Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-698

FLE GA Support Spec Changes

    • Type: Icon: Epic Epic
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: None
    • Done
    • FLE GA

      This ticket groups multiple small changes made to the Client Side Encryption spec. Each individual SPEC ticket has more detailed information and links to the associated PR, but the following summarizes necessary changes

      SPEC-1431 Add API for specifying a custom endpoint with AWS masterkey provider

      • Update bindings to libmongocrypt to call mongocrypt_ctx_setopt_masterkey_aws_endpoint with the value of "endpoint" is passed DataKeyOpts.masterKey
      • Update libmongocrypt to latest version.
      • Implement prose test under the section Custom Endpoint Test.

      SPEC-1449 createDataKey returns UUID

      • Update the return type (if necessary) of createDataKey to be a BSON binary

      SPEC-1469 silence mongocryptd by default

      SPEC-1466 test that fetching keys uses readConcern=majority

      • Resync the FLE JSON spec tests

      SPEC-1452 test that created data keys insert with majority writeConcern

      SPEC-1397 limit 2MiB limit to bulk writes

      Issues with the "Spec Test Format" section:

      • client_side_enencryption_opts in the "Spec Test Format" section should be auto_encrypt_opts Fixed in https://github.com/mongodb/specifications/pull/623.
      • auto_encrypt_opts should be autoEncryptOpts
      • kms_providers should be kmsProviders
      • schema_map should be schemaMap
      • bypassAutoEncryption is missing from the list of auto encryption options
      • Some operations don't have an object field. It should be documented that this defaults to "collection" if omitted.

      Issues with the "Use as integration tests" section:

      • The json_schema field should be mentioned to describe how the collection should be created.
      • The description for setting up the test collection and inserting the test data uses the MongoClient created with the test's clientOptions. For tests with invalid encryption settings (e.g. "an insert with encrypted field on _id errors" in badQueries.json), using this client will cause the data insertion to fail. The test data should be inserted using a different client with no encryption enabled.

      Issues with various tests:

      • "operation fails with maxWireVersion < 8" in maxWireVersion.json - the error is expected to contain "Auto-encryption requires a minimum MongoDB version of 4.2" but the spec only says "Drivers MUST raise an error when attempting to auto encrypt a command if the maxWireVersion is less than 8" and does not specify the message.
      • "getMore with encryption" in getMore.json - results field should be result.
      • Corpus test step 9 - ClientEncryption has no schemaMap option.

            Assignee:
            Unassigned Unassigned
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: