add discriminator e2e tests

baileympearson · baileympearson · commit ad9e30892d56 · 2025-01-24T10:40:35.000-07:00
diff --git a/scripts/configure-cluster-with-encryption.sh b/scripts/configure-cluster-with-encryption.sh
@@ -7,7 +7,7 @@
 export CWD=$(pwd);
 
 # install extra dependency 
-npm install mongodb-client-encryption
+npm install --no-save mongodb-client-encryption
 
 # set up mongodb cluster and encryption configuration if the data/ folder does not exist
 if [ ! -d "data" ]; then
diff --git a/test/encryption/encryption.test.js b/test/encryption/encryption.test.js
@@ -8,6 +8,12 @@ const { ObjectId, Double, Int32, Decimal128 } = require('bson');
 
 const LOCAL_KEY = Buffer.from('Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'base64');
 
+assert.isEncryptedValue = function isEncryptedValue(object, property) {
+  const value = object[property];
+  assert.ok(isBsonType(value, 'Binary'), `auto encryption for property ${property} failed: not a BSON binary.`);
+  assert.ok(value.sub_type === 6, `auto encryption for property ${property} failed: not subtype 6.`);
+};
+
 describe('ci', () => {
   describe('environmental variables', () => {
     it('MONGOOSE_TEST_URI is set', async function() {
@@ -21,7 +27,7 @@ describe('ci', () => {
     });
   });
 
-  let keyId, keyId2;
+  let keyId, keyId2, keyId3;
   let utilClient;
 
   beforeEach(async function() {
@@ -34,6 +40,7 @@ describe('ci', () => {
     });
     keyId = await clientEncryption.createDataKey('local');
     keyId2 = await clientEncryption.createDataKey('local');
+    keyId3 = await clientEncryption.createDataKey('local');
     await keyVaultClient.close();
 
     utilClient = new mdb.MongoClient(process.env.MONGOOSE_TEST_URI);
@@ -65,7 +72,6 @@ describe('ci', () => {
     ];
 
     for (const { type, name, input, expected } of basicSchemaTypes) {
-
       this.afterEach(async function() {
         await connection?.close();
       });
@@ -588,5 +594,172 @@ describe('ci', () => {
         }
       });
     });
+
+    describe('Models with discriminators', function() {
+      let discrim1, discrim2, model;
+
+      describe('csfle', function() {
+        beforeEach(async function() {
+          connection = createConnection();
+
+          const schema = new Schema({
+            name: {
+              type: String, encrypt: { keyId: [keyId], algorithm }
+            }
+          }, {
+            encryptionType: 'csfle'
+          });
+          model = connection.model('Schema', schema);
+          discrim1 = model.discriminator('Test', new Schema({
+            age: {
+              type: Int32, encrypt: { keyId: [keyId], algorithm }
+            }
+          }, {
+            encryptionType: 'csfle'
+          }));
+
+          discrim2 = model.discriminator('Test2', new Schema({
+            dob: {
+              type: Int32, encrypt: { keyId: [keyId], algorithm }
+            }
+          }, {
+            encryptionType: 'csfle'
+          }));
+
+
+          await connection.openUri(process.env.MONGOOSE_TEST_URI, {
+            dbName: 'db', autoEncryption: {
+              keyVaultNamespace: 'keyvault.datakeys',
+              kmsProviders: { local: { key: LOCAL_KEY } },
+              extraOptions: {
+                cryptdSharedLibRequired: true,
+                cryptSharedLibPath: process.env.CRYPT_SHARED_LIB_PATH
+              }
+            }
+          });
+        });
+        it('encrypts', async function() {
+          {
+            const doc = new discrim1({ name: 'bailey', age: 32 });
+            await doc.save();
+
+            const encryptedDoc = await utilClient.db('db').collection('schemas').findOne({ _id: doc._id });
+
+            assert.isEncryptedValue(encryptedDoc, 'age');
+          }
+
+          {
+            const doc = new discrim2({ name: 'bailey', dob: 32 });
+            await doc.save();
+
+            const encryptedDoc = await utilClient.db('db').collection('schemas').findOne({ _id: doc._id });
+
+            assert.isEncryptedValue(encryptedDoc, 'dob');
+          }
+        });
+
+        it('decrypts', async function() {
+          {
+            const doc = new discrim1({ name: 'bailey', age: 32 });
+            await doc.save();
+
+            const decryptedDoc = await discrim1.findOne({ _id: doc._id });
+
+            assert.equal(decryptedDoc.age, 32);
+          }
+
+          {
+            const doc = new discrim2({ name: 'bailey', dob: 32 });
+            await doc.save();
+
+            const decryptedDoc = await discrim2.findOne({ _id: doc._id });
+
+            assert.equal(decryptedDoc.dob, 32);
+          }
+        });
+      });
+
+
+      describe('qe', function() {
+        beforeEach(async function() {
+          connection = createConnection();
+
+          const schema = new Schema({
+            name: {
+              type: String, encrypt: { keyId }
+            }
+          }, {
+            encryptionType: 'queryableEncryption'
+          });
+          model = connection.model('Schema', schema);
+          discrim1 = model.discriminator('Test', new Schema({
+            age: {
+              type: Int32, encrypt: { keyId: keyId2 }
+            }
+          }, {
+            encryptionType: 'queryableEncryption'
+          }));
+
+          discrim2 = model.discriminator('Test2', new Schema({
+            dob: {
+              type: Int32, encrypt: { keyId: keyId3 }
+            }
+          }, {
+            encryptionType: 'queryableEncryption'
+          }));
+
+          await connection.openUri(process.env.MONGOOSE_TEST_URI, {
+            dbName: 'db', autoEncryption: {
+              keyVaultNamespace: 'keyvault.datakeys',
+              kmsProviders: { local: { key: LOCAL_KEY } },
+              extraOptions: {
+                cryptdSharedLibRequired: true,
+                cryptSharedLibPath: process.env.CRYPT_SHARED_LIB_PATH
+              }
+            }
+          });
+        });
+        it('encrypts', async function() {
+          {
+            const doc = new discrim1({ name: 'bailey', age: 32 });
+            await doc.save();
+
+            const encryptedDoc = await utilClient.db('db').collection('schemas').findOne({ _id: doc._id });
+
+            assert.isEncryptedValue(encryptedDoc, 'age');
+          }
+
+          {
+            const doc = new discrim2({ name: 'bailey', dob: 32 });
+            await doc.save();
+
+            const encryptedDoc = await utilClient.db('db').collection('schemas').findOne({ _id: doc._id });
+
+            assert.isEncryptedValue(encryptedDoc, 'dob');
+          }
+        });
+
+        it('decrypts', async function() {
+          {
+            const doc = new discrim1({ name: 'bailey', age: 32 });
+            await doc.save();
+
+            const decryptedDoc = await discrim1.findOne({ _id: doc._id });
+
+            assert.equal(decryptedDoc.age, 32);
+          }
+
+          {
+            const doc = new discrim2({ name: 'bailey', dob: 32 });
+            await doc.save();
+
+            const decryptedDoc = await discrim2.findOne({ _id: doc._id });
+
+            assert.equal(decryptedDoc.dob, 32);
+          }
+        });
+      });
+
+    });
   });
 });
