diff options
Diffstat (limited to 'jstests/sharding/shard_encrypted_collection.js')
-rw-r--r-- | jstests/sharding/shard_encrypted_collection.js | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/jstests/sharding/shard_encrypted_collection.js b/jstests/sharding/shard_encrypted_collection.js new file mode 100644 index 00000000000..b52ae355e1d --- /dev/null +++ b/jstests/sharding/shard_encrypted_collection.js @@ -0,0 +1,77 @@ +// Verify valid and invalid scenarios for sharding an encrypted collection + +/** + * @tags: [ + * featureFlagFLE2, + * requires_fcv_60, + * ] + */ +(function() { +'use strict'; + +const st = new ShardingTest({shards: 1, mongos: 1}); +const mongos = st.s0; +const kDbName = 'db'; + +const sampleEncryptedFields = { + "fields": [ + { + "path": "firstName", + "keyId": UUID("11d58b8a-0c6c-4d69-a0bd-70c6d9befae9"), + "bsonType": "string", + "queries": {"queryType": "equality"} + }, + { + "path": "paymentMethods.creditCards.number", + "keyId": UUID("12341234-1234-1234-1234-123412341234"), + "bsonType": "string", + "queries": {"queryType": "equality"} + }, + ] +}; + +// Set up the encrypted collection & enable sharding +assert.commandWorked( + mongos.getDB(kDbName).createCollection("basic", {encryptedFields: sampleEncryptedFields})); +assert.commandWorked(mongos.adminCommand({enableSharding: kDbName})); + +function testShardingCommand(command) { + jsTestLog("Testing command: " + command); + let res = null; + let commandObj = {}; + commandObj[command] = kDbName + '.basic'; + + jsTestLog('Fail ' + command + ' if shard key is an encrypted field'); + commandObj['key'] = {firstName: 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on encrypted field passed"); + + commandObj['key'] = {lastName: 1, firstName: "hashed", middleName: 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on encrypted field passed"); + + jsTestLog('Fail ' + command + ' if shard key is a prefix of an encrypted field'); + commandObj['key'] = {"paymentMethods.creditCards": 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on prefix of encrypted field passed"); + + jsTestLog('Fail ' + command + ' if shard key has a prefix matching an encrypted field'); + commandObj['key'] = {"paymentMethods.creditCards.number.lastFour": 1}; + res = mongos.adminCommand(commandObj); + assert.commandFailedWithCode( + res, ErrorCodes.InvalidOptions, command + " on key with encrypted field prefix passed"); + + jsTestLog('Test ' + command + ' on non-encrypted field works'); + commandObj['key'] = {lastName: 1}; + assert.commandWorked(mongos.adminCommand(commandObj)); +} + +testShardingCommand("shardCollection"); +testShardingCommand("reshardCollection"); +testShardingCommand("refineCollectionShardKey"); + +st.stop(); +})(); |