Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-463

collMod with FLE1 does not allow setting schema

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.6.0, 1.5.3
    • Affects Version/s: 1.5.1
    • Component/s: None
    • None
    • Not Needed

      collMod cannot be run successfully on an auto-encryption-enabled client to set a FLE1 JSON schema on a collection that does not have a schema yet, failing with validator with $jsonSchema must be identical to FLE 1 jsonSchema parameter (error code 6491101, coming from mongocryptd/shared library).

      Repro using Node.js driver:

      import { MongoClient, Binary } from 'mongodb'; // mongodb@4.8.1, mongodb-client-encryption@2.2.0-alpha.5
      
      const client = await MongoClient.connect('mongodb://localhost', {
        autoEncryption: {
          keyVaultNamespace: 'encryption.__keyVault',
          kmsProviders: { local: { key: Buffer.alloc(96) } },
        }
      });
      
      await client.db('test').command({
        collMod: 'test',
        validator: {
          $jsonSchema: {
            bsonType: 'object',
            properties: {
              ssn: {
                encrypt: {
                  bsonType: 'number',
                  algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
                  keyId: [new Binary(Buffer.alloc(16), 4)]
                }
              }
            }
          }
        }
      });
      
      await client.close();
      

      Message sent to mongocryptd:

      {
        collMod: 'test',
        validator: {
          '$jsonSchema': {
            bsonType: 'object',
            properties: {
              ssn: {
                encrypt: {
                  bsonType: 'number',
                  algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
                  keyId: [
                    new Binary(Buffer.from("00000000000000000000000000000000", "hex"), 4)
                  ]
                }
              }
            }
          }
        },
        jsonSchema: {},
        isRemoteSchema: true,
        '$db': 'test'
      }
      

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: