[MONGOCRYPT-12] Should not enter NEED_MONGO_MARKINGS state if there is no schema Created: 04/Jun/19  Updated: 27/Oct/23  Resolved: 07/Jun/19

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Jeffrey Yemin Assignee: Unassigned
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: Build libmongocrypt library

 Description   

Working with matt.broadstone on some test failures, and happened to run across something while stepping through the type=int spec test. I see the following commands being sent to be marked by mongocryptd:

{"insert": "default", "ordered": true, "documents": [{"_id": 1, "encrypted_int": 123}], "jsonSchema": {"properties": {"encrypted_int": {"encrypt": {"keyId": [{"$binary": "AAAAAAAAAAAAAAAAAAAAAA==", "$type": "04"}], "bsonType": "int", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"}}}, "bsonType": "object"}, "isRemoteSchema": false}
 
{"find": "datakeys", "filter": {"$or": [{"_id": {"$in": [{"$binary": "AAAAAAAAAAAAAAAAAAAAAA==", "$type": "04"}]}}, {"keyAltNames": {"$in": []}}]}, "jsonSchema": {}, "isRemoteSchema": true}
 
{"find": "default", "filter": {"_id": 1}, "jsonSchema": {"properties": {"encrypted_int": {"encrypt": {"keyId": [{"$binary": "AAAAAAAAAAAAAAAAAAAAAA==", "$type": "04"}], "bsonType": "int", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"}}}, "bsonType": "object"}, "isRemoteSchema": false}

The first and third are expected, but the second surprised me. This is the key vault query, and there is no local or remote schema for the key vault collection, so I would not expect the state machine to enter the NEED_MONGO_MARKINGS state at all.



 Comments   
Comment by Jeffrey Yemin [ 07/Jun/19 ]

Ah, that's right.  Thanks for the explanation.

Comment by Kevin Albertson [ 07/Jun/19 ]

For commands that are supported and not bypassed, even if there is no collection schema it is intended that we send the command to mongocryptd. This was to catch problems like doing an aggregate on an unencrypted collection that contained a $lookup on a foreign collection with encrypted fields

Generated at Thu Feb 08 09:07:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.