Skip to content

DRIVERS-3106 revise fle2v2-BypassQueryAnalysis #1789

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
May 19, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,16 @@ createEntities:
id: &encryptedColl encryptedColl
database: *encryptedDB
collectionName: &encryptedCollName default
- client:
id: &client1 client1
- database:
id: &unencryptedDB unencryptedDB
client: *client1
databaseName: *encryptedDBName
- collection:
id: &unencryptedColl unencryptedColl
database: *unencryptedDB
collectionName: *encryptedCollName

initialData:
- databaseName: &keyvaultDBName keyvault
Expand Down Expand Up @@ -61,6 +71,12 @@ tests:
arguments:
filter: { "_id": 1 }
expectResult: [{"_id": 1, "encryptedIndexed": "123" }]
- object: *unencryptedColl
name: find
arguments:
filter: {}
expectResult:
- {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }
expectEvents:
- client: *client0
events:
Expand Down Expand Up @@ -111,9 +127,4 @@ tests:
}
$db: *keyvaultDBName
readConcern: { level: "majority" }
commandName: find
outcome:
- collectionName: *encryptedCollName
databaseName: *encryptedDBName
documents:
- {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }
commandName: find

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,16 @@ createEntities:
id: &encryptedColl encryptedColl
database: *encryptedDB
collectionName: &encryptedCollName encrypted
- client:
id: &client1 client1
- database:
id: &unencryptedDB unencryptedDB
client: *client1
databaseName: *encryptedDBName
- collection:
id: &unencryptedColl unencryptedColl
database: *unencryptedDB
collectionName: *encryptedCollName

initialData:
- databaseName: keyvault
Expand Down Expand Up @@ -66,8 +76,9 @@ tests:
expectResult:
- _id: 1
encryptedInt: 22
outcome:
- collectionName: *encryptedCollName
databaseName: *encryptedDBName
documents:
- { _id: 1, encryptedInt: { $$type: binData }, __safeContent__: { $$type: array} }
- object: *unencryptedColl
name: find
arguments:
filter: {}
expectResult:
- { _id: 1, encryptedInt: { $$type: binData }, __safeContent__: [ { "$binary" : { "base64" : "rhS16TJojgDDBtbluxBokvcotP1mQTGeYpNt8xd3MJQ=", "subType" : "00" } } ] }
17 changes: 15 additions & 2 deletions source/unified-test-format/unified-test-format.md
Original file line number Diff line number Diff line change
Expand Up @@ -3137,7 +3137,8 @@ If [test.runOnRequirements](#test_runOnRequirements) is specified, the test runn

If [initialData](#initialData) is specified, for each [collectionData](#collectiondata) therein the test runner MUST set
up the collection. All setup operations MUST use the internal MongoClient and a "majority" write concern. The test
runner MUST first drop the collection. If a `createOptions` document is present, the test runner MUST execute a `create`
runner MUST first drop the collection. The test runner must also drop the collections `_enxcol.<collectionName>.esc` and
`_enxcol.<collectionName>.ecoc`. If a `createOptions` document is present, the test runner MUST execute a `create`
command to create the collection with the specified options. The test runner MUST then insert the specified documents
(if any). If no documents are present and `createOptions` is not set, the test runner MUST create the collection. If the
topology is sharded, the test runner SHOULD use a single mongos for handling [initialData](#initialData) to avoid
Expand Down Expand Up @@ -3508,6 +3509,16 @@ ignored in order to test the test runner implementation (e.g. defining entities
The specification does prefer "MUST" in other contexts, such as discussing parts of the test file format that *are*
enforceable by the JSON schema or the test runner implementation.

<span id="rationale_dropping_metadata"></span>

### Why are `_enxcol` collections dropped?

The collections `_enxcol.<collectionName>.esc` and `_enxcol.<collectionName>.ecoc` are
[automatically created](../client-side-encryption/client-side-encryption.md#create-collection-helper) for Queryable
Encryption collections. If these collections are present and non-empty, the server generated `__safeContent__` field may
differ. `__safeContent__` includes a count of the number of instances of the given value. To do exact matching on
`__safeContent__` the test runner is required to drop these collections.

<span id="rationale_observeSensitiveCommands"></span>

### Why can't `observeSensitiveCommands` be true when authentication is enabled?
Expand Down Expand Up @@ -3569,8 +3580,10 @@ other specs *and* collating spec changes developed in parallel or during the sam

## Changelog

- 2025-04-25: Drop `_enxcol` collections.

- 2025-04-07: Add `topologyOpeningEvent` and `topologyClosedEvent` to the unified test format and schema 1.20+ as they
were omitted in error.
were omitted in error.

- 2025-01-21: **Schema version 1.23.**

Expand Down
Loading