diff options
author | Erwin Pe <erwin.pe@mongodb.com> | 2022-03-08 15:31:04 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-03-08 16:48:00 +0000 |
commit | 29f892aa2852dfcac90929da98cae45c381eb4c8 (patch) | |
tree | 790f19e687c6496d82c60243bc905963d7fa648f /jstests/sharding/shard_encrypted_collection.js | |
parent | d4af42c0e63638a4b3b191959299150722c3a3fc (diff) | |
download | mongo-29f892aa2852dfcac90929da98cae45c381eb4c8.tar.gz |
SERVER-63466 Fail shardCollection if an indexed encrypted field is used as a shard key
Diffstat (limited to 'jstests/sharding/shard_encrypted_collection.js')
-rw-r--r-- | jstests/sharding/shard_encrypted_collection.js | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/jstests/sharding/shard_encrypted_collection.js b/jstests/sharding/shard_encrypted_collection.js new file mode 100644 index 00000000000..b52ae355e1d --- /dev/null +++ b/jstests/sharding/shard_encrypted_collection.js @@ -0,0 +1,77 @@ +// Verify valid and invalid scenarios for sharding an encrypted collection + +/** + * @tags: [ + * featureFlagFLE2, + * requires_fcv_60, + * ] + */ +(function() { +'use strict'; + +const st = new ShardingTest({shards: 1, mongos: 1}); +const mongos = st.s0; +const kDbName = 'db'; + +const sampleEncryptedFields = { + "fields": [ + { + "path": "firstName", + "keyId": UUID("11d58b8a-0c6c-4d69-a0bd-70c6d9befae9"), + "bsonType": "string", + "queries": {"queryType": "equality"} + }, + { + "path": "paymentMethods.creditCards.number", + "keyId": UUID("12341234-1234-1234-1234-123412341234"), + "bsonType": "string", + "queries": {"queryType": "equality"} + }, + ] +}; + +// Set up the encrypted collection & enable sharding +assert.commandWorked( + mongos.getDB(kDbName).createCollection("basic", {encryptedFields: sampleEncryptedFields})); +assert.commandWorked(mongos.adminCommand({enableSharding: kDbName})); + +function testShardingCommand(command) { + jsTestLog("Testing command: " + command); + let res = null; + let commandObj = {}; + commandObj[command] = kDbName + '.basic'; + + jsTestLog('Fail ' + command + ' if shard key is an encrypted field'); + commandObj['key'] = {firstName: 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on encrypted field passed"); + + commandObj['key'] = {lastName: 1, firstName: "hashed", middleName: 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on encrypted field passed"); + + jsTestLog('Fail ' + command + ' if shard key is a prefix of an encrypted field'); + commandObj['key'] = {"paymentMethods.creditCards": 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on prefix of encrypted field passed"); + + jsTestLog('Fail ' + command + ' if shard key has a prefix matching an encrypted field'); + commandObj['key'] = {"paymentMethods.creditCards.number.lastFour": 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on key with encrypted field prefix passed"); + + jsTestLog('Test ' + command + ' on non-encrypted field works'); + commandObj['key'] = {lastName: 1}; + assert.commandWorked(mongos.adminCommand(commandObj)); +} + +testShardingCommand("shardCollection"); +testShardingCommand("reshardCollection"); +testShardingCommand("refineCollectionShardKey"); + +st.stop(); +})(); |