Skip to content

MONGOCRYPT-772 Add strEncodeVersion to the encrypted field config #949

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Feb 10, 2025
Merged

MONGOCRYPT-772 Add strEncodeVersion to the encrypted field config #949

merged 13 commits into from
Feb 10, 2025

Conversation

marksg07
Copy link
Collaborator

@marksg07 marksg07 commented Feb 3, 2025
edited
Loading

When the EncryptedFieldConfig from collinfo or setopt_encrypted_field_config contains at least one field with a text search query type, we add the strEncodeVersion field with the latest version. If the field already exists, we check it for validity. We also copy this field from the EFC to the encryptedFields field of a create command. If this field already has strEncodeVersion, we check that it's equal to what's on the EFC.

@marksg07 marksg07 force-pushed the marksg07/server-97941 branch from a733742 to fd86a9e Compare February 4, 2025 22:22
@marksg07 marksg07 force-pushed the marksg07/server-97941 branch from fd86a9e to 548f9fb Compare February 5, 2025 17:07
@marksg07 marksg07 requested review from erwee and kevinAlbs February 5, 2025 19:43
@marksg07 marksg07 marked this pull request as ready for review February 5, 2025 19:43
@erwee erwee changed the title SERVER-97941 Add strEncodeVersion to the encrypted field config MONGOCRYPT-772 Add strEncodeVersion to the encrypted field config Feb 7, 2025
kevinAlbs
kevinAlbs approved these changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@kevinAlbs kevinAlbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with minor comments.

test/test-mongocrypt-ctx-encrypt.c Outdated
mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-create-encrypted-collection/cmd.json")),
ctx);

ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though this follows other test patterns in this file, consider adding a macro to reduce repetition of the isMaster command (since it is not the subject of the test):

#define reply_to_ismaster(ctx)                                                                                         \
    if (1) {                                                                                                           \
        ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);                             \
        {                                                                                                              \
            mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new();                                         \
                                                                                                                       \
            ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx);                                          \
            ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/"                    \
                                                          "ismaster-to-mongocryptd.json"),                             \
                                                cmd_to_mongocryptd);                                                   \
            mongocrypt_binary_destroy(cmd_to_mongocryptd);                                                             \
            ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx,                                                                   \
                                                TEST_FILE("./test/data/fle1-create/without-schema/"                    \
                                                          "mongocryptd-ismaster.json")),                               \
                      ctx);                                                                                            \
            ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);                                                            \
        }                                                                                                              \
    } else                                                                                                             \
        (void)0

src/mc-efc.c Outdated
}
} else {
if (!BSON_ITER_HOLDS_INT32(&iter)) {
CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&iter));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&iter));
CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %s",
mc_bson_type_to_string(bson_iter_type(&iter)));

To print string version of type on error.

src/mc-efc.c Outdated
}
int32_t version = bson_iter_int32(&iter);
if (version > LATEST_STR_ENCODE_VERSION || version < MIN_STR_ENCODE_VERSION) {
CLIENT_ERR("'strEncodeVersion' of %d is not supported", version);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
CLIENT_ERR("'strEncodeVersion' of %d is not supported", version);
CLIENT_ERR("'strEncodeVersion' of %" PRId32 " is not supported", version);

To match int32_t argument.

src/mongocrypt-ctx-encrypt.c Outdated
Comment on lines 1487 to 1499
const uint8_t *data;
uint32_t len;
if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) {
CLIENT_ERR(
"_fle2_fixup_encryptedFields_strEncodeVersion: Expected encryptedFields to be type obj, got: %d",
bson_iter_type(&ef_iter));
goto fail2;
}
bson_iter_document(&ef_iter, &len, &data);
if (!bson_init_static(&ef, data, len)) {
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: bson_init_static failed");
goto fail2;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const uint8_t *data;
uint32_t len;
if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) {
CLIENT_ERR(
"_fle2_fixup_encryptedFields_strEncodeVersion: Expected encryptedFields to be type obj, got: %d",
bson_iter_type(&ef_iter));
goto fail2;
}
bson_iter_document(&ef_iter, &len, &data);
if (!bson_init_static(&ef, data, len)) {
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: bson_init_static failed");
goto fail2;
}
if (!mc_iter_document_as_bson(&ef_iter, &ef, status)) {
goto fail2;
}

erwee
erwee requested changes Feb 10, 2025
View reviewed changes
test/test-mongocrypt-ctx-encrypt.c
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we use just a single helper function to do all the create test cases, parameterized by the expectation files?

@marksg07 marksg07 requested review from erwee and kevinAlbs February 10, 2025 16:54
@marksg07 marksg07 merged commit 74fc7d6 into mongodb:master Feb 10, 2025
53 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevinAlbs kevinAlbs kevinAlbs approved these changes

@erwee erwee erwee approved these changes

@shreyaskalyan shreyaskalyan Awaiting requested review from shreyaskalyan

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marksg07 @kevinAlbs @erwee