diff --git a/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.json b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.json index 8b44117a95..0817508f8f 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.json +++ b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.json @@ -44,6 +44,25 @@ "database": "encryptedDB", "collectionName": "default" } + }, + { + "client": { + "id": "client1" + } + }, + { + "database": { + "id": "unencryptedDB", + "client": "client1", + "databaseName": "default" + } + }, + { + "collection": { + "id": "unencryptedColl", + "database": "unencryptedDB", + "collectionName": "default" + } } ], "initialData": [ @@ -154,6 +173,29 @@ "encryptedIndexed": "123" } ] + }, + { + "object": "unencryptedColl", + "name": "find", + "arguments": { + "filter": {} + }, + "expectResult": [ + { + "_id": 1, + "encryptedIndexed": { + "$$type": "binData" + }, + "__safeContent__": [ + { + "$binary": { + "base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", + "subType": "00" + } + } + ] + } + ] } ], "expectEvents": [ @@ -274,28 +316,6 @@ } ] } - ], - "outcome": [ - { - "collectionName": "default", - "databaseName": "default", - "documents": [ - { - "_id": 1, - "encryptedIndexed": { - "$$type": "binData" - }, - "__safeContent__": [ - { - "$binary": { - "base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", - "subType": "00" - } - } - ] - } - ] - } ] } ] diff --git a/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml index 0329021de1..2b4a5ec114 100644 --- a/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml +++ b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml @@ -28,6 +28,16 @@ createEntities: id: &encryptedColl encryptedColl database: *encryptedDB collectionName: &encryptedCollName default + - client: + id: &client1 client1 + - database: + id: &unencryptedDB unencryptedDB + client: *client1 + databaseName: *encryptedDBName + - collection: + id: &unencryptedColl unencryptedColl + database: *unencryptedDB + collectionName: *encryptedCollName initialData: - databaseName: &keyvaultDBName keyvault @@ -61,6 +71,12 @@ tests: arguments: filter: { "_id": 1 } expectResult: [{"_id": 1, "encryptedIndexed": "123" }] + - object: *unencryptedColl + name: find + arguments: + filter: {} + expectResult: + - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] } expectEvents: - client: *client0 events: @@ -111,9 +127,4 @@ tests: } $db: *keyvaultDBName readConcern: { level: "majority" } - commandName: find - outcome: - - collectionName: *encryptedCollName - databaseName: *encryptedDBName - documents: - - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] } \ No newline at end of file + commandName: find \ No newline at end of file diff --git a/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.json b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.json index b85bfffb93..9788977cb6 100644 --- a/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.json +++ b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.json @@ -34,6 +34,25 @@ "database": "encryptedDB", "collectionName": "encrypted" } + }, + { + "client": { + "id": "client1" + } + }, + { + "database": { + "id": "unencryptedDB", + "client": "client1", + "databaseName": "poc-queryable-encryption" + } + }, + { + "collection": { + "id": "unencryptedColl", + "database": "unencryptedDB", + "collectionName": "encrypted" + } } ], "initialData": [ @@ -139,21 +158,27 @@ "encryptedInt": 22 } ] - } - ], - "outcome": [ + }, { - "collectionName": "encrypted", - "databaseName": "poc-queryable-encryption", - "documents": [ + "object": "unencryptedColl", + "name": "find", + "arguments": { + "filter": {} + }, + "expectResult": [ { "_id": 1, "encryptedInt": { "$$type": "binData" }, - "__safeContent__": { - "$$type": "array" - } + "__safeContent__": [ + { + "$binary": { + "base64": "rhS16TJojgDDBtbluxBokvcotP1mQTGeYpNt8xd3MJQ=", + "subType": "00" + } + } + ] } ] } diff --git a/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml index 8b5f6c46bf..e258fd2616 100644 --- a/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml +++ b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml @@ -22,6 +22,16 @@ createEntities: id: &encryptedColl encryptedColl database: *encryptedDB collectionName: &encryptedCollName encrypted + - client: + id: &client1 client1 + - database: + id: &unencryptedDB unencryptedDB + client: *client1 + databaseName: *encryptedDBName + - collection: + id: &unencryptedColl unencryptedColl + database: *unencryptedDB + collectionName: *encryptedCollName initialData: - databaseName: keyvault @@ -66,8 +76,9 @@ tests: expectResult: - _id: 1 encryptedInt: 22 - outcome: - - collectionName: *encryptedCollName - databaseName: *encryptedDBName - documents: - - { _id: 1, encryptedInt: { $$type: binData }, __safeContent__: { $$type: array} } \ No newline at end of file + - object: *unencryptedColl + name: find + arguments: + filter: {} + expectResult: + - { _id: 1, encryptedInt: { $$type: binData }, __safeContent__: [ { "$binary" : { "base64" : "rhS16TJojgDDBtbluxBokvcotP1mQTGeYpNt8xd3MJQ=", "subType" : "00" } } ] } \ No newline at end of file diff --git a/source/unified-test-format/unified-test-format.md b/source/unified-test-format/unified-test-format.md index 1d9f47ccbf..a35503d714 100644 --- a/source/unified-test-format/unified-test-format.md +++ b/source/unified-test-format/unified-test-format.md @@ -3137,7 +3137,8 @@ If [test.runOnRequirements](#test_runOnRequirements) is specified, the test runn If [initialData](#initialData) is specified, for each [collectionData](#collectiondata) therein the test runner MUST set up the collection. All setup operations MUST use the internal MongoClient and a "majority" write concern. The test -runner MUST first drop the collection. If a `createOptions` document is present, the test runner MUST execute a `create` +runner MUST first drop the collection. The test runner must also drop the collections `_enxcol..esc` and +`_enxcol..ecoc`. If a `createOptions` document is present, the test runner MUST execute a `create` command to create the collection with the specified options. The test runner MUST then insert the specified documents (if any). If no documents are present and `createOptions` is not set, the test runner MUST create the collection. If the topology is sharded, the test runner SHOULD use a single mongos for handling [initialData](#initialData) to avoid @@ -3508,6 +3509,16 @@ ignored in order to test the test runner implementation (e.g. defining entities The specification does prefer "MUST" in other contexts, such as discussing parts of the test file format that *are* enforceable by the JSON schema or the test runner implementation. + + +### Why are `_enxcol` collections dropped? + +The collections `_enxcol..esc` and `_enxcol..ecoc` are +[automatically created](../client-side-encryption/client-side-encryption.md#create-collection-helper) for Queryable +Encryption collections. If these collections are present and non-empty, the server generated `__safeContent__` field may +differ. `__safeContent__` includes a count of the number of instances of the given value. To do exact matching on +`__safeContent__` the test runner is required to drop these collections. + ### Why can't `observeSensitiveCommands` be true when authentication is enabled? @@ -3569,8 +3580,10 @@ other specs *and* collating spec changes developed in parallel or during the sam ## Changelog +- 2025-04-25: Drop `_enxcol` collections. + - 2025-04-07: Add `topologyOpeningEvent` and `topologyClosedEvent` to the unified test format and schema 1.20+ as they - were omitted in error. + were omitted in error. - 2025-01-21: **Schema version 1.23.**