[MONGOCRYPT-463] collMod with FLE1 does not allow setting schema Created: 27/Jul/22  Updated: 28/Oct/23  Resolved: 12/Aug/22

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: 1.5.1
Fix Version/s: 1.6.0, 1.5.3

Type: Bug Priority: Major - P3
Reporter: Anna Henningsen Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-64911 Ban comparisons to encrypted fields i... Closed
related to MONGOCRYPT-429 Do not bypass create, collMod, or cre... Closed
Binding Changes: Not Needed

 Description   

collMod cannot be run successfully on an auto-encryption-enabled client to set a FLE1 JSON schema on a collection that does not have a schema yet, failing with validator with $jsonSchema must be identical to FLE 1 jsonSchema parameter (error code 6491101, coming from mongocryptd/shared library).

Repro using Node.js driver:

import { MongoClient, Binary } from 'mongodb'; // mongodb@4.8.1, mongodb-client-encryption@2.2.0-alpha.5
 
const client = await MongoClient.connect('mongodb://localhost', {
  autoEncryption: {
    keyVaultNamespace: 'encryption.__keyVault',
    kmsProviders: { local: { key: Buffer.alloc(96) } },
  }
});
 
await client.db('test').command({
  collMod: 'test',
  validator: {
    $jsonSchema: {
      bsonType: 'object',
      properties: {
        ssn: {
          encrypt: {
            bsonType: 'number',
            algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
            keyId: [new Binary(Buffer.alloc(16), 4)]
          }
        }
      }
    }
  }
});
 
await client.close();

Message sent to mongocryptd:

{
  collMod: 'test',
  validator: {
    '$jsonSchema': {
      bsonType: 'object',
      properties: {
        ssn: {
          encrypt: {
            bsonType: 'number',
            algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
            keyId: [
              new Binary(Buffer.from("00000000000000000000000000000000", "hex"), 4)
            ]
          }
        }
      }
    }
  },
  jsonSchema: {},
  isRemoteSchema: true,
  '$db': 'test'
}



 Comments   
Comment by Githook User [ 12/Aug/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-463 check the `collMod` command for `validator.$jsonSchema` (#441)
Branch: r1.5
https://github.com/mongodb/libmongocrypt/commit/3c4114631a1863751020684863101d0858fb1994

Comment by Githook User [ 12/Aug/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-463 check the `collMod` command for `validator.$jsonSchema` (#441)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/f87e575808c2380e33c36304c7d3ba42d0d369d7

Generated at Thu Feb 08 09:08:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.