diff options
author | Erwin Pe <erwin.pe@mongodb.com> | 2022-02-28 19:26:09 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-02-28 20:08:17 +0000 |
commit | cd3d711e8c208c3766717ded817fcc4130db2d42 (patch) | |
tree | b33620048685ca083bf706475cd8d06dad8e6dec | |
parent | fe417b42355b17e457a168bfdea6af714129e0ec (diff) | |
download | mongo-cd3d711e8c208c3766717ded817fcc4130db2d42.tar.gz |
SERVER-63673 Prohibit encrypted fields with capped collections
-rw-r--r-- | jstests/fle2/convert_encrypted_to_capped.js | 42 | ||||
-rw-r--r-- | jstests/fle2/create_encrypted_collection.js | 6 | ||||
-rw-r--r-- | src/mongo/db/catalog/capped_utils.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/commands/create_command.cpp | 4 |
4 files changed, 56 insertions, 0 deletions
diff --git a/jstests/fle2/convert_encrypted_to_capped.js b/jstests/fle2/convert_encrypted_to_capped.js new file mode 100644 index 00000000000..2a14a70f985 --- /dev/null +++ b/jstests/fle2/convert_encrypted_to_capped.js @@ -0,0 +1,42 @@ +// Verify cannot convert an encrypted collection to a capped collection + +/** + * @tags: [ + * featureFlagFLE2, + * ] + */ +(function() { +'use strict'; + +const isFLE2Enabled = TestData == undefined || TestData.setParameters.featureFlagFLE2; + +if (!isFLE2Enabled) { + return; +} + +const dbTest = db.getSiblingDB('convert_encrypted_to_capped_db'); + +dbTest.basic.drop(); + +const sampleEncryptedFields = { + "fields": [ + { + "path": "firstName", + "keyId": UUID("11d58b8a-0c6c-4d69-a0bd-70c6d9befae9"), + "bsonType": "string", + "queries": {"queryType": "equality"} + }, + ] +}; + +assert.commandWorked(dbTest.createCollection("basic", {encryptedFields: sampleEncryptedFields})); + +assert.commandFailedWithCode(dbTest.runCommand({convertToCapped: "basic", size: 100000}), + 6367302, + "Convert encrypted collection to capped passed"); + +assert.commandFailedWithCode( + dbTest.runCommand({cloneCollectionAsCapped: "basic", toCollection: "capped", size: 100000}), + 6367302, + "Clone encrypted collection as capped passed"); +}()); diff --git a/jstests/fle2/create_encrypted_collection.js b/jstests/fle2/create_encrypted_collection.js index fe1f9583a27..ffd34b0717b 100644 --- a/jstests/fle2/create_encrypted_collection.js +++ b/jstests/fle2/create_encrypted_collection.js @@ -40,6 +40,12 @@ assert.commandFailedWithCode( 6346401, "Create with encryptedFields and timeseries passed"); +assert.commandFailedWithCode( + dbTest.createCollection("basic", + {capped: true, size: 100000, encryptedFields: sampleEncryptedFields}), + 6367301, + "Create with encryptedFields and capped passed"); + assert.commandWorked(dbTest.createCollection("basic", {encryptedFields: sampleEncryptedFields})); const result = dbTest.getCollectionInfos({name: "basic"}); diff --git a/src/mongo/db/catalog/capped_utils.cpp b/src/mongo/db/catalog/capped_utils.cpp index 86ee7a8fb10..945881e58c5 100644 --- a/src/mongo/db/catalog/capped_utils.cpp +++ b/src/mongo/db/catalog/capped_utils.cpp @@ -133,6 +133,10 @@ void cloneCollectionAsCapped(OperationContext* opCtx, str::stream() << "source collection " << fromNss << " does not exist"); } + uassert(6367302, + "Cannot convert an encrypted collection to a capped collection", + !fromCollection->getCollectionOptions().encryptedFieldConfig); + uassert(ErrorCodes::NamespaceNotFound, str::stream() << "source collection " << fromNss << " is currently in a drop-pending state.", diff --git a/src/mongo/db/commands/create_command.cpp b/src/mongo/db/commands/create_command.cpp index b1629c16729..ebe478ca160 100644 --- a/src/mongo/db/commands/create_command.cpp +++ b/src/mongo/db/commands/create_command.cpp @@ -176,6 +176,10 @@ public: } if (cmd.getEncryptedFields()) { + uassert(6367301, + "Encrypted fields cannot be used with capped collections", + !cmd.getCapped()); + uassert(6346401, "Encrypted fields cannot be used with views or timeseries collections", !(cmd.getViewOn() || cmd.getTimeseries())); |