[CDRIVER-4428] Automatically create Queryable Encryption keys Created: 15/Jul/22  Updated: 13/Mar/23  Resolved: 08/Nov/22

Status: Closed
Project: C Driver
Component/s: Client Side Encryption
Affects Version/s: None
Fix Version/s: 1.24.0

Type: Task Priority: Unknown
Reporter: PM Bot Assignee: Colby Pike
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by PHPC-2193 Add ClientEncryption::createEncrypted... Closed
Duplicate
is duplicated by CDRIVER-4570 Document createEncryptedCollection as... Closed
is duplicated by CDRIVER-4540 Add a positive prose test for CreateE... Closed
Issue split
Related
is related to PHPLIB-913 Automatically create Queryable Encryp... Closed
Quarter: FY23Q3
Upstream Changes Summary:

DRIVERS-2312:

The relevant spec changes:


 Description   

This ticket was split from DRIVERS-2312, please see that ticket for a detailed description.



 Comments   
Comment by Githook User [ 31/Jan/23 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4428 do not check encryptedFieldsMap in CreateEncryptedCollection (#1197)

  • add failing test
Comment by Githook User [ 08/Nov/22 ]

Author:

{'name': 'vector-of-bool', 'email': 'vectorofbool@gmail.com', 'username': 'vector-of-bool'}

Message: CDRIVER-4428 Automatic Queryable Encryption Keys for Encrypted Fields when Creating a Collection (#1118)

  • Internal auto-datakeys API/utility
  • This implements a utility function that inspects the options for
    `create`'s `encryptedFields.fields` and finds null keyIds
  • When a null keyId is found, a caller-supplied callback is invoked to
    generate a new keyId value. this value is inserted in place of the
    null keyId.
  • This utility does not require CSE support or I/O, so it can be
    tested and validated without any external dependencies.
  • The isolation of the auto-datakey logic isolates its correctness from
    the correctness of any calling code.
  • Public API for creating an encrypted collection

This convenience function wrapping CreateCollection will automatically
fill in any null keyIds with new datakeys before creating the
collection.

  • Support the encryptedFieldsMap. Clean-up encryptedFields lookup.
  • Support the encryptedFieldsMap within CreateEncryptedCollection.
    Looks up the encryptedFields for the collection in the same way as
    for the CreateCollection and DropCollection APIs.
  • Consolidate the logic used to find encryptedFields for collections,
    now shared across all three helper functions.
  • The internal auto-datakey function now acts on encryptedFields
    directly instead of the CreateCollection options.
Generated at Wed Feb 07 21:20:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.