1{ 2 "runOn": [ 3 { 4 "minServerVersion": "4.1.10" 5 } 6 ], 7 "database_name": "default", 8 "collection_name": "default", 9 "data": [ 10 { 11 "_id": 1, 12 "encrypted_string": { 13 "$binary": { 14 "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", 15 "subType": "06" 16 } 17 } 18 }, 19 { 20 "_id": 2, 21 "encrypted_string": { 22 "$binary": { 23 "base64": "AQAAAAAAAAAAAAAAAAAAAAACDdw4KFz3ZLquhsbt7RmDjD0N67n0uSXx7IGnQNCLeIKvot6s/ouI21Eo84IOtb6lhwUNPlSEBNY0/hbszWAKJg==", 24 "subType": "06" 25 } 26 } 27 } 28 ], 29 "json_schema": { 30 "properties": { 31 "encrypted_w_altname": { 32 "encrypt": { 33 "keyId": "/altname", 34 "bsonType": "string", 35 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" 36 } 37 }, 38 "encrypted_string": { 39 "encrypt": { 40 "keyId": [ 41 { 42 "$binary": { 43 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 44 "subType": "04" 45 } 46 } 47 ], 48 "bsonType": "string", 49 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" 50 } 51 }, 52 "random": { 53 "encrypt": { 54 "keyId": [ 55 { 56 "$binary": { 57 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 58 "subType": "04" 59 } 60 } 61 ], 62 "bsonType": "string", 63 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" 64 } 65 }, 66 "encrypted_string_equivalent": { 67 "encrypt": { 68 "keyId": [ 69 { 70 "$binary": { 71 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 72 "subType": "04" 73 } 74 } 75 ], 76 "bsonType": "string", 77 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" 78 } 79 } 80 }, 81 "bsonType": "object" 82 }, 83 "key_vault_data": [ 84 { 85 "status": 1, 86 "_id": { 87 "$binary": { 88 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 89 "subType": "04" 90 } 91 }, 92 "masterKey": { 93 "provider": "aws", 94 "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", 95 "region": "us-east-1" 96 }, 97 "updateDate": { 98 "$date": { 99 "$numberLong": "1552949630483" 100 } 101 }, 102 "keyMaterial": { 103 "$binary": { 104 "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO", 105 "subType": "00" 106 } 107 }, 108 "creationDate": { 109 "$date": { 110 "$numberLong": "1552949630483" 111 } 112 }, 113 "keyAltNames": [ 114 "altname", 115 "another_altname" 116 ] 117 } 118 ], 119 "tests": [ 120 { 121 "description": "$text unconditionally fails", 122 "clientOptions": { 123 "autoEncryptOpts": { 124 "kmsProviders": { 125 "aws": {} 126 } 127 } 128 }, 129 "operations": [ 130 { 131 "name": "find", 132 "arguments": { 133 "filter": { 134 "$text": { 135 "$search": "search text" 136 } 137 } 138 }, 139 "result": { 140 "errorContains": "Unsupported match expression operator for encryption" 141 } 142 } 143 ] 144 }, 145 { 146 "description": "$where unconditionally fails", 147 "clientOptions": { 148 "autoEncryptOpts": { 149 "kmsProviders": { 150 "aws": {} 151 } 152 } 153 }, 154 "operations": [ 155 { 156 "name": "find", 157 "arguments": { 158 "filter": { 159 "$where": { 160 "$code": "function() { return true }" 161 } 162 } 163 }, 164 "result": { 165 "errorContains": "Unsupported match expression operator for encryption" 166 } 167 } 168 ] 169 }, 170 { 171 "description": "$bit operators succeed on unencrypted, error on encrypted", 172 "clientOptions": { 173 "autoEncryptOpts": { 174 "kmsProviders": { 175 "aws": {} 176 } 177 } 178 }, 179 "operations": [ 180 { 181 "name": "find", 182 "arguments": { 183 "filter": { 184 "unencrypted": { 185 "$bitsAllClear": 35 186 } 187 } 188 }, 189 "result": [] 190 }, 191 { 192 "name": "find", 193 "arguments": { 194 "filter": { 195 "encrypted_string": { 196 "$bitsAllClear": 35 197 } 198 } 199 }, 200 "result": { 201 "errorContains": "Invalid match expression operator on encrypted field" 202 } 203 }, 204 { 205 "name": "find", 206 "arguments": { 207 "filter": { 208 "unencrypted": { 209 "$bitsAllSet": 35 210 } 211 } 212 }, 213 "result": [] 214 }, 215 { 216 "name": "find", 217 "arguments": { 218 "filter": { 219 "encrypted_string": { 220 "$bitsAllSet": 35 221 } 222 } 223 }, 224 "result": { 225 "errorContains": "Invalid match expression operator on encrypted field" 226 } 227 }, 228 { 229 "name": "find", 230 "arguments": { 231 "filter": { 232 "unencrypted": { 233 "$bitsAnyClear": 35 234 } 235 } 236 }, 237 "result": [] 238 }, 239 { 240 "name": "find", 241 "arguments": { 242 "filter": { 243 "encrypted_string": { 244 "$bitsAnyClear": 35 245 } 246 } 247 }, 248 "result": { 249 "errorContains": "Invalid match expression operator on encrypted field" 250 } 251 }, 252 { 253 "name": "find", 254 "arguments": { 255 "filter": { 256 "unencrypted": { 257 "$bitsAnySet": 35 258 } 259 } 260 }, 261 "result": [] 262 }, 263 { 264 "name": "find", 265 "arguments": { 266 "filter": { 267 "encrypted_string": { 268 "$bitsAnySet": 35 269 } 270 } 271 }, 272 "result": { 273 "errorContains": "Invalid match expression operator on encrypted field" 274 } 275 } 276 ] 277 }, 278 { 279 "description": "geo operators succeed on unencrypted, error on encrypted", 280 "clientOptions": { 281 "autoEncryptOpts": { 282 "kmsProviders": { 283 "aws": {} 284 } 285 } 286 }, 287 "operations": [ 288 { 289 "name": "find", 290 "arguments": { 291 "filter": { 292 "unencrypted": { 293 "$near": [ 294 0, 295 0 296 ] 297 } 298 } 299 }, 300 "result": { 301 "errorContains": "unable to find index" 302 } 303 }, 304 { 305 "name": "find", 306 "arguments": { 307 "filter": { 308 "encrypted_string": { 309 "$near": [ 310 0, 311 0 312 ] 313 } 314 } 315 }, 316 "result": { 317 "errorContains": "Invalid match expression operator on encrypted field" 318 } 319 }, 320 { 321 "name": "find", 322 "arguments": { 323 "filter": { 324 "unencrypted": { 325 "$nearSphere": [ 326 0, 327 0 328 ] 329 } 330 } 331 }, 332 "result": { 333 "errorContains": "unable to find index" 334 } 335 }, 336 { 337 "name": "find", 338 "arguments": { 339 "filter": { 340 "encrypted_string": { 341 "$nearSphere": [ 342 0, 343 0 344 ] 345 } 346 } 347 }, 348 "result": { 349 "errorContains": "Invalid match expression operator on encrypted field" 350 } 351 }, 352 { 353 "name": "find", 354 "arguments": { 355 "filter": { 356 "unencrypted": { 357 "$geoIntersects": { 358 "$geometry": { 359 "type": "Polygon", 360 "coordinates": [ 361 [ 362 [ 363 0, 364 0 365 ], 366 [ 367 1, 368 0 369 ], 370 [ 371 1, 372 1 373 ], 374 [ 375 0, 376 0 377 ] 378 ] 379 ] 380 } 381 } 382 } 383 } 384 }, 385 "result": [] 386 }, 387 { 388 "name": "find", 389 "arguments": { 390 "filter": { 391 "encrypted_string": { 392 "$geoIntersects": { 393 "$geometry": { 394 "type": "Polygon", 395 "coordinates": [ 396 [ 397 [ 398 0, 399 0 400 ], 401 [ 402 1, 403 0 404 ], 405 [ 406 1, 407 1 408 ], 409 [ 410 0, 411 0 412 ] 413 ] 414 ] 415 } 416 } 417 } 418 } 419 }, 420 "result": { 421 "errorContains": "Invalid match expression operator on encrypted field" 422 } 423 }, 424 { 425 "name": "find", 426 "arguments": { 427 "filter": { 428 "unencrypted": { 429 "$geoWithin": { 430 "$geometry": { 431 "type": "Polygon", 432 "coordinates": [ 433 [ 434 [ 435 0, 436 0 437 ], 438 [ 439 1, 440 0 441 ], 442 [ 443 1, 444 1 445 ], 446 [ 447 0, 448 0 449 ] 450 ] 451 ] 452 } 453 } 454 } 455 } 456 }, 457 "result": [] 458 }, 459 { 460 "name": "find", 461 "arguments": { 462 "filter": { 463 "encrypted_string": { 464 "$geoWithin": { 465 "$geometry": { 466 "type": "Polygon", 467 "coordinates": [ 468 [ 469 [ 470 0, 471 0 472 ], 473 [ 474 1, 475 0 476 ], 477 [ 478 1, 479 1 480 ], 481 [ 482 0, 483 0 484 ] 485 ] 486 ] 487 } 488 } 489 } 490 } 491 }, 492 "result": { 493 "errorContains": "Invalid match expression operator on encrypted field" 494 } 495 } 496 ] 497 }, 498 { 499 "description": "inequality operators succeed on unencrypted, error on encrypted", 500 "clientOptions": { 501 "autoEncryptOpts": { 502 "kmsProviders": { 503 "aws": {} 504 } 505 } 506 }, 507 "operations": [ 508 { 509 "name": "find", 510 "arguments": { 511 "filter": { 512 "unencrypted": { 513 "$gt": 1 514 } 515 } 516 }, 517 "result": [] 518 }, 519 { 520 "name": "find", 521 "arguments": { 522 "filter": { 523 "encrypted_string": { 524 "$gt": 1 525 } 526 } 527 }, 528 "result": { 529 "errorContains": "Invalid match expression operator on encrypted field" 530 } 531 }, 532 { 533 "name": "find", 534 "arguments": { 535 "filter": { 536 "unencrypted": { 537 "$lt": 1 538 } 539 } 540 }, 541 "result": [] 542 }, 543 { 544 "name": "find", 545 "arguments": { 546 "filter": { 547 "encrypted_string": { 548 "$lt": 1 549 } 550 } 551 }, 552 "result": { 553 "errorContains": "Invalid match expression operator on encrypted field" 554 } 555 }, 556 { 557 "name": "find", 558 "arguments": { 559 "filter": { 560 "unencrypted": { 561 "$gte": 1 562 } 563 } 564 }, 565 "result": [] 566 }, 567 { 568 "name": "find", 569 "arguments": { 570 "filter": { 571 "encrypted_string": { 572 "$gte": 1 573 } 574 } 575 }, 576 "result": { 577 "errorContains": "Invalid match expression operator on encrypted field" 578 } 579 }, 580 { 581 "name": "find", 582 "arguments": { 583 "filter": { 584 "unencrypted": { 585 "$lte": 1 586 } 587 } 588 }, 589 "result": [] 590 }, 591 { 592 "name": "find", 593 "arguments": { 594 "filter": { 595 "encrypted_string": { 596 "$lte": 1 597 } 598 } 599 }, 600 "result": { 601 "errorContains": "Invalid match expression operator on encrypted field" 602 } 603 } 604 ] 605 }, 606 { 607 "description": "other misc operators succeed on unencrypted, error on encrypted", 608 "clientOptions": { 609 "autoEncryptOpts": { 610 "kmsProviders": { 611 "aws": {} 612 } 613 } 614 }, 615 "operations": [ 616 { 617 "name": "find", 618 "arguments": { 619 "filter": { 620 "unencrypted": { 621 "$mod": [ 622 3, 623 1 624 ] 625 } 626 } 627 }, 628 "result": [] 629 }, 630 { 631 "name": "find", 632 "arguments": { 633 "filter": { 634 "encrypted_string": { 635 "$mod": [ 636 3, 637 1 638 ] 639 } 640 } 641 }, 642 "result": { 643 "errorContains": "Invalid match expression operator on encrypted field" 644 } 645 }, 646 { 647 "name": "find", 648 "arguments": { 649 "filter": { 650 "unencrypted": { 651 "$regex": "pattern", 652 "$options": "" 653 } 654 } 655 }, 656 "result": [] 657 }, 658 { 659 "name": "find", 660 "arguments": { 661 "filter": { 662 "encrypted_string": { 663 "$regex": "pattern", 664 "$options": "" 665 } 666 } 667 }, 668 "result": { 669 "errorContains": "Invalid match expression operator on encrypted field" 670 } 671 }, 672 { 673 "name": "find", 674 "arguments": { 675 "filter": { 676 "unencrypted": { 677 "$size": 2 678 } 679 } 680 }, 681 "result": [] 682 }, 683 { 684 "name": "find", 685 "arguments": { 686 "filter": { 687 "encrypted_string": { 688 "$size": 2 689 } 690 } 691 }, 692 "result": { 693 "errorContains": "Invalid match expression operator on encrypted field" 694 } 695 }, 696 { 697 "name": "find", 698 "arguments": { 699 "filter": { 700 "unencrypted": { 701 "$type": 2 702 } 703 } 704 }, 705 "result": [] 706 }, 707 { 708 "name": "find", 709 "arguments": { 710 "filter": { 711 "encrypted_string": { 712 "$type": 2 713 } 714 } 715 }, 716 "result": { 717 "errorContains": "Invalid match expression operator on encrypted field" 718 } 719 }, 720 { 721 "name": "find", 722 "arguments": { 723 "filter": { 724 "unencrypted": { 725 "$eq": null 726 } 727 } 728 }, 729 "result": [ 730 { 731 "_id": 1, 732 "encrypted_string": "string0" 733 }, 734 { 735 "_id": 2, 736 "encrypted_string": "string1" 737 } 738 ] 739 }, 740 { 741 "name": "find", 742 "arguments": { 743 "filter": { 744 "encrypted_string": { 745 "$eq": null 746 } 747 } 748 }, 749 "result": { 750 "errorContains": "Illegal equality to null predicate for encrypted field" 751 } 752 }, 753 { 754 "name": "find", 755 "arguments": { 756 "filter": { 757 "unencrypted": { 758 "$in": [ 759 null 760 ] 761 } 762 } 763 }, 764 "result": [ 765 { 766 "_id": 1, 767 "encrypted_string": "string0" 768 }, 769 { 770 "_id": 2, 771 "encrypted_string": "string1" 772 } 773 ] 774 }, 775 { 776 "name": "find", 777 "arguments": { 778 "filter": { 779 "encrypted_string": { 780 "$in": [ 781 null 782 ] 783 } 784 } 785 }, 786 "result": { 787 "errorContains": "Illegal equality to null inside $in against an encrypted field" 788 } 789 } 790 ] 791 }, 792 { 793 "description": "$addToSet succeeds on unencrypted, error on encrypted", 794 "clientOptions": { 795 "autoEncryptOpts": { 796 "kmsProviders": { 797 "aws": {} 798 } 799 } 800 }, 801 "operations": [ 802 { 803 "name": "updateOne", 804 "arguments": { 805 "filter": {}, 806 "update": { 807 "$addToSet": { 808 "unencrypted": [ 809 "a" 810 ] 811 } 812 } 813 }, 814 "result": { 815 "matchedCount": 1, 816 "modifiedCount": 1, 817 "upsertedCount": 0 818 } 819 }, 820 { 821 "name": "updateOne", 822 "arguments": { 823 "filter": {}, 824 "update": { 825 "$addToSet": { 826 "encrypted_string": [ 827 "a" 828 ] 829 } 830 } 831 }, 832 "result": { 833 "errorContains": "$addToSet not allowed on encrypted values" 834 } 835 } 836 ] 837 }, 838 { 839 "description": "$inc succeeds on unencrypted, error on encrypted", 840 "clientOptions": { 841 "autoEncryptOpts": { 842 "kmsProviders": { 843 "aws": {} 844 } 845 } 846 }, 847 "operations": [ 848 { 849 "name": "updateOne", 850 "arguments": { 851 "filter": {}, 852 "update": { 853 "$inc": { 854 "unencrypted": 1 855 } 856 } 857 }, 858 "result": { 859 "matchedCount": 1, 860 "modifiedCount": 1, 861 "upsertedCount": 0 862 } 863 }, 864 { 865 "name": "updateOne", 866 "arguments": { 867 "filter": {}, 868 "update": { 869 "$inc": { 870 "encrypted_string": 1 871 } 872 } 873 }, 874 "result": { 875 "errorContains": "$inc and $mul not allowed on encrypted values" 876 } 877 } 878 ] 879 }, 880 { 881 "description": "$mul succeeds on unencrypted, error on encrypted", 882 "clientOptions": { 883 "autoEncryptOpts": { 884 "kmsProviders": { 885 "aws": {} 886 } 887 } 888 }, 889 "operations": [ 890 { 891 "name": "updateOne", 892 "arguments": { 893 "filter": {}, 894 "update": { 895 "$mul": { 896 "unencrypted": 1 897 } 898 } 899 }, 900 "result": { 901 "matchedCount": 1, 902 "modifiedCount": 1, 903 "upsertedCount": 0 904 } 905 }, 906 { 907 "name": "updateOne", 908 "arguments": { 909 "filter": {}, 910 "update": { 911 "$mul": { 912 "encrypted_string": 1 913 } 914 } 915 }, 916 "result": { 917 "errorContains": "$inc and $mul not allowed on encrypted values" 918 } 919 } 920 ] 921 }, 922 { 923 "description": "$max succeeds on unencrypted, error on encrypted", 924 "clientOptions": { 925 "autoEncryptOpts": { 926 "kmsProviders": { 927 "aws": {} 928 } 929 } 930 }, 931 "operations": [ 932 { 933 "name": "updateOne", 934 "arguments": { 935 "filter": {}, 936 "update": { 937 "$max": { 938 "unencrypted": 1 939 } 940 } 941 }, 942 "result": { 943 "matchedCount": 1, 944 "modifiedCount": 1, 945 "upsertedCount": 0 946 } 947 }, 948 { 949 "name": "updateOne", 950 "arguments": { 951 "filter": {}, 952 "update": { 953 "$max": { 954 "encrypted_string": 1 955 } 956 } 957 }, 958 "result": { 959 "errorContains": "$max and $min not allowed on encrypted values" 960 } 961 } 962 ] 963 }, 964 { 965 "description": "$min succeeds on unencrypted, error on encrypted", 966 "clientOptions": { 967 "autoEncryptOpts": { 968 "kmsProviders": { 969 "aws": {} 970 } 971 } 972 }, 973 "operations": [ 974 { 975 "name": "updateOne", 976 "arguments": { 977 "filter": {}, 978 "update": { 979 "$min": { 980 "unencrypted": 1 981 } 982 } 983 }, 984 "result": { 985 "matchedCount": 1, 986 "modifiedCount": 1, 987 "upsertedCount": 0 988 } 989 }, 990 { 991 "name": "updateOne", 992 "arguments": { 993 "filter": {}, 994 "update": { 995 "$min": { 996 "encrypted_string": 1 997 } 998 } 999 }, 1000 "result": { 1001 "errorContains": "$max and $min not allowed on encrypted values" 1002 } 1003 } 1004 ] 1005 }, 1006 { 1007 "description": "$currentDate succeeds on unencrypted, error on encrypted", 1008 "clientOptions": { 1009 "autoEncryptOpts": { 1010 "kmsProviders": { 1011 "aws": {} 1012 } 1013 } 1014 }, 1015 "operations": [ 1016 { 1017 "name": "updateOne", 1018 "arguments": { 1019 "filter": {}, 1020 "update": { 1021 "$currentDate": { 1022 "unencrypted": true 1023 } 1024 } 1025 }, 1026 "result": { 1027 "matchedCount": 1, 1028 "modifiedCount": 1, 1029 "upsertedCount": 0 1030 } 1031 }, 1032 { 1033 "name": "updateOne", 1034 "arguments": { 1035 "filter": {}, 1036 "update": { 1037 "$currentDate": { 1038 "encrypted_string": true 1039 } 1040 } 1041 }, 1042 "result": { 1043 "errorContains": "$currentDate not allowed on encrypted values" 1044 } 1045 } 1046 ] 1047 }, 1048 { 1049 "description": "$pop succeeds on unencrypted, error on encrypted", 1050 "clientOptions": { 1051 "autoEncryptOpts": { 1052 "kmsProviders": { 1053 "aws": {} 1054 } 1055 } 1056 }, 1057 "operations": [ 1058 { 1059 "name": "updateOne", 1060 "arguments": { 1061 "filter": {}, 1062 "update": { 1063 "$pop": { 1064 "unencrypted": 1 1065 } 1066 } 1067 }, 1068 "result": { 1069 "matchedCount": 1, 1070 "modifiedCount": 0, 1071 "upsertedCount": 0 1072 } 1073 }, 1074 { 1075 "name": "updateOne", 1076 "arguments": { 1077 "filter": {}, 1078 "update": { 1079 "$pop": { 1080 "encrypted_string": 1 1081 } 1082 } 1083 }, 1084 "result": { 1085 "errorContains": "$pop not allowed on encrypted values" 1086 } 1087 } 1088 ] 1089 }, 1090 { 1091 "description": "$pull succeeds on unencrypted, error on encrypted", 1092 "clientOptions": { 1093 "autoEncryptOpts": { 1094 "kmsProviders": { 1095 "aws": {} 1096 } 1097 } 1098 }, 1099 "operations": [ 1100 { 1101 "name": "updateOne", 1102 "arguments": { 1103 "filter": {}, 1104 "update": { 1105 "$pull": { 1106 "unencrypted": 1 1107 } 1108 } 1109 }, 1110 "result": { 1111 "matchedCount": 1, 1112 "modifiedCount": 0, 1113 "upsertedCount": 0 1114 } 1115 }, 1116 { 1117 "name": "updateOne", 1118 "arguments": { 1119 "filter": {}, 1120 "update": { 1121 "$pull": { 1122 "encrypted_string": 1 1123 } 1124 } 1125 }, 1126 "result": { 1127 "errorContains": "$pull not allowed on encrypted values" 1128 } 1129 } 1130 ] 1131 }, 1132 { 1133 "description": "$pullAll succeeds on unencrypted, error on encrypted", 1134 "clientOptions": { 1135 "autoEncryptOpts": { 1136 "kmsProviders": { 1137 "aws": {} 1138 } 1139 } 1140 }, 1141 "operations": [ 1142 { 1143 "name": "updateOne", 1144 "arguments": { 1145 "filter": {}, 1146 "update": { 1147 "$pullAll": { 1148 "unencrypted": [ 1149 1 1150 ] 1151 } 1152 } 1153 }, 1154 "result": { 1155 "matchedCount": 1, 1156 "modifiedCount": 0, 1157 "upsertedCount": 0 1158 } 1159 }, 1160 { 1161 "name": "updateOne", 1162 "arguments": { 1163 "filter": {}, 1164 "update": { 1165 "$pullAll": { 1166 "encrypted_string": [ 1167 1 1168 ] 1169 } 1170 } 1171 }, 1172 "result": { 1173 "errorContains": "$pullAll not allowed on encrypted values" 1174 } 1175 } 1176 ] 1177 }, 1178 { 1179 "description": "$push succeeds on unencrypted, error on encrypted", 1180 "clientOptions": { 1181 "autoEncryptOpts": { 1182 "kmsProviders": { 1183 "aws": {} 1184 } 1185 } 1186 }, 1187 "operations": [ 1188 { 1189 "name": "updateOne", 1190 "arguments": { 1191 "filter": {}, 1192 "update": { 1193 "$push": { 1194 "unencrypted": 1 1195 } 1196 } 1197 }, 1198 "result": { 1199 "matchedCount": 1, 1200 "modifiedCount": 1, 1201 "upsertedCount": 0 1202 } 1203 }, 1204 { 1205 "name": "updateOne", 1206 "arguments": { 1207 "filter": {}, 1208 "update": { 1209 "$push": { 1210 "encrypted_string": 1 1211 } 1212 } 1213 }, 1214 "result": { 1215 "errorContains": "$push not allowed on encrypted values" 1216 } 1217 } 1218 ] 1219 }, 1220 { 1221 "description": "array filters on encrypted fields does not error in mongocryptd, but errors in mongod", 1222 "clientOptions": { 1223 "autoEncryptOpts": { 1224 "kmsProviders": { 1225 "aws": {} 1226 } 1227 } 1228 }, 1229 "operations": [ 1230 { 1231 "name": "updateOne", 1232 "arguments": { 1233 "filter": {}, 1234 "update": { 1235 "$set": { 1236 "encrypted_string.$[i].x": 1 1237 } 1238 }, 1239 "arrayFilters": [ 1240 { 1241 "i.x": 1 1242 } 1243 ] 1244 }, 1245 "result": { 1246 "errorContains": "Array update operations not allowed on encrypted values" 1247 } 1248 } 1249 ] 1250 }, 1251 { 1252 "description": "positional operator succeeds on unencrypted, errors on encrypted", 1253 "clientOptions": { 1254 "autoEncryptOpts": { 1255 "kmsProviders": { 1256 "aws": {} 1257 } 1258 } 1259 }, 1260 "operations": [ 1261 { 1262 "name": "updateOne", 1263 "arguments": { 1264 "filter": { 1265 "unencrypted": 1 1266 }, 1267 "update": { 1268 "$set": { 1269 "unencrypted.$": 1 1270 } 1271 } 1272 }, 1273 "result": { 1274 "matchedCount": 0, 1275 "modifiedCount": 0, 1276 "upsertedCount": 0 1277 } 1278 }, 1279 { 1280 "name": "updateOne", 1281 "arguments": { 1282 "filter": { 1283 "encrypted_string": "abc" 1284 }, 1285 "update": { 1286 "$set": { 1287 "encrypted_string.$": "abc" 1288 } 1289 } 1290 }, 1291 "result": { 1292 "errorContains": "Cannot encrypt fields below '$' positional update operator" 1293 } 1294 } 1295 ] 1296 }, 1297 { 1298 "description": "an update that would produce an array on an encrypted field errors", 1299 "clientOptions": { 1300 "autoEncryptOpts": { 1301 "kmsProviders": { 1302 "aws": {} 1303 } 1304 } 1305 }, 1306 "operations": [ 1307 { 1308 "name": "updateOne", 1309 "arguments": { 1310 "filter": {}, 1311 "update": { 1312 "$set": { 1313 "encrypted_string": [ 1314 1, 1315 2 1316 ] 1317 } 1318 } 1319 }, 1320 "result": { 1321 "errorContains": "Cannot encrypt element of type array" 1322 } 1323 } 1324 ] 1325 }, 1326 { 1327 "description": "an insert with encrypted field on _id errors", 1328 "clientOptions": { 1329 "autoEncryptOpts": { 1330 "kmsProviders": { 1331 "aws": {} 1332 }, 1333 "schemaMap": { 1334 "default.default": { 1335 "properties": { 1336 "_id": { 1337 "encrypt": { 1338 "keyId": [ 1339 { 1340 "$binary": { 1341 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 1342 "subType": "04" 1343 } 1344 } 1345 ], 1346 "bsonType": "string", 1347 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" 1348 } 1349 } 1350 } 1351 } 1352 } 1353 } 1354 }, 1355 "operations": [ 1356 { 1357 "name": "insertOne", 1358 "arguments": { 1359 "document": { 1360 "_id": 1 1361 } 1362 }, 1363 "result": { 1364 "errorContains": "Invalid schema containing the 'encrypt' keyword." 1365 } 1366 } 1367 ] 1368 }, 1369 { 1370 "description": "an insert with an array value for an encrypted field fails", 1371 "clientOptions": { 1372 "autoEncryptOpts": { 1373 "kmsProviders": { 1374 "aws": {} 1375 } 1376 } 1377 }, 1378 "operations": [ 1379 { 1380 "name": "insertOne", 1381 "arguments": { 1382 "document": { 1383 "encrypted_string": [ 1384 "123", 1385 "456" 1386 ] 1387 } 1388 }, 1389 "result": { 1390 "errorContains": "Cannot encrypt element of type array" 1391 } 1392 } 1393 ] 1394 }, 1395 { 1396 "description": "an insert with a Timestamp(0,0) value in the top-level fails", 1397 "clientOptions": { 1398 "autoEncryptOpts": { 1399 "kmsProviders": { 1400 "aws": {} 1401 } 1402 } 1403 }, 1404 "operations": [ 1405 { 1406 "name": "insertOne", 1407 "arguments": { 1408 "document": { 1409 "random": { 1410 "$timestamp": { 1411 "t": 0, 1412 "i": 0 1413 } 1414 } 1415 } 1416 }, 1417 "result": { 1418 "errorContains": "A command that inserts cannot supply Timestamp(0, 0) for an encrypted" 1419 } 1420 } 1421 ] 1422 }, 1423 { 1424 "description": "distinct with the key referring to a field where the keyID is a JSON Pointer errors", 1425 "clientOptions": { 1426 "autoEncryptOpts": { 1427 "kmsProviders": { 1428 "aws": {} 1429 } 1430 } 1431 }, 1432 "operations": [ 1433 { 1434 "name": "distinct", 1435 "arguments": { 1436 "filter": {}, 1437 "fieldName": "encrypted_w_altname" 1438 }, 1439 "result": { 1440 "errorContains": "The distinct key is not allowed to be marked for encryption with a non-UUID keyId" 1441 } 1442 } 1443 ] 1444 } 1445 ] 1446} 1447