mongodb-js · gagik · Apr 4, 2025 · gagik · Apr 4, 2025 · addaleax
diff --git a/packages/service-provider-node-driver/package.json b/packages/service-provider-node-driver/package.json
@@ -59,7 +59,7 @@
   },
   "optionalDependencies": {
     "kerberos": "2.1.0",
-    "mongodb-client-encryption": "^6.1.1"
+    "mongodb-client-encryption": "^6.3.0"
   },
   "devDependencies": {
     "@mongodb-js/eslint-config-mongosh": "^1.0.0",

diff --git a/packages/shell-api/src/field-level-encryption.spec.ts b/packages/shell-api/src/field-level-encryption.spec.ts
@@ -960,7 +960,7 @@ srDVjIT3LsvTqw==`,
               return;
             }
             expect.fail('missed exception');
-            break;
+          // eslint-disable-next-line no-fallthrough
           default:
             throw new Error(`unreachable ${kmsName}`);
         }
@@ -1058,6 +1058,97 @@ srDVjIT3LsvTqw==`,
       expect(printedOutput).to.deep.equal([]);
     });
 
+    it('allows $lookup with a collection with automatic encryption', async function () {
+      const keyMongo = new Mongo(
+        instanceState,
+        uri,
+        {
+          keyVaultNamespace: `${dbname}.__keyVault`,
+          kmsProviders: { local: { key: 'A'.repeat(128) } },
+        },
+        {},
+        serviceProvider
+      );
+
+      await keyMongo.connect();
+      instanceState.mongos.push(keyMongo);
+
+      const keyVault = await keyMongo.getKeyVault();
+
+      const dataKey1 = await keyVault.createKey('local');
+      const dataKey2 = await keyVault.createKey('local');
+
+      const schemaMap = {
+        [`${dbname}.coll1`]: {
+          bsonType: 'object',
+          properties: {
+            phoneNumber: {
+              encrypt: {
+                bsonType: 'string',
+                keyId: [dataKey1],
+                algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
+              },
+            },
+            key: {
+              bsonType: 'string',
+            },
+          },
+        },
+        [`${dbname}.coll2`]: {
+          bsonType: 'object',
+          properties: {
+            phoneNumber: {
+              encrypt: {
+                bsonType: 'string',
+                keyId: [dataKey2],
+                algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
+              },
+            },
+            key: {
+              bsonType: 'string',
+            },
+          },
+        },
+      };
+
+      const autoMongo = new Mongo(instanceState, uri, {
+        keyVaultNamespace: `${dbname}.__keyVault`,
+        kmsProviders: { local: { key: 'A'.repeat(128) } },
+        schemaMap,
+      });
+
+      const coll1 = autoMongo.getDB(dbname).getCollection('coll1');
+      await coll1.insertMany([
+        { phoneNumber: '123-456-7890', key: 'foo' },
+        { phoneNumber: '123-456-7891', key: 'bar' },
+      ]);
+
+      const coll2 = autoMongo.getDB(dbname).getCollection('coll2');
+      await coll2.insertMany([
+        { phoneNumber: '123-456-7892', key: 'baz' },
+        { phoneNumber: '123-456-7893', key: 'foo' },
+      ]);
+      const result = await (
+        await coll1.aggregate([
+          {
+            $lookup: {
+              from: 'coll2',
+              localField: 'key',
+              foreignField: 'key',
+              as: 'lookupMatch',
+            },
+          },
+        ])
+      )
+        .map(({ key, lookupMatch }) => ({ key, size: lookupMatch.length }))
+        .toArray();
+
+      expect(result).deep.equals([
+        { key: 'foo', size: 1 },
+        { key: 'bar', size: 0 },
+      ]);
+    });
+
     it('prints a warning when creating the keyAltNames index fails', async function () {
       const mongo = new Mongo(
         instanceState,