1{ 2 "runOn": [ 3 { 4 "minServerVersion": "4.1.10" 5 } 6 ], 7 "database_name": "default", 8 "collection_name": "default", 9 "data": [ 10 { 11 "_id": 1, 12 "encrypted_string": { 13 "$binary": { 14 "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", 15 "subType": "06" 16 } 17 } 18 } 19 ], 20 "json_schema": { 21 "properties": { 22 "encrypted_w_altname": { 23 "encrypt": { 24 "keyId": "/altname", 25 "bsonType": "string", 26 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" 27 } 28 }, 29 "encrypted_string": { 30 "encrypt": { 31 "keyId": [ 32 { 33 "$binary": { 34 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 35 "subType": "04" 36 } 37 } 38 ], 39 "bsonType": "string", 40 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" 41 } 42 }, 43 "random": { 44 "encrypt": { 45 "keyId": [ 46 { 47 "$binary": { 48 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 49 "subType": "04" 50 } 51 } 52 ], 53 "bsonType": "string", 54 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" 55 } 56 }, 57 "encrypted_string_equivalent": { 58 "encrypt": { 59 "keyId": [ 60 { 61 "$binary": { 62 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 63 "subType": "04" 64 } 65 } 66 ], 67 "bsonType": "string", 68 "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" 69 } 70 } 71 }, 72 "bsonType": "object" 73 }, 74 "key_vault_data": [ 75 { 76 "status": 1, 77 "_id": { 78 "$binary": { 79 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 80 "subType": "04" 81 } 82 }, 83 "masterKey": { 84 "provider": "aws", 85 "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", 86 "region": "us-east-1" 87 }, 88 "updateDate": { 89 "$date": { 90 "$numberLong": "1552949630483" 91 } 92 }, 93 "keyMaterial": { 94 "$binary": { 95 "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO", 96 "subType": "00" 97 } 98 }, 99 "creationDate": { 100 "$date": { 101 "$numberLong": "1552949630483" 102 } 103 }, 104 "keyAltNames": [ 105 "altname", 106 "another_altname" 107 ] 108 } 109 ], 110 "tests": [ 111 { 112 "description": "updateOne with deterministic encryption", 113 "clientOptions": { 114 "autoEncryptOpts": { 115 "kmsProviders": { 116 "aws": {} 117 } 118 } 119 }, 120 "operations": [ 121 { 122 "name": "updateOne", 123 "arguments": { 124 "filter": { 125 "encrypted_string": "string0" 126 }, 127 "update": { 128 "$set": { 129 "encrypted_string": "string1", 130 "random": "abc" 131 } 132 } 133 }, 134 "result": { 135 "matchedCount": 1, 136 "modifiedCount": 1, 137 "upsertedCount": 0 138 } 139 } 140 ], 141 "expectations": [ 142 { 143 "command_started_event": { 144 "command": { 145 "listCollections": 1, 146 "filter": { 147 "name": "default" 148 } 149 }, 150 "command_name": "listCollections" 151 } 152 }, 153 { 154 "command_started_event": { 155 "command": { 156 "find": "datakeys", 157 "filter": { 158 "$or": [ 159 { 160 "_id": { 161 "$in": [ 162 { 163 "$binary": { 164 "base64": "AAAAAAAAAAAAAAAAAAAAAA==", 165 "subType": "04" 166 } 167 } 168 ] 169 } 170 }, 171 { 172 "keyAltNames": { 173 "$in": [] 174 } 175 } 176 ] 177 }, 178 "$db": "keyvault", 179 "readConcern": { 180 "level": "majority" 181 } 182 }, 183 "command_name": "find" 184 } 185 }, 186 { 187 "command_started_event": { 188 "command": { 189 "update": "default", 190 "updates": [ 191 { 192 "q": { 193 "encrypted_string": { 194 "$eq": { 195 "$binary": { 196 "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", 197 "subType": "06" 198 } 199 } 200 } 201 }, 202 "u": { 203 "$set": { 204 "encrypted_string": { 205 "$binary": { 206 "base64": "AQAAAAAAAAAAAAAAAAAAAAACDdw4KFz3ZLquhsbt7RmDjD0N67n0uSXx7IGnQNCLeIKvot6s/ouI21Eo84IOtb6lhwUNPlSEBNY0/hbszWAKJg==", 207 "subType": "06" 208 } 209 }, 210 "random": { 211 "$$type": "binData" 212 } 213 } 214 } 215 } 216 ], 217 "ordered": true 218 }, 219 "command_name": "update" 220 } 221 } 222 ], 223 "outcome": { 224 "collection": { 225 "data": [ 226 { 227 "_id": 1, 228 "encrypted_string": { 229 "$binary": { 230 "base64": "AQAAAAAAAAAAAAAAAAAAAAACDdw4KFz3ZLquhsbt7RmDjD0N67n0uSXx7IGnQNCLeIKvot6s/ouI21Eo84IOtb6lhwUNPlSEBNY0/hbszWAKJg==", 231 "subType": "06" 232 } 233 }, 234 "random": { 235 "$$type": "binData" 236 } 237 } 238 ] 239 } 240 } 241 }, 242 { 243 "description": "updateOne fails when filtering on a random field", 244 "clientOptions": { 245 "autoEncryptOpts": { 246 "kmsProviders": { 247 "aws": {} 248 } 249 } 250 }, 251 "operations": [ 252 { 253 "name": "updateOne", 254 "arguments": { 255 "filter": { 256 "random": "abc" 257 }, 258 "update": { 259 "$set": { 260 "encrypted_string": "string1" 261 } 262 } 263 }, 264 "result": { 265 "errorContains": "Cannot query on fields encrypted with the randomized encryption" 266 } 267 } 268 ] 269 }, 270 { 271 "description": "$unset works with an encrypted field", 272 "clientOptions": { 273 "autoEncryptOpts": { 274 "kmsProviders": { 275 "aws": {} 276 } 277 } 278 }, 279 "operations": [ 280 { 281 "name": "updateOne", 282 "arguments": { 283 "filter": {}, 284 "update": { 285 "$unset": { 286 "encrypted_string": "" 287 } 288 } 289 }, 290 "result": { 291 "matchedCount": 1, 292 "modifiedCount": 1, 293 "upsertedCount": 0 294 } 295 } 296 ], 297 "expectations": [ 298 { 299 "command_started_event": { 300 "command": { 301 "listCollections": 1, 302 "filter": { 303 "name": "default" 304 } 305 }, 306 "command_name": "listCollections" 307 } 308 }, 309 { 310 "command_started_event": { 311 "command": { 312 "update": "default", 313 "updates": [ 314 { 315 "q": {}, 316 "u": { 317 "$unset": { 318 "encrypted_string": "" 319 } 320 } 321 } 322 ], 323 "ordered": true 324 }, 325 "command_name": "update" 326 } 327 } 328 ], 329 "outcome": { 330 "collection": { 331 "data": [ 332 { 333 "_id": 1 334 } 335 ] 336 } 337 } 338 }, 339 { 340 "description": "$rename works if target value has same encryption options", 341 "clientOptions": { 342 "autoEncryptOpts": { 343 "kmsProviders": { 344 "aws": {} 345 } 346 } 347 }, 348 "operations": [ 349 { 350 "name": "updateOne", 351 "arguments": { 352 "filter": {}, 353 "update": { 354 "$rename": { 355 "encrypted_string": "encrypted_string_equivalent" 356 } 357 } 358 }, 359 "result": { 360 "matchedCount": 1, 361 "modifiedCount": 1, 362 "upsertedCount": 0 363 } 364 } 365 ], 366 "expectations": [ 367 { 368 "command_started_event": { 369 "command": { 370 "listCollections": 1, 371 "filter": { 372 "name": "default" 373 } 374 }, 375 "command_name": "listCollections" 376 } 377 }, 378 { 379 "command_started_event": { 380 "command": { 381 "update": "default", 382 "updates": [ 383 { 384 "q": {}, 385 "u": { 386 "$rename": { 387 "encrypted_string": "encrypted_string_equivalent" 388 } 389 } 390 } 391 ], 392 "ordered": true 393 }, 394 "command_name": "update" 395 } 396 } 397 ], 398 "outcome": { 399 "collection": { 400 "data": [ 401 { 402 "_id": 1, 403 "encrypted_string_equivalent": { 404 "$binary": { 405 "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==", 406 "subType": "06" 407 } 408 } 409 } 410 ] 411 } 412 } 413 }, 414 { 415 "description": "$rename fails if target value has different encryption options", 416 "clientOptions": { 417 "autoEncryptOpts": { 418 "kmsProviders": { 419 "aws": {} 420 } 421 } 422 }, 423 "operations": [ 424 { 425 "name": "updateOne", 426 "arguments": { 427 "filter": {}, 428 "update": { 429 "$rename": { 430 "encrypted_string": "random" 431 } 432 } 433 }, 434 "result": { 435 "errorContains": "$rename between two encrypted fields must have the same metadata or both be unencrypted" 436 } 437 } 438 ] 439 }, 440 { 441 "description": "an invalid update (no $ operators) is validated and errors", 442 "clientOptions": { 443 "autoEncryptOpts": { 444 "kmsProviders": { 445 "aws": {} 446 } 447 } 448 }, 449 "operations": [ 450 { 451 "name": "updateOne", 452 "arguments": { 453 "filter": {}, 454 "update": { 455 "encrypted_string": "random" 456 } 457 }, 458 "result": { 459 "errorContains": "" 460 } 461 } 462 ] 463 } 464 ] 465} 466