DRIVERS-2767 QE Range Protocol v2 (#1587)

---------

Co-authored-by: Kevin Albertson <[email protected]>

Author: adriandole

source/client-side-encryption/client-side-encryption.md

@@ -982,8 +982,7 @@ class ClientEncryption {
    // 2. An Aggregate Expression of this form:
    //   {$and: [{$gt: [<fieldpath>, <value1>]}, {$lt: [<fieldpath>, <value2>]}]
    // $gt may also be $gte. $lt may also be $lte.
-   // Only supported when queryType is "rangePreview" and algorithm is "RangePreview".
-   // NOTE: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
+   // Only supported when queryType is "range" and algorithm is "Range".
    encryptExpression(expr: Document, opts: EncryptOpts): Document;
 
    // Decrypts an encrypted value (BSON binary of subtype 6).
@@ -1168,15 +1167,15 @@ class EncryptOpts {
    rangeOpts: Optional<RangeOpts>
 }
 
-// NOTE: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
-// RangeOpts specifies index options for a Queryable Encryption field supporting "rangePreview" queries.
-// min, max, sparsity, and precision must match the values set in the encryptedFields of the destination collection.
+// RangeOpts specifies index options for a Queryable Encryption field supporting "range" queries.
+// min, max, trimFactor, sparsity, and precision must match the values set in the encryptedFields of the destination collection.
 // For double and decimal128, min/max/precision must all be set, or all be unset.
 class RangeOpts {
    // min is required if precision is set.
    min: Optional<BSONValue>,
    // max is required if precision is set.
    max: Optional<BSONValue>,
+   trimFactor: Int32,
    sparsity: Int64,
    // precision may only be set for double or decimal128.
    precision: Optional<Int32>
@@ -1202,46 +1201,33 @@ One of the strings:
 - "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
 - "Indexed"
 - "Unindexed"
-- "RangePreview"
+- "Range"
 
-The result of explicit encryption with the "Indexed" or "RangePreview" algorithm must be processed by the server to
-insert or query. Drivers MUST document the following behavior:
+The result of explicit encryption with the "Indexed" or "Range" algorithm must be processed by the server to insert or
+query. Drivers MUST document the following behavior:
 
-> To insert or query with an "Indexed" or "RangePreview" encrypted payload, use a `MongoClient` configured with
+> To insert or query with an "Indexed" or "Range" encrypted payload, use a `MongoClient` configured with
 > `AutoEncryptionOpts`. `AutoEncryptionOpts.bypassQueryAnalysis` may be true. `AutoEncryptionOpts.bypassAutoEncryption`
 > must be false.
 
-> [!NOTE]
-> The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
-
 #### contentionFactor
 
-contentionFactor only applies when algorithm is "Indexed" or "RangePreview". It is an error to set contentionFactor when
-algorithm is not "Indexed" or "RangePreview".
-
-> [!NOTE]
-> The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
+contentionFactor only applies when algorithm is "Indexed" or "Range". It is an error to set contentionFactor when
+algorithm is not "Indexed" or "Range".
 
 #### queryType
 
 One of the strings:
 
 - "equality"
-- "rangePreview"
+- "range"
 
-queryType only applies when algorithm is "Indexed" or "RangePreview". It is an error to set queryType when algorithm is
-not "Indexed" or "RangePreview".
-
-> [!NOTE]
-> The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
+queryType only applies when algorithm is "Indexed" or "Range". It is an error to set queryType when algorithm is not
+"Indexed" or "Range".
 
 #### rangeOpts
 
-rangeOpts only applies when algorithm is "rangePreview". It is an error to set rangeOpts when algorithm is not
-"rangePreview".
-
-> [!NOTE]
-> The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
+rangeOpts only applies when algorithm is "range". It is an error to set rangeOpts when algorithm is not "range".
 
 ## User facing API: When Auto Encryption Fails
 
@@ -2389,6 +2375,8 @@ explicit session parameter as described in the [Drivers Sessions Specification](
 
 ## Changelog
 
+- 2024-05-31: Replace rangePreview with range.
+
 - 2024-03-20: Add `delegated` option to "kmip" KMS provider
 
 - 2024-02-27: Migrated from reStructuredText to Markdown.

source/client-side-encryption/etc/data/range-encryptedFields-Date.json

@@ -10,10 +10,13 @@
       "path": "encryptedDate",
       "bsonType": "date",
       "queries": {
-        "queryType": "rangePreview",
+        "queryType": "range",
         "contention": {
           "$numberLong": "0"
         },
+        "trimFactor": {
+          "$numberInt": "1"
+        },
         "sparsity": {
           "$numberLong": "1"
         },
@@ -30,4 +33,4 @@
       }
     }
   ]
-}
+}

source/client-side-encryption/etc/data/range-encryptedFields-DecimalNoPrecision.json

@@ -10,14 +10,17 @@
       "path": "encryptedDecimalNoPrecision",
       "bsonType": "decimal",
       "queries": {
-        "queryType": "rangePreview",
+        "queryType": "range",
         "contention": {
           "$numberLong": "0"
         },
+        "trimFactor": {
+          "$numberInt": "1"
+        },
         "sparsity": {
           "$numberLong": "1"
         }
       }
     }
   ]
-}
+}

source/client-side-encryption/etc/data/range-encryptedFields-DecimalPrecision.json

@@ -10,10 +10,13 @@
       "path": "encryptedDecimalPrecision",
       "bsonType": "decimal",
       "queries": {
-        "queryType": "rangePreview",
+        "queryType": "range",
         "contention": {
           "$numberLong": "0"
         },
+        "trimFactor": {
+          "$numberInt": "1"
+        },
         "sparsity": {
           "$numberLong": "1"
         },
@@ -29,4 +32,4 @@
       }
     }
   ]
-}
+}

source/client-side-encryption/etc/data/range-encryptedFields-DoubleNoPrecision.json

@@ -10,14 +10,17 @@
       "path": "encryptedDoubleNoPrecision",
       "bsonType": "double",
       "queries": {
-        "queryType": "rangePreview",
+        "queryType": "range",
         "contention": {
           "$numberLong": "0"
         },
+        "trimFactor": {
+          "$numberInt": "1"
+        },
         "sparsity": {
           "$numberLong": "1"
         }
       }
     }
   ]
-}
+}

source/client-side-encryption/etc/data/range-encryptedFields-DoublePrecision.json

@@ -10,10 +10,13 @@
       "path": "encryptedDoublePrecision",
       "bsonType": "double",
       "queries": {
-        "queryType": "rangePreview",
+        "queryType": "range",
         "contention": {
           "$numberLong": "0"
         },
+        "trimFactor": {
+          "$numberInt": "1"
+        },
         "sparsity": {
           "$numberLong": "1"
         },
@@ -29,4 +32,4 @@
       }
     }
   ]
-}
+}

source/client-side-encryption/etc/data/range-encryptedFields-Int.json

@@ -10,10 +10,13 @@
       "path": "encryptedInt",
       "bsonType": "int",
       "queries": {
-        "queryType": "rangePreview",
+        "queryType": "range",
         "contention": {
           "$numberLong": "0"
         },
+        "trimFactor": {
+          "$numberInt": "1"
+        },
         "sparsity": {
           "$numberLong": "1"
         },
@@ -26,4 +29,4 @@
       }
     }
   ]
-}
+}

source/client-side-encryption/etc/data/range-encryptedFields-Long.json

@@ -10,10 +10,13 @@
       "path": "encryptedLong",
       "bsonType": "long",
       "queries": {
-        "queryType": "rangePreview",
+        "queryType": "range",
         "contention": {
           "$numberLong": "0"
         },
+        "trimFactor": {
+          "$numberInt": "1"
+        },
         "sparsity": {
           "$numberLong": "1"
         },
@@ -26,4 +29,4 @@
       }
     }
   ]
-}
+}

source/client-side-encryption/etc/test-templates/fle2v2-Range-Date-Aggregate.yml.template renamed to source/client-side-encryption/etc/test-templates/fle2v2-Rangev2-Date-Aggregate.yml.template

@@ -1,12 +1,10 @@
 
 # Requires libmongocrypt 1.8.0.
 runOn:
-  - minServerVersion: "7.0.0"
+  - minServerVersion: "8.0.0"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
-    # Skip tests for "rangePreview" algorithm on Server 8.0+. Server 8.0 drops "rangePreview" and adds "range".
-    maxServerVersion: "7.99.99"
 database_name: &database_name "default"
 collection_name: &collection_name "default"
 data: []
@@ -124,12 +122,6 @@ tests:
               "_id": 0,
               "encryptedDate": { $$type: "binData" },
               "__safeContent__": [
-                  {
-                      "$binary": {
-                          "base64": "5nRutVIyq7URVOVtbE4vM01APSIajAVnsShMwjBlzkM=",
-                          "subType": "00"
-                      }
-                  },
                   {
                       "$binary": {
                           "base64": "RjBYT2h3ZAoHxhf8DU6/dFbDkEBZp0IxREcsRTu2MXs=",
@@ -185,12 +177,6 @@ tests:
               "_id": 1,
               "encryptedDate": { $$type: "binData" },
               "__safeContent__": [
-                  {
-                      "$binary": {
-                          "base64": "bE1vqWj3KNyM7cCYUv/cnYm8BPaUL3eMp5syTHq6NF4=",
-                          "subType": "00"
-                      }
-                  },
                   {
                       "$binary": {
                           "base64": "25j9sQXZCihCmHKvTHgaBsAVZFcGPn7JjHdrCGlwyyw=",

source/client-side-encryption/etc/test-templates/fle2v2-Range-Date-Correctness.yml.template renamed to source/client-side-encryption/etc/test-templates/fle2v2-Rangev2-Date-Correctness.yml.template

@@ -3,12 +3,10 @@
 
 # Requires libmongocrypt 1.8.0.
 runOn:
-  - minServerVersion: "7.0.0"
+  - minServerVersion: "8.0.0"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
-    # Skip tests for "rangePreview" algorithm on Server 8.0+. Server 8.0 drops "rangePreview" and adds "range".
-    maxServerVersion: "7.99.99"
 database_name: &database_name "default"
 collection_name: &collection_name "default"
 data: []

source/client-side-encryption/etc/test-templates/fle2v2-Range-Date-Delete.yml.template renamed to source/client-side-encryption/etc/test-templates/fle2v2-Rangev2-Date-Delete.yml.template

@@ -1,12 +1,10 @@
 
 # Requires libmongocrypt 1.8.0.
 runOn:
-  - minServerVersion: "7.0.0"
+  - minServerVersion: "8.0.0"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
-    # Skip tests for "rangePreview" algorithm on Server 8.0+. Server 8.0 drops "rangePreview" and adds "range".
-    maxServerVersion: "7.99.99"
 database_name: &database_name "default"
 collection_name: &collection_name "default"
 data: []
@@ -126,12 +124,6 @@ tests:
               "_id": 0,
               "encryptedDate": { $$type: "binData" },
               "__safeContent__": [
-                {
-                    "$binary": {
-                        "base64": "5nRutVIyq7URVOVtbE4vM01APSIajAVnsShMwjBlzkM=",
-                        "subType": "00"
-                    }
-                },
                 {
                     "$binary": {
                         "base64": "RjBYT2h3ZAoHxhf8DU6/dFbDkEBZp0IxREcsRTu2MXs=",

source/client-side-encryption/etc/test-templates/fle2v2-Range-Date-FindOneAndUpdate.yml.template renamed to source/client-side-encryption/etc/test-templates/fle2v2-Rangev2-Date-FindOneAndUpdate.yml.template

@@ -1,12 +1,10 @@
 
 # Requires libmongocrypt 1.8.0.
 runOn:
-  - minServerVersion: "7.0.0"
+  - minServerVersion: "8.0.0"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
-    # Skip tests for "rangePreview" algorithm on Server 8.0+. Server 8.0 drops "rangePreview" and adds "range".
-    maxServerVersion: "7.99.99"
 database_name: &database_name "default"
 collection_name: &collection_name "default"
 data: []
@@ -122,12 +120,6 @@ tests:
               "_id": 0,
               "encryptedDate": { $$type: "binData" },
               "__safeContent__": [
-                  {
-                      "$binary": {
-                          "base64": "5nRutVIyq7URVOVtbE4vM01APSIajAVnsShMwjBlzkM=",
-                          "subType": "00"
-                      }
-                  },
                   {
                       "$binary": {
                           "base64": "RjBYT2h3ZAoHxhf8DU6/dFbDkEBZp0IxREcsRTu2MXs=",
@@ -183,12 +175,6 @@ tests:
               "_id": 1,
               "encryptedDate": { $$type: "binData" },
               "__safeContent__": [
-                  {
-                      "$binary": {
-                          "base64": "DLCAJs+W2PL2DV5YChCL6dYrQNr+j4p3L7xhVaub4ic=",
-                          "subType": "00"
-                      }
-                  },
                   {
                       "$binary": {
                           "base64": "hyDcE6QQjPrYJaIS/n7evEZFYcm31Tj89CpEYGF45cI=",