1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
# frozen_string_literal: true
require 'spec_helper'
# No need to rewrite existing specs to make the examples shorter, until/unless
# we revisit these specs and need to make substantial changes.
# rubocop:disable RSpec/ExampleLength
describe 'Queryable encryption examples' do
require_libmongocrypt
min_server_version '7.0.0-rc0'
require_topology :replica_set, :sharded, :load_balanced
require_enterprise
include_context 'define shared FLE helpers'
it 'uses queryable encryption' do
# Drop data from prior test runs.
authorized_client.use('docs_examples').database.drop
authorized_client.use('keyvault')['datakeys'].drop
# Create two data keys.
# Note for docs team: remove the test_options argument when copying
# this example into public documentation.
key_vault_client = ClientRegistry.instance.new_local_client(
SpecConfig.instance.addresses,
SpecConfig.instance.test_options
)
client_encryption = Mongo::ClientEncryption.new(
key_vault_client,
key_vault_namespace: 'keyvault.datakeys',
kms_providers: {
local: {
key: local_master_key
}
}
)
data_key_1_id = client_encryption.create_data_key('local')
data_key_2_id = client_encryption.create_data_key('local')
# Create an encryptedFieldsMap.
encrypted_fields_map = {
'docs_examples.encrypted' => {
fields: [
{
path: 'encrypted_indexed',
bsonType: 'string',
keyId: data_key_1_id,
queries: {
queryType: 'equality'
}
},
{
path: 'encrypted_unindexed',
bsonType: 'string',
keyId: data_key_2_id,
}
]
}
}
# Create client with automatic queryable encryption enabled.
# Note for docs team: remove the test_options argument when copying
# this example into public documentation.
encrypted_client = ClientRegistry.instance.new_local_client(
SpecConfig.instance.addresses,
SpecConfig.instance.test_options.merge(
auto_encryption_options: {
key_vault_namespace: 'keyvault.datakeys',
kms_providers: {
local: {
key: local_master_key
}
},
encrypted_fields_map: encrypted_fields_map,
# Spawn mongocryptd on non-default port for sharded cluster tests
# Note for docs team: remove the extra_options argument when copying
# this example into public documentation.
extra_options: extra_options,
},
database: 'docs_examples'
)
)
# Create collection with queryable encryption enabled.
encrypted_client['encrypted'].create
# Auto encrypt an insert and find.
encrypted_client['encrypted'].insert_one(
_id: 1,
encrypted_indexed: 'indexed_value',
encrypted_unindexed: 'unindexed_value'
)
find_results = encrypted_client['encrypted'].find(
encrypted_indexed: 'indexed_value'
).to_a
expect(find_results.size).to eq(1)
expect(find_results.first[:encrypted_indexed]).to eq('indexed_value')
expect(find_results.first[:encrypted_unindexed]).to eq('unindexed_value')
# Find documents without decryption.
find_results = authorized_client
.use('docs_examples')['encrypted']
.find(_id: 1)
.to_a
expect(find_results.size).to eq(1)
expect(find_results.first[:encrypted_indexed]).to be_a(BSON::Binary)
expect(find_results.first[:encrypted_unindexed]).to be_a(BSON::Binary)
# Cleanup
authorized_client.use('docs_examples').database.drop
authorized_client.use('keyvault')['datakeys'].drop
end
end
# rubocop:enable RSpec/ExampleLength
|
