Support Prefix/Suffix/Substring Indexes.

Author: qingyang-hu

internal/integration/client_side_encryption_prose_test.go

@@ -3144,6 +3144,127 @@ func TestClientSideEncryptionProse(t *testing.T) {
 			})
 		}
 	})
+
+	mt.RunOpts("27. text Explicit Encryption", qeRunOpts.MinServerVersion("8.2"), func(mt *mtest.T) {
+		encryptedFields := readJSONFile(mt, "encryptedFields-prefix-suffix.json")
+		key1Document := readJSONFile(mt, "key1-document.json")
+		subtype, data := key1Document.Lookup("_id").Binary()
+		key1ID := bson.Binary{Subtype: subtype, Data: data}
+
+		testSetup := func() (*mongo.Client, *mongo.ClientEncryption) {
+			for _, collName := range []string{"prefix-suffix", "substring"} {
+				mtest.DropEncryptedCollection(mt, mt.Client.Database("db").Collection(collName), encryptedFields)
+				cco := options.CreateCollection().SetEncryptedFields(encryptedFields)
+				err := mt.Client.Database("db").CreateCollection(context.Background(), collName, cco)
+				require.NoError(mt, err, "error on CreateCollection: %v", err)
+			}
+			err := mt.Client.Database("keyvault").Collection("datakeys").Drop(context.Background())
+			require.NoError(mt, err, "error on Drop: %v", err)
+			opts := options.Client().ApplyURI(mtest.ClusterURI())
+			integtest.AddTestServerAPIVersion(opts)
+			keyVaultClient, err := mongo.Connect(opts)
+			require.NoError(mt, err, "error on Connect: %v", err)
+			datakeysColl := keyVaultClient.Database("keyvault").Collection("datakeys", options.Collection().SetWriteConcern(mtest.MajorityWc))
+			_, err = datakeysColl.InsertOne(context.Background(), key1Document)
+			require.NoError(mt, err, "error on InsertOne: %v", err)
+			kmsProvidersMap := map[string]map[string]any{
+				"local": {"key": localMasterKey},
+			}
+			// Create a ClientEncryption.
+			ceo := options.ClientEncryption().
+				SetKeyVaultNamespace("keyvault.datakeys").
+				SetKmsProviders(kmsProvidersMap)
+			clientEncryption, err := mongo.NewClientEncryption(keyVaultClient, ceo)
+			require.NoError(mt, err, "error on NewClientEncryption: %v", err)
+
+			// Create a MongoClient with AutoEncryptionOpts and bypassQueryAnalysis=true.
+			aeo := options.AutoEncryption().
+				SetKeyVaultNamespace("keyvault.datakeys").
+				SetKmsProviders(kmsProvidersMap).
+				SetBypassQueryAnalysis(true)
+			co := options.Client().SetAutoEncryptionOptions(aeo).ApplyURI(mtest.ClusterURI())
+			integtest.AddTestServerAPIVersion(co)
+			encryptedClient, err := mongo.Connect(co)
+			require.NoError(mt, err, "error on Connect: %v", err)
+
+			foobarbaz := bson.RawValue{Type: bson.TypeString, Value: bsoncore.AppendString(nil, "foobarbaz")}
+			for _, c := range []struct {
+				collection string
+				textOpts   *options.TextOptionsBuilder
+			}{
+				{
+					collection: "prefix-suffix",
+					textOpts: options.Text().
+						SetPrefix(options.PrefixOptions{
+							StrMaxQueryLength: 10,
+							StrMinQueryLength: 2,
+						}).
+						SetSuffix(options.SuffixOptions{
+							StrMaxQueryLength: 10,
+							StrMinQueryLength: 2,
+						}).
+						SetCaseSensitive(true).
+						SetDiacriticSensitive(true),
+				},
+				{
+					collection: "substring",
+					textOpts: options.Text().
+						SetSubstring(options.SubstringOptions{
+							StrMaxLength:      10,
+							StrMaxQueryLength: 10,
+							StrMinQueryLength: 2,
+						}).
+						SetCaseSensitive(true).
+						SetDiacriticSensitive(true),
+				},
+			} {
+				coll := encryptedClient.Database("db").Collection(c.collection, options.Collection().SetWriteConcern(mtest.MajorityWc))
+				eo := options.Encrypt().
+					SetKeyID(key1ID).
+					SetAlgorithm("TextPreview").
+					SetContentionFactor(0).
+					SetTextOptions(c.textOpts)
+				insertPayload, err := clientEncryption.Encrypt(context.Background(), foobarbaz, eo)
+				require.NoError(mt, err, "error in Encrypt: %v", err)
+				_, err = coll.InsertOne(context.Background(), bson.D{{"_id", 0}, {"encryptedText", insertPayload}})
+				require.NoError(mt, err, "error in InsertOne: %v", err)
+			}
+
+			return encryptedClient, clientEncryption
+		}
+
+		mt.Run("Case 1: can decrypt a payload", func(mt *mtest.T) {
+			encryptedClient, clientEncryption := testSetup()
+			defer clientEncryption.Close(context.Background())
+			defer encryptedClient.Disconnect(context.Background())
+
+			foo := bson.RawValue{Type: bson.TypeString, Value: bsoncore.AppendString(nil, "foo")}
+			eo := options.Encrypt().
+				SetAlgorithm("TextPreview").
+				SetKeyID(key1ID).
+				SetContentionFactor(0).
+				SetTextOptions(options.Text().
+					SetPrefix(options.PrefixOptions{
+						StrMaxQueryLength: 10,
+						StrMinQueryLength: 2,
+					}).
+					SetCaseSensitive(true).
+					SetDiacriticSensitive(true))
+			payload, err := clientEncryption.Encrypt(context.Background(), foo, eo)
+			require.NoError(mt, err, "error in Encrypt: %v", err)
+			coll := encryptedClient.Database("db").Collection("prefix-suffix")
+			got, err := coll.FindOne(context.Background(), bson.D{
+				{"$expr", bson.D{
+					{"$encStrStartsWith", bson.D{
+						{"input", "$encryptedText"},
+						{"prefix", payload},
+					}},
+				}},
+			}).Raw()
+			require.NoError(mt, err, "error in FindOne: %v", err)
+			assert.FailNow(mt, "got: %v", got)
+		})
+	})
 }
 
 func getWatcher(mt *mtest.T, streamType mongo.StreamType, cpt *cseProseTest) watcher {

internal/spectest/skip.go

@@ -822,15 +822,6 @@ var skipTests = map[string][]string{
 		"TestUnifiedSpec/client-side-operations-timeout/tests/tailable-awaitData.json/error_on_watch_if_maxAwaitTimeMS_is_equal_to_timeoutMS",
 	},
 
-	// TODO(GODRIVER-3620): Support text indexes with auto encryption.
-	"Support text indexes with auto encryption (GODRIVER-3620)": {
-		"TestUnifiedSpec/client-side-encryption/tests/unified/QE-Text-cleanupStructuredEncryptionData.json",
-		"TestUnifiedSpec/client-side-encryption/tests/unified/QE-Text-compactStructuredEncryptionData.json",
-		"TestUnifiedSpec/client-side-encryption/tests/unified/QE-Text-prefixPreview.json",
-		"TestUnifiedSpec/client-side-encryption/tests/unified/QE-Text-substringPreview.json",
-		"TestUnifiedSpec/client-side-encryption/tests/unified/QE-Text-suffixPreview.json",
-	},
-
 	// TODO(GODRIVER-3403): Support queryable encryption in Client.BulkWrite.
 	"Support queryable encryption in Client.BulkWrite (GODRIVER-3403)": {
 		"TestUnifiedSpec/crud/tests/unified/client-bulkWrite-qe.json",

mongo/client_encryption.go

@@ -243,6 +243,27 @@ func transformExplicitEncryptionOptions(opts ...options.Lister[options.EncryptOp
 		}
 		transformed.SetRangeOptions(transformedRange)
 	}
+	if args.TextOptions != nil {
+		textArgs, _ := mongoutil.NewOptions[options.TextOptions](args.TextOptions)
+
+		transformedText := mcopts.ExplicitTextOptions{
+			CaseSensitive:      textArgs.CaseSensitive,
+			DiacriticSensitive: textArgs.DiacriticSensitive,
+		}
+		if textArgs.Substring != nil {
+			substringOpts := mcopts.SubstringOptions(*textArgs.Substring)
+			transformedText.Substring = &substringOpts
+		}
+		if textArgs.Prefix != nil {
+			prefixOpts := mcopts.PrefixOptions(*textArgs.Prefix)
+			transformedText.Prefix = &prefixOpts
+		}
+		if textArgs.Suffix != nil {
+			suffixOpts := mcopts.SuffixOptions(*textArgs.Suffix)
+			transformedText.Suffix = &suffixOpts
+		}
+		transformed.SetTextOptions(transformedText)
+	}
 	return transformed
 }
 

mongo/options/encryptoptions.go

@@ -27,7 +27,7 @@ type RangeOptions struct {
 	Precision  *int32
 }
 
-// RangeOptionsBuilder contains options to configure Rangeopts for queryeable
+// RangeOptionsBuilder contains options to configure RangeOptions for queryeable
 // encryption. Each option can be set through setter functions. See
 // documentation for each setter function for an explanation of the option.
 type RangeOptionsBuilder struct {
@@ -99,6 +99,105 @@ func (ro *RangeOptionsBuilder) SetPrecision(precision int32) *RangeOptionsBuilde
 	return ro
 }
 
+// TextOptions specifies index options for a Queryable Encryption field supporting "test" queries.
+//
+// See corresponding setter methods for documentation.
+type TextOptions struct {
+	Substring          *SubstringOptions
+	Prefix             *PrefixOptions
+	Suffix             *SuffixOptions
+	CaseSensitive      bool
+	DiacriticSensitive bool
+}
+
+type SubstringOptions struct {
+	StrMaxLength      int32
+	StrMinQueryLength int32
+	StrMaxQueryLength int32
+}
+
+type PrefixOptions struct {
+	StrMinQueryLength int32
+	StrMaxQueryLength int32
+}
+
+type SuffixOptions struct {
+	StrMinQueryLength int32
+	StrMaxQueryLength int32
+}
+
+// TextOptionsBuilder contains options to configure TextOptions for queryeable
+// encryption. Each option can be set through setter functions. See
+// documentation for each setter function for an explanation of the option.
+type TextOptionsBuilder struct {
+	Opts []func(*TextOptions) error
+}
+
+// Text creates a new TextOptions instance.
+func Text() *TextOptionsBuilder {
+	return &TextOptionsBuilder{}
+}
+
+// List returns a list of TextOptions setter functions.
+func (to *TextOptionsBuilder) List() []func(*TextOptions) error {
+	return to.Opts
+}
+
+// SetSubstring sets the text index substring value.
+func (to *TextOptionsBuilder) SetSubstring(substring SubstringOptions) *TextOptionsBuilder {
+	to.Opts = append(to.Opts, func(opts *TextOptions) error {
+		opts.Substring = &substring
+
+		return nil
+	})
+
+	return to
+}
+
+// SetPrefix sets the text index prefix value.
+func (to *TextOptionsBuilder) SetPrefix(prefix PrefixOptions) *TextOptionsBuilder {
+	to.Opts = append(to.Opts, func(opts *TextOptions) error {
+		opts.Prefix = &prefix
+
+		return nil
+	})
+
+	return to
+}
+
+// SetSuffix sets the text index suffix value.
+func (to *TextOptionsBuilder) SetSuffix(suffix SuffixOptions) *TextOptionsBuilder {
+	to.Opts = append(to.Opts, func(opts *TextOptions) error {
+		opts.Suffix = &suffix
+
+		return nil
+	})
+
+	return to
+}
+
+// SetCaseSensitive sets the text index caseSensitive value.
+func (to *TextOptionsBuilder) SetCaseSensitive(caseSensitive bool) *TextOptionsBuilder {
+	to.Opts = append(to.Opts, func(opts *TextOptions) error {
+		opts.CaseSensitive = caseSensitive
+
+		return nil
+	})
+
+	return to
+}
+
+// SetDiacriticSensitive sets the text index diacriticSensitive value.
+func (to *TextOptionsBuilder) SetDiacriticSensitive(diacriticSensitive bool) *TextOptionsBuilder {
+	to.Opts = append(to.Opts, func(opts *TextOptions) error {
+		opts.DiacriticSensitive = diacriticSensitive
+
+		return nil
+	})
+
+	return to
+}
+
 // EncryptOptions represents arguments to explicitly encrypt a value.
 //
 // See corresponding setter methods for documentation.
@@ -109,6 +208,7 @@ type EncryptOptions struct {
 	QueryType        string
 	ContentionFactor *int64
 	RangeOptions     *RangeOptionsBuilder
+	TextOptions      *TextOptionsBuilder
 }
 
 // EncryptOptionsBuilder contains options to configure Encryptopts for
@@ -203,3 +303,14 @@ func (e *EncryptOptionsBuilder) SetRangeOptions(ro *RangeOptionsBuilder) *Encryp
 
 	return e
 }
+
+// SetTextOptions specifies the options to use for text queries.
+func (e *EncryptOptionsBuilder) SetTextOptions(to *TextOptionsBuilder) *EncryptOptionsBuilder {
+	e.Opts = append(e.Opts, func(opts *EncryptOptions) error {
+		opts.TextOptions = to
+
+		return nil
+	})
+
+	return e
+}

testdata/client-side-encryption-prose/encryptedFields-prefix-suffix.json

@@ -0,0 +1,38 @@
+{
+  "fields": [
+    {
+            "keyId": {
+                "$binary": {
+                    "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+                    "subType": "04"
+                }
+            },
+            "path": "encryptedText",
+            "bsonType": "string",
+            "queries": [
+                {
+                    "queryType": "prefixPreview",
+                    "strMinQueryLength": {
+                        "$numberInt": "2"
+                    },
+                    "strMaxQueryLength": {
+                        "$numberInt": "10"
+                    },
+                    "caseSensitive": true,
+                    "diacriticSensitive": true
+                },
+                {
+                    "queryType": "suffixPreview",
+                    "strMinQueryLength": {
+                        "$numberInt": "2"
+                    },
+                    "strMaxQueryLength": {
+                        "$numberInt": "10"
+                    },
+                    "caseSensitive": true,
+                    "diacriticSensitive": true
+                }
+            ]
+        }
+  ]
+}