-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Query Optimization
-
None
-
None
-
None
-
None
-
None
-
None
-
None
If $ssn is not encrypted, then the following pipeline would return results:
[{$project: {ssn: 1}}, {$match: {$expr: {$eq: ["$ssn", "123"]}}}]
When $ssn is encrypted, the $match is rewritten into an $or of $ins like {$in: [tag, safeContent]}. However, after the $project, the safeContent field has been projected out, and the pipeline fails with a PlanExecutor error because safeContent is missing.
One potential approach is to treat the safeContent field similarly to _id and have it be implicitly included by $project. A broader approach may be needed to support more complicated pipelines which change the shape of the documents.
- is related to
-
SERVER-65506 FLE2 server rewrite does not correctly handle pipelines which project out the safeContent field
-
- Closed
-