PHPLIB-1071: Do not create ECC collection and check wire version for QEv2 (#1084)

* Sync spec tests for QEv2 without ECC collection

Synced to mongodb/specifications@eb3d882

* Check for omitted fields at any level of observed commands

The original logic in the Transactions legacy test runner only handled assertions for top-level fields. This adds logic to check fields within embedded documents, as needed by the CSFLE tests.

* Remove ecc collection from CreateEncryptedCollection and DropEncryptedCollection

* Check wire version for Queryable Encryption support in CreateEncryptedCollection

Author: jmikola

src/Database.php

@@ -313,6 +313,7 @@ public function createCollection(string $collectionName, array $options = [])
      * @return array A tuple containing the command result document from creating the collection and the modified "encryptedFields" option
      * @throws InvalidArgumentException for parameter/option parsing errors
      * @throws CreateEncryptedCollectionException for any errors creating data keys or creating the collection
+     * @throws UnsupportedException if Queryable Encryption is not supported by the selected server
      */
     public function createEncryptedCollection(string $collectionName, ClientEncryption $clientEncryption, string $kmsProvider, ?array $masterKey, array $options): array
     {

src/Operation/CreateEncryptedCollection.php

@@ -22,10 +22,12 @@
 use MongoDB\Driver\Exception\RuntimeException as DriverRuntimeException;
 use MongoDB\Driver\Server;
 use MongoDB\Exception\InvalidArgumentException;
+use MongoDB\Exception\UnsupportedException;
 
 use function array_key_exists;
 use function is_array;
 use function is_object;
+use function MongoDB\server_supports_feature;
 
 /**
  * Create an encrypted collection.
@@ -44,6 +46,9 @@
  */
 class CreateEncryptedCollection implements Executable
 {
+    /** @var integer */
+    private static $wireVersionForQueryableEncryptionV2 = 21;
+
     /** @var CreateCollection */
     private $createCollection;
 
@@ -81,13 +86,12 @@ public function __construct(string $databaseName, string $collectionName, array
 
         $this->createCollection = new CreateCollection($databaseName, $collectionName, $options);
 
-        /** @psalm-var array{eccCollection?: ?string, ecocCollection?: ?string, escCollection?: ?string} */
+        /** @psalm-var array{ecocCollection?: ?string, escCollection?: ?string} */
         $encryptedFields = (array) $options['encryptedFields'];
         $enxcolOptions = ['clusteredIndex' => ['key' => ['_id' => 1], 'unique' => true]];
 
         $this->createMetadataCollections = [
             new CreateCollection($databaseName, $encryptedFields['escCollection'] ?? 'enxcol_.' . $collectionName . '.esc', $enxcolOptions),
-            new CreateCollection($databaseName, $encryptedFields['eccCollection'] ?? 'enxcol_.' . $collectionName . '.ecc', $enxcolOptions),
             new CreateCollection($databaseName, $encryptedFields['ecocCollection'] ?? 'enxcol_.' . $collectionName . '.ecoc', $enxcolOptions),
         ];
 
@@ -150,9 +154,14 @@ public function createDataKeys(ClientEncryption $clientEncryption, string $kmsPr
      * @see Executable::execute()
      * @return array|object Command result document from creating the encrypted collection
      * @throws DriverRuntimeException for other driver errors (e.g. connection errors)
+     * @throws UnsupportedException if the server does not support Queryable Encryption
      */
     public function execute(Server $server)
     {
+        if (! server_supports_feature($server, self::$wireVersionForQueryableEncryptionV2)) {
+            throw new UnsupportedException('Driver support of Queryable Encryption is incompatible with server. Upgrade server to use Queryable Encryption.');
+        }
+
         foreach ($this->createMetadataCollections as $createMetadataCollection) {
             $createMetadataCollection->execute($server);
         }

src/Operation/DropEncryptedCollection.php

@@ -71,12 +71,11 @@ public function __construct(string $databaseName, string $collectionName, array
             throw InvalidArgumentException::invalidType('"encryptedFields" option', $options['encryptedFields'], ['array', 'object']);
         }
 
-        /** @psalm-var array{eccCollection?: ?string, ecocCollection?: ?string, escCollection?: ?string} */
+        /** @psalm-var array{ecocCollection?: ?string, escCollection?: ?string} */
         $encryptedFields = (array) $options['encryptedFields'];
 
         $this->dropMetadataCollections = [
             new DropCollection($databaseName, $encryptedFields['escCollection'] ?? 'enxcol_.' . $collectionName . '.esc'),
-            new DropCollection($databaseName, $encryptedFields['eccCollection'] ?? 'enxcol_.' . $collectionName . '.ecc'),
             new DropCollection($databaseName, $encryptedFields['ecocCollection'] ?? 'enxcol_.' . $collectionName . '.ecoc'),
         ];
 

tests/SpecTests/ClientSideEncryptionSpecTest.php

@@ -278,11 +278,15 @@ public function setUp(): void
     /**
      * Assert that the expected and actual command documents match.
      *
+     * Note: this method may modify the $expected object.
+     *
      * @param stdClass $expected Expected command document
      * @param stdClass $actual   Actual command document
      */
     public static function assertCommandMatches(stdClass $expected, stdClass $actual): void
     {
+        static::assertCommandOmittedFields($expected, $actual);
+
         static::assertDocumentsMatch($expected, $actual);
     }
 

tests/SpecTests/FunctionalTestCase.php

@@ -16,6 +16,7 @@
 use function json_encode;
 use function MongoDB\BSON\fromJSON;
 use function MongoDB\BSON\toPHP;
+use function property_exists;
 use function sprintf;
 use function version_compare;
 
@@ -95,6 +96,28 @@ public static function assertDocumentsMatch($expectedDocument, $actualDocument,
         static::assertThat($actualDocument, $constraint, $message);
     }
 
+    /**
+     * Assert omitted fields in command documents.
+     *
+     * Note: this method may modify the $expected object.
+     *
+     * @see https://github.com/mongodb/specifications/blob/master/source/transactions/tests/README.rst#null-values
+     */
+    protected static function assertCommandOmittedFields(stdClass $expected, stdClass $actual): void
+    {
+        foreach ($expected as $key => $value) {
+            if ($value === null) {
+                static::assertObjectNotHasAttribute($key, $actual);
+                unset($expected->{$key});
+                continue;
+            }
+
+            if ($value instanceof stdClass && property_exists($actual, $key) && $actual->{$key} instanceof stdClass) {
+                static::assertCommandOmittedFields($value, $actual->{$key});
+            }
+        }
+    }
+
     /**
      * Assert data within the outcome collection.
      */

tests/SpecTests/TransactionsSpecTest.php

@@ -62,6 +62,7 @@ public function tearDown(): void
      *
      * Note: this method may modify the $expected object.
      *
+     * @see https://github.com/mongodb/specifications/blob/master/source/transactions/tests/README.rst#command-started-events
      * @param stdClass $expected Expected command document
      * @param stdClass $actual   Actual command document
      */
@@ -100,12 +101,7 @@ public static function assertCommandMatches(stdClass $expected, stdClass $actual
          * preferable to skipping the txnNumber assertion. */
         //unset($expected['txnNumber']);
 
-        foreach ($expected as $key => $value) {
-            if ($value === null) {
-                static::assertObjectNotHasAttribute($key, $actual);
-                unset($expected->{$key});
-            }
-        }
+        static::assertCommandOmittedFields($expected, $actual);
 
         static::assertDocumentsMatch($expected, $actual);
     }

tests/SpecTests/client-side-encryption/etc/data/encryptedFields-Range-Date.json

@@ -0,0 +1,33 @@
+{
+    "fields": [
+        {
+            "keyId": {
+                "$binary": {
+                    "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+                    "subType": "04"
+                }
+            },
+            "path": "encryptedDate",
+            "bsonType": "date",
+            "queries": {
+                "queryType": "rangePreview",
+                "contention": {
+                    "$numberLong": "0"
+                },
+                "sparsity": {
+                    "$numberLong": "1"
+                },
+                "min": {
+                    "$date": {
+                        "$numberLong": "0"
+                    }
+                },
+                "max": {
+                    "$date": {
+                        "$numberLong": "200"
+                    }
+                }
+            }
+        }
+    ]
+}

tests/SpecTests/client-side-encryption/etc/data/encryptedFields-Range-Decimal.json

@@ -0,0 +1,23 @@
+{
+  "fields": [
+    {
+      "keyId": {
+        "$binary": {
+          "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+          "subType": "04"
+        }
+      },
+      "path": "encryptedDecimal",
+      "bsonType": "decimal",
+      "queries": {
+        "queryType": "rangePreview",
+        "contention": {
+          "$numberLong": "0"
+        },
+        "sparsity": {
+          "$numberLong": "1"
+        }
+      }
+    }
+  ]
+}

tests/SpecTests/client-side-encryption/etc/data/encryptedFields-Range-DecimalPrecision.json

@@ -0,0 +1,32 @@
+{
+  "fields": [
+    {
+      "keyId": {
+        "$binary": {
+          "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+          "subType": "04"
+        }
+      },
+      "path": "encryptedDecimalPrecision",
+      "bsonType": "decimal",
+      "queries": {
+        "queryType": "rangePreview",
+        "contention": {
+          "$numberLong": "0"
+        },
+        "sparsity": {
+          "$numberLong": "1"
+        },
+        "min": {
+          "$numberDecimal": "0.0"
+        },
+        "max": {
+          "$numberDecimal": "200.0"
+        },
+        "precision": {
+          "$numberInt": "2"
+        }
+      }
+    }
+  ]
+}

tests/SpecTests/client-side-encryption/etc/data/encryptedFields-Range-Double.json

@@ -0,0 +1,23 @@
+{
+  "fields": [
+    {
+      "keyId": {
+        "$binary": {
+          "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+          "subType": "04"
+        }
+      },
+      "path": "encryptedDouble",
+      "bsonType": "double",
+      "queries": {
+        "queryType": "rangePreview",
+        "contention": {
+          "$numberLong": "0"
+        },
+        "sparsity": {
+          "$numberLong": "1"
+        }
+      }
+    }
+  ]
+}

tests/SpecTests/client-side-encryption/etc/data/encryptedFields-Range-DoublePrecision.json

@@ -0,0 +1,32 @@
+{
+  "fields": [
+    {
+      "keyId": {
+        "$binary": {
+          "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+          "subType": "04"
+        }
+      },
+      "path": "encryptedDoublePrecision",
+      "bsonType": "double",
+      "queries": {
+        "queryType": "rangePreview",
+        "contention": {
+          "$numberLong": "0"
+        },
+        "sparsity": {
+          "$numberLong": "1"
+        },
+        "min": {
+          "$numberDouble": "0.0"
+        },
+        "max": {
+          "$numberDouble": "200.0"
+        },
+        "precision": {
+          "$numberInt": "2"
+        }
+      }
+    }
+  ]
+}

tests/SpecTests/client-side-encryption/etc/data/encryptedFields-Range-Int.json

@@ -0,0 +1,29 @@
+{
+  "fields": [
+    {
+      "keyId": {
+        "$binary": {
+          "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+          "subType": "04"
+        }
+      },
+      "path": "encryptedInt",
+      "bsonType": "int",
+      "queries": {
+        "queryType": "rangePreview",
+        "contention": {
+          "$numberLong": "0"
+        },
+        "sparsity": {
+          "$numberLong": "1"
+        },
+        "min": {
+          "$numberInt": "0"
+        },
+        "max": {
+          "$numberInt": "200"
+        }
+      }
+    }
+  ]
+}

tests/SpecTests/client-side-encryption/etc/data/encryptedFields-Range-Long.json

@@ -0,0 +1,29 @@
+{
+  "fields": [
+    {
+      "keyId": {
+        "$binary": {
+          "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+          "subType": "04"
+        }
+      },
+      "path": "encryptedLong",
+      "bsonType": "long",
+      "queries": {
+        "queryType": "rangePreview",
+        "contention": {
+          "$numberLong": "0"
+        },
+        "sparsity": {
+          "$numberLong": "1"
+        },
+        "min": {
+          "$numberLong": "0"
+        },
+        "max": {
+          "$numberLong": "200"
+        }
+      }
+    }
+  ]
+}

tests/SpecTests/client-side-encryption/etc/data/encryptedFields.json

@@ -1,7 +1,4 @@
 {
-  "escCollection": "enxcol_.default.esc",
-  "eccCollection": "enxcol_.default.ecc",
-  "ecocCollection": "enxcol_.default.ecoc",
   "fields": [
     {
       "keyId": {
@@ -30,4 +27,4 @@
       "bsonType": "string"
     }
   ]
-}
+}