mongodb
diff --git a/‎lib/mongo/crypt/handle.rb
Lines changed: 1 addition & 1 deletion b/‎lib/mongo/crypt/handle.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/mongo/protocol/msg.rb
Lines changed: 13 additions & 0 deletions b/‎lib/mongo/protocol/msg.rb
Lines changed: 13 additions & 0 deletions
diff --git a/‎spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb
Lines changed: 0 additions & 1 deletion b/‎spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb
Lines changed: 0 additions & 1 deletion
diff --git a/‎spec/runners/crud/spec.rb
Lines changed: 5 additions & 0 deletions b/‎spec/runners/crud/spec.rb
Lines changed: 5 additions & 0 deletions
diff --git a/‎spec/runners/transactions/test.rb
Lines changed: 19 additions & 2 deletions b/‎spec/runners/transactions/test.rb
Lines changed: 19 additions & 2 deletions
diff --git a/‎spec/spec_tests/data/client_side_encryption/fle2-BypassQueryAnalysis.yml
Lines changed: 101 additions & 0 deletions b/‎spec/spec_tests/data/client_side_encryption/fle2-BypassQueryAnalysis.yml
Lines changed: 101 additions & 0 deletions
diff --git a/‎spec/spec_tests/data/client_side_encryption/fle2-Compact.yml
Lines changed: 79 additions & 0 deletions b/‎spec/spec_tests/data/client_side_encryption/fle2-Compact.yml
Lines changed: 79 additions & 0 deletions
diff --git a/‎spec/spec_tests/data/client_side_encryption/fle2-DecryptExistingData.yml
Lines changed: 64 additions & 0 deletions b/‎spec/spec_tests/data/client_side_encryption/fle2-DecryptExistingData.yml
Lines changed: 64 additions & 0 deletions
@@ -123,7 +123,7 @@ def set_bypass_query_analysis
           )
         end
 
-        Binding.setopt_bypass_query_analysis(self, @bypass_query_analysis)
+        Binding.setopt_bypass_query_analysis(self) if @bypass_query_analysis
       end
 
       # Send the logs from libmongocrypt to the Mongo::Logger
 
@@ -229,6 +229,19 @@ def maybe_encrypt(connection, context)
           if cmd.key?('$db') && !enc_cmd.key?('$db')
             enc_cmd['$db'] = cmd['$db']
           end
+          if schema = enc_cmd.dig('encryptionInformation', 'schema')
+            enc_cmd['encryptionInformation']['schema'] = schema.map do |coll, params|
+              if params['fields']
+                params['fields'] = params['fields'].map do |field|
+                  if contention = field.dig('queries', 'contention')
+                    field['queries']['contention'] = BSON::Int64.new(contention)
+                  end
+                  field
+                end
+              end
+              [coll, params]
+            end.to_h
+          end
 
           Msg.new(@flags, @options, enc_cmd)
         else
 
@@ -51,7 +51,6 @@
         .with(
           hash_including(
             'insert' => 'users',
-            '$db' => 'auto_encryption',
             'ordered' => true,
             'lsid' => kind_of(Hash),
             'documents' => kind_of(Array),
 
@@ -20,6 +20,7 @@ def initialize(test_path)
         # Introduced with Client-Side Encryption tests
         @json_schema = BSON::ExtJSON.parse_obj(@spec['json_schema'])
         @key_vault_data = BSON::ExtJSON.parse_obj(@spec['key_vault_data'])
+        @encrypted_fields = BSON::ExtJSON.parse_obj(@spec['encrypted_fields'])
 
         @requirements = if run_on = @spec['runOn']
           run_on.map do |spec|
@@ -46,6 +47,10 @@ def initialize(test_path)
       #   running each test.
       attr_reader :key_vault_data
 
+      # @return [ Hash ]  An encryptedFields option that should be set on the
+      #   collection (using createCollection) before each test run.
+      attr_reader :encrypted_fields
+
       def collection_name
         # Older spec tests do not specify a collection name, thus
         # we provide a default here
 
@@ -255,11 +255,28 @@ def setup_test
           {}
         end
 
-        support_client.command(
+        create_collection_spec = {
           create: @spec.collection_name,
           validator: collection_validator,
           writeConcern: { w: 'majority' }
-        )
+        }
+        if @spec.encrypted_fields
+          encrypted_fields = @spec.encrypted_fields.dup
+          if encrypted_fields.key?('fields')
+            encrypted_fields['fields'] = encrypted_fields['fields'].dup.map do |field|
+              if field['queries'] && field['queries'].key?('contention')
+                new_field = field.dup
+                new_field['queries'] = field['queries'].dup
+                new_field['queries']['contention'] = BSON::Int64.new(field['queries']['contention'])
+                new_field
+              else
+                field
+              end
+            end
+          end
+          create_collection_spec[:encryptedFields] = encrypted_fields
+        end
+        support_client.command(create_collection_spec)
 
         coll.insert_many(@data) unless @data.empty?
 
 
@@ -0,0 +1,101 @@
+runOn:
+  - minServerVersion: "6.0.0"
+    # FLE 2 Encrypted collections are not supported on standalone.
+    topology: [ "replicaset", "sharded" ]
+database_name: &database_name "default"
+collection_name: &collection_name "default"
+data: []
+encrypted_fields: &encrypted_fields {'escCollection': 'enxcol_.default.esc', 'eccCollection': 'enxcol_.default.ecc', 'ecocCollection': 'enxcol_.default.ecoc', 'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
+key_vault_data: [{'_id': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}}, {'_id': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}} ]
+
+tests:
+  - description: "BypassQueryAnalysis decrypts"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
+        bypassQueryAnalysis: true
+    operations:
+      - name: insertOne
+        arguments:
+          document: &doc0_encrypted {
+              "_id": 1,
+              "encryptedIndexed": {
+                "$binary": {
+                  # Payload has an IndexKey of key1 and UserKey of key2.
+                  "base64": "BHEBAAAFZAAgAAAAAHb62aV7+mqmaGcotPLdG3KP7S8diFwWMLM/5rYtqLrEBXMAIAAAAAAVJ6OWHRv3OtCozHpt3ZzfBhaxZirLv3B+G8PuaaO4EgVjACAAAAAAsZXWOWA+UiCBbrJNB6bHflB/cn7pWSvwWN2jw4FPeIUFcABQAAAAAMdD1nV2nqeI1eXEQNskDflCy8I7/HvvqDKJ6XxjhrPQWdLqjz+8GosGUsB7A8ee/uG9/guENuL25XD+Fxxkv1LLXtavHOlLF7iW0u9yabqqBXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AE0AAAAAq83vqxI0mHYSNBI0VniQEkzZZBBDgeZh+h+gXEmOrSFtVvkUcnHWj/rfPW7iJ0G3UJ8zpuBmUM/VjOMJCY4+eDqdTiPIwX+/vNXegc8FZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsAA==",
+                  "subType": "06"
+                }
+              }
+            }
+      - name: find
+        arguments:
+          filter: { "_id": 1 }
+        result: [{"_id": 1, "encryptedIndexed": "value123" }]
+    expectations:
+      - command_started_event:
+          command:
+            listCollections: 1
+            filter:
+              name: *collection_name
+          command_name: listCollections
+      - command_started_event:
+          command:
+            insert: *collection_name
+            documents:
+              - *doc0_encrypted
+            ordered: true
+          command_name: insert
+      - command_started_event:
+          command:
+            find: *collection_name
+            filter: { "_id": 1 }
+          command_name: find
+      - command_started_event:
+          command:
+            find: datakeys
+            filter: {
+                  "$or": [
+                      {
+                          "_id": {
+                              "$in": [
+                                  {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}
+                              ]
+                          }
+                      },
+                      {
+                          "keyAltNames": {
+                              "$in": []
+                          }
+                      }
+                  ]
+              }
+            $db: keyvault
+            readConcern: { level: "majority" }
+          command_name: find
+      - command_started_event:
+          command:
+            find: datakeys
+            filter: {
+                  "$or": [
+                      {
+                          "_id": {
+                              "$in": [
+                                  {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}
+                              ]
+                          }
+                      },
+                      {
+                          "keyAltNames": {
+                              "$in": []
+                          }
+                      }
+                  ]
+              }
+            $db: keyvault
+            readConcern: { level: "majority" }
+          command_name: find
+    outcome:
+      collection:
+        data:
+          - {"_id": 1, "encryptedIndexed": { "$$type": "binData" }, "__safeContent__": [{ "$binary" : { "base64" : "ThpoKfQ8AkOzkFfNC1+9PF0pY2nIzfXvRdxQgjkNbBw=", "subType" : "00" } }] }
@@ -0,0 +1,79 @@
+runOn:
+  - minServerVersion: "6.0.0"
+    topologies: [ "replicaset", "sharded" ]
+database_name: &database_name "default"
+collection_name: &collection_name "default"
+data: []
+encrypted_fields: &encrypted_fields {'escCollection': 'enxcol_.default.esc', 'eccCollection': 'enxcol_.default.ecc', 'ecocCollection': 'enxcol_.default.ecoc', 'fields': [{'keyId': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedIndexed', 'bsonType': 'string', 'queries': {'queryType': 'equality', 'contention': {'$numberLong': '0'}}}, {'keyId': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'path': 'encryptedUnindexed', 'bsonType': 'string'}]}
+key_vault_data: [ {'_id': {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'sHe0kz57YW7v8g9VP9sf/+K1ex4JqKc5rf/URX3n3p8XdZ6+15uXPaSayC6adWbNxkFskuMCOifDoTT+rkqMtFkDclOy884RuGGtUysq3X7zkAWYTKi8QAfKkajvVbZl2y23UqgVasdQu3OVBQCrH/xY00nNAs/52e958nVjBuzQkSb1T8pKJAyjZsHJ60+FtnfafDZSTAIBJYn7UWBCwQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}}, {'_id': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}} ]
+tests:
+  - description: "Compact works"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
+    operations:
+      - name: runCommand
+        object: database
+        command_name: compactStructuredEncryptionData
+        arguments:
+          command:
+            compactStructuredEncryptionData: *collection_name
+    expectations:
+      - command_started_event:
+          command:
+            listCollections: 1
+            filter:
+              name: *collection_name
+          command_name: listCollections
+      - command_started_event:
+          command:
+            find: datakeys
+            filter: {
+                  "$or": [
+                      {
+                          "_id": {
+                              "$in": [
+                                {'$binary': {'base64': 'EjRWeBI0mHYSNBI0VniQEg==', 'subType': '04'}},
+                                {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}
+                              ]
+                          }
+                      },
+                      {
+                          "keyAltNames": {
+                              "$in": []
+                          }
+                      }
+                  ]
+              }
+            $db: keyvault
+            readConcern: { level: "majority" }
+          command_name: find
+      - command_started_event:
+          command:
+            compactStructuredEncryptionData: *collection_name
+            compactionTokens: {
+              "encryptedIndexed": {
+                "$binary": {
+                  "base64": "noN+05JsuO1oDg59yypIGj45i+eFH6HOTXOPpeZ//Mk=",
+                  "subType": "00"
+                }
+              },
+             "encryptedUnindexed": {
+                "$binary": {
+                  "base64": "SWO8WEoZ2r2Kx/muQKb7+COizy85nIIUFiHh4K9kcvA=",
+                  "subType": "00"
+                }
+              }
+            }
+          command_name: compactStructuredEncryptionData
+  - description: "Compact errors on an unencrypted client"
+    operations:
+      - name: runCommand
+        object: database
+        command_name: compactStructuredEncryptionData
+        arguments:
+          command:
+            compactStructuredEncryptionData: *collection_name
+        result:
+          errorContains: "'compactStructuredEncryptionData.compactionTokens' is missing"
@@ -0,0 +1,64 @@
+runOn:
+  - minServerVersion: "6.0.0"
+    # FLE 2 Encrypted collections are not supported on standalone.
+    topology: [ "replicaset", "sharded" ]
+database_name: &database_name "default"
+collection_name: &collection_name "default"
+data: [
+  &doc0 {
+    "_id": 1,
+    "encryptedUnindexed": {
+      "$binary": {
+          "base64": "BqvN76sSNJh2EjQSNFZ4kBICTQaVZPWgXp41I7mPV1rLFTtw1tXzjcdSEyxpKKqujlko5TeizkB9hHQ009dVY1+fgIiDcefh+eQrm3CkhQ==",
+          "subType": "06"
+      }
+    }
+  }
+]
+key_vault_data: [ {'_id': {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}, 'keyMaterial': {'$binary': {'base64': 'HBk9BWihXExNDvTp1lUxOuxuZK2Pe2ZdVdlsxPEBkiO1bS4mG5NNDsQ7zVxJAH8BtdOYp72Ku4Y3nwc0BUpIKsvAKX4eYXtlhv5zUQxWdeNFhg9qK7qb8nqhnnLeT0f25jFSqzWJoT379hfwDeu0bebJHr35QrJ8myZdPMTEDYF08QYQ48ShRBli0S+QzBHHAQiM2iJNr4svg2WR8JSeWQ==', 'subType': '00'}}, 'creationDate': {'$date': {'$numberLong': '1648914851981'}}, 'updateDate': {'$date': {'$numberLong': '1648914851981'}}, 'status': {'$numberInt': '0'}, 'masterKey': {'provider': 'local'}}]
+tests:
+  - description: "FLE2 decrypt of existing data succeeds"
+    clientOptions:
+      autoEncryptOpts:
+        kmsProviders:
+          local: {'key': {'$binary': {'base64': 'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk', 'subType': '00'}}}
+    operations:
+      - name: find
+        arguments:
+          filter: { _id: 1 }
+        result:
+          [{ "_id": 1, "encryptedUnindexed": "value123" }]
+    expectations:
+      - command_started_event:
+          command:
+            listCollections: 1
+            filter:
+              name: *collection_name
+          command_name: listCollections
+      - command_started_event:
+          command:
+            find: *collection_name
+            filter: { "_id": 1 }
+          command_name: find
+      - command_started_event:
+          command:
+            find: datakeys
+            filter: {
+                  "$or": [
+                      {
+                          "_id": {
+                              "$in": [
+                                  {'$binary': {'base64': 'q83vqxI0mHYSNBI0VniQEg==', 'subType': '04'}}
+                              ]
+                          }
+                      },
+                      {
+                          "keyAltNames": {
+                              "$in": []
+                          }
+                      }
+                  ]
+              }
+            $db: keyvault
+            readConcern: { level: "majority" }
+          command_name: find
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ def set_bypass_query_analysis`
`123`	`123`	`)`
`124`	`124`	`end`
`125`	`125`
`126`		`- Binding.setopt_bypass_query_analysis(self, @bypass_query_analysis)`
	`126`	`+ Binding.setopt_bypass_query_analysis(self) if @bypass_query_analysis`
`127`	`127`	`end`
`128`	`128`
`129`	`129`	`# Send the logs from libmongocrypt to the Mongo::Logger`