collMod cannot be run successfully on an auto-encryption-enabled client to set a FLE1 JSON schema on a collection that does not have a schema yet, failing with validator with $jsonSchema must be identical to FLE 1 jsonSchema parameter (error code 6491101, coming from mongocryptd/shared library).
Repro using Node.js driver:
import { MongoClient, Binary } from 'mongodb'; // mongodb@4.8.1, mongodb-client-encryption@2.2.0-alpha.5 const client = await MongoClient.connect('mongodb://localhost', { autoEncryption: { keyVaultNamespace: 'encryption.__keyVault', kmsProviders: { local: { key: Buffer.alloc(96) } }, } }); await client.db('test').command({ collMod: 'test', validator: { $jsonSchema: { bsonType: 'object', properties: { ssn: { encrypt: { bsonType: 'number', algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', keyId: [new Binary(Buffer.alloc(16), 4)] } } } } } }); await client.close();
Message sent to mongocryptd:
{
collMod: 'test',
validator: {
'$jsonSchema': {
bsonType: 'object',
properties: {
ssn: {
encrypt: {
bsonType: 'number',
algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
keyId: [
new Binary(Buffer.from("00000000000000000000000000000000", "hex"), 4)
]
}
}
}
}
},
jsonSchema: {},
isRemoteSchema: true,
'$db': 'test'
}
- related to
-
SERVER-64911 Ban comparisons to encrypted fields in collection validator and partialFilterExpression
-
- Closed
-
-
MONGOCRYPT-429 Do not bypass create, collMod, or createIndexes
-
- Closed
-