Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MONGOCRYPT-771 Remove check for $jsonSchema siblings #948

Merged
merged 3 commits into from
Feb 4, 2025
Merged

MONGOCRYPT-771 Remove check for $jsonSchema siblings #948

merged 3 commits into from
Feb 4, 2025

Conversation

kevinAlbs
Copy link
Contributor

Summary

Do not error if remote $jsonSchema has sibling fields.

Background & Motivation

When processing a response to listCollections, libmongocrypt only checks the response for a top-level $jsonSchema within validator.

libmongocrypt errors if the $jsonSchema has sibling fields and query analysis (mongocryptd/crypt_shared) indicates the JSON Schema has encrypted fields:

db.command({
    "create": "coll",
    "validator": {
        "$jsonSchema": csfle_schema, # Defines 'secret' as encrypted.
        "secret": "foo" # Sibling validator contradicts the JSON schema.
    }
})

encrypted_db["coll"].find_one({}) # Error: schema requires encryption, but collection JSON schema validator has siblings

The spec says this of the motivation:

If we allow siblings, we can run into cases where the user specifies a top-level $and/$or or any arbitrary match-expression that could have nested $jsonSchema's.

However, this check seems incomplete. A validator can have a single top-level JSON schema keyword, and reference encrypted fields:

db.command({
    "create": "coll",
    "validator": {
        "$or": [{"$jsonSchema": csfle_schema}, {"foo": "bar"}]
    }
})

encrypted_db["coll"].insert_one({"secret": "blah", "foo": "bar"}) # libmongocrypt ignores $jsonSchema.
self.assertEqual (db["coll"].find_one()["secret"], "blah") # Unencrypted!

And this check can error in valid cases:

db.command({
    "create": "coll",
    "validator": {
        "$jsonSchema": csfle_schema, # Defines 'secret' as encrypted.
        "unrelated": "foo" # Sibling validator does not contradict the JSON schema.
    }
})

with self.assertRaises(EncryptionError) as ctx:
    encrypted_db["coll"].find_one({})
self.assertIn("schema requires encryption, but collection JSON schema validator has siblings", str(ctx.exception))

I do not expect this check is useful. If a $jsonSchema has sibling fields that contradict the $jsonSchema, I expect that is a misconfiguration that would be discovered soon after attempting to insert data. If the siblings do not contradict the JSON Schema, then there is no reason to error.

Related to: #947, query analysis 8.1 supports a new field csfleEncryptionSchemas to accept multiple JSON Schemas. The replied schemaRequiresEncryption only indicates if any of the sent schemas require encryption. Multiple schemas further complicates this check (I.e. if libmongocrypt gets "schemaRequiresEncryption": true it does not know which of the JSON Schemas required encryption).

@kevinAlbs
remove check for $jsonSchema siblings
9e55722
@kevinAlbs
update test
287ae6c
@kevinAlbs
remove _test_encrypt_dupe_jsonschema
b22edf8 
Remove the test. A `validator` with duplicate fields on the server is not expected.
@kevinAlbs kevinAlbs marked this pull request as ready for review February 3, 2025 19:14
rcsanchez97
rcsanchez97 approved these changes Feb 3, 2025
View reviewed changes
Copy link
Collaborator

@rcsanchez97 rcsanchez97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kevinAlbs kevinAlbs merged commit cf89a08 into mongodb:master Feb 4, 2025
53 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rcsanchez97 rcsanchez97 rcsanchez97 approved these changes

@adriandole adriandole adriandole approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kevinAlbs @rcsanchez97 @adriandole