + }, + "object": "coll", + "expectResult": [ + { + "_id": 1, + "encryptedIndexed": "123" + } + ] + }, + { + "name": "find", + "object": "coll_unencrypted", + "arguments": { + "filter": {} + }, + "expectResult": [ + { + "_id": 1, + "encryptedIndexed": { + "$$type": "binData" + }, + "__safeContent__": [ + { + "$binary": { + "base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", + "subType": "00" + } + } + ] + } + ] + } + ], + "expectEvents": [ + { + "client": "client0", + "events": [ + { + "commandStartedEvent": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [] + } + }, + { + "keyAltNames": { + "$in": [ + "altname" + ] + } + } + ] + }, + "$db": "keyvault", + "readConcern": { + "level": "majority" + } + }, + "commandName": "find" + } + }, + { + "commandStartedEvent": { + "command": { + "insert": "default", + "documents": [ + { + "_id": 1, + "encryptedIndexed": { + "$$type": "binData" + } + } + ], + "ordered": true, + "encryptionInformation": { + "type": 1, + "schema": { + "default.default": { + "escCollection": "enxcol_.default.esc", + "ecocCollection": "enxcol_.default.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + } + } + } + }, + "commandName": "insert" + } + }, + { + "commandStartedEvent": { + "command": { + "find": "default", + "filter": { + "encryptedIndexed": { + "$eq": { + "$binary": { + "base64": "DIkAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVsACAAAAAApJtKPW4+o9B7gAynNLL26jtlB4+hq5TXResijcYet8USY20AAAAAAAAAAAAA", + "subType": "06" + } + } + } + }, + "encryptionInformation": { + "type": 1, + "schema": { + "default.default": { + "escCollection": "enxcol_.default.esc", + "ecocCollection": "enxcol_.default.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + } + } + } + }, + "commandName": "find" + } + } + ] + } + ] + } + ] +} diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml new file mode 100644 index 0000000000..fcf5dac956 --- /dev/null +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml @@ -0,0 +1,171 @@ +description: fle2v2-InsertFind-Indexed +schemaVersion: "1.25" +runOnRequirements: + - minServerVersion: "7.0.0" + # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol. + # FLE 2 Encrypted collections are not supported on standalone. + topologies: ["replicaset", "sharded", "load-balanced"] + csfle: + minLibmongocryptVersion: "1.15.1" +createEntities: + - client: + id: "client0" + autoEncryptOpts: + keyVaultNamespace: keyvault.datakeys + kmsProviders: + local: + key: Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk + encryptedFieldsMap: + default.default: + { + "fields": + [ + { + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { "queryType": "equality", "contention": { "$numberLong": "0" } }, + "keyAltName": "altname" + }, + ], + } + observeEvents: + - commandStartedEvent + - database: + id: "db" + client: "client0" + databaseName: default + - collection: + id: "coll" + database: "db" + collectionName: &collection_name default + - client: + id: "client_unencrypted" + observeEvents: + - commandStartedEvent + - database: + id: "db_unencrypted" + client: "client_unencrypted" + databaseName: default + - collection: + id: "coll_unencrypted" + database: "db_unencrypted" + collectionName: default +initialData: + - databaseName: default + collectionName: default + documents: [] + createOptions: + encryptedFields: + &encrypted_fields { + "fields": + [ + { + "keyId": { "$binary": { "base64": "EjRWeBI0mHYSNBI0VniQEg==", "subType": "04" } }, + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { "queryType": "equality", "contention": { "$numberLong": "0" } }, + } + ], + } + - databaseName: keyvault + collectionName: datakeys + documents: + [ + { + "_id": { "$binary": { "base64": "EjRWeBI0mHYSNBI0VniQEg==", "subType": "04" } }, + "keyMaterial": + { + "$binary": + { + "base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==", + "subType": "00", + }, + }, + "creationDate": { "$date": { "$numberLong": "1648914851981" } }, + "updateDate": { "$date": { "$numberLong": "1648914851981" } }, + "status": { "$numberInt": "0" }, + "masterKey": { "provider": "local" }, + "keyAltNames": ["altname"], + }, + ] +tests: + - description: "Insert and find FLE2 indexed field" + operations: + - name: insertOne + arguments: + document: &doc0 { _id: 1, encryptedIndexed: "123" } + object: "coll" + - name: find + arguments: + filter: { encryptedIndexed: "123" } + object: "coll" + expectResult: [*doc0] + - name: find + object: coll_unencrypted + arguments: + filter: {} + expectResult: + - { + "_id": 1, + "encryptedIndexed": { $$type: "binData" }, + "__safeContent__": + ["$binary": { "base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType": "00" }], + } + expectEvents: + - client: "client0" + events: + - commandStartedEvent: + command: + find: datakeys + filter: + { + "$or": + [ + "_id": { "$in": [] }, + "keyAltNames": { "$in": ["altname"] }, + ], + } + $db: keyvault + readConcern: { level: "majority" } + commandName: find + - commandStartedEvent: + command: + insert: *collection_name + documents: + - { "_id": 1, "encryptedIndexed": { $$type: "binData" } } + ordered: true + encryptionInformation: + type: 1 + schema: + default.default: + # libmongocrypt applies escCollection and ecocCollection to outgoing command. + escCollection: "enxcol_.default.esc" + ecocCollection: "enxcol_.default.ecoc" + <<: *encrypted_fields + commandName: insert + - commandStartedEvent: + command: + find: *collection_name + filter: + { + "encryptedIndexed": + { + "$eq": + { + "$binary": + { + "base64": "DIkAAAAFZAAgAAAAAPGmZcUzdE/FPILvRSyAScGvZparGI2y9rJ/vSBxgCujBXMAIAAAAACi1RjmndKqgnXy7xb22RzUbnZl1sOZRXPOC0KcJkAxmQVsACAAAAAApJtKPW4+o9B7gAynNLL26jtlB4+hq5TXResijcYet8USY20AAAAAAAAAAAAA", + "subType": "06", + }, + }, + }, + } + encryptionInformation: + type: 1 + schema: + default.default: + # libmongocrypt applies escCollection and ecocCollection to outgoing command. + escCollection: "enxcol_.default.esc" + ecocCollection: "enxcol_.default.ecoc" + <<: *encrypted_fields + commandName: find From 5696a87d26069b0bc4938726a3d69558d001244e Mon Sep 17 00:00:00 2001 From: mdb-ad <198671546+mdb-ad@users.noreply.github.com> Date: Wed, 29 Oct 2025 23:05:56 -0700 Subject: [PATCH 2/6] test libmongocrypt version --- .../tests/unified/fle2v2-InsertFind-keyAltName.json | 2 +- .../tests/unified/fle2v2-InsertFind-keyAltName.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json index 2cfc3573fd..d468e286d3 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json @@ -10,7 +10,7 @@ "load-balanced" ], "csfle": { - "minLibmongocryptVersion": "1.15.1" + "minLibmongocryptVersion": "1.17.0" } } ], diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml index fcf5dac956..807fc8e88a 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml @@ -6,7 +6,7 @@ runOnRequirements: # FLE 2 Encrypted collections are not supported on standalone. topologies: ["replicaset", "sharded", "load-balanced"] csfle: - minLibmongocryptVersion: "1.15.1" + minLibmongocryptVersion: "1.17.0" createEntities: - client: id: "client0" From 1c6093cb56a7e077bcf71ea0fe9525bfa3c8498a Mon Sep 17 00:00:00 2001 From: mdb-ad <198671546+mdb-ad@users.noreply.github.com> Date: Thu, 12 Mar 2026 22:31:15 -0700 Subject: [PATCH 3/6] to be released with 1.18 --- .../tests/unified/fle2v2-InsertFind-keyAltName.json | 2 +- .../tests/unified/fle2v2-InsertFind-keyAltName.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json index d468e286d3..905049858f 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json @@ -10,7 +10,7 @@ "load-balanced" ], "csfle": { - "minLibmongocryptVersion": "1.17.0" + "minLibmongocryptVersion": "1.18.0" } } ], diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml index 807fc8e88a..dc35c11b49 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml @@ -6,7 +6,7 @@ runOnRequirements: # FLE 2 Encrypted collections are not supported on standalone. topologies: ["replicaset", "sharded", "load-balanced"] csfle: - minLibmongocryptVersion: "1.17.0" + minLibmongocryptVersion: "1.18.0" createEntities: - client: id: "client0" From e3eb0474951b0ebf40eec198778c5cb0f198d1dc Mon Sep 17 00:00:00 2001 From: mdb-ad <198671546+mdb-ad@users.noreply.github.com> Date: Fri, 3 Apr 2026 19:43:04 -0700 Subject: [PATCH 4/6] test naming --- .../tests/unified/fle2v2-InsertFind-keyAltName.json | 2 +- .../tests/unified/fle2v2-InsertFind-keyAltName.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json index 905049858f..82e9e7a11a 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json @@ -1,5 +1,5 @@ { - "description": "fle2v2-InsertFind-Indexed", + "description": "fle2v2-InsertFind-keyAltName", "schemaVersion": "1.25", "runOnRequirements": [ { diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml index dc35c11b49..7ef7215d13 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml @@ -1,4 +1,4 @@ -description: fle2v2-InsertFind-Indexed +description: fle2v2-InsertFind-keyAltName schemaVersion: "1.25" runOnRequirements: - minServerVersion: "7.0.0" From 48f3eddcfb2f9121b0fe6dfba96a773e2a4d54c5 Mon Sep 17 00:00:00 2001 From: mdb-ad <198671546+mdb-ad@users.noreply.github.com> Date: Fri, 3 Apr 2026 19:43:10 -0700 Subject: [PATCH 5/6] new create test --- .../fle2v2-CreateCollection-keyAltName.json | 152 ++++++++++++++++++ .../fle2v2-CreateCollection-keyAltName.yml | 78 +++++++++ 2 files changed, 230 insertions(+) create mode 100644 source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json create mode 100644 source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml diff --git a/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json b/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json new file mode 100644 index 0000000000..dd9a571f3a --- /dev/null +++ b/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json @@ -0,0 +1,152 @@ +[ + { + "description": "Create translates keyAltName", + "operations": [ + { + "name": "dropCollection", + "object": "db", + "arguments": { + "collection": "default" + } + }, + { + "name": "createCollection", + "object": "db", + "arguments": { + "collection": "default" + } + } + ], + "expectEvents": [ + { + "client": "client0", + "events": [ + { + "commandStartedEvent": { + "command": { + "drop": "enxcol_.default.esc" + }, + "commandName": "drop" + } + }, + { + "commandStartedEvent": { + "command": { + "drop": "enxcol_.default.ecoc" + }, + "commandName": "drop" + } + }, + { + "commandStartedEvent": { + "command": { + "drop": "default" + }, + "commandName": "drop" + } + }, + { + "commandStartedEvent": { + "command": { + "create": "enxcol_.default.esc", + "clusteredIndex": { + "key": { + "_id": 1 + }, + "unique": true + } + }, + "commandName": "create" + } + }, + { + "commandStartedEvent": { + "command": { + "create": "enxcol_.default.ecoc", + "clusteredIndex": { + "key": { + "_id": 1 + }, + "unique": true + } + }, + "commandName": "create" + } + }, + { + "commandStartedEvent": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [] + } + }, + { + "keyAltNames": { + "$in": [ + "altname" + ] + } + } + ] + }, + "$db": "keyvault", + "readConcern": { + "level": "majority" + } + }, + "commandName": "find" + } + }, + { + "commandStartedEvent": { + "command": { + "create": "default", + "encryptedFields": { + "fields": [ + { + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + }, + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + } + } + ] + } + }, + "commandName": "create" + } + }, + { + "commandStartedEvent": { + "command": { + "createIndexes": "default", + "indexes": [ + { + "name": "__safeContent___1", + "key": { + "__safeContent__": 1 + } + } + ] + }, + "commandName": "createIndexes" + } + } + ] + } + ] + } +] diff --git a/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml b/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml new file mode 100644 index 0000000000..47f400d474 --- /dev/null +++ b/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml @@ -0,0 +1,78 @@ + - description: "Create translates keyAltName" + operations: + - name: dropCollection # Drop collection if already exists + object: "db" + arguments: + collection: &collection_name default + - name: createCollection # Uses encrypted client with encryptedFieldsMap. keyAltName translated to keyId. + object: "db" + arguments: + collection: *collection_name + expectEvents: + - client: "client0" + events: + + # events from dropCollection ... begin + - commandStartedEvent: + command: + drop: &esc_collection_name enxcol_.default.esc + commandName: drop + - commandStartedEvent: + command: + drop: &ecoc_collection_name enxcol_.default.ecoc + commandName: drop + - commandStartedEvent: + command: + drop: *collection_name + commandName: drop + # events from dropCollection ... end + + # events from createCollection ... begin + - commandStartedEvent: + command: + create: *esc_collection_name + clusteredIndex: {key: {_id: 1}, unique: true} + commandName: create + - commandStartedEvent: + command: + create: *ecoc_collection_name + clusteredIndex: {key: {_id: 1}, unique: true} + commandName: create + - commandStartedEvent: + command: + find: datakeys # To translate keyAltName to keyId. + filter: + { + "$or": + [ + "_id": { "$in": [] }, + "keyAltNames": { "$in": ["altname"] }, + ], + } + $db: keyvault + readConcern: { level: "majority" } + commandName: find + - commandStartedEvent: + command: + create: *collection_name + encryptedFields: &encryptedFields_translated { + "fields": + [ + { + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { "queryType": "equality", "contention": { "$numberLong": "0" } }, + "keyId": { "$binary": { "base64": "EjRWeBI0mHYSNBI0VniQEg==", "subType": "04" } } + } + ] + } + commandName: create + # Index on __safeContents__ is then created. + - commandStartedEvent: + command: + createIndexes: *collection_name + indexes: + - name: __safeContent___1 + key: { __safeContent__: 1 } + commandName: createIndexes + # events from createCollection ... end \ No newline at end of file From 17ba9abe5db9160e573a2d7d3e3ff0f16f505b7b Mon Sep 17 00:00:00 2001 From: mdb-ad <198671546+mdb-ad@users.noreply.github.com> Date: Fri, 3 Apr 2026 20:10:31 -0700 Subject: [PATCH 6/6] create is part of the InsertFind test --- .../fle2v2-CreateCollection-keyAltName.json | 152 ------------------ .../fle2v2-CreateCollection-keyAltName.yml | 78 --------- .../unified/fle2v2-InsertFind-keyAltName.json | 150 +++++++++++++++++ .../unified/fle2v2-InsertFind-keyAltName.yml | 78 +++++++++ 4 files changed, 228 insertions(+), 230 deletions(-) delete mode 100644 source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json delete mode 100644 source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml diff --git a/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json b/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json deleted file mode 100644 index dd9a571f3a..0000000000 --- a/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.json +++ /dev/null @@ -1,152 +0,0 @@ -[ - { - "description": "Create translates keyAltName", - "operations": [ - { - "name": "dropCollection", - "object": "db", - "arguments": { - "collection": "default" - } - }, - { - "name": "createCollection", - "object": "db", - "arguments": { - "collection": "default" - } - } - ], - "expectEvents": [ - { - "client": "client0", - "events": [ - { - "commandStartedEvent": { - "command": { - "drop": "enxcol_.default.esc" - }, - "commandName": "drop" - } - }, - { - "commandStartedEvent": { - "command": { - "drop": "enxcol_.default.ecoc" - }, - "commandName": "drop" - } - }, - { - "commandStartedEvent": { - "command": { - "drop": "default" - }, - "commandName": "drop" - } - }, - { - "commandStartedEvent": { - "command": { - "create": "enxcol_.default.esc", - "clusteredIndex": { - "key": { - "_id": 1 - }, - "unique": true - } - }, - "commandName": "create" - } - }, - { - "commandStartedEvent": { - "command": { - "create": "enxcol_.default.ecoc", - "clusteredIndex": { - "key": { - "_id": 1 - }, - "unique": true - } - }, - "commandName": "create" - } - }, - { - "commandStartedEvent": { - "command": { - "find": "datakeys", - "filter": { - "$or": [ - { - "_id": { - "$in": [] - } - }, - { - "keyAltNames": { - "$in": [ - "altname" - ] - } - } - ] - }, - "$db": "keyvault", - "readConcern": { - "level": "majority" - } - }, - "commandName": "find" - } - }, - { - "commandStartedEvent": { - "command": { - "create": "default", - "encryptedFields": { - "fields": [ - { - "path": "encryptedIndexed", - "bsonType": "string", - "queries": { - "queryType": "equality", - "contention": { - "$numberLong": "0" - } - }, - "keyId": { - "$binary": { - "base64": "EjRWeBI0mHYSNBI0VniQEg==", - "subType": "04" - } - } - } - ] - } - }, - "commandName": "create" - } - }, - { - "commandStartedEvent": { - "command": { - "createIndexes": "default", - "indexes": [ - { - "name": "__safeContent___1", - "key": { - "__safeContent__": 1 - } - } - ] - }, - "commandName": "createIndexes" - } - } - ] - } - ] - } -] diff --git a/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml b/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml deleted file mode 100644 index 47f400d474..0000000000 --- a/source/client-side-encryption/tests/unified/fle2v2-CreateCollection-keyAltName.yml +++ /dev/null @@ -1,78 +0,0 @@ - - description: "Create translates keyAltName" - operations: - - name: dropCollection # Drop collection if already exists - object: "db" - arguments: - collection: &collection_name default - - name: createCollection # Uses encrypted client with encryptedFieldsMap. keyAltName translated to keyId. - object: "db" - arguments: - collection: *collection_name - expectEvents: - - client: "client0" - events: - - # events from dropCollection ... begin - - commandStartedEvent: - command: - drop: &esc_collection_name enxcol_.default.esc - commandName: drop - - commandStartedEvent: - command: - drop: &ecoc_collection_name enxcol_.default.ecoc - commandName: drop - - commandStartedEvent: - command: - drop: *collection_name - commandName: drop - # events from dropCollection ... end - - # events from createCollection ... begin - - commandStartedEvent: - command: - create: *esc_collection_name - clusteredIndex: {key: {_id: 1}, unique: true} - commandName: create - - commandStartedEvent: - command: - create: *ecoc_collection_name - clusteredIndex: {key: {_id: 1}, unique: true} - commandName: create - - commandStartedEvent: - command: - find: datakeys # To translate keyAltName to keyId. - filter: - { - "$or": - [ - "_id": { "$in": [] }, - "keyAltNames": { "$in": ["altname"] }, - ], - } - $db: keyvault - readConcern: { level: "majority" } - commandName: find - - commandStartedEvent: - command: - create: *collection_name - encryptedFields: &encryptedFields_translated { - "fields": - [ - { - "path": "encryptedIndexed", - "bsonType": "string", - "queries": { "queryType": "equality", "contention": { "$numberLong": "0" } }, - "keyId": { "$binary": { "base64": "EjRWeBI0mHYSNBI0VniQEg==", "subType": "04" } } - } - ] - } - commandName: create - # Index on __safeContents__ is then created. - - commandStartedEvent: - command: - createIndexes: *collection_name - indexes: - - name: __safeContent___1 - key: { __safeContent__: 1 } - commandName: createIndexes - # events from createCollection ... end \ No newline at end of file diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json index 82e9e7a11a..ef13a3b2db 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.json @@ -330,6 +330,156 @@ ] } ] + }, + { + "description": "Create translates keyAltName", + "operations": [ + { + "name": "dropCollection", + "object": "db", + "arguments": { + "collection": "default" + } + }, + { + "name": "createCollection", + "object": "db", + "arguments": { + "collection": "default" + } + } + ], + "expectEvents": [ + { + "client": "client0", + "events": [ + { + "commandStartedEvent": { + "command": { + "drop": "enxcol_.default.esc" + }, + "commandName": "drop" + } + }, + { + "commandStartedEvent": { + "command": { + "drop": "enxcol_.default.ecoc" + }, + "commandName": "drop" + } + }, + { + "commandStartedEvent": { + "command": { + "drop": "default" + }, + "commandName": "drop" + } + }, + { + "commandStartedEvent": { + "command": { + "create": "enxcol_.default.esc", + "clusteredIndex": { + "key": { + "_id": 1 + }, + "unique": true + } + }, + "commandName": "create" + } + }, + { + "commandStartedEvent": { + "command": { + "create": "enxcol_.default.ecoc", + "clusteredIndex": { + "key": { + "_id": 1 + }, + "unique": true + } + }, + "commandName": "create" + } + }, + { + "commandStartedEvent": { + "command": { + "find": "datakeys", + "filter": { + "$or": [ + { + "_id": { + "$in": [] + } + }, + { + "keyAltNames": { + "$in": [ + "altname" + ] + } + } + ] + }, + "$db": "keyvault", + "readConcern": { + "level": "majority" + } + }, + "commandName": "find" + } + }, + { + "commandStartedEvent": { + "command": { + "create": "default", + "encryptedFields": { + "fields": [ + { + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + }, + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + } + } + ] + } + }, + "commandName": "create" + } + }, + { + "commandStartedEvent": { + "command": { + "createIndexes": "default", + "indexes": [ + { + "name": "__safeContent___1", + "key": { + "__safeContent__": 1 + } + } + ] + }, + "commandName": "createIndexes" + } + } + ] + } + ] } ] } diff --git a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml index 7ef7215d13..4ba555d632 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml +++ b/source/client-side-encryption/tests/unified/fle2v2-InsertFind-keyAltName.yml @@ -169,3 +169,81 @@ tests: ecocCollection: "enxcol_.default.ecoc" <<: *encrypted_fields commandName: find + - description: "Create translates keyAltName" + operations: + - name: dropCollection # Drop collection if already exists + object: "db" + arguments: + collection: *collection_name + - name: createCollection # Uses encrypted client with encryptedFieldsMap. keyAltName translated to keyId. + object: "db" + arguments: + collection: *collection_name + expectEvents: + - client: "client0" + events: + + # events from dropCollection ... begin + - commandStartedEvent: + command: + drop: &esc_collection_name enxcol_.default.esc + commandName: drop + - commandStartedEvent: + command: + drop: &ecoc_collection_name enxcol_.default.ecoc + commandName: drop + - commandStartedEvent: + command: + drop: *collection_name + commandName: drop + # events from dropCollection ... end + + # events from createCollection ... begin + - commandStartedEvent: + command: + create: *esc_collection_name + clusteredIndex: {key: {_id: 1}, unique: true} + commandName: create + - commandStartedEvent: + command: + create: *ecoc_collection_name + clusteredIndex: {key: {_id: 1}, unique: true} + commandName: create + - commandStartedEvent: + command: + find: datakeys # To translate keyAltName to keyId. + filter: + { + "$or": + [ + "_id": { "$in": [] }, + "keyAltNames": { "$in": ["altname"] }, + ], + } + $db: keyvault + readConcern: { level: "majority" } + commandName: find + - commandStartedEvent: + command: + create: *collection_name + encryptedFields: &encryptedFields_translated { + "fields": + [ + { + "path": "encryptedIndexed", + "bsonType": "string", + "queries": { "queryType": "equality", "contention": { "$numberLong": "0" } }, + "keyId": { "$binary": { "base64": "EjRWeBI0mHYSNBI0VniQEg==", "subType": "04" } } + } + ] + } + commandName: create + # Index on __safeContents__ is then created. + - commandStartedEvent: + command: + createIndexes: *collection_name + indexes: + - name: __safeContent___1 + key: { __safeContent__: 1 } + commandName: createIndexes + # events from createCollection ... end \ No newline at end of file