DRIVERS-3106 revise fle2v2-BypassQueryAnalysis

source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml

@@ -28,6 +28,16 @@ createEntities:
       id: &encryptedColl encryptedColl
       database: *encryptedDB
       collectionName: &encryptedCollName default
+  - client:
+      id: &client1 client1
+  - database:
+      id: &unencryptedDB unencryptedDB
+      client: *client1
+      databaseName: *encryptedDBName
+  - collection:
+      id: &unencryptedColl unencryptedColl
+      database: *unencryptedDB
+      collectionName: *encryptedCollName
 
 initialData:
   - databaseName: &keyvaultDBName keyvault
@@ -61,6 +71,12 @@ tests:
         arguments:
           filter: { "_id": 1 }
         expectResult: [{"_id": 1, "encryptedIndexed": "123" }]
+      - object: *unencryptedColl
+        name: find
+        arguments:
+          filter: {}
+        expectResult:
+          - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }
     expectEvents:
       - client: *client0
         events:
@@ -111,9 +127,4 @@ tests:
                 }
               $db: *keyvaultDBName
               readConcern: { level: "majority" }
-            commandName: find
-    outcome:
-      - collectionName: *encryptedCollName
-        databaseName: *encryptedDBName
-        documents:
-          - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }
+            commandName: find

source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml

@@ -22,6 +22,16 @@ createEntities:
       id: &encryptedColl encryptedColl
       database: *encryptedDB
       collectionName: &encryptedCollName encrypted
+  - client:
+      id: &client1 client1
+  - database:
+      id: &unencryptedDB unencryptedDB
+      client: *client1
+      databaseName: *encryptedDBName
+  - collection:
+      id: &unencryptedColl unencryptedColl
+      database: *unencryptedDB
+      collectionName: *encryptedCollName
 
 initialData:
   - databaseName: keyvault
@@ -66,8 +76,9 @@ tests:
         expectResult:
           - _id: 1
             encryptedInt: 22
-    outcome:
-      - collectionName: *encryptedCollName
-        databaseName: *encryptedDBName
-        documents:
-          - { _id: 1, encryptedInt: { $$type: binData }, __safeContent__: { $$type: array} }
+      - object: *unencryptedColl
+        name: find
+        arguments:
+          filter: {}
+        expectResult:
+          - { _id: 1, encryptedInt: { $$type: binData }, __safeContent__: [ { "$binary" : { "base64" : "rhS16TJojgDDBtbluxBokvcotP1mQTGeYpNt8xd3MJQ=", "subType" : "00" } } ] }

source/unified-test-format/unified-test-format.md

@@ -3137,7 +3137,8 @@ If [test.runOnRequirements](#test_runOnRequirements) is specified, the test runn
 
 If [initialData](#initialData) is specified, for each [collectionData](#collectiondata) therein the test runner MUST set
 up the collection. All setup operations MUST use the internal MongoClient and a "majority" write concern. The test
-runner MUST first drop the collection. If a `createOptions` document is present, the test runner MUST execute a `create`
+runner MUST first drop the collection. The test runner must also drop the collections `_enxcol.<collectionName>.esc` and
+`_enxcol.<collectionName>.ecoc`. If a `createOptions` document is present, the test runner MUST execute a `create`
 command to create the collection with the specified options. The test runner MUST then insert the specified documents
 (if any). If no documents are present and `createOptions` is not set, the test runner MUST create the collection. If the
 topology is sharded, the test runner SHOULD use a single mongos for handling [initialData](#initialData) to avoid
@@ -3508,6 +3509,16 @@ ignored in order to test the test runner implementation (e.g. defining entities
 The specification does prefer "MUST" in other contexts, such as discussing parts of the test file format that *are*
 enforceable by the JSON schema or the test runner implementation.
 
+<span id="rationale_dropping_metadata"></span>
+
+### Why are `_enxcol` collections dropped?
+
+The collections `_enxcol.<collectionName>.esc` and `_enxcol.<collectionName>.ecoc` are
+[automatically created](../client-side-encryption/client-side-encryption.md#create-collection-helper) for Queryable
+Encryption collections. If these collections are present and non-empty, the server generated `__safeContent__` field may
+differ. `__safeContent__` includes a count of the number of instances of the given value. To do exact matching on
+`__safeContent__` the test runner is required to drop these collections.
+
 <span id="rationale_observeSensitiveCommands"></span>
 
 ### Why can't `observeSensitiveCommands` be true when authentication is enabled?
@@ -3569,8 +3580,10 @@ other specs *and* collating spec changes developed in parallel or during the sam
 
 ## Changelog
 
+- 2025-04-25: Drop `_enxcol` collections.
+
 - 2025-04-07: Add `topologyOpeningEvent` and `topologyClosedEvent` to the unified test format and schema 1.20+ as they
-  were omitted in error.
+    were omitted in error.
 
 - 2025-01-21: **Schema version 1.23.**