From 6b00083f70cfb298eb4dccf096397a577ac80afa Mon Sep 17 00:00:00 2001 From: Kevin Albertson Date: Tue, 4 Feb 2025 09:42:07 -0500 Subject: [PATCH] MONGOCRYPT-770 do not warn if local schema does not require encryption (#947) * add regression test * remove warning --- src/mongocrypt-ctx-encrypt.c | 8 +---- test/test-mongocrypt-ctx-encrypt.c | 53 ++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 7 deletions(-) diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index 1867a31eb..6d9e7ce05 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -791,13 +791,7 @@ static bool _mongo_feed_markings(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in) if (bson_iter_init_find(&iter, &as_bson, "schemaRequiresEncryption") && !bson_iter_as_bool(&iter)) { /* TODO: update cache: this schema does not require encryption. */ - - /* If using a local schema, warn if there are no encrypted fields. */ - if (ectx->used_local_schema) { - _mongocrypt_log(&ctx->crypt->log, - MONGOCRYPT_LOG_LEVEL_WARNING, - "local schema used but does not have encryption specifiers"); - } + // Schema does not require encryption. Skip copying the `result`. return true; } diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index b5f697e74..abda18d56 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -4651,6 +4651,58 @@ static void _test_encrypt_retry(_mongocrypt_tester_t *tester) { } } +static void capture_logs(mongocrypt_log_level_t level, const char *message, uint32_t message_len, void *ctx) { + mc_array_t *log_msgs = ctx; + char *message_copy = bson_strdup(message); + _mc_array_append_val(log_msgs, message_copy); +} + +// Regression test for: MONGOCRYPT-770 +static void _test_does_not_warn_for_empty_local_schema(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + ASSERT_OK(mongocrypt_setopt_kms_providers( + crypt, + TEST_BSON(BSON_STR({"aws" : {"accessKeyId" : "foo", "secretAccessKey" : "bar"}}))), + crypt); + + mc_array_t log_msgs; // Array of char *; + _mc_array_init(&log_msgs, sizeof(char *)); + ASSERT_OK(mongocrypt_setopt_log_handler(crypt, capture_logs, &log_msgs), crypt); + + // Configure a local schema for "db.coll": + ASSERT_OK(mongocrypt_setopt_schema_map(crypt, TEST_BSON(BSON_STR({"db.coll" : {}}))), crypt); + + ASSERT_OK(mongocrypt_init(crypt), crypt); + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_BSON(BSON_STR({"find" : "coll", "filter" : {}}))), ctx); + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + + // Feed mongocryptd reply indicating `schemaRequiresEncryption: false`. + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_BSON(BSON_STR({ + "hasEncryptionPlaceholders" : false, + "schemaRequiresEncryption" : false, + "result" : {"find" : "test", "filter" : {}}, + "ok" : {"$numberDouble" : "1.0"} + }))), + ctx); + + // Expect no warning (passing an empty local schema is a valid use-case). + if (log_msgs.len > 0) { + TEST_STDERR_PRINTF("Got unexpected log messages:\n"); + for (size_t i = 0; i < log_msgs.len; i++) { + TEST_STDERR_PRINTF("> %s\n", _mc_array_index(&log_msgs, char *, i)); + } + abort(); + } + + for (size_t i = 0; i < log_msgs.len; i++) { + bson_free(_mc_array_index(&log_msgs, char *, i)); + } + _mc_array_destroy(&log_msgs); + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_explicit_encrypt_init); INSTALL_TEST(_test_encrypt_init); @@ -4733,4 +4785,5 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_no_trimFactor); INSTALL_TEST(_test_range_sends_cryptoParams); INSTALL_TEST(_test_encrypt_retry); + INSTALL_TEST(_test_does_not_warn_for_empty_local_schema); }