diff --git a/source/client-side-encryption/client-side-encryption.md b/source/client-side-encryption/client-side-encryption.md
index 2eee97e0c9..1576dea211 100644
--- a/source/client-side-encryption/client-side-encryption.md
+++ b/source/client-side-encryption/client-side-encryption.md
@@ -159,7 +159,7 @@ supports indexed encrypted fields, which are further processed server-side.
Is an umbrella term describing the both CSFLE and Queryable Encryption.
-**encryptedFields**
+ **encryptedFields**
A BSON document describing the Queryable Encryption encrypted fields. This is analogous to the JSON Schema in FLE. The
following is an example encryptedFields in extended canonical JSON:
diff --git a/source/client-side-encryption/etc/test-templates/fle2v2-BypassQueryAnalysis.yml.template b/source/client-side-encryption/etc/test-templates/fle2v2-BypassQueryAnalysis.yml.template
deleted file mode 100644
index 1e00099793..0000000000
--- a/source/client-side-encryption/etc/test-templates/fle2v2-BypassQueryAnalysis.yml.template
+++ /dev/null
@@ -1,89 +0,0 @@
-# Requires libmongocrypt 1.8.0.
-runOn:
- - minServerVersion: "7.0.0"
- # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
- # FLE 2 Encrypted collections are not supported on standalone.
- topology: [ "replicaset", "sharded", "load-balanced" ]
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-data: []
-encrypted_fields: &encrypted_fields {{ yamlfile("encryptedFields.json") }}
-key_vault_data: [{{ yamlfile("keys/key1-document.json") }} ]
-
-tests:
- - description: "BypassQueryAnalysis decrypts"
- clientOptions:
- autoEncryptOpts:
- kmsProviders:
- local: {{ local_provider() }}
- bypassQueryAnalysis: true
- operations:
- - name: insertOne
- arguments:
- document: &doc0_encrypted {
- "_id": 1,
- "encryptedIndexed": {
- "$binary": {
- # Payload has an IndexKey of key1 and UserKey of key1.
- "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
- "subType": "06"
- }
- }
- }
- - name: find
- arguments:
- filter: { "_id": 1 }
- result: [{"_id": 1, "encryptedIndexed": "123" }]
- expectations:
- - command_started_event:
- command:
- listCollections: 1
- filter:
- name: *collection_name
- command_name: listCollections
- - command_started_event:
- command:
- insert: *collection_name
- documents:
- - *doc0_encrypted
- ordered: true
- encryptionInformation:
- type: 1
- schema:
- "default.default":
- # libmongocrypt applies escCollection and ecocCollection to outgoing command.
- escCollection: "enxcol_.default.esc"
- ecocCollection: "enxcol_.default.ecoc"
- <<: *encrypted_fields
- command_name: insert
- - command_started_event:
- command:
- find: *collection_name
- filter: { "_id": 1 }
- command_name: find
- - command_started_event:
- command:
- find: datakeys
- filter: {
- "$or": [
- {
- "_id": {
- "$in": [
- {{ yamlfile ("keys/key1-id.json") }}
- ]
- }
- },
- {
- "keyAltNames": {
- "$in": []
- }
- }
- ]
- }
- $db: keyvault
- readConcern: { level: "majority" }
- command_name: find
- outcome:
- collection:
- data:
- - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }
diff --git a/source/client-side-encryption/etc/test-templates/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml.template b/source/client-side-encryption/etc/test-templates/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml.template
deleted file mode 100644
index de59251823..0000000000
--- a/source/client-side-encryption/etc/test-templates/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml.template
+++ /dev/null
@@ -1,79 +0,0 @@
-# Requires libmongocrypt 1.8.0.
-runOn:
- - minServerVersion: "7.0.0"
- # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
- # FLE 2 Encrypted collections are not supported on standalone.
- topology: [ "replicaset", "sharded", "load-balanced" ]
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-data: []
-encrypted_fields: {{ yamlfile ("encryptedFields.json") }}
-key_vault_data: [ {{ yamlfile ("keys/key2-document.json") }}]
-tests:
- - description: "encryptedFieldsMap is preferred over remote encryptedFields"
- clientOptions:
- autoEncryptOpts:
- kmsProviders:
- local: {{ local_provider() }}
- encryptedFieldsMap: {
- "default.default": {
- "fields": []
- }
- }
- operations:
- # EncryptedFieldsMap overrides remote encryptedFields.
- # Automatic encryption does not occur on encryptedUnindexed. The value is validated on the server.
- - name: insertOne
- arguments:
- document: &doc0 {
- _id: 1,
- encryptedUnindexed: {
- "$binary": {
- "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
- "subType": "06"
- }
- }
- }
- - name: find
- arguments:
- filter: { "_id": 1 }
- result: [{"_id": 1, "encryptedUnindexed": "value123" }]
- expectations:
- - command_started_event:
- command:
- insert: *collection_name
- documents:
- - *doc0
- ordered: true
- command_name: insert
- - command_started_event:
- command:
- find: *collection_name
- filter: { "_id": 1}
- command_name: find
- - command_started_event:
- command:
- find: datakeys
- filter: {
- "$or": [
- {
- "_id": {
- "$in": [
- {{ yamlfile ("keys/key2-id.json" ) }}
- ]
- }
- },
- {
- "keyAltNames": {
- "$in": []
- }
- }
- ]
- }
- $db: keyvault
- readConcern: { level: "majority" }
- command_name: find
- outcome:
- collection:
- data:
- - *doc0
diff --git a/source/client-side-encryption/etc/test-templates/localSchema.yml.template b/source/client-side-encryption/etc/test-templates/localSchema.yml.template
deleted file mode 100644
index 1f70a24b5e..0000000000
--- a/source/client-side-encryption/etc/test-templates/localSchema.yml.template
+++ /dev/null
@@ -1,65 +0,0 @@
-runOn:
- - minServerVersion: "4.1.10"
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-
-data: []
-# configure an empty schema
-json_schema: {}
-key_vault_data: [{{key()}}]
-
-tests:
- - description: "A local schema should override"
- clientOptions:
- autoEncryptOpts:
- schemaMap:
- "default.default": {{schema('basic')}}
- kmsProviders:
- aws: {} # Credentials filled in from environment.
- operations:
- - name: insertOne
- arguments:
- document: &doc0 { _id: 1, encrypted_string: "string0" }
- - name: find
- arguments:
- filter: { _id: 1 }
- result: [*doc0]
- expectations:
- # Then key is fetched from the key vault.
- - command_started_event:
- command:
- find: datakeys
- filter: {"$or": [{"_id": {"$in": [ {{key()["_id"]}} ] }}, {"keyAltNames": {"$in": []}}]}
- $db: keyvault
- readConcern: { level: "majority" }
- command_name: find
- - command_started_event:
- command:
- insert: *collection_name
- documents:
- - &doc0_encrypted { _id: 1, encrypted_string: {{ciphertext("string0", field="encrypted_string")}} }
- ordered: true
- command_name: insert
- - command_started_event:
- command:
- find: *collection_name
- filter: { _id: 1 }
- command_name: find
- outcome:
- collection:
- # Outcome is checked using a separate MongoClient without auto encryption.
- data:
- - *doc0_encrypted
- - description: "A local schema with no encryption is an error"
- clientOptions:
- autoEncryptOpts:
- schemaMap:
- "default.default": {{schema('noencryption')}}
- kmsProviders:
- aws: {} # Credentials filled in from environment.
- operations:
- - name: insertOne
- arguments:
- document: { _id: 1, encrypted_string: "string0" }
- result:
- errorContains: "JSON schema keyword 'required' is only allowed with a remote schema"
\ No newline at end of file
diff --git a/source/client-side-encryption/etc/test-templates/maxWireVersion.yml.template b/source/client-side-encryption/etc/test-templates/maxWireVersion.yml.template
deleted file mode 100644
index 4392a2b5ec..0000000000
--- a/source/client-side-encryption/etc/test-templates/maxWireVersion.yml.template
+++ /dev/null
@@ -1,22 +0,0 @@
-runOn:
- - maxServerVersion: "4.0.99"
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-
-data: []
-key_vault_data: [{{key()}}]
-
-tests:
- - description: "operation fails with maxWireVersion < 8"
- clientOptions:
- autoEncryptOpts:
- kmsProviders:
- aws: {} # Credentials filled in from environment.
- extraOptions:
- mongocryptdBypassSpawn: true # mongocryptd probably won't be on the path
- operations:
- - name: insertOne
- arguments:
- document: { encrypted_string: "string0" }
- result:
- errorContains: "Auto-encryption requires a minimum MongoDB version of 4.2"
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/legacy/fle2v2-BypassQueryAnalysis.json b/source/client-side-encryption/tests/legacy/fle2v2-BypassQueryAnalysis.json
deleted file mode 100644
index 9b28df2f9a..0000000000
--- a/source/client-side-encryption/tests/legacy/fle2v2-BypassQueryAnalysis.json
+++ /dev/null
@@ -1,261 +0,0 @@
-{
- "runOn": [
- {
- "minServerVersion": "7.0.0",
- "topology": [
- "replicaset",
- "sharded",
- "load-balanced"
- ]
- }
- ],
- "database_name": "default",
- "collection_name": "default",
- "data": [],
- "encrypted_fields": {
- "fields": [
- {
- "keyId": {
- "$binary": {
- "base64": "EjRWeBI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "path": "encryptedIndexed",
- "bsonType": "string",
- "queries": {
- "queryType": "equality",
- "contention": {
- "$numberLong": "0"
- }
- }
- },
- {
- "keyId": {
- "$binary": {
- "base64": "q83vqxI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "path": "encryptedUnindexed",
- "bsonType": "string"
- }
- ]
- },
- "key_vault_data": [
- {
- "_id": {
- "$binary": {
- "base64": "EjRWeBI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "keyMaterial": {
- "$binary": {
- "base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
- "subType": "00"
- }
- },
- "creationDate": {
- "$date": {
- "$numberLong": "1648914851981"
- }
- },
- "updateDate": {
- "$date": {
- "$numberLong": "1648914851981"
- }
- },
- "status": {
- "$numberInt": "0"
- },
- "masterKey": {
- "provider": "local"
- }
- }
- ],
- "tests": [
- {
- "description": "BypassQueryAnalysis decrypts",
- "clientOptions": {
- "autoEncryptOpts": {
- "kmsProviders": {
- "local": {
- "key": {
- "$binary": {
- "base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
- "subType": "00"
- }
- }
- }
- },
- "bypassQueryAnalysis": true
- }
- },
- "operations": [
- {
- "name": "insertOne",
- "arguments": {
- "document": {
- "_id": 1,
- "encryptedIndexed": {
- "$binary": {
- "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
- "subType": "06"
- }
- }
- }
- }
- },
- {
- "name": "find",
- "arguments": {
- "filter": {
- "_id": 1
- }
- },
- "result": [
- {
- "_id": 1,
- "encryptedIndexed": "123"
- }
- ]
- }
- ],
- "expectations": [
- {
- "command_started_event": {
- "command": {
- "listCollections": 1,
- "filter": {
- "name": "default"
- }
- },
- "command_name": "listCollections"
- }
- },
- {
- "command_started_event": {
- "command": {
- "insert": "default",
- "documents": [
- {
- "_id": 1,
- "encryptedIndexed": {
- "$binary": {
- "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
- "subType": "06"
- }
- }
- }
- ],
- "ordered": true,
- "encryptionInformation": {
- "type": 1,
- "schema": {
- "default.default": {
- "escCollection": "enxcol_.default.esc",
- "ecocCollection": "enxcol_.default.ecoc",
- "fields": [
- {
- "keyId": {
- "$binary": {
- "base64": "EjRWeBI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "path": "encryptedIndexed",
- "bsonType": "string",
- "queries": {
- "queryType": "equality",
- "contention": {
- "$numberLong": "0"
- }
- }
- },
- {
- "keyId": {
- "$binary": {
- "base64": "q83vqxI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "path": "encryptedUnindexed",
- "bsonType": "string"
- }
- ]
- }
- }
- }
- },
- "command_name": "insert"
- }
- },
- {
- "command_started_event": {
- "command": {
- "find": "default",
- "filter": {
- "_id": 1
- }
- },
- "command_name": "find"
- }
- },
- {
- "command_started_event": {
- "command": {
- "find": "datakeys",
- "filter": {
- "$or": [
- {
- "_id": {
- "$in": [
- {
- "$binary": {
- "base64": "EjRWeBI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- }
- ]
- }
- },
- {
- "keyAltNames": {
- "$in": []
- }
- }
- ]
- },
- "$db": "keyvault",
- "readConcern": {
- "level": "majority"
- }
- },
- "command_name": "find"
- }
- }
- ],
- "outcome": {
- "collection": {
- "data": [
- {
- "_id": 1,
- "encryptedIndexed": {
- "$$type": "binData"
- },
- "__safeContent__": [
- {
- "$binary": {
- "base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=",
- "subType": "00"
- }
- }
- ]
- }
- ]
- }
- }
- }
- ]
-}
diff --git a/source/client-side-encryption/tests/legacy/fle2v2-BypassQueryAnalysis.yml b/source/client-side-encryption/tests/legacy/fle2v2-BypassQueryAnalysis.yml
deleted file mode 100644
index 51e7a56758..0000000000
--- a/source/client-side-encryption/tests/legacy/fle2v2-BypassQueryAnalysis.yml
+++ /dev/null
@@ -1,89 +0,0 @@
-# Requires libmongocrypt 1.8.0.
-runOn:
- - minServerVersion: "7.0.0"
- # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
- # FLE 2 Encrypted collections are not supported on standalone.
- topology: [ "replicaset", "sharded", "load-balanced" ]
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-data: []
-encrypted_fields: &encrypted_fields {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
-key_vault_data: [{'_id': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}} ]
-
-tests:
- - description: "BypassQueryAnalysis decrypts"
- clientOptions:
- autoEncryptOpts:
- kmsProviders:
- local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
- bypassQueryAnalysis: true
- operations:
- - name: insertOne
- arguments:
- document: &doc0_encrypted {
- "_id": 1,
- "encryptedIndexed": {
- "$binary": {
- # Payload has an IndexKey of key1 and UserKey of key1.
- "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
- "subType": "06"
- }
- }
- }
- - name: find
- arguments:
- filter: { "_id": 1 }
- result: [{"_id": 1, "encryptedIndexed": "123" }]
- expectations:
- - command_started_event:
- command:
- listCollections: 1
- filter:
- name: *collection_name
- command_name: listCollections
- - command_started_event:
- command:
- insert: *collection_name
- documents:
- - *doc0_encrypted
- ordered: true
- encryptionInformation:
- type: 1
- schema:
- "default.default":
- # libmongocrypt applies escCollection and ecocCollection to outgoing command.
- escCollection: "enxcol_.default.esc"
- ecocCollection: "enxcol_.default.ecoc"
- <<: *encrypted_fields
- command_name: insert
- - command_started_event:
- command:
- find: *collection_name
- filter: { "_id": 1 }
- command_name: find
- - command_started_event:
- command:
- find: datakeys
- filter: {
- "$or": [
- {
- "_id": {
- "$in": [
- {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}
- ]
- }
- },
- {
- "keyAltNames": {
- "$in": []
- }
- }
- ]
- }
- $db: keyvault
- readConcern: { level: "majority" }
- command_name: find
- outcome:
- collection:
- data:
- - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json b/source/client-side-encryption/tests/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json
deleted file mode 100644
index bdc5c99bc2..0000000000
--- a/source/client-side-encryption/tests/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json
+++ /dev/null
@@ -1,212 +0,0 @@
-{
- "runOn": [
- {
- "minServerVersion": "7.0.0",
- "topology": [
- "replicaset",
- "sharded",
- "load-balanced"
- ]
- }
- ],
- "database_name": "default",
- "collection_name": "default",
- "data": [],
- "encrypted_fields": {
- "fields": [
- {
- "keyId": {
- "$binary": {
- "base64": "EjRWeBI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "path": "encryptedIndexed",
- "bsonType": "string",
- "queries": {
- "queryType": "equality",
- "contention": {
- "$numberLong": "0"
- }
- }
- },
- {
- "keyId": {
- "$binary": {
- "base64": "q83vqxI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "path": "encryptedUnindexed",
- "bsonType": "string"
- }
- ]
- },
- "key_vault_data": [
- {
- "_id": {
- "$binary": {
- "base64": "q83vqxI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- },
- "keyMaterial": {
- "$binary": {
- "base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
- "subType": "00"
- }
- },
- "creationDate": {
- "$date": {
- "$numberLong": "1648914851981"
- }
- },
- "updateDate": {
- "$date": {
- "$numberLong": "1648914851981"
- }
- },
- "status": {
- "$numberInt": "0"
- },
- "masterKey": {
- "provider": "local"
- }
- }
- ],
- "tests": [
- {
- "description": "encryptedFieldsMap is preferred over remote encryptedFields",
- "clientOptions": {
- "autoEncryptOpts": {
- "kmsProviders": {
- "local": {
- "key": {
- "$binary": {
- "base64": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk",
- "subType": "00"
- }
- }
- }
- },
- "encryptedFieldsMap": {
- "default.default": {
- "fields": []
- }
- }
- }
- },
- "operations": [
- {
- "name": "insertOne",
- "arguments": {
- "document": {
- "_id": 1,
- "encryptedUnindexed": {
- "$binary": {
- "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
- "subType": "06"
- }
- }
- }
- }
- },
- {
- "name": "find",
- "arguments": {
- "filter": {
- "_id": 1
- }
- },
- "result": [
- {
- "_id": 1,
- "encryptedUnindexed": "value123"
- }
- ]
- }
- ],
- "expectations": [
- {
- "command_started_event": {
- "command": {
- "insert": "default",
- "documents": [
- {
- "_id": 1,
- "encryptedUnindexed": {
- "$binary": {
- "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
- "subType": "06"
- }
- }
- }
- ],
- "ordered": true
- },
- "command_name": "insert"
- }
- },
- {
- "command_started_event": {
- "command": {
- "find": "default",
- "filter": {
- "_id": 1
- }
- },
- "command_name": "find"
- }
- },
- {
- "command_started_event": {
- "command": {
- "find": "datakeys",
- "filter": {
- "$or": [
- {
- "_id": {
- "$in": [
- {
- "$binary": {
- "base64": "q83vqxI0mHYSNBI0VniQEg==",
- "subType": "04"
- }
- }
- ]
- }
- },
- {
- "keyAltNames": {
- "$in": []
- }
- }
- ]
- },
- "$db": "keyvault",
- "readConcern": {
- "level": "majority"
- }
- },
- "command_name": "find"
- }
- }
- ],
- "outcome": {
- "collection": {
- "data": [
- {
- "_id": 1,
- "encryptedUnindexed": {
- "$binary": {
- "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
- "subType": "06"
- }
- }
- }
- ]
- }
- }
- }
- ]
-}
diff --git a/source/client-side-encryption/tests/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml b/source/client-side-encryption/tests/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml
deleted file mode 100644
index 8767132e62..0000000000
--- a/source/client-side-encryption/tests/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-# Requires libmongocrypt 1.8.0.
-runOn:
- - minServerVersion: "7.0.0"
- # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
- # FLE 2 Encrypted collections are not supported on standalone.
- topology: [ "replicaset", "sharded", "load-balanced" ]
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-data: []
-encrypted_fields: {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
-key_vault_data: [ {'_id': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}}]
-tests:
- - description: "encryptedFieldsMap is preferred over remote encryptedFields"
- clientOptions:
- autoEncryptOpts:
- kmsProviders:
- local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
- encryptedFieldsMap: {
- "default.default": {
- "fields": []
- }
- }
- operations:
- # EncryptedFieldsMap overrides remote encryptedFields.
- # Automatic encryption does not occur on encryptedUnindexed. The value is validated on the server.
- - name: insertOne
- arguments:
- document: &doc0 {
- _id: 1,
- encryptedUnindexed: {
- "$binary": {
- "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
- "subType": "06"
- }
- }
- }
- - name: find
- arguments:
- filter: { "_id": 1 }
- result: [{"_id": 1, "encryptedUnindexed": "value123" }]
- expectations:
- - command_started_event:
- command:
- insert: *collection_name
- documents:
- - *doc0
- ordered: true
- command_name: insert
- - command_started_event:
- command:
- find: *collection_name
- filter: { "_id": 1}
- command_name: find
- - command_started_event:
- command:
- find: datakeys
- filter: {
- "$or": [
- {
- "_id": {
- "$in": [
- {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}
- ]
- }
- },
- {
- "keyAltNames": {
- "$in": []
- }
- }
- ]
- }
- $db: keyvault
- readConcern: { level: "majority" }
- command_name: find
- outcome:
- collection:
- data:
- - *doc0
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/legacy/localSchema.json b/source/client-side-encryption/tests/legacy/localSchema.json
deleted file mode 100644
index 4698520f6f..0000000000
--- a/source/client-side-encryption/tests/legacy/localSchema.json
+++ /dev/null
@@ -1,258 +0,0 @@
-{
- "runOn": [
- {
- "minServerVersion": "4.1.10"
- }
- ],
- "database_name": "default",
- "collection_name": "default",
- "data": [],
- "json_schema": {},
- "key_vault_data": [
- {
- "status": 1,
- "_id": {
- "$binary": {
- "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
- "subType": "04"
- }
- },
- "masterKey": {
- "provider": "aws",
- "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
- "region": "us-east-1"
- },
- "updateDate": {
- "$date": {
- "$numberLong": "1552949630483"
- }
- },
- "keyMaterial": {
- "$binary": {
- "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO",
- "subType": "00"
- }
- },
- "creationDate": {
- "$date": {
- "$numberLong": "1552949630483"
- }
- },
- "keyAltNames": [
- "altname",
- "another_altname"
- ]
- }
- ],
- "tests": [
- {
- "description": "A local schema should override",
- "clientOptions": {
- "autoEncryptOpts": {
- "schemaMap": {
- "default.default": {
- "properties": {
- "encrypted_w_altname": {
- "encrypt": {
- "keyId": "/altname",
- "bsonType": "string",
- "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
- }
- },
- "encrypted_string": {
- "encrypt": {
- "keyId": [
- {
- "$binary": {
- "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
- "subType": "04"
- }
- }
- ],
- "bsonType": "string",
- "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
- }
- },
- "random": {
- "encrypt": {
- "keyId": [
- {
- "$binary": {
- "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
- "subType": "04"
- }
- }
- ],
- "bsonType": "string",
- "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
- }
- },
- "encrypted_string_equivalent": {
- "encrypt": {
- "keyId": [
- {
- "$binary": {
- "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
- "subType": "04"
- }
- }
- ],
- "bsonType": "string",
- "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
- }
- }
- },
- "bsonType": "object"
- }
- },
- "kmsProviders": {
- "aws": {}
- }
- }
- },
- "operations": [
- {
- "name": "insertOne",
- "arguments": {
- "document": {
- "_id": 1,
- "encrypted_string": "string0"
- }
- }
- },
- {
- "name": "find",
- "arguments": {
- "filter": {
- "_id": 1
- }
- },
- "result": [
- {
- "_id": 1,
- "encrypted_string": "string0"
- }
- ]
- }
- ],
- "expectations": [
- {
- "command_started_event": {
- "command": {
- "find": "datakeys",
- "filter": {
- "$or": [
- {
- "_id": {
- "$in": [
- {
- "$binary": {
- "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
- "subType": "04"
- }
- }
- ]
- }
- },
- {
- "keyAltNames": {
- "$in": []
- }
- }
- ]
- },
- "$db": "keyvault",
- "readConcern": {
- "level": "majority"
- }
- },
- "command_name": "find"
- }
- },
- {
- "command_started_event": {
- "command": {
- "insert": "default",
- "documents": [
- {
- "_id": 1,
- "encrypted_string": {
- "$binary": {
- "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==",
- "subType": "06"
- }
- }
- }
- ],
- "ordered": true
- },
- "command_name": "insert"
- }
- },
- {
- "command_started_event": {
- "command": {
- "find": "default",
- "filter": {
- "_id": 1
- }
- },
- "command_name": "find"
- }
- }
- ],
- "outcome": {
- "collection": {
- "data": [
- {
- "_id": 1,
- "encrypted_string": {
- "$binary": {
- "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==",
- "subType": "06"
- }
- }
- }
- ]
- }
- }
- },
- {
- "description": "A local schema with no encryption is an error",
- "clientOptions": {
- "autoEncryptOpts": {
- "schemaMap": {
- "default.default": {
- "properties": {
- "test": {
- "bsonType": "string"
- }
- },
- "bsonType": "object",
- "required": [
- "test"
- ]
- }
- },
- "kmsProviders": {
- "aws": {}
- }
- }
- },
- "operations": [
- {
- "name": "insertOne",
- "arguments": {
- "document": {
- "_id": 1,
- "encrypted_string": "string0"
- }
- },
- "result": {
- "errorContains": "JSON schema keyword 'required' is only allowed with a remote schema"
- }
- }
- ]
- }
- ]
-}
diff --git a/source/client-side-encryption/tests/legacy/localSchema.yml b/source/client-side-encryption/tests/legacy/localSchema.yml
deleted file mode 100644
index 89b4bd51d0..0000000000
--- a/source/client-side-encryption/tests/legacy/localSchema.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-runOn:
- - minServerVersion: "4.1.10"
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-
-data: []
-# configure an empty schema
-json_schema: {}
-key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}]
-
-tests:
- - description: "A local schema should override"
- clientOptions:
- autoEncryptOpts:
- schemaMap:
- "default.default": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
- kmsProviders:
- aws: {} # Credentials filled in from environment.
- operations:
- - name: insertOne
- arguments:
- document: &doc0 { _id: 1, encrypted_string: "string0" }
- - name: find
- arguments:
- filter: { _id: 1 }
- result: [*doc0]
- expectations:
- # Then key is fetched from the key vault.
- - command_started_event:
- command:
- find: datakeys
- filter: {"$or": [{"_id": {"$in": [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] }}, {"keyAltNames": {"$in": []}}]}
- $db: keyvault
- readConcern: { level: "majority" }
- command_name: find
- - command_started_event:
- command:
- insert: *collection_name
- documents:
- - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
- ordered: true
- command_name: insert
- - command_started_event:
- command:
- find: *collection_name
- filter: { _id: 1 }
- command_name: find
- outcome:
- collection:
- # Outcome is checked using a separate MongoClient without auto encryption.
- data:
- - *doc0_encrypted
- - description: "A local schema with no encryption is an error"
- clientOptions:
- autoEncryptOpts:
- schemaMap:
- "default.default": {'properties': {'test': {'bsonType': 'string'}}, 'bsonType': 'object', 'required': ['test']}
- kmsProviders:
- aws: {} # Credentials filled in from environment.
- operations:
- - name: insertOne
- arguments:
- document: { _id: 1, encrypted_string: "string0" }
- result:
- errorContains: "JSON schema keyword 'required' is only allowed with a remote schema"
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/legacy/maxWireVersion.json b/source/client-side-encryption/tests/legacy/maxWireVersion.json
deleted file mode 100644
index f04f58dffd..0000000000
--- a/source/client-side-encryption/tests/legacy/maxWireVersion.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
- "runOn": [
- {
- "maxServerVersion": "4.0.99"
- }
- ],
- "database_name": "default",
- "collection_name": "default",
- "data": [],
- "key_vault_data": [
- {
- "status": 1,
- "_id": {
- "$binary": {
- "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
- "subType": "04"
- }
- },
- "masterKey": {
- "provider": "aws",
- "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
- "region": "us-east-1"
- },
- "updateDate": {
- "$date": {
- "$numberLong": "1552949630483"
- }
- },
- "keyMaterial": {
- "$binary": {
- "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO",
- "subType": "00"
- }
- },
- "creationDate": {
- "$date": {
- "$numberLong": "1552949630483"
- }
- },
- "keyAltNames": [
- "altname",
- "another_altname"
- ]
- }
- ],
- "tests": [
- {
- "description": "operation fails with maxWireVersion < 8",
- "clientOptions": {
- "autoEncryptOpts": {
- "kmsProviders": {
- "aws": {}
- },
- "extraOptions": {
- "mongocryptdBypassSpawn": true
- }
- }
- },
- "operations": [
- {
- "name": "insertOne",
- "arguments": {
- "document": {
- "encrypted_string": "string0"
- }
- },
- "result": {
- "errorContains": "Auto-encryption requires a minimum MongoDB version of 4.2"
- }
- }
- ]
- }
- ]
-}
diff --git a/source/client-side-encryption/tests/legacy/maxWireVersion.yml b/source/client-side-encryption/tests/legacy/maxWireVersion.yml
deleted file mode 100644
index 87c4c993f9..0000000000
--- a/source/client-side-encryption/tests/legacy/maxWireVersion.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-runOn:
- - maxServerVersion: "4.0.99"
-database_name: &database_name "default"
-collection_name: &collection_name "default"
-
-data: []
-key_vault_data: [{'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}]
-
-tests:
- - description: "operation fails with maxWireVersion < 8"
- clientOptions:
- autoEncryptOpts:
- kmsProviders:
- aws: {} # Credentials filled in from environment.
- extraOptions:
- mongocryptdBypassSpawn: true # mongocryptd probably won't be on the path
- operations:
- - name: insertOne
- arguments:
- document: { encrypted_string: "string0" }
- result:
- errorContains: "Auto-encryption requires a minimum MongoDB version of 4.2"
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.json b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.json
new file mode 100644
index 0000000000..8b44117a95
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.json
@@ -0,0 +1,302 @@
+{
+ "description": "fle2v2-BypassQueryAnalysis",
+ "schemaVersion": "1.23",
+ "runOnRequirements": [
+ {
+ "minServerVersion": "7.0.0",
+ "serverless": "forbid",
+ "csfle": true,
+ "topologies": [
+ "replicaset",
+ "sharded",
+ "load-balanced"
+ ]
+ }
+ ],
+ "createEntities": [
+ {
+ "client": {
+ "id": "client0",
+ "autoEncryptOpts": {
+ "kmsProviders": {
+ "local": {
+ "key": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk"
+ }
+ },
+ "keyVaultNamespace": "keyvault.datakeys",
+ "bypassQueryAnalysis": true
+ },
+ "observeEvents": [
+ "commandStartedEvent"
+ ]
+ }
+ },
+ {
+ "database": {
+ "id": "encryptedDB",
+ "client": "client0",
+ "databaseName": "default"
+ }
+ },
+ {
+ "collection": {
+ "id": "encryptedColl",
+ "database": "encryptedDB",
+ "collectionName": "default"
+ }
+ }
+ ],
+ "initialData": [
+ {
+ "databaseName": "keyvault",
+ "collectionName": "datakeys",
+ "documents": [
+ {
+ "_id": {
+ "$binary": {
+ "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "keyMaterial": {
+ "$binary": {
+ "base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
+ "subType": "00"
+ }
+ },
+ "creationDate": {
+ "$date": {
+ "$numberLong": "1648914851981"
+ }
+ },
+ "updateDate": {
+ "$date": {
+ "$numberLong": "1648914851981"
+ }
+ },
+ "status": {
+ "$numberInt": "0"
+ },
+ "masterKey": {
+ "provider": "local"
+ }
+ }
+ ]
+ },
+ {
+ "databaseName": "default",
+ "collectionName": "default",
+ "documents": [],
+ "createOptions": {
+ "encryptedFields": {
+ "fields": [
+ {
+ "keyId": {
+ "$binary": {
+ "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "path": "encryptedIndexed",
+ "bsonType": "string",
+ "queries": {
+ "queryType": "equality",
+ "contention": {
+ "$numberLong": "0"
+ }
+ }
+ },
+ {
+ "keyId": {
+ "$binary": {
+ "base64": "q83vqxI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "path": "encryptedUnindexed",
+ "bsonType": "string"
+ }
+ ]
+ }
+ }
+ }
+ ],
+ "tests": [
+ {
+ "description": "BypassQueryAnalysis decrypts",
+ "operations": [
+ {
+ "object": "encryptedColl",
+ "name": "insertOne",
+ "arguments": {
+ "document": {
+ "_id": 1,
+ "encryptedIndexed": {
+ "$binary": {
+ "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
+ "subType": "06"
+ }
+ }
+ }
+ }
+ },
+ {
+ "object": "encryptedColl",
+ "name": "find",
+ "arguments": {
+ "filter": {
+ "_id": 1
+ }
+ },
+ "expectResult": [
+ {
+ "_id": 1,
+ "encryptedIndexed": "123"
+ }
+ ]
+ }
+ ],
+ "expectEvents": [
+ {
+ "client": "client0",
+ "events": [
+ {
+ "commandStartedEvent": {
+ "command": {
+ "listCollections": 1,
+ "filter": {
+ "name": "default"
+ }
+ },
+ "commandName": "listCollections"
+ }
+ },
+ {
+ "commandStartedEvent": {
+ "command": {
+ "insert": "default",
+ "documents": [
+ {
+ "_id": 1,
+ "encryptedIndexed": {
+ "$binary": {
+ "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
+ "subType": "06"
+ }
+ }
+ }
+ ],
+ "ordered": true,
+ "encryptionInformation": {
+ "type": 1,
+ "schema": {
+ "default.default": {
+ "escCollection": "enxcol_.default.esc",
+ "ecocCollection": "enxcol_.default.ecoc",
+ "fields": [
+ {
+ "keyId": {
+ "$binary": {
+ "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "path": "encryptedIndexed",
+ "bsonType": "string",
+ "queries": {
+ "queryType": "equality",
+ "contention": {
+ "$numberLong": "0"
+ }
+ }
+ },
+ {
+ "keyId": {
+ "$binary": {
+ "base64": "q83vqxI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "path": "encryptedUnindexed",
+ "bsonType": "string"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "commandName": "insert"
+ }
+ },
+ {
+ "commandStartedEvent": {
+ "command": {
+ "find": "default",
+ "filter": {
+ "_id": 1
+ }
+ },
+ "commandName": "find"
+ }
+ },
+ {
+ "commandStartedEvent": {
+ "command": {
+ "find": "datakeys",
+ "filter": {
+ "$or": [
+ {
+ "_id": {
+ "$in": [
+ {
+ "$binary": {
+ "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "keyAltNames": {
+ "$in": []
+ }
+ }
+ ]
+ },
+ "$db": "keyvault",
+ "readConcern": {
+ "level": "majority"
+ }
+ },
+ "commandName": "find"
+ }
+ }
+ ]
+ }
+ ],
+ "outcome": [
+ {
+ "collectionName": "default",
+ "databaseName": "default",
+ "documents": [
+ {
+ "_id": 1,
+ "encryptedIndexed": {
+ "$$type": "binData"
+ },
+ "__safeContent__": [
+ {
+ "$binary": {
+ "base64": "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=",
+ "subType": "00"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
diff --git a/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml
new file mode 100644
index 0000000000..0329021de1
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/fle2v2-BypassQueryAnalysis.yml
@@ -0,0 +1,119 @@
+description: fle2v2-BypassQueryAnalysis
+
+schemaVersion: "1.23"
+
+runOnRequirements:
+ - minServerVersion: "7.0.0"
+ # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Test has not run on Serverless.
+ # Serverless tests are planned for removal: DRIVERS-3115
+ serverless: forbid
+ csfle: true
+ topologies: [ "replicaset", "sharded", "load-balanced" ]
+
+createEntities:
+ - client:
+ id: &client0 client0
+ autoEncryptOpts:
+ kmsProviders:
+ local:
+ key: Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk
+ keyVaultNamespace: keyvault.datakeys
+ bypassQueryAnalysis: true
+ observeEvents: [ commandStartedEvent ]
+ - database:
+ id: &encryptedDB encryptedDB
+ client: *client0
+ databaseName: &encryptedDBName default
+ - collection:
+ id: &encryptedColl encryptedColl
+ database: *encryptedDB
+ collectionName: &encryptedCollName default
+
+initialData:
+ - databaseName: &keyvaultDBName keyvault
+ collectionName: &datakeysCollName datakeys
+ documents:
+ - {'_id': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}}
+ - databaseName: *encryptedDBName
+ collectionName: *encryptedCollName
+ documents: []
+ createOptions:
+ encryptedFields: &encrypted_fields {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
+
+tests:
+ - description: "BypassQueryAnalysis decrypts"
+ operations:
+ - object: *encryptedColl
+ name: insertOne
+ arguments:
+ document: &doc0_encrypted {
+ "_id": 1,
+ "encryptedIndexed": {
+ "$binary": {
+ # Payload has an IndexKey of key1 and UserKey of key1.
+ "base64": "C18BAAAFZAAgAAAAANnt+eLTkv4GdDPl8IAfJOvTzArOgFJQ2S/DcLza4W0DBXMAIAAAAAD2u+omZme3P2gBPehMQyQHQ153tPN1+z7bksYA9jKTpAVwADAAAAAAUnCOQqIvmR65YKyYnsiVfVrg9hwUVO3RhhKExo3RWOzgaS0QdsBL5xKFS0JhZSoWBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAEjRWeBI0mHYSNBI0VniQEpQbp/ZJpWBKeDtKLiXb0P2E9wvc0g3f373jnYQYlJquOrlPOoEy3ngsHPJuSUijvWDsrQzqYa349K7G/66qaXEFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAACkm0o9bj6j0HuADKc0svbqO2UHj6GrlNdF6yKNxh63xRJrAAAAAAAAAAAAAA==",
+ "subType": "06"
+ }
+ }
+ }
+ - object: *encryptedColl
+ name: find
+ arguments:
+ filter: { "_id": 1 }
+ expectResult: [{"_id": 1, "encryptedIndexed": "123" }]
+ expectEvents:
+ - client: *client0
+ events:
+ - commandStartedEvent:
+ command:
+ listCollections: 1
+ filter:
+ name: *encryptedCollName
+ commandName: listCollections
+ - commandStartedEvent:
+ command:
+ insert: *encryptedCollName
+ documents:
+ - *doc0_encrypted
+ ordered: true
+ encryptionInformation:
+ type: 1
+ schema:
+ "default.default":
+ # libmongocrypt applies escCollection and ecocCollection to outgoing command.
+ escCollection: "enxcol_.default.esc"
+ ecocCollection: "enxcol_.default.ecoc"
+ <<: *encrypted_fields
+ commandName: insert
+ - commandStartedEvent:
+ command:
+ find: *encryptedCollName
+ filter: { "_id": 1 }
+ commandName: find
+ - commandStartedEvent:
+ command:
+ find: *datakeysCollName
+ filter: {
+ "$or": [
+ {
+ "_id": {
+ "$in": [
+ {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}
+ ]
+ }
+ },
+ {
+ "keyAltNames": {
+ "$in": []
+ }
+ }
+ ]
+ }
+ $db: *keyvaultDBName
+ readConcern: { level: "majority" }
+ commandName: find
+ outcome:
+ - collectionName: *encryptedCollName
+ databaseName: *encryptedDBName
+ documents:
+ - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "31eCYlbQoVboc5zwC8IoyJVSkag9PxREka8dkmbXJeY=", "subType" : "00" } }] }
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/unified/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json b/source/client-side-encryption/tests/unified/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json
new file mode 100644
index 0000000000..b5f848c080
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json
@@ -0,0 +1,256 @@
+{
+ "description": "fle2v2-EncryptedFields-vs-EncryptedFieldsMap",
+ "schemaVersion": "1.23",
+ "runOnRequirements": [
+ {
+ "minServerVersion": "7.0.0",
+ "serverless": "forbid",
+ "csfle": true,
+ "topologies": [
+ "replicaset",
+ "sharded",
+ "load-balanced"
+ ]
+ }
+ ],
+ "createEntities": [
+ {
+ "client": {
+ "id": "client0",
+ "autoEncryptOpts": {
+ "kmsProviders": {
+ "local": {
+ "key": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk"
+ }
+ },
+ "keyVaultNamespace": "keyvault.datakeys",
+ "encryptedFieldsMap": {
+ "default.default": {
+ "fields": []
+ }
+ }
+ },
+ "observeEvents": [
+ "commandStartedEvent"
+ ]
+ }
+ },
+ {
+ "database": {
+ "id": "encryptedDB",
+ "client": "client0",
+ "databaseName": "default"
+ }
+ },
+ {
+ "collection": {
+ "id": "encryptedColl",
+ "database": "encryptedDB",
+ "collectionName": "default"
+ }
+ }
+ ],
+ "initialData": [
+ {
+ "databaseName": "keyvault",
+ "collectionName": "datakeys",
+ "documents": [
+ {
+ "_id": {
+ "$binary": {
+ "base64": "q83vqxI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "keyMaterial": {
+ "$binary": {
+ "base64": "HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==",
+ "subType": "00"
+ }
+ },
+ "creationDate": {
+ "$date": {
+ "$numberLong": "1648914851981"
+ }
+ },
+ "updateDate": {
+ "$date": {
+ "$numberLong": "1648914851981"
+ }
+ },
+ "status": {
+ "$numberInt": "0"
+ },
+ "masterKey": {
+ "provider": "local"
+ }
+ }
+ ]
+ },
+ {
+ "databaseName": "default",
+ "collectionName": "default",
+ "documents": [],
+ "createOptions": {
+ "encryptedFields": {
+ "fields": [
+ {
+ "keyId": {
+ "$binary": {
+ "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "path": "encryptedIndexed",
+ "bsonType": "string",
+ "queries": {
+ "queryType": "equality",
+ "contention": {
+ "$numberLong": "0"
+ }
+ }
+ },
+ {
+ "keyId": {
+ "$binary": {
+ "base64": "q83vqxI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "path": "encryptedUnindexed",
+ "bsonType": "string"
+ }
+ ]
+ }
+ }
+ }
+ ],
+ "tests": [
+ {
+ "description": "encryptedFieldsMap is preferred over remote encryptedFields",
+ "operations": [
+ {
+ "object": "encryptedColl",
+ "name": "insertOne",
+ "arguments": {
+ "document": {
+ "_id": 1,
+ "encryptedUnindexed": {
+ "$binary": {
+ "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
+ "subType": "06"
+ }
+ }
+ }
+ }
+ },
+ {
+ "object": "encryptedColl",
+ "name": "find",
+ "arguments": {
+ "filter": {
+ "_id": 1
+ }
+ },
+ "expectResult": [
+ {
+ "_id": 1,
+ "encryptedUnindexed": "value123"
+ }
+ ]
+ }
+ ],
+ "expectEvents": [
+ {
+ "client": "client0",
+ "events": [
+ {
+ "commandStartedEvent": {
+ "databaseName": "default",
+ "commandName": "insert",
+ "command": {
+ "insert": "default",
+ "documents": [
+ {
+ "_id": 1,
+ "encryptedUnindexed": {
+ "$binary": {
+ "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
+ "subType": "06"
+ }
+ }
+ }
+ ],
+ "ordered": true
+ }
+ }
+ },
+ {
+ "commandStartedEvent": {
+ "databaseName": "default",
+ "commandName": "find",
+ "command": {
+ "find": "default",
+ "filter": {
+ "_id": 1
+ }
+ }
+ }
+ },
+ {
+ "commandStartedEvent": {
+ "databaseName": "keyvault",
+ "commandName": "find",
+ "command": {
+ "find": "datakeys",
+ "filter": {
+ "$or": [
+ {
+ "_id": {
+ "$in": [
+ {
+ "$binary": {
+ "base64": "q83vqxI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "keyAltNames": {
+ "$in": []
+ }
+ }
+ ]
+ },
+ "$db": "keyvault",
+ "readConcern": {
+ "level": "majority"
+ }
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "outcome": [
+ {
+ "collectionName": "default",
+ "databaseName": "default",
+ "documents": [
+ {
+ "_id": 1,
+ "encryptedUnindexed": {
+ "$binary": {
+ "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
+ "subType": "06"
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
diff --git a/source/client-side-encryption/tests/unified/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml b/source/client-side-encryption/tests/unified/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml
new file mode 100644
index 0000000000..67cca9b434
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml
@@ -0,0 +1,114 @@
+description: fle2v2-EncryptedFields-vs-EncryptedFieldsMap
+
+schemaVersion: "1.23"
+
+runOnRequirements:
+ - minServerVersion: "7.0.0"
+ # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Test has not run on Serverless.
+ # Serverless tests are planned for removal: DRIVERS-3115
+ serverless: forbid
+ csfle: true
+ topologies: [ "replicaset", "sharded", "load-balanced" ]
+
+createEntities:
+ - client:
+ id: &client0 client0
+ autoEncryptOpts:
+ kmsProviders:
+ local:
+ key: Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk
+ keyVaultNamespace: keyvault.datakeys
+ encryptedFieldsMap: {
+ "default.default": {
+ "fields": []
+ }
+ }
+ observeEvents: [ commandStartedEvent ]
+ - database:
+ id: &encryptedDB encryptedDB
+ client: *client0
+ databaseName: &encryptedDBName default
+ - collection:
+ id: &encryptedColl encryptedColl
+ database: *encryptedDB
+ collectionName: &encryptedCollName default
+
+initialData:
+ - databaseName: &keyvaultDBName keyvault
+ collectionName: &datakeysCollName datakeys
+ documents:
+ - {'_id': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}}
+ - databaseName: *encryptedDBName
+ collectionName: *encryptedCollName
+ documents: []
+ createOptions:
+ encryptedFields: {'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
+
+tests:
+ - description: "encryptedFieldsMap is preferred over remote encryptedFields"
+ operations:
+ # EncryptedFieldsMap overrides remote encryptedFields.
+ # Automatic encryption does not occur on encryptedUnindexed. The value is validated on the server.
+ - object: *encryptedColl
+ name: insertOne
+ arguments:
+ document: &doc0 {
+ _id: 1,
+ encryptedUnindexed: {
+ "$binary": {
+ "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
+ "subType": "06"
+ }
+ }
+ }
+ - object: *encryptedColl
+ name: find
+ arguments:
+ filter: { "_id": 1 }
+ expectResult:
+ - {"_id": 1, "encryptedUnindexed": "value123" }
+ expectEvents:
+ - client: *client0
+ events:
+ - commandStartedEvent:
+ databaseName: *encryptedDBName
+ commandName: insert
+ command:
+ insert: *encryptedCollName
+ documents:
+ - *doc0
+ ordered: true
+ - commandStartedEvent:
+ databaseName: *encryptedDBName
+ commandName: find
+ command:
+ find: *encryptedCollName
+ filter: { "_id": 1}
+ - commandStartedEvent:
+ databaseName: *keyvaultDBName
+ commandName: find
+ command:
+ find: *datakeysCollName
+ filter: {
+ "$or": [
+ {
+ "_id": {
+ "$in": [
+ {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}
+ ]
+ }
+ },
+ {
+ "keyAltNames": {
+ "$in": []
+ }
+ }
+ ]
+ }
+ $db: *keyvaultDBName
+ readConcern: { level: "majority" }
+ outcome:
+ - collectionName: *encryptedCollName
+ databaseName: *encryptedDBName
+ documents:
+ - *doc0
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/unified/localSchema.json b/source/client-side-encryption/tests/unified/localSchema.json
new file mode 100644
index 0000000000..a7acccac44
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/localSchema.json
@@ -0,0 +1,342 @@
+{
+ "description": "localSchema",
+ "schemaVersion": "1.23",
+ "runOnRequirements": [
+ {
+ "minServerVersion": "4.1.10",
+ "csfle": true
+ }
+ ],
+ "createEntities": [
+ {
+ "client": {
+ "id": "client0",
+ "autoEncryptOpts": {
+ "schemaMap": {
+ "default.default": {
+ "properties": {
+ "encrypted_w_altname": {
+ "encrypt": {
+ "keyId": "/altname",
+ "bsonType": "string",
+ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
+ }
+ },
+ "encrypted_string": {
+ "encrypt": {
+ "keyId": [
+ {
+ "$binary": {
+ "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
+ "subType": "04"
+ }
+ }
+ ],
+ "bsonType": "string",
+ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+ }
+ },
+ "random": {
+ "encrypt": {
+ "keyId": [
+ {
+ "$binary": {
+ "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
+ "subType": "04"
+ }
+ }
+ ],
+ "bsonType": "string",
+ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
+ }
+ },
+ "encrypted_string_equivalent": {
+ "encrypt": {
+ "keyId": [
+ {
+ "$binary": {
+ "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
+ "subType": "04"
+ }
+ }
+ ],
+ "bsonType": "string",
+ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+ }
+ }
+ },
+ "bsonType": "object"
+ }
+ },
+ "keyVaultNamespace": "keyvault.datakeys",
+ "kmsProviders": {
+ "aws": {
+ "accessKeyId": {
+ "$$placeholder": 1
+ },
+ "secretAccessKey": {
+ "$$placeholder": 1
+ },
+ "sessionToken": {
+ "$$placeholder": 1
+ }
+ }
+ }
+ },
+ "observeEvents": [
+ "commandStartedEvent"
+ ]
+ }
+ },
+ {
+ "client": {
+ "id": "client1",
+ "autoEncryptOpts": {
+ "schemaMap": {
+ "default.default": {
+ "properties": {
+ "test": {
+ "bsonType": "string"
+ }
+ },
+ "bsonType": "object",
+ "required": [
+ "test"
+ ]
+ }
+ },
+ "keyVaultNamespace": "keyvault.datakeys",
+ "kmsProviders": {
+ "aws": {
+ "accessKeyId": {
+ "$$placeholder": 1
+ },
+ "secretAccessKey": {
+ "$$placeholder": 1
+ },
+ "sessionToken": {
+ "$$placeholder": 1
+ }
+ }
+ }
+ },
+ "observeEvents": [
+ "commandStartedEvent"
+ ]
+ }
+ },
+ {
+ "database": {
+ "id": "encryptedDB",
+ "client": "client0",
+ "databaseName": "default"
+ }
+ },
+ {
+ "collection": {
+ "id": "encryptedColl",
+ "database": "encryptedDB",
+ "collectionName": "default"
+ }
+ },
+ {
+ "database": {
+ "id": "encryptedDB2",
+ "client": "client1",
+ "databaseName": "default"
+ }
+ },
+ {
+ "collection": {
+ "id": "encryptedColl2",
+ "database": "encryptedDB2",
+ "collectionName": "default"
+ }
+ }
+ ],
+ "initialData": [
+ {
+ "databaseName": "keyvault",
+ "collectionName": "datakeys",
+ "documents": [
+ {
+ "status": 1,
+ "_id": {
+ "$binary": {
+ "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
+ "subType": "04"
+ }
+ },
+ "masterKey": {
+ "provider": "aws",
+ "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
+ "region": "us-east-1"
+ },
+ "updateDate": {
+ "$date": {
+ "$numberLong": "1552949630483"
+ }
+ },
+ "keyMaterial": {
+ "$binary": {
+ "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO",
+ "subType": "00"
+ }
+ },
+ "creationDate": {
+ "$date": {
+ "$numberLong": "1552949630483"
+ }
+ },
+ "keyAltNames": [
+ "altname",
+ "another_altname"
+ ]
+ }
+ ]
+ },
+ {
+ "databaseName": "default",
+ "collectionName": "default",
+ "documents": []
+ }
+ ],
+ "tests": [
+ {
+ "description": "A local schema should override",
+ "operations": [
+ {
+ "object": "encryptedColl",
+ "name": "insertOne",
+ "arguments": {
+ "document": {
+ "_id": 1,
+ "encrypted_string": "string0"
+ }
+ }
+ },
+ {
+ "object": "encryptedColl",
+ "name": "find",
+ "arguments": {
+ "filter": {
+ "_id": 1
+ }
+ },
+ "expectResult": [
+ {
+ "_id": 1,
+ "encrypted_string": "string0"
+ }
+ ]
+ }
+ ],
+ "expectEvents": [
+ {
+ "client": "client0",
+ "events": [
+ {
+ "commandStartedEvent": {
+ "databaseName": "keyvault",
+ "commandName": "find",
+ "command": {
+ "find": "datakeys",
+ "filter": {
+ "$or": [
+ {
+ "_id": {
+ "$in": [
+ {
+ "$binary": {
+ "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
+ "subType": "04"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "keyAltNames": {
+ "$in": []
+ }
+ }
+ ]
+ },
+ "readConcern": {
+ "level": "majority"
+ }
+ }
+ }
+ },
+ {
+ "commandStartedEvent": {
+ "commandName": "insert",
+ "command": {
+ "insert": "default",
+ "documents": [
+ {
+ "_id": 1,
+ "encrypted_string": {
+ "$binary": {
+ "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==",
+ "subType": "06"
+ }
+ }
+ }
+ ],
+ "ordered": true
+ }
+ }
+ },
+ {
+ "commandStartedEvent": {
+ "commandName": "find",
+ "command": {
+ "find": "default",
+ "filter": {
+ "_id": 1
+ }
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "outcome": [
+ {
+ "collectionName": "default",
+ "databaseName": "default",
+ "documents": [
+ {
+ "_id": 1,
+ "encrypted_string": {
+ "$binary": {
+ "base64": "AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==",
+ "subType": "06"
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "description": "A local schema with no encryption is an error",
+ "operations": [
+ {
+ "object": "encryptedColl2",
+ "name": "insertOne",
+ "arguments": {
+ "document": {
+ "_id": 1,
+ "encrypted_string": "string0"
+ }
+ },
+ "expectError": {
+ "isClientError": true
+ }
+ }
+ ]
+ }
+ ]
+}
diff --git a/source/client-side-encryption/tests/unified/localSchema.yml b/source/client-side-encryption/tests/unified/localSchema.yml
new file mode 100644
index 0000000000..9a7cbf92d5
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/localSchema.yml
@@ -0,0 +1,102 @@
+description: localSchema
+
+schemaVersion: "1.23"
+
+runOnRequirements:
+ - minServerVersion: "4.1.10"
+ csfle: true
+
+createEntities:
+ - client:
+ id: &client0 client0
+ autoEncryptOpts:
+ schemaMap:
+ "default.default": {'properties': {'encrypted_w_altname': {'encrypt': {'keyId': '/altname', 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}, 'random': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'}}, 'encrypted_string_equivalent': {'encrypt': {'keyId': [{'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}], 'bsonType': 'string', 'algorithm': 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'}}}, 'bsonType': 'object'}
+ keyVaultNamespace: keyvault.datakeys
+ kmsProviders:
+ aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 }, sessionToken: { $$placeholder: 1 } }
+ observeEvents: [ commandStartedEvent ]
+ - client:
+ id: &client1 client1
+ autoEncryptOpts:
+ schemaMap:
+ "default.default": {'properties': {'test': {'bsonType': 'string'}}, 'bsonType': 'object', 'required': ['test']}
+ keyVaultNamespace: keyvault.datakeys
+ kmsProviders:
+ aws: { accessKeyId: { $$placeholder: 1 }, secretAccessKey: { $$placeholder: 1 }, sessionToken: { $$placeholder: 1 } }
+ observeEvents: [ commandStartedEvent ]
+ - database:
+ id: &encryptedDB encryptedDB
+ client: *client0
+ databaseName: &encryptedDBName default
+ - collection:
+ id: &encryptedColl encryptedColl
+ database: *encryptedDB
+ collectionName: &encryptedCollName default
+ # intentionally the same DB and collection name as encryptedDB/Coll
+ - database:
+ id: &encryptedDB2 encryptedDB2
+ client: *client1
+ databaseName: *encryptedDBName
+ - collection:
+ id: &encryptedColl2 encryptedColl2
+ database: *encryptedDB2
+ collectionName: *encryptedDBName
+
+initialData:
+ - databaseName: &keyvaultDBName keyvault
+ collectionName: &datakeysCollName datakeys
+ documents:
+ - {'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}
+ - databaseName: *encryptedDBName
+ collectionName: *encryptedCollName
+ documents: []
+
+tests:
+ - description: "A local schema should override"
+ operations:
+ - object: *encryptedColl
+ name: insertOne
+ arguments:
+ document: &doc0 { _id: 1, encrypted_string: "string0" }
+ - object: *encryptedColl
+ name: find
+ arguments:
+ filter: { _id: 1 }
+ expectResult: [*doc0]
+ expectEvents:
+ # Then key is fetched from the key vault.
+ - client: *client0
+ events:
+ - commandStartedEvent:
+ databaseName: *keyvaultDBName
+ commandName: find
+ command:
+ find: *datakeysCollName
+ filter: {"$or": [{"_id": {"$in": [ {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}} ] }}, {"keyAltNames": {"$in": []}}]}
+ readConcern: { level: "majority" }
+ - commandStartedEvent:
+ commandName: insert
+ command:
+ insert: *encryptedCollName
+ documents:
+ - &doc0_encrypted { _id: 1, encrypted_string: {'$binary': {'base64': 'AQAAAAAAAAAAAAAAAAAAAAACwj+3zkv2VM+aTfk60RqhXq6a/77WlLwu/BxXFkL7EppGsju/m8f0x5kBDD3EZTtGALGXlym5jnpZAoSIkswHoA==', 'subType': '06'}} }
+ ordered: true
+ - commandStartedEvent:
+ commandName: find
+ command:
+ find: *encryptedCollName
+ filter: { _id: 1 }
+ outcome:
+ - collectionName: *encryptedCollName
+ databaseName: *encryptedDBName
+ documents:
+ - *doc0_encrypted
+ - description: "A local schema with no encryption is an error"
+ operations:
+ - object: *encryptedColl2
+ name: insertOne
+ arguments:
+ document: &doc0 { _id: 1, encrypted_string: "string0" }
+ expectError:
+ isClientError: true
\ No newline at end of file
diff --git a/source/client-side-encryption/tests/unified/maxWireVersion.json b/source/client-side-encryption/tests/unified/maxWireVersion.json
new file mode 100644
index 0000000000..74e5d12ed5
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/maxWireVersion.json
@@ -0,0 +1,100 @@
+{
+ "description": "maxWireVersion",
+ "schemaVersion": "1.23",
+ "runOnRequirements": [
+ {
+ "maxServerVersion": "4.0.99"
+ }
+ ],
+ "createEntities": [
+ {
+ "client": {
+ "id": "client0",
+ "autoEncryptOpts": {
+ "kmsProviders": {
+ "aws": {}
+ },
+ "keyVaultNamespace": "keyvault.datakeys",
+ "extraOptions": {
+ "mongocryptdBypassSpawn": true
+ }
+ }
+ }
+ },
+ {
+ "database": {
+ "id": "database0",
+ "client": "client0",
+ "databaseName": "default"
+ }
+ },
+ {
+ "collection": {
+ "id": "collection0",
+ "database": "database0",
+ "collectionName": "default"
+ }
+ }
+ ],
+ "initialData": [
+ {
+ "databaseName": "keyvault",
+ "collectionName": "datakeys",
+ "documents": [
+ {
+ "status": 1,
+ "_id": {
+ "$binary": {
+ "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
+ "subType": "04"
+ }
+ },
+ "masterKey": {
+ "provider": "aws",
+ "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
+ "region": "us-east-1"
+ },
+ "updateDate": {
+ "$date": {
+ "$numberLong": "1552949630483"
+ }
+ },
+ "keyMaterial": {
+ "$binary": {
+ "base64": "AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO",
+ "subType": "00"
+ }
+ },
+ "creationDate": {
+ "$date": {
+ "$numberLong": "1552949630483"
+ }
+ },
+ "keyAltNames": [
+ "altname",
+ "another_altname"
+ ]
+ }
+ ]
+ }
+ ],
+ "tests": [
+ {
+ "description": "operation fails with maxWireVersion < 8",
+ "operations": [
+ {
+ "name": "insertOne",
+ "object": "collection0",
+ "arguments": {
+ "document": {
+ "encrypted_string": "string0"
+ }
+ },
+ "expectError": {
+ "errorContains": "Auto-encryption requires a minimum MongoDB version of 4.2"
+ }
+ }
+ ]
+ }
+ ]
+}
diff --git a/source/client-side-encryption/tests/unified/maxWireVersion.yml b/source/client-side-encryption/tests/unified/maxWireVersion.yml
new file mode 100644
index 0000000000..75a51dd4e5
--- /dev/null
+++ b/source/client-side-encryption/tests/unified/maxWireVersion.yml
@@ -0,0 +1,41 @@
+description: maxWireVersion
+
+schemaVersion: "1.23"
+
+runOnRequirements:
+ - maxServerVersion: "4.0.99"
+ csfle: true
+
+createEntities:
+ - client:
+ id: &client0 client0
+ autoEncryptOpts:
+ kmsProviders:
+ aws: {}
+ keyVaultNamespace: keyvault.datakeys
+ extraOptions:
+ mongocryptdBypassSpawn: true # mongocryptd probably won't be on the path. mongocryptd was introduced in server 4.2.
+ - database:
+ id: &database0 database0
+ client: *client0
+ databaseName: default
+ - collection:
+ id: &collection0 collection0
+ database: *database0
+ collectionName: default
+
+initialData:
+ - databaseName: keyvault
+ collectionName: datakeys
+ documents:
+ - {'status': 1, '_id': {'$binary': {'base64': 'AAAAAAAAAAAAAAAAAAAAAA==', 'subType': '04'}}, 'masterKey': {'provider': 'aws', 'key': 'arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0', 'region': 'us-east-1'}, 'updateDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyMaterial': {'$binary': {'base64': 'AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gEqnsxXlR51T5EbEVezUqqKAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHa4jo6yp0Z18KgbUgIBEIB74sKxWtV8/YHje5lv5THTl0HIbhSwM6EqRlmBiFFatmEWaeMk4tO4xBX65eq670I5TWPSLMzpp8ncGHMmvHqRajNBnmFtbYxN3E3/WjxmdbOOe+OXpnGJPcGsftc7cB2shRfA4lICPnE26+oVNXT6p0Lo20nY5XC7jyCO', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1552949630483'}}, 'keyAltNames': ['altname', 'another_altname']}
+
+tests:
+ - description: "operation fails with maxWireVersion < 8"
+ operations:
+ - name: insertOne
+ object: *collection0
+ arguments:
+ document: { encrypted_string: "string0" }
+ expectError:
+ errorContains: "Auto-encryption requires a minimum MongoDB version of 4.2"
\ No newline at end of file
diff --git a/source/unified-test-format/schema-1.23.json b/source/unified-test-format/schema-1.23.json
new file mode 100644
index 0000000000..b454199b05
--- /dev/null
+++ b/source/unified-test-format/schema-1.23.json
@@ -0,0 +1,1159 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Unified Test Format",
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "description",
+ "schemaVersion",
+ "tests"
+ ],
+ "properties": {
+ "description": {
+ "type": "string"
+ },
+ "schemaVersion": {
+ "$ref": "#/definitions/version"
+ },
+ "runOnRequirements": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/runOnRequirement"
+ }
+ },
+ "createEntities": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/entity"
+ }
+ },
+ "initialData": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/collectionData"
+ }
+ },
+ "tests": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/test"
+ }
+ },
+ "_yamlAnchors": {
+ "type": "object",
+ "additionalProperties": true
+ }
+ },
+ "definitions": {
+ "version": {
+ "type": "string",
+ "pattern": "^[0-9]+(\\.[0-9]+){1,2}$"
+ },
+ "runOnRequirement": {
+ "type": "object",
+ "additionalProperties": false,
+ "minProperties": 1,
+ "properties": {
+ "maxServerVersion": {
+ "$ref": "#/definitions/version"
+ },
+ "minServerVersion": {
+ "$ref": "#/definitions/version"
+ },
+ "topologies": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "type": "string",
+ "enum": [
+ "single",
+ "replicaset",
+ "sharded",
+ "sharded-replicaset",
+ "load-balanced"
+ ]
+ }
+ },
+ "serverless": {
+ "type": "string",
+ "enum": [
+ "require",
+ "forbid",
+ "allow"
+ ]
+ },
+ "serverParameters": {
+ "type": "object",
+ "minProperties": 1
+ },
+ "auth": {
+ "type": "boolean"
+ },
+ "authMechanism": {
+ "type": "string"
+ },
+ "csfle": {
+ "type": "boolean"
+ }
+ }
+ },
+ "entity": {
+ "type": "object",
+ "additionalProperties": false,
+ "maxProperties": 1,
+ "minProperties": 1,
+ "properties": {
+ "client": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "uriOptions": {
+ "type": "object"
+ },
+ "useMultipleMongoses": {
+ "type": "boolean"
+ },
+ "observeEvents": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "type": "string",
+ "enum": [
+ "commandStartedEvent",
+ "commandSucceededEvent",
+ "commandFailedEvent",
+ "poolCreatedEvent",
+ "poolReadyEvent",
+ "poolClearedEvent",
+ "poolClosedEvent",
+ "connectionCreatedEvent",
+ "connectionReadyEvent",
+ "connectionClosedEvent",
+ "connectionCheckOutStartedEvent",
+ "connectionCheckOutFailedEvent",
+ "connectionCheckedOutEvent",
+ "connectionCheckedInEvent",
+ "serverDescriptionChangedEvent",
+ "topologyDescriptionChangedEvent"
+ ]
+ }
+ },
+ "ignoreCommandMonitoringEvents": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "type": "string"
+ }
+ },
+ "storeEventsAsEntities": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/storeEventsAsEntity"
+ }
+ },
+ "observeLogMessages": {
+ "type": "object",
+ "minProperties": 1,
+ "additionalProperties": false,
+ "properties": {
+ "command": {
+ "$ref": "#/definitions/logSeverityLevel"
+ },
+ "topology": {
+ "$ref": "#/definitions/logSeverityLevel"
+ },
+ "serverSelection": {
+ "$ref": "#/definitions/logSeverityLevel"
+ },
+ "connection": {
+ "$ref": "#/definitions/logSeverityLevel"
+ }
+ }
+ },
+ "serverApi": {
+ "$ref": "#/definitions/serverApi"
+ },
+ "observeSensitiveCommands": {
+ "type": "boolean"
+ },
+ "autoEncryptOpts": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "keyVaultNamespace",
+ "kmsProviders"
+ ],
+ "properties": {
+ "keyVaultNamespace": {
+ "type": "string"
+ },
+ "bypassAutoEncryption": {
+ "type": "boolean"
+ },
+ "kmsProviders": {
+ "$ref": "#/definitions/kmsProviders"
+ },
+ "schemaMap": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "object"
+ }
+ },
+ "extraOptions": {
+ "type": "object"
+ },
+ "encryptedFieldsMap": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "object"
+ }
+ },
+ "bypassQueryAnalysis": {
+ "type": "boolean"
+ },
+ "keyExpirationMS": {
+ "type": "integer"
+ }
+ }
+ }
+ }
+ },
+ "clientEncryption": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id",
+ "clientEncryptionOpts"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "clientEncryptionOpts": {
+ "$ref": "#/definitions/clientEncryptionOpts"
+ }
+ }
+ },
+ "database": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id",
+ "client",
+ "databaseName"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "client": {
+ "type": "string"
+ },
+ "databaseName": {
+ "type": "string"
+ },
+ "databaseOptions": {
+ "$ref": "#/definitions/collectionOrDatabaseOptions"
+ }
+ }
+ },
+ "collection": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id",
+ "database",
+ "collectionName"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "database": {
+ "type": "string"
+ },
+ "collectionName": {
+ "type": "string"
+ },
+ "collectionOptions": {
+ "$ref": "#/definitions/collectionOrDatabaseOptions"
+ }
+ }
+ },
+ "session": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id",
+ "client"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "client": {
+ "type": "string"
+ },
+ "sessionOptions": {
+ "type": "object"
+ }
+ }
+ },
+ "bucket": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id",
+ "database"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "database": {
+ "type": "string"
+ },
+ "bucketOptions": {
+ "type": "object"
+ }
+ }
+ },
+ "thread": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ },
+ "logComponent": {
+ "type": "string",
+ "enum": [
+ "command",
+ "topology",
+ "serverSelection",
+ "connection"
+ ]
+ },
+ "logSeverityLevel": {
+ "type": "string",
+ "enum": [
+ "emergency",
+ "alert",
+ "critical",
+ "error",
+ "warning",
+ "notice",
+ "info",
+ "debug",
+ "trace"
+ ]
+ },
+ "clientEncryptionOpts": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "keyVaultClient",
+ "keyVaultNamespace",
+ "kmsProviders"
+ ],
+ "properties": {
+ "keyVaultClient": {
+ "type": "string"
+ },
+ "keyVaultNamespace": {
+ "type": "string"
+ },
+ "kmsProviders": {
+ "$ref": "#/definitions/kmsProviders"
+ },
+ "keyExpirationMS": {
+ "type": "integer"
+ }
+ }
+ },
+ "kmsProviders": {
+ "$defs": {
+ "stringOrPlaceholder": {
+ "oneOf": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "$$placeholder"
+ ],
+ "properties": {
+ "$$placeholder": {}
+ }
+ }
+ ]
+ }
+ },
+ "type": "object",
+ "additionalProperties": false,
+ "patternProperties": {
+ "^aws(:[a-zA-Z0-9_]+)?$": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "accessKeyId": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ },
+ "secretAccessKey": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ },
+ "sessionToken": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ }
+ }
+ },
+ "^azure(:[a-zA-Z0-9_]+)?$": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "tenantId": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ },
+ "clientId": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ },
+ "clientSecret": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ },
+ "identityPlatformEndpoint": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ }
+ }
+ },
+ "^gcp(:[a-zA-Z0-9_]+)?$": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "email": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ },
+ "privateKey": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ },
+ "endpoint": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ }
+ }
+ },
+ "^kmip(:[a-zA-Z0-9_]+)?$": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "endpoint": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ }
+ }
+ },
+ "^local(:[a-zA-Z0-9_]+)?$": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "key": {
+ "$ref": "#/definitions/kmsProviders/$defs/stringOrPlaceholder"
+ }
+ }
+ }
+ }
+ },
+ "storeEventsAsEntity": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "id",
+ "events"
+ ],
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "events": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "type": "string",
+ "enum": [
+ "PoolCreatedEvent",
+ "PoolReadyEvent",
+ "PoolClearedEvent",
+ "PoolClosedEvent",
+ "ConnectionCreatedEvent",
+ "ConnectionReadyEvent",
+ "ConnectionClosedEvent",
+ "ConnectionCheckOutStartedEvent",
+ "ConnectionCheckOutFailedEvent",
+ "ConnectionCheckedOutEvent",
+ "ConnectionCheckedInEvent",
+ "CommandStartedEvent",
+ "CommandSucceededEvent",
+ "CommandFailedEvent",
+ "ServerDescriptionChangedEvent",
+ "TopologyDescriptionChangedEvent"
+ ]
+ }
+ }
+ }
+ },
+ "collectionData": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "collectionName",
+ "databaseName",
+ "documents"
+ ],
+ "properties": {
+ "collectionName": {
+ "type": "string"
+ },
+ "databaseName": {
+ "type": "string"
+ },
+ "createOptions": {
+ "type": "object",
+ "properties": {
+ "writeConcern": false
+ }
+ },
+ "documents": {
+ "type": "array",
+ "items": {
+ "type": "object"
+ }
+ }
+ }
+ },
+ "expectedEventsForClient": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "client",
+ "events"
+ ],
+ "properties": {
+ "client": {
+ "type": "string"
+ },
+ "eventType": {
+ "type": "string",
+ "enum": [
+ "command",
+ "cmap",
+ "sdam"
+ ]
+ },
+ "events": {
+ "type": "array"
+ },
+ "ignoreExtraEvents": {
+ "type": "boolean"
+ }
+ },
+ "oneOf": [
+ {
+ "required": [
+ "eventType"
+ ],
+ "properties": {
+ "eventType": {
+ "const": "command"
+ },
+ "events": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/expectedCommandEvent"
+ }
+ }
+ }
+ },
+ {
+ "required": [
+ "eventType"
+ ],
+ "properties": {
+ "eventType": {
+ "const": "cmap"
+ },
+ "events": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/expectedCmapEvent"
+ }
+ }
+ }
+ },
+ {
+ "required": [
+ "eventType"
+ ],
+ "properties": {
+ "eventType": {
+ "const": "sdam"
+ },
+ "events": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/expectedSdamEvent"
+ }
+ }
+ }
+ },
+ {
+ "additionalProperties": false,
+ "properties": {
+ "client": {
+ "type": "string"
+ },
+ "events": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/expectedCommandEvent"
+ }
+ },
+ "ignoreExtraEvents": {
+ "type": "boolean"
+ }
+ }
+ }
+ ]
+ },
+ "expectedCommandEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "maxProperties": 1,
+ "minProperties": 1,
+ "properties": {
+ "commandStartedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "command": {
+ "type": "object"
+ },
+ "commandName": {
+ "type": "string"
+ },
+ "databaseName": {
+ "type": "string"
+ },
+ "hasServiceId": {
+ "type": "boolean"
+ },
+ "hasServerConnectionId": {
+ "type": "boolean"
+ }
+ }
+ },
+ "commandSucceededEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "reply": {
+ "type": "object"
+ },
+ "commandName": {
+ "type": "string"
+ },
+ "databaseName": {
+ "type": "string"
+ },
+ "hasServiceId": {
+ "type": "boolean"
+ },
+ "hasServerConnectionId": {
+ "type": "boolean"
+ }
+ }
+ },
+ "commandFailedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "commandName": {
+ "type": "string"
+ },
+ "databaseName": {
+ "type": "string"
+ },
+ "hasServiceId": {
+ "type": "boolean"
+ },
+ "hasServerConnectionId": {
+ "type": "boolean"
+ }
+ }
+ }
+ }
+ },
+ "expectedCmapEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "maxProperties": 1,
+ "minProperties": 1,
+ "properties": {
+ "poolCreatedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "poolReadyEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "poolClearedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "hasServiceId": {
+ "type": "boolean"
+ },
+ "interruptInUseConnections": {
+ "type": "boolean"
+ }
+ }
+ },
+ "poolClosedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "connectionCreatedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "connectionReadyEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "connectionClosedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "reason": {
+ "type": "string"
+ }
+ }
+ },
+ "connectionCheckOutStartedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "connectionCheckOutFailedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "reason": {
+ "type": "string"
+ }
+ }
+ },
+ "connectionCheckedOutEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "connectionCheckedInEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ }
+ }
+ },
+ "expectedSdamEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "maxProperties": 1,
+ "minProperties": 1,
+ "properties": {
+ "serverDescriptionChangedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "previousDescription": {
+ "$ref": "#/definitions/serverDescription"
+ },
+ "newDescription": {
+ "$ref": "#/definitions/serverDescription"
+ }
+ }
+ },
+ "topologyDescriptionChangedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "previousDescription": {
+ "$ref": "#/definitions/topologyDescription"
+ },
+ "newDescription": {
+ "$ref": "#/definitions/topologyDescription"
+ }
+ }
+ },
+ "serverHeartbeatStartedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "awaited": {
+ "type": "boolean"
+ }
+ }
+ },
+ "serverHeartbeatSucceededEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "awaited": {
+ "type": "boolean"
+ }
+ }
+ },
+ "serverHeartbeatFailedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "awaited": {
+ "type": "boolean"
+ }
+ }
+ },
+ "topologyOpeningEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ },
+ "topologyClosedEvent": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ }
+ }
+ },
+ "serverDescription": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "type": {
+ "type": "string",
+ "enum": [
+ "Standalone",
+ "Mongos",
+ "PossiblePrimary",
+ "RSPrimary",
+ "RSSecondary",
+ "RSOther",
+ "RSArbiter",
+ "RSGhost",
+ "LoadBalancer",
+ "Unknown"
+ ]
+ }
+ }
+ },
+ "topologyDescription": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "type": {
+ "type": "string",
+ "enum": [
+ "Single",
+ "Unknown",
+ "ReplicaSetNoPrimary",
+ "ReplicaSetWithPrimary",
+ "Sharded",
+ "LoadBalanced"
+ ]
+ }
+ }
+ },
+ "expectedLogMessagesForClient": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "client",
+ "messages"
+ ],
+ "properties": {
+ "client": {
+ "type": "string"
+ },
+ "messages": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/expectedLogMessage"
+ }
+ },
+ "ignoreExtraMessages": {
+ "type": "boolean"
+ },
+ "ignoreMessages": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/expectedLogMessage"
+ }
+ }
+ }
+ },
+ "expectedLogMessage": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "level",
+ "component",
+ "data"
+ ],
+ "properties": {
+ "level": {
+ "$ref": "#/definitions/logSeverityLevel"
+ },
+ "component": {
+ "$ref": "#/definitions/logComponent"
+ },
+ "data": {
+ "type": "object"
+ },
+ "failureIsRedacted": {
+ "type": "boolean"
+ }
+ }
+ },
+ "collectionOrDatabaseOptions": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "readConcern": {
+ "type": "object"
+ },
+ "readPreference": {
+ "type": "object"
+ },
+ "writeConcern": {
+ "type": "object"
+ },
+ "timeoutMS": {
+ "type": "integer"
+ }
+ }
+ },
+ "serverApi": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "version"
+ ],
+ "properties": {
+ "version": {
+ "type": "string"
+ },
+ "strict": {
+ "type": "boolean"
+ },
+ "deprecationErrors": {
+ "type": "boolean"
+ }
+ }
+ },
+ "operation": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "name",
+ "object"
+ ],
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "object": {
+ "type": "string"
+ },
+ "arguments": {
+ "type": "object"
+ },
+ "ignoreResultAndError": {
+ "type": "boolean"
+ },
+ "expectError": {
+ "$ref": "#/definitions/expectedError"
+ },
+ "expectResult": {},
+ "saveResultAsEntity": {
+ "type": "string"
+ }
+ },
+ "allOf": [
+ {
+ "not": {
+ "required": [
+ "expectError",
+ "expectResult"
+ ]
+ }
+ },
+ {
+ "not": {
+ "required": [
+ "expectError",
+ "saveResultAsEntity"
+ ]
+ }
+ },
+ {
+ "not": {
+ "required": [
+ "ignoreResultAndError",
+ "expectResult"
+ ]
+ }
+ },
+ {
+ "not": {
+ "required": [
+ "ignoreResultAndError",
+ "expectError"
+ ]
+ }
+ },
+ {
+ "not": {
+ "required": [
+ "ignoreResultAndError",
+ "saveResultAsEntity"
+ ]
+ }
+ }
+ ]
+ },
+ "expectedError": {
+ "type": "object",
+ "additionalProperties": false,
+ "minProperties": 1,
+ "properties": {
+ "isError": {
+ "type": "boolean",
+ "const": true
+ },
+ "isClientError": {
+ "type": "boolean"
+ },
+ "isTimeoutError": {
+ "type": "boolean"
+ },
+ "errorContains": {
+ "type": "string"
+ },
+ "errorCode": {
+ "type": "integer"
+ },
+ "errorCodeName": {
+ "type": "string"
+ },
+ "errorLabelsContain": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "type": "string"
+ }
+ },
+ "errorLabelsOmit": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "type": "string"
+ }
+ },
+ "writeErrors": {
+ "type": "object"
+ },
+ "writeConcernErrors": {
+ "type": "array",
+ "items": {
+ "type": "object"
+ }
+ },
+ "errorResponse": {
+ "type": "object"
+ },
+ "expectResult": {}
+ }
+ },
+ "test": {
+ "type": "object",
+ "additionalProperties": false,
+ "required": [
+ "description",
+ "operations"
+ ],
+ "properties": {
+ "description": {
+ "type": "string"
+ },
+ "runOnRequirements": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/runOnRequirement"
+ }
+ },
+ "skipReason": {
+ "type": "string"
+ },
+ "operations": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/operation"
+ }
+ },
+ "expectEvents": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/expectedEventsForClient"
+ }
+ },
+ "expectLogMessages": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/expectedLogMessagesForClient"
+ }
+ },
+ "outcome": {
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "$ref": "#/definitions/collectionData"
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/source/unified-test-format/tests/Makefile b/source/unified-test-format/tests/Makefile
index b7b58cd7a6..1a049e72ce 100644
--- a/source/unified-test-format/tests/Makefile
+++ b/source/unified-test-format/tests/Makefile
@@ -1,4 +1,4 @@
-SCHEMA=../schema-1.22.json
+SCHEMA=../schema-1.23.json
.PHONY: all invalid valid-fail valid-pass atlas-data-lake versioned-api load-balancers gridfs transactions transactions-convenient-api crud collection-management read-write-concern retryable-reads retryable-writes sessions command-logging-and-monitoring client-side-operations-timeout HAS_AJV
diff --git a/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.json b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.json
new file mode 100644
index 0000000000..b85bfffb93
--- /dev/null
+++ b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.json
@@ -0,0 +1,163 @@
+{
+ "description": "poc-queryable-encryption",
+ "schemaVersion": "1.23",
+ "runOnRequirements": [
+ {
+ "minServerVersion": "7.0",
+ "csfle": true
+ }
+ ],
+ "createEntities": [
+ {
+ "client": {
+ "id": "client0",
+ "autoEncryptOpts": {
+ "keyVaultNamespace": "keyvault.datakeys",
+ "kmsProviders": {
+ "local": {
+ "key": "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk"
+ }
+ }
+ }
+ }
+ },
+ {
+ "database": {
+ "id": "encryptedDB",
+ "client": "client0",
+ "databaseName": "poc-queryable-encryption"
+ }
+ },
+ {
+ "collection": {
+ "id": "encryptedColl",
+ "database": "encryptedDB",
+ "collectionName": "encrypted"
+ }
+ }
+ ],
+ "initialData": [
+ {
+ "databaseName": "keyvault",
+ "collectionName": "datakeys",
+ "documents": [
+ {
+ "_id": {
+ "$binary": {
+ "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "keyMaterial": {
+ "$binary": {
+ "base64": "sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==",
+ "subType": "00"
+ }
+ },
+ "creationDate": {
+ "$date": {
+ "$numberLong": "1641024000000"
+ }
+ },
+ "updateDate": {
+ "$date": {
+ "$numberLong": "1641024000000"
+ }
+ },
+ "status": 1,
+ "masterKey": {
+ "provider": "local"
+ }
+ }
+ ]
+ },
+ {
+ "databaseName": "poc-queryable-encryption",
+ "collectionName": "encrypted",
+ "documents": [],
+ "createOptions": {
+ "encryptedFields": {
+ "fields": [
+ {
+ "keyId": {
+ "$binary": {
+ "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+ "subType": "04"
+ }
+ },
+ "path": "encryptedInt",
+ "bsonType": "int",
+ "queries": {
+ "queryType": "equality",
+ "contention": {
+ "$numberLong": "0"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ ],
+ "tests": [
+ {
+ "description": "insert, replace, and find with queryable encryption",
+ "operations": [
+ {
+ "object": "encryptedColl",
+ "name": "insertOne",
+ "arguments": {
+ "document": {
+ "_id": 1,
+ "encryptedInt": 11
+ }
+ }
+ },
+ {
+ "object": "encryptedColl",
+ "name": "replaceOne",
+ "arguments": {
+ "filter": {
+ "encryptedInt": 11
+ },
+ "replacement": {
+ "encryptedInt": 22
+ }
+ }
+ },
+ {
+ "object": "encryptedColl",
+ "name": "find",
+ "arguments": {
+ "filter": {
+ "encryptedInt": 22
+ }
+ },
+ "expectResult": [
+ {
+ "_id": 1,
+ "encryptedInt": 22
+ }
+ ]
+ }
+ ],
+ "outcome": [
+ {
+ "collectionName": "encrypted",
+ "databaseName": "poc-queryable-encryption",
+ "documents": [
+ {
+ "_id": 1,
+ "encryptedInt": {
+ "$$type": "binData"
+ },
+ "__safeContent__": {
+ "$$type": "array"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
diff --git a/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml
new file mode 100644
index 0000000000..8b5f6c46bf
--- /dev/null
+++ b/source/unified-test-format/tests/valid-pass/poc-queryable-encryption.yml
@@ -0,0 +1,73 @@
+description: poc-queryable-encryption
+
+schemaVersion: "1.23"
+
+runOnRequirements:
+ - minServerVersion: "7.0"
+ csfle: true
+
+createEntities:
+ - client:
+ id: &client0 client0
+ autoEncryptOpts:
+ keyVaultNamespace: keyvault.datakeys
+ kmsProviders:
+ local:
+ key: Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk
+ - database:
+ id: &encryptedDB encryptedDB
+ client: *client0
+ databaseName: &encryptedDBName poc-queryable-encryption
+ - collection:
+ id: &encryptedColl encryptedColl
+ database: *encryptedDB
+ collectionName: &encryptedCollName encrypted
+
+initialData:
+ - databaseName: keyvault
+ collectionName: datakeys
+ documents:
+ - _id: &keyid { $binary: { base64: EjRWeBI0mHYSNBI0VniQEg==, subType: "04" } }
+ keyMaterial: { $binary: { base64: sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==, subType: "00" } }
+ creationDate: { $date: { $numberLong: "1641024000000" } }
+ updateDate: { $date: { $numberLong: "1641024000000" } }
+ status: 1
+ masterKey:
+ provider: local
+ - databaseName: *encryptedDBName
+ collectionName: *encryptedCollName
+ documents: []
+ createOptions:
+ encryptedFields:
+ fields:
+ - keyId: *keyid
+ path: 'encryptedInt'
+ bsonType: 'int'
+ queries: {'queryType': 'equality', 'contention': {'$numberLong': '0'}}
+
+tests:
+ - description: insert, replace, and find with queryable encryption
+ operations:
+ - object: *encryptedColl
+ name: insertOne
+ arguments:
+ document:
+ _id: 1
+ encryptedInt: 11
+ - object: *encryptedColl
+ name: replaceOne
+ arguments:
+ filter: { encryptedInt: 11 }
+ replacement: { encryptedInt: 22 }
+ - object: *encryptedColl
+ name: find
+ arguments:
+ filter: { encryptedInt: 22 }
+ expectResult:
+ - _id: 1
+ encryptedInt: 22
+ outcome:
+ - collectionName: *encryptedCollName
+ databaseName: *encryptedDBName
+ documents:
+ - { _id: 1, encryptedInt: { $$type: binData }, __safeContent__: { $$type: array} }
\ No newline at end of file
diff --git a/source/unified-test-format/unified-test-format.md b/source/unified-test-format/unified-test-format.md
index 6e56e63544..5f0a0ae5f4 100644
--- a/source/unified-test-format/unified-test-format.md
+++ b/source/unified-test-format/unified-test-format.md
@@ -534,6 +534,20 @@ The structure of this object is as follows:
client.
- `serverApi`: Optional [serverApi](#serverapi) object.
+
+
+ - `autoEncryptOpts`: Optional object corresponding to
+ [AutoEncryptionOpts](../client-side-encryption/client-side-encryption.md#mongoclient-changes) with the following
+ fields:
+ - `kmsProviders`: The same as in [`clientEncryption`](#entity_clientEncryption).
+ - `keyVaultNamespace`: The same as in [`clientEncryption`](#entity_clientEncryption).
+ - `bypassAutoEncryption`: Optional, a boolean to indicate whether or not auto encryption should be bypassed.
+ - `schemaMap`: Optional object. Maps namespaces to CSFLE schemas.
+ - `encryptedFieldsMap`: Optional object. Maps namespaces to QE schemas.
+ - `extraOptions`: Optional object. Configuration options for the encryption library.
+ - `bypassQueryAnalysis`: Optional. Disables analysis of outgoing commands. Defaults to `false`.
+ - `keyExpirationMS`: The same as in [`clientEncryption`](#entity_clientEncryption).
+
- `clientEncryption`: Optional object. Defines a ClientEncryption object.
@@ -2780,7 +2794,7 @@ Contexts where one might encounter a root-level document include:
include:
- [aggregate](#aggregate)
- - [find](#find))
+ - [find](#find)
- [listCollections](#listcollections), listDatabases, and listIndexes
- [listSearchIndexes](#listsearchindexes)
- [runCursorCommand](#runcursorcommand)
@@ -3522,19 +3536,6 @@ would need to represent streams as entities and support IO operations to directl
entity. This may not be worth the added complexity if the existing operations provide adequate test coverage for GridFS
implementations.
-### Support Client-side Encryption integration tests
-
-Supporting client-side encryption spec tests will require the following changes to the test format:
-
-- `json_schema` will need to be specified when creating a collection, via either the collection entity definition or
- [initialData](#initialData).
-- `key_vault_data` can be expressed via [initialData](#initialData)
-- `autoEncryptOpts` will need to be specified when defining a client entity. Preparation of this field may require
- reading AWS credentials from environment variables.
-
-The process for executing tests should not require significant changes, but test files will need to express a dependency
-on mongocryptd.
-
### Incorporate referenced entity operations into the schema version
The [Schema Version](#schema-version) is not impacted by changes to operations defined in other specs and referenced in
@@ -3552,6 +3553,10 @@ other specs *and* collating spec changes developed in parallel or during the sam
## Changelog
+- 2025-01-21: **Schema version 1.23.**
+
+ Support automatic encryption. Add `autoEncryptOpts` to `client` entity.
+
- 2024-11-12: **Schema version 1.22.**
Add `keyExpirationMS` to `clientEncryption` entity.