-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Field Level Encryption
-
None
-
Server Security
-
Fully Compatible
-
ALL
-
v7.0
-
-
Security 2023-05-29, Security 2023-06-12
Request
Add API version fields (apiVersion, apiDeprecationErrors, and apiStrict) to the root of the explain command in the response from crypt_shared and mongocryptd.
In crypt_shared, the fields are appended inside the explain document:
% cat explain-with-apiVersion.json | markup.py --libpath ~/bin/mongodl/crypt_shared/7.0.0-rc0/lib/mongo_crypt_v1.dylib { "hasEncryptionPlaceholders": false, "schemaRequiresEncryption": false, "result": { "explain": { "find": "default", "filter": {}, "apiVersion": "1", "apiDeprecationErrors": true, "apiStrict": "true" }, "verbosity": "allPlansExecution" } }
In mongocryptd, the apiStrict and apiDeprecationErrors fields do not appear to be appended:
% mongosh --port 27020 test-with-mongocryptd.js --quiet Using version: 7.0.0-rc0 { hasEncryptionPlaceholders: false, schemaRequiresEncryption: false, result: { explain: { find: 'default', filter: {} }, verbosity: 'allPlansExecution', apiVersion: '1' }, ok: 1 }
mongod appears to ignore the nested API version fields, resulting in an error when mongod is configured with requireApiVersion=1:
% mongosh test-with-mongod.js --quiet Using version: 7.0.0-rc0 got exception: The apiVersion parameter is required, please configure your MongoClient's API version
The expected result is to include the API version fields at the root of the explain command:
{ "hasEncryptionPlaceholders": false, "schemaRequiresEncryption": false, "result": { "explain": { "find": "default", "filter": {} }, "apiVersion": "1", "apiDeprecationErrors": true, "apiStrict": "true", "verbosity": "allPlansExecution" } }
If the API version fields are nested, mongod appears to ignore them.
Background & Motivation
Drivers testing CSFLE with explain with requireApiVersion=1 may fail with an error: PHPLIB-947. Some drivers (Go) append the API version fields after encryption, and are not impacted by this bug.
- is depended on by
-
DRIVERS-2612 Bump minServerVersion for CSFLE deterministic encryption spec test for explain command
- Implementing
- is related to
-
SERVER-58293 mongocryptd does not include server API fields in explain command response
- Closed
-
SERVER-69564 Query analysis omits version API fields with "explain"
- Closed