collMod cannot be run successfully on an auto-encryption-enabled client to set a FLE1 JSON schema on a collection that does not have a schema yet, failing with validator with $jsonSchema must be identical to FLE 1 jsonSchema parameter (error code 6491101, coming from mongocryptd/shared library).
Repro using Node.js driver:
import { MongoClient, Binary } from 'mongodb'; // mongodb@4.8.1, mongodb-client-encryption@2.2.0-alpha.5 const client = await MongoClient.connect('mongodb://localhost', { autoEncryption: { keyVaultNamespace: 'encryption.__keyVault', kmsProviders: { local: { key: Buffer.alloc(96) } }, } }); await client.db('test').command({ collMod: 'test', validator: { $jsonSchema: { bsonType: 'object', properties: { ssn: { encrypt: { bsonType: 'number', algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', keyId: [new Binary(Buffer.alloc(16), 4)] } } } } } }); await client.close();
Message sent to mongocryptd:
{ collMod: 'test', validator: { '$jsonSchema': { bsonType: 'object', properties: { ssn: { encrypt: { bsonType: 'number', algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic', keyId: [ new Binary(Buffer.from("00000000000000000000000000000000", "hex"), 4) ] } } } } }, jsonSchema: {}, isRemoteSchema: true, '$db': 'test' }
- related to
-
SERVER-64911 Ban comparisons to encrypted fields in collection validator and partialFilterExpression
- Closed
-
MONGOCRYPT-429 Do not bypass create, collMod, or createIndexes
- Closed