Skip to content

CDRIVER-6061 sync auto encryption tests for QE text #2069

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

CDRIVER-6061 sync auto encryption tests for QE text #2069

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4ba5ffa
fix override of crypt_shared path
kevinAlbs Jul 20, 2025
cff208c
use pre-release of libmongocrypt
kevinAlbs Jul 23, 2025
e2368e1
sync tests
kevinAlbs Jul 23, 2025
155ef49
expose internal API to get loaded libmongocrypt version
kevinAlbs Jul 28, 2025
d0febae
partially support schema 1.25
kevinAlbs Jul 28, 2025
f128242
resync tests
kevinAlbs Jul 28, 2025
3d7c8b3
resync to fix description
kevinAlbs Jul 31, 2025
b0f1b68
bump libmongocrypt to 1.15.0
kevinAlbs Aug 6, 2025
bb480e6
Merge branch 'master' into D3213
kevinAlbs Aug 6, 2025
f37a2b6
update required libmongocrypt version
kevinAlbs Aug 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .evergreen/scripts/compile-libmongocrypt.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@ compile_libmongocrypt() {
# `.evergreen/scripts/kms-divergence-check.sh` to ensure that there is no
# divergence in the copied files.

# Clone libmongocrypt and check-out 1.13.0.
git clone -q --depth=1 https://github.com/mongodb/libmongocrypt --branch 1.13.0 || return
# Clone libmongocrypt and check-out commit containing changes for SPM-4158.
git clone -q --depth=1 https://github.com/mongodb/libmongocrypt --branch 1.15.0 || return

declare -a crypt_cmake_flags=(
"-DMONGOCRYPT_MONGOC_DIR=${mongoc_dir}"
"-DBUILD_TESTING=OFF"
"-DENABLE_ONLINE_TESTS=OFF"
"-DENABLE_MONGOC=OFF"
"-DBUILD_VERSION=1.13.0"
"-DBUILD_VERSION=1.15.0"
)

. "$(dirname "${BASH_SOURCE[0]}")/find-ccache.sh"
Expand Down
7 changes: 7 additions & 0 deletions NEWS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
libmongoc 2.2.0 (unreleased)
============================

## Notes

* Raise required version of libmongocrypt from 1.13.0 to 1.15.0 to support In-Use Encryption (corresponds to the CMake option: `ENABLE_CLIENT_SIDE_ENCRYPTION`).

libmongoc 2.1.0
===============

Expand Down
4 changes: 2 additions & 2 deletions src/libmongoc/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,10 +489,10 @@ elseif (NOT ENABLE_CLIENT_SIDE_ENCRYPTION STREQUAL OFF)
find_package (mongocrypt QUIET)
endif ()

if (mongocrypt_FOUND AND "${mongocrypt_VERSION}" VERSION_LESS 1.13.0)
if (mongocrypt_FOUND AND "${mongocrypt_VERSION}" VERSION_LESS 1.15.0)
message (STATUS " libmongocrypt found at ${mongocrypt_DIR}")
message (STATUS " libmongocrypt version ${mongocrypt_VERSION} found")
message (STATUS " libmongocrypt version 1.13.0 is required to enable In-Use Encryption Support.")
message (STATUS " libmongocrypt version 1.15.0 is required to enable In-Use Encryption Support.")
set (REQUIRED_MONGOCRYPT_VERSION_FOUND OFF)
elseif (mongocrypt_FOUND)
set (REQUIRED_MONGOCRYPT_VERSION_FOUND ON)
Expand Down
4 changes: 4 additions & 0 deletions src/libmongoc/src/mongoc/mongoc-crypt-private.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ typedef struct mc_kms_credentials_callback {
/* For interacting with libmongocrypt */
typedef struct __mongoc_crypt_t _mongoc_crypt_t;

// `_mongoc_crypt_libmongocrypt_version` returns the version of the loaded libmongocrypt.
const char *
_mongoc_crypt_get_libmongocrypt_version (void);

/*
Creates a new handle into libmongocrypt.
- schema_map may be NULL.
Expand Down
6 changes: 6 additions & 0 deletions src/libmongoc/src/mongoc/mongoc-crypt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@

#include <mongocrypt/mongocrypt.h>

const char *
_mongoc_crypt_get_libmongocrypt_version (void)
{
return mongocrypt_version (NULL);
}

// `mcd_mapof_kmsid_to_tlsopts` maps a KMS ID (e.g. `aws` or `aws:myname`) to a
// `mongoc_ssl_opt_t`. The acryonym TLS is preferred over SSL for
// consistency with the CSE and URI specifications.
Expand Down
219 changes: 219 additions & 0 deletions ...oc/tests/json/client_side_encryption/unified/QE-Text-cleanupStructuredEncryptionData.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,219 @@
{
"description": "QE-Text-cleanupStructuredEncryptionData",
"schemaVersion": "1.25",
"runOnRequirements": [
{
"minServerVersion": "8.2.0",
"topologies": [
"replicaset",
"sharded",
"load-balanced"
],
"csfle": {
"minLibmongocryptVersion": "1.15.0"
}
}
],
"createEntities": [
{
"client": {
"id": "client",
"autoEncryptOpts": {
"keyVaultNamespace": "keyvault.datakeys",
"kmsProviders": {
"local": {
"key": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk"
}
}
},
"observeEvents": [
"commandStartedEvent"
]
}
},
{
"database": {
"id": "db",
"client": "client",
"databaseName": "db"
}
},
{
"collection": {
"id": "coll",
"database": "db",
"collectionName": "coll"
}
}
],
"initialData": [
{
"databaseName": "keyvault",
"collectionName": "datakeys",
"documents": [
{
"_id": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"keyMaterial": {
"$binary": {
"base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
"subType": "00"
}
},
"creationDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"updateDate": {
"$date": {
"$numberLong": "1648914851981"
}
},
"status": {
"$numberInt": "0"
},
"masterKey": {
"provider": "local"
}
}
]
},
{
"databaseName": "db",
"collectionName": "coll",
"documents": [],
"createOptions": {
"encryptedFields": {
"fields": [
{
"keyId": {
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
},
"path": "encryptedText",
"bsonType": "string",
"queries": [
{
"queryType": "suffixPreview",
"contention": {
"$numberLong": "0"
},
"strMinQueryLength": {
"$numberLong": "3"
},
"strMaxQueryLength": {
"$numberLong": "30"
},
"caseSensitive": true,
"diacriticSensitive": true
}
]
}
]
}
}
}
],
"tests": [
{
"description": "QE Text cleanupStructuredEncryptionData works",
"operations": [
{
"name": "runCommand",
"object": "db",
"arguments": {
"command": {
"cleanupStructuredEncryptionData": "coll"
},
"commandName": "cleanupStructuredEncryptionData"
},
"expectResult": {
"ok": 1
}
}
],
"expectEvents": [
{
"client": "client",
"events": [
{
"commandStartedEvent": {
"command": {
"listCollections": 1,
"filter": {
"name": "coll"
}
},
"commandName": "listCollections"
}
},
{
"commandStartedEvent": {
"command": {
"find": "datakeys",
"filter": {
"$or": [
{
"_id": {
"$in": [
{
"$binary": {
"base64": "q83vqxI0mHYSNBI0VniQEg==",
"subType": "04"
}
}
]
}
},
{
"keyAltNames": {
"$in": []
}
}
]
},
"$db": "keyvault",
"readConcern": {
"level": "majority"
}
},
"commandName": "find"
}
},
{
"commandStartedEvent": {
"command": {
"cleanupStructuredEncryptionData": "coll",
"cleanupTokens": {
"encryptedText": {
"ecoc": {
"$binary": {
"base64": "SWO8WEoZ2r2Kx/muQKb7+COizy85nIIUFiHh4K9kcvA=",
"subType": "00"
}
},
"anchorPaddingToken": {
"$binary": {
"base64": "YAiF7Iwhqq1UyfxPvm70xfQJtrIRPrjfD2yRLG1+saQ=",
"subType": "00"
}
}
}
}
},
"commandName": "cleanupStructuredEncryptionData"
}
}
]
}
]
}
]
}
Loading