[DRIVERS-698] FLE GA Support Spec Changes Created: 30/Jul/19  Updated: 14/Oct/21  Resolved: 05/Mar/20

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Epic Priority: Major - P3
Reporter: Kevin Albertson Assignee: Unassigned
Resolution: Done Votes: 0
Labels: driver-planning-backlog
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on NODE-2094 FLE GA Support Closed
depends on NODE-2255 FLE GA Spec changes Closed
Quarter: FY20Q4
Driver Compliance:
Key Status/Resolution FixVersion
NODE-2094 Fixed 3.4.0
NODE-2255 Fixed mongodb-client-encryption-1.0.0

 Description   

This ticket groups multiple small changes made to the Client Side Encryption spec. Each individual SPEC ticket has more detailed information and links to the associated PR, but the following summarizes necessary changes

SPEC-1431 Add API for specifying a custom endpoint with AWS masterkey provider

  • Update bindings to libmongocrypt to call mongocrypt_ctx_setopt_masterkey_aws_endpoint with the value of "endpoint" is passed DataKeyOpts.masterKey
  • Update libmongocrypt to latest version.
  • Implement prose test under the section Custom Endpoint Test.

SPEC-1449 createDataKey returns UUID

  • Update the return type (if necessary) of createDataKey to be a BSON binary

SPEC-1469 silence mongocryptd by default

SPEC-1466 test that fetching keys uses readConcern=majority

  • Resync the FLE JSON spec tests

SPEC-1452 test that created data keys insert with majority writeConcern

SPEC-1397 limit 2MiB limit to bulk writes

Issues with the "Spec Test Format" section:

  • client_side_enencryption_opts in the "Spec Test Format" section should be auto_encrypt_opts Fixed in https://github.com/mongodb/specifications/pull/623.
  • auto_encrypt_opts should be autoEncryptOpts
  • kms_providers should be kmsProviders
  • schema_map should be schemaMap
  • bypassAutoEncryption is missing from the list of auto encryption options
  • Some operations don't have an object field. It should be documented that this defaults to "collection" if omitted.

Issues with the "Use as integration tests" section:

  • The json_schema field should be mentioned to describe how the collection should be created.
  • The description for setting up the test collection and inserting the test data uses the MongoClient created with the test's clientOptions. For tests with invalid encryption settings (e.g. "an insert with encrypted field on _id errors" in badQueries.json), using this client will cause the data insertion to fail. The test data should be inserted using a different client with no encryption enabled.

Issues with various tests:

  • "operation fails with maxWireVersion < 8" in maxWireVersion.json - the error is expected to contain "Auto-encryption requires a minimum MongoDB version of 4.2" but the spec only says "Drivers MUST raise an error when attempting to auto encrypt a command if the maxWireVersion is less than 8" and does not specify the message.
  • "getMore with encryption" in getMore.json - results field should be result.
  • Corpus test step 9 - ClientEncryption has no schemaMap option.

Generated at Thu Feb 08 08:22:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.