test(NODE-4227): add explicit encryption prose tests #3297
Conversation
durran
force-pushed
the
NODE-4227
branch
2 times, most recently
from
a9e1a3f to
afd2724
Compare
durran
force-pushed
the
NODE-4227
branch
2 times, most recently
from
00a9c16 to
29e3f35
Compare
| @@ -40,6 +40,14 @@ const metadata = { | |||
| } | |||
| }; | |||
|
|
|||
| const eeMetadata = { | |||
There was a problem hiding this comment.
#12 prose test section for explicit encryption requires server 6.0 and higher and not standalone.
| beforeEach(async function () { | ||
| const mongodbClientEncryption = this.configuration.mongodbClientEncryption; | ||
| // Load the file encryptedFields.json as encryptedFields. | ||
| encryptedFields = EJSON.parse( |
There was a problem hiding this comment.
Data for the encryptedFields option and key document are now provided in 2 new files in the etc/ directory in the csfle spec directory.
| // Assert 10 documents are returned. Assert each returned document contains the | ||
| // field { "encryptedIndexed": "encrypted indexed value" }. | ||
| const collection = encryptedClient.db('db').collection('explicit_encryption'); | ||
| const result = await collection.find({ encryptedIndexed: findPayload2 }).toArray(); |
There was a problem hiding this comment.
Just pointing out I find this absolutely crazy. A value is directly encrypted on line 1603 with a contention factor equal to the amount of documents in the collection that would match the original value of the field. But each field's encrypted value would not match the encrypted value passed to the find in theory as all the bin data would be different for each document on insert. But it still matches all of them. Mind blown.
| }); | ||
| }); | ||
|
|
||
| context('Case 4: can roundtrip encrypted indexed', eeMetadata, function () { |
There was a problem hiding this comment.
These last 2 are just encrypt/decrypt roundtrips. So pretty straightforward.
| function dropCollection(dbObj, collectionName) { | ||
| return dbObj.dropCollection(collectionName).catch(ignoreNsNotFound); | ||
| function dropCollection(dbObj, collectionName, options = {}) { | ||
| return dbObj.dropCollection(collectionName, options).catch(ignoreNsNotFound); |
There was a problem hiding this comment.
Just adding the ability to pass options to the dropCollection helper. If we pass encryptedFields here an extra 3 collections will get dropped. (The esc/ecc/ecoc collections)
There was a problem hiding this comment.
Do you want to drop these tests from the libmongocrypt repo? https://github.com/mongodb/libmongocrypt/blob/93b82421dfe9ad472ef12b26a47aa94e631f9be1/bindings/node/test/clientEncryption.test.js#L584-L797
Fwiw, I really like that the Node.js driver deviates from other drivers and instead maintains a lot more functionality in the libmongocrypt repo (i.e. the full AutoEncrypter and ClientEncryption classes, rather than just raw bindings).
I think it's fine to keep them there - can't have too many tests. :) |
dariakp
added
the
Primary Review
| requires: { | ||
| clientSideEncryption: true, | ||
| mongodb: '>=6.0.0', | ||
| topology: ['replicaset', 'sharded'] |
There was a problem hiding this comment.
what about load balanced? is that considered more like a standalone?
There was a problem hiding this comment.
We don't run the other fle tests against load balanced clusters so I was keeping in line with that. The spec in general pre-dates the load balancer spec and does not mention that topology at all, and enabling it got some strange setup errors that I felt were outside the scope of the ticket. I can create a ticket to look into running all the fle tests with load balancers as well.
There was a problem hiding this comment.
I think we should check with the spec owners regarding this, and maybe file a drivers ticket to add lb to the testing matrix if it makes sense to do so, then the node ticket will automatically come down to us
There was a problem hiding this comment.
Just for context, the reason for requiring these topologies is that QE requires transactions, which in turn requires a replset topology. I guess technically one could run a load balancer in front of a single standalone node, but I assume that won’t happen in practice or in tests?
There was a problem hiding this comment.
Just as a follow up, other drivers are not running prose tests against a load balancer. However, the LB spec says it should run all tests in unified format so we'll need to make sure the new FLE unified tests are running against a load balanced topology.
test/integration/client-side-encryption/client_side_encryption.prose.test.js
Outdated
Show resolved
Hide resolved
test/integration/client-side-encryption/client_side_encryption.prose.test.js
Outdated
Show resolved
Hide resolved
test/integration/client-side-encryption/client_side_encryption.prose.test.js
Outdated
Show resolved
Hide resolved
dariakp
added
Team Review
Description
Adds explicit encryption prose tests
What is changing?
Adds 5 new prose tests for #12 in the client side encryption spec. https://github.com/mongodb/specifications/blob/7f37c9325b423223edf54d795afed444e6989b98/source/client-side-encryption/tests/README.rst#explicit-encryption
I've also included the spec prose test language in code comments in the test here for easier following.
Is there new documentation needed for these changes?
No
What is the motivation for this change?
NODE-4227
Double check the following
npm run check:lintscript<type>(NODE-xxxx)<!>: <description>