XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.1.0-rc0, 7.0.0-rc4
Affects Version/s: None
Component/s: Field Level Encryption
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v7.0
Steps To Reproduce:
Hide

The markup.py script can be used to test crypt_shared:

% cat explain-with-apiVersion.json | markup.py --libpath ~/bin/mongodl/crypt_shared/7.0.0-rc0/lib/mongo_crypt_v1.dylib { "hasEncryptionPlaceholders": false, "schemaRequiresEncryption": false, "result": { "explain": { "find": "default", "filter": {}, "apiVersion": "1", "apiDeprecationErrors": true, "apiStrict": "true" }, "verbosity": "allPlansExecution" } }

test-with-mongocryptd.js can be run with mongosh:

% mongosh --port 27020 test-with-mongocryptd.js --quiet Using version: 7.0.0-rc0 { hasEncryptionPlaceholders: false, schemaRequiresEncryption: false, result: { explain: { find: 'default', filter: {} }, verbosity: 'allPlansExecution', apiVersion: '1' }, ok: 1 }
Show
The markup.py script can be used to test crypt_shared : % cat explain-with-apiVersion.json | markup.py --libpath ~/bin/mongodl/crypt_shared/7.0.0-rc0/lib/mongo_crypt_v1.dylib { "hasEncryptionPlaceholders" : false , "schemaRequiresEncryption" : false , "result" : { "explain" : { "find" : " default " , "filter" : {}, "apiVersion" : "1" , "apiDeprecationErrors" : true , "apiStrict" : " true " }, "verbosity" : "allPlansExecution" } } test-with-mongocryptd.js can be run with mongosh: % mongosh --port 27020 test-with-mongocryptd.js --quiet Using version: 7.0.0-rc0 { hasEncryptionPlaceholders: false, schemaRequiresEncryption: false, result: { explain: { find: 'default', filter: {} }, verbosity: 'allPlansExecution', apiVersion: '1' }, ok: 1 }
Sprint:
Security 2023-05-29, Security 2023-06-12

Request

Add API version fields (apiVersion, apiDeprecationErrors, and apiStrict) to the root of the explain command in the response from crypt_shared and mongocryptd.

In crypt_shared, the fields are appended inside the explain document:

% cat explain-with-apiVersion.json | markup.py --libpath ~/bin/mongodl/crypt_shared/7.0.0-rc0/lib/mongo_crypt_v1.dylib 
{
    "hasEncryptionPlaceholders": false,
    "schemaRequiresEncryption": false,
    "result": {
        "explain": {
            "find": "default",
            "filter": {},
            "apiVersion": "1",
            "apiDeprecationErrors": true,
            "apiStrict": "true"
        },
        "verbosity": "allPlansExecution"
    }
}

In mongocryptd, the apiStrict and apiDeprecationErrors fields do not appear to be appended:

% mongosh --port 27020 test-with-mongocryptd.js --quiet
Using version: 7.0.0-rc0
{
  hasEncryptionPlaceholders: false,
  schemaRequiresEncryption: false,
  result: {
    explain: {
      find: 'default',
      filter: {}
    },
    verbosity: 'allPlansExecution',
    apiVersion: '1'
  },
  ok: 1
}

mongod appears to ignore the nested API version fields, resulting in an error when mongod is configured with requireApiVersion=1:

% mongosh test-with-mongod.js --quiet
Using version: 7.0.0-rc0
got exception: The apiVersion parameter is required, please configure your MongoClient's API version

The expected result is to include the API version fields at the root of the explain command:

{
    "hasEncryptionPlaceholders": false,
    "schemaRequiresEncryption": false,
    "result": {
        "explain": {
            "find": "default",
            "filter": {}
        },
        "apiVersion": "1",
        "apiDeprecationErrors": true,
        "apiStrict": "true",
        "verbosity": "allPlansExecution"
    }
}

If the API version fields are nested, mongod appears to ignore them.

Background & Motivation

Drivers testing CSFLE with explain with requireApiVersion=1 may fail with an error: ~~PHPLIB-947~~. Some drivers (Go) append the API version fields after encryption, and are not impacted by this bug.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

explain-with-apiVersion.json
0.2 kB
May 11 2023 04:51:59 PM UTC
test-with-mongocryptd.js
0.9 kB
May 11 2023 04:51:59 PM UTC
test-with-mongod.js
0.9 kB
May 11 2023 04:55:25 PM UTC

is depended on by

DRIVERS-2612 Bump minServerVersion for CSFLE deterministic encryption spec test for explain command

Implementing

is related to

SERVER-58293 mongocryptd does not include server API fields in explain command response

Closed

SERVER-69564 Query analysis omits version API fields with "explain"

Closed

Assignee:: Shreyas Kalyan

Reporter:: Kevin Albertson

Participants:: Kevin Albertson, Shreyas Kalyan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: May 11 2023 04:55:57 PM UTC

Updated:: Oct 29 2023 09:21:38 PM UTC

Resolved:: Jun 02 2023 03:20:54 PM UTC

Details

Description

Request

Background & Motivation

Attachments

Attachments

Issue Links

Activity

People

Dates