Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-77040

Append API version fields to root of explain command

    • Server Security
    • Fully Compatible
    • ALL
    • v7.0
    • Hide

      The markup.py script can be used to test crypt_shared:

      % cat explain-with-apiVersion.json | markup.py --libpath ~/bin/mongodl/crypt_shared/7.0.0-rc0/lib/mongo_crypt_v1.dylib 
      {
          "hasEncryptionPlaceholders": false,
          "schemaRequiresEncryption": false,
          "result": {
              "explain": {
                  "find": "default",
                  "filter": {},
                  "apiVersion": "1",
                  "apiDeprecationErrors": true,
                  "apiStrict": "true"
              },
              "verbosity": "allPlansExecution"
          }
      }
      

      test-with-mongocryptd.js can be run with mongosh:

      % mongosh --port 27020 test-with-mongocryptd.js --quiet
      Using version: 7.0.0-rc0
      {
        hasEncryptionPlaceholders: false,
        schemaRequiresEncryption: false,
        result: {
          explain: {
            find: 'default',
            filter: {}
          },
          verbosity: 'allPlansExecution',
          apiVersion: '1'
        },
        ok: 1
      }
      
      Show
      The markup.py script can be used to test crypt_shared : % cat explain-with-apiVersion.json | markup.py --libpath ~/bin/mongodl/crypt_shared/7.0.0-rc0/lib/mongo_crypt_v1.dylib { "hasEncryptionPlaceholders" : false , "schemaRequiresEncryption" : false , "result" : { "explain" : { "find" : " default " , "filter" : {}, "apiVersion" : "1" , "apiDeprecationErrors" : true , "apiStrict" : " true " }, "verbosity" : "allPlansExecution" } } test-with-mongocryptd.js can be run with mongosh: % mongosh --port 27020 test-with-mongocryptd.js --quiet Using version: 7.0.0-rc0 { hasEncryptionPlaceholders: false, schemaRequiresEncryption: false, result: { explain: { find: 'default', filter: {} }, verbosity: 'allPlansExecution', apiVersion: '1' }, ok: 1 }
    • Security 2023-05-29, Security 2023-06-12

      Request

      Add API version fields (apiVersion, apiDeprecationErrors, and apiStrict) to the root of the explain command in the response from crypt_shared and mongocryptd.

      In crypt_shared, the fields are appended inside the explain document:

      % cat explain-with-apiVersion.json | markup.py --libpath ~/bin/mongodl/crypt_shared/7.0.0-rc0/lib/mongo_crypt_v1.dylib 
      {
          "hasEncryptionPlaceholders": false,
          "schemaRequiresEncryption": false,
          "result": {
              "explain": {
                  "find": "default",
                  "filter": {},
                  "apiVersion": "1",
                  "apiDeprecationErrors": true,
                  "apiStrict": "true"
              },
              "verbosity": "allPlansExecution"
          }
      }
      

      In mongocryptd, the apiStrict and apiDeprecationErrors fields do not appear to be appended:

      % mongosh --port 27020 test-with-mongocryptd.js --quiet
      Using version: 7.0.0-rc0
      {
        hasEncryptionPlaceholders: false,
        schemaRequiresEncryption: false,
        result: {
          explain: {
            find: 'default',
            filter: {}
          },
          verbosity: 'allPlansExecution',
          apiVersion: '1'
        },
        ok: 1
      }
      

      mongod appears to ignore the nested API version fields, resulting in an error when mongod is configured with requireApiVersion=1:

      % mongosh test-with-mongod.js --quiet
      Using version: 7.0.0-rc0
      got exception: The apiVersion parameter is required, please configure your MongoClient's API version
      

      The expected result is to include the API version fields at the root of the explain command:

      {
          "hasEncryptionPlaceholders": false,
          "schemaRequiresEncryption": false,
          "result": {
              "explain": {
                  "find": "default",
                  "filter": {}
              },
              "apiVersion": "1",
              "apiDeprecationErrors": true,
              "apiStrict": "true",
              "verbosity": "allPlansExecution"
          }
      }
      

      If the API version fields are nested, mongod appears to ignore them.

      Background & Motivation

      Drivers testing CSFLE with explain with requireApiVersion=1 may fail with an error: PHPLIB-947. Some drivers (Go) append the API version fields after encryption, and are not impacted by this bug.

        1. explain-with-apiVersion.json
          0.2 kB
        2. test-with-mongocryptd.js
          0.9 kB
        3. test-with-mongod.js
          0.9 kB

            Assignee:
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: