Skip to content

Commit 5b15fd3

Browse files
kevinAlbskevinAlbs
authored
DRIVERS-3227 test text indexes with auto encryption (#1823)
- Add automatic encryption tests of Queryable Encryption (QE) text indexes. - Add schema version 1.25 with `minLibmongocryptVersion`. - Fix ajv validation with schema version 1.24+.
1 parent c13d23b commit 5b15fd3

19 files changed

+4197
-33
lines changed

.github/workflows/check_schema_version.sh

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,12 @@ function get_schema_version() {
88
js-yaml $1 | jq -r .schemaVersion
99
}
1010

11+
function get_json_schema_url () {
12+
schemaVersion=$(get_schema_version "$1")
13+
schemaFile="source/unified-test-format/schema-$schemaVersion.json"
14+
cat "$schemaFile" | jq -r '.["$schema"]'
15+
}
16+
1117
function get_all_schemaVersion_defining_files () {
1218
# look for all yaml files with "schemaVersion: ["'][1-9]"
1319
grep --include=*.{yml,yaml} --files-with-matches --recursive --word-regexp --regexp="schemaVersion: [\"'][1-9]" source | \
@@ -20,7 +26,17 @@ function get_all_schemaVersion_defining_files () {
2026
for testFile in $(get_all_schemaVersion_defining_files)
2127
do
2228
schemaVersion=$(get_schema_version "$testFile")
23-
if ! ajvCheck=$(ajv -s "source/unified-test-format/schema-$schemaVersion.json" -d "$testFile"); then
29+
jsonSchemaURL=$(get_json_schema_url "$testFile")
30+
if [ "$jsonSchemaURL" = "https://json-schema.org/draft/2019-09/schema#" ]; then
31+
spec="draft2019"
32+
elif [ "$jsonSchemaURL" = "http://json-schema.org/draft-07/schema#" ]; then
33+
spec="draft7"
34+
else
35+
echo "Do not know how to validate $jsonSchemaURL"
36+
exit 1
37+
fi
38+
39+
if ! ajvCheck=$(ajv --spec="$spec" -s "source/unified-test-format/schema-$schemaVersion.json" -d "$testFile"); then
2440
exitCode=1
2541
fi
2642
echo "$ajvCheck using schema v$schemaVersion"

source/client-side-encryption/tests/unified/QE-Text-cleanupStructuredEncryptionData.json

Lines changed: 219 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

source/client-side-encryption/tests/unified/QE-Text-cleanupStructuredEncryptionData.yml

Lines changed: 128 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,128 @@
1+
description: QE-Text-cleanupStructuredEncryptionData
2+
schemaVersion: "1.25"
3+
runOnRequirements:
4+
- minServerVersion: "8.2.0" # Server 8.2.0 adds preview support for QE text queries.
5+
topologies: ["replicaset", "sharded", "load-balanced"] # QE does not support standalone.
6+
csfle:
7+
minLibmongocryptVersion: 1.15.0 # For SPM-4158.
8+
createEntities:
9+
- client:
10+
id: &client "client"
11+
autoEncryptOpts:
12+
keyVaultNamespace: keyvault.datakeys
13+
kmsProviders:
14+
local:
15+
key: Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk
16+
observeEvents:
17+
- commandStartedEvent
18+
- database:
19+
id: &db "db"
20+
client: *client
21+
databaseName: *db
22+
- collection:
23+
id: &coll "coll"
24+
database: *db
25+
collectionName: *coll
26+
initialData:
27+
# Insert data encryption key:
28+
- databaseName: keyvault
29+
collectionName: datakeys
30+
documents:
31+
[
32+
{
33+
"_id": &keyid { "$binary": { "base64": "q83vqxI0mHYSNBI0VniQEg==", "subType": "04" } },
34+
"keyMaterial":
35+
{
36+
"$binary":
37+
{
38+
"base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
39+
"subType": "00",
40+
},
41+
},
42+
"creationDate": { "$date": { "$numberLong": "1648914851981" } },
43+
"updateDate": { "$date": { "$numberLong": "1648914851981" } },
44+
"status": { "$numberInt": "0" },
45+
"masterKey": { "provider": "local" },
46+
},
47+
]
48+
# Create encrypted collection:
49+
- databaseName: *db
50+
collectionName: *coll
51+
documents: []
52+
createOptions:
53+
encryptedFields:
54+
{
55+
"fields":
56+
[
57+
{
58+
"keyId": *keyid,
59+
"path": "encryptedText",
60+
"bsonType": "string",
61+
"queries": [
62+
{
63+
"queryType": "suffixPreview",
64+
"contention": { "$numberLong": "0" },
65+
"strMinQueryLength": { "$numberLong": "3" },
66+
"strMaxQueryLength": { "$numberLong": "30" },
67+
"caseSensitive": true,
68+
"diacriticSensitive": true,
69+
},
70+
],
71+
},
72+
],
73+
}
74+
tests:
75+
- description: "QE Text cleanupStructuredEncryptionData works"
76+
operations:
77+
- name: runCommand
78+
object: *db
79+
arguments:
80+
command:
81+
cleanupStructuredEncryptionData: *coll
82+
commandName: cleanupStructuredEncryptionData
83+
expectResult: { ok: 1 }
84+
expectEvents:
85+
- client: *client
86+
events:
87+
- commandStartedEvent:
88+
command:
89+
listCollections: 1
90+
filter:
91+
name: *coll
92+
commandName: listCollections
93+
- commandStartedEvent:
94+
command:
95+
find: datakeys
96+
filter:
97+
{
98+
"$or":
99+
[
100+
"_id": { "$in": [ *keyid ] },
101+
"keyAltNames": { "$in": [] },
102+
],
103+
}
104+
$db: keyvault
105+
readConcern: { level: "majority" }
106+
commandName: find
107+
- commandStartedEvent:
108+
command:
109+
{
110+
"cleanupStructuredEncryptionData": *coll,
111+
"cleanupTokens": {
112+
"encryptedText": {
113+
"ecoc": {
114+
"$binary": {
115+
"base64": "SWO8WEoZ2r2Kx/muQKb7+COizy85nIIUFiHh4K9kcvA=",
116+
"subType": "00"
117+
}
118+
},
119+
"anchorPaddingToken": {
120+
"$binary": {
121+
"base64": "YAiF7Iwhqq1UyfxPvm70xfQJtrIRPrjfD2yRLG1+saQ=",
122+
"subType": "00"
123+
}
124+
}
125+
}
126+
}
127+
}
128+
commandName: cleanupStructuredEncryptionData

0 commit comments

Comments
 (0)