[SERVER-65346] Consider allowing references to encrypted fields after $project Created: 07/Apr/22  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Hana Pearlman Assignee: Backlog - Query Optimization
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-65506 FLE2 server rewrite does not correctl... Closed
Assigned Teams:
Query Optimization
Participants:

 Description   

If $ssn is not encrypted, then the following pipeline would return results:

[{$project: {ssn: 1}}, {$match: {$expr: {$eq: ["$ssn", "123"]}}}] 

When $ssn is encrypted, the $match is rewritten into an $or of $ins like {$in: [tag, safeContent]}. However, after the $project, the safeContent field has been projected out, and the pipeline fails with a PlanExecutor error because safeContent is missing.

One potential approach is to treat the safeContent field similarly to _id and have it be implicitly included by $project. A broader approach may be needed to support more complicated pipelines which change the shape of the documents.


Generated at Thu Feb 08 06:02:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.