From d6a33942fbece09a5916532ce2feb68135315310 Mon Sep 17 00:00:00 2001 From: gagik Date: Fri, 4 Apr 2025 12:33:34 +0200 Subject: [PATCH] chore(deps): add test for $lookup with field level encryption COMPASS-8816 --- .../service-provider-node-driver/package.json | 2 +- .../src/field-level-encryption.spec.ts | 93 ++++++++++++++++++- 2 files changed, 93 insertions(+), 2 deletions(-) diff --git a/packages/service-provider-node-driver/package.json b/packages/service-provider-node-driver/package.json index d40b92094f..e6be27669c 100644 --- a/packages/service-provider-node-driver/package.json +++ b/packages/service-provider-node-driver/package.json @@ -59,7 +59,7 @@ }, "optionalDependencies": { "kerberos": "2.1.0", - "mongodb-client-encryption": "^6.1.1" + "mongodb-client-encryption": "^6.3.0" }, "devDependencies": { "@mongodb-js/eslint-config-mongosh": "^1.0.0", diff --git a/packages/shell-api/src/field-level-encryption.spec.ts b/packages/shell-api/src/field-level-encryption.spec.ts index 9fab4b6246..0cf6b21cbc 100644 --- a/packages/shell-api/src/field-level-encryption.spec.ts +++ b/packages/shell-api/src/field-level-encryption.spec.ts @@ -960,7 +960,7 @@ srDVjIT3LsvTqw==`, return; } expect.fail('missed exception'); - break; + // eslint-disable-next-line no-fallthrough default: throw new Error(`unreachable ${kmsName}`); } @@ -1058,6 +1058,97 @@ srDVjIT3LsvTqw==`, expect(printedOutput).to.deep.equal([]); }); + it('allows $lookup with a collection with automatic encryption', async function () { + const keyMongo = new Mongo( + instanceState, + uri, + { + keyVaultNamespace: `${dbname}.__keyVault`, + kmsProviders: { local: { key: 'A'.repeat(128) } }, + }, + {}, + serviceProvider + ); + + await keyMongo.connect(); + instanceState.mongos.push(keyMongo); + + const keyVault = await keyMongo.getKeyVault(); + + const dataKey1 = await keyVault.createKey('local'); + const dataKey2 = await keyVault.createKey('local'); + + const schemaMap = { + [`${dbname}.coll1`]: { + bsonType: 'object', + properties: { + phoneNumber: { + encrypt: { + bsonType: 'string', + keyId: [dataKey1], + algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', + }, + }, + key: { + bsonType: 'string', + }, + }, + }, + [`${dbname}.coll2`]: { + bsonType: 'object', + properties: { + phoneNumber: { + encrypt: { + bsonType: 'string', + keyId: [dataKey2], + algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', + }, + }, + key: { + bsonType: 'string', + }, + }, + }, + }; + + const autoMongo = new Mongo(instanceState, uri, { + keyVaultNamespace: `${dbname}.__keyVault`, + kmsProviders: { local: { key: 'A'.repeat(128) } }, + schemaMap, + }); + + const coll1 = autoMongo.getDB(dbname).getCollection('coll1'); + await coll1.insertMany([ + { phoneNumber: '123-456-7890', key: 'foo' }, + { phoneNumber: '123-456-7891', key: 'bar' }, + ]); + + const coll2 = autoMongo.getDB(dbname).getCollection('coll2'); + await coll2.insertMany([ + { phoneNumber: '123-456-7892', key: 'baz' }, + { phoneNumber: '123-456-7893', key: 'foo' }, + ]); + const result = await ( + await coll1.aggregate([ + { + $lookup: { + from: 'coll2', + localField: 'key', + foreignField: 'key', + as: 'lookupMatch', + }, + }, + ]) + ) + .map(({ key, lookupMatch }) => ({ key, size: lookupMatch.length })) + .toArray(); + + expect(result).deep.equals([ + { key: 'foo', size: 1 }, + { key: 'bar', size: 0 }, + ]); + }); + it('prints a warning when creating the keyAltNames index fails', async function () { const mongo = new Mongo( instanceState,