diff --git a/source/client-side-encryption/client-side-encryption.md b/source/client-side-encryption/client-side-encryption.md index 29f7e4eba3..3aeeb709ee 100644 --- a/source/client-side-encryption/client-side-encryption.md +++ b/source/client-side-encryption/client-side-encryption.md @@ -2519,6 +2519,9 @@ explicit session parameter as described in the [Drivers Sessions Specification]( ## Changelog +- 2025-09-30: Update `$lookup` prose test to reflect changes in + [MONGOCRYPT-793](https://jira.mongodb.org/browse/MONGOCRYPT-793). + - 2025-08-06: Add `TextPreview` algorithm. - 2024-02-19: Add custom options AWS credential provider. diff --git a/source/client-side-encryption/etc/data/lookup/schema-non-csfle.json b/source/client-side-encryption/etc/data/lookup/schema-non-csfle.json new file mode 100644 index 0000000000..3edd12c8f4 --- /dev/null +++ b/source/client-side-encryption/etc/data/lookup/schema-non-csfle.json @@ -0,0 +1,3 @@ +{ + "bsonType": "object" +} diff --git a/source/client-side-encryption/tests/README.md b/source/client-side-encryption/tests/README.md index ce5370c210..b10c66e810 100644 --- a/source/client-side-encryption/tests/README.md +++ b/source/client-side-encryption/tests/README.md @@ -3457,6 +3457,7 @@ Use `encryptedClient` to drop and create the following collections: - `db.qe2` with options: `{ "encryptedFields": ""}`. - `db.no_schema` with no options. - `db.no_schema2` with no options. +- `db.non_csfle_schema` with options: `{ "validator": { "$jsonSchema": ""}}` Create an unencrypted MongoClient named `unencryptedClient`. @@ -3472,6 +3473,7 @@ Insert documents with `encryptedClient`: - Use `unencryptedClient` to retrieve it. Assert the `qe2` field is BSON binary. - `{"no_schema": "no_schema"}` into `db.no_schema` - `{"no_schema2": "no_schema2"}` into `db.no_schema2` +- `{"non_csfle_schema": "non_csfle_schema"}` into `db.non_csfle_schema` #### Case 1: `db.csfle` joins `db.no_schema` @@ -3652,7 +3654,7 @@ Expect one document to be returned matching: #### Case 8: `db.csfle` joins `db.qe` -Test requires server 8.1+ and mongocryptd/crypt_shared 8.1+. +Test requires server 8.1+ and mongocryptd/crypt_shared 8.1+ Recreate `encryptedClient` with the same `AutoEncryptionOpts` as the setup. (Recreating prevents schema caching from impacting the test). @@ -3673,7 +3675,12 @@ Run an aggregate operation on `db.csfle` with the following pipeline: ] ``` -Expect an exception to be thrown with a message containing the substring `not supported`. +Expect an exception to be thrown with a message containing one of the following substrings depending on the +mongocryptd/crypt_shared and libmongocrypt versions: + +- mongocryptd/crypt_shared \<8.2 **or** libmongocrypt \<1.17.0: `not supported`. +- mongocryptd/crypt_shared 8.2+ **and** libmongocrypt 1.17.0+: + `Cannot specify both encryptionInformation and csfleEncryptionSchemas unless csfleEncryptionSchemas only contains non-encryption JSON schema validators`. #### Case 9: test error with \<8.1 @@ -3700,6 +3707,31 @@ Run an aggregate operation on `db.csfle` with the following pipeline: Expect an exception to be thrown with a message containing the substring `Upgrade`. +#### Case 10: `db.qe` joins `db.non_csfle_schema` + +Test requires server 8.2+, mongocryptd/crypt_shared 8.2+, and libmongocrypt 1.17.0+. + +Recreate `encryptedClient` with the same `AutoEncryptionOpts` as the setup. (Recreating prevents schema caching from +impacting the test). + +Run an aggregate operation on `db.qe` with the following pipeline: + +```json +[ + {"$match" : {"qe" : "qe"}}, + { + "$lookup" : { + "from" : "non_csfle_schema", + "as" : "matched", + "pipeline" : [ {"$match" : {"non_csfle_schema" : "non_csfle_schema"}}, {"$project" : {"_id" : 0, "__safeContent__" : 0}} ] + } + }, + {"$project" : {"_id" : 0, "__safeContent__" : 0}} +] +``` + +Expect one document to be returned matching: `{"qe" : "qe", "matched" : [ {"non_csfle_schema" : "non_csfle_schema"} ]}`. + ### 26. Custom AWS Credentials These tests require valid AWS credentials for the remote KMS provider via the secrets manager (FLE_AWS_KEY and