Skip to content

Commit af576dd

Browse files
GromNaNGromNaN
committed
Fix XML configuration
1 parent 984a478 commit af576dd

File tree

5 files changed

+272
-419
lines changed

5 files changed

+272
-419
lines changed

config/schema/mongodb-1.0.xsd

Lines changed: 94 additions & 96 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@
4848
<xsd:sequence>
4949
<xsd:element name="options" type="connection-options" minOccurs="0" maxOccurs="1" />
5050
<xsd:element name="driver-options" type="connection-driver-options" minOccurs="0" maxOccurs="1" />
51+
<xsd:element name="autoEncryption" type="auto-encryption" minOccurs="0" maxOccurs="1" />
5152
</xsd:sequence>
5253
<xsd:attribute name="id" type="xsd:string" use="required" />
5354
<xsd:attribute name="server" type="xsd:string" />
@@ -90,102 +91,6 @@
9091
<xsd:attribute name="context" type="xsd:string" />
9192
</xsd:complexType>
9293

93-
<xsd:complexType name="auto-encryption">
94-
<xsd:all>
95-
<xsd:element name="bypassAutoEncryption" type="xsd:boolean" minOccurs="0" />
96-
<xsd:element name="keyVaultClient" type="xsd:string" minOccurs="0" />
97-
<xsd:element name="keyVaultNamespace" type="xsd:string" minOccurs="0" />
98-
<xsd:element name="kmsProviders" minOccurs="0">
99-
<xsd:complexType>
100-
<xsd:all>
101-
<xsd:element name="aws" type="kms-provider-aws" minOccurs="0" />
102-
<xsd:element name="azure" type="kms-provider-azure" minOccurs="0" />
103-
<xsd:element name="gcp" type="kms-provider-gcp" minOccurs="0" />
104-
<xsd:element name="kmip" type="kms-provider-kmip" minOccurs="0" />
105-
<xsd:element name="local" type="kms-provider-local" minOccurs="0" />
106-
</xsd:all>
107-
</xsd:complexType>
108-
</xsd:element>
109-
<xsd:element name="schemaMap" type="map-like-options" minOccurs="0" />
110-
<xsd:element name="encryptedFieldsMap" type="map-like-options" minOccurs="0" />
111-
<xsd:element name="extraOptions" type="map-like-options" minOccurs="0" />
112-
<xsd:element name="bypassQueryAnalysis" type="xsd:boolean" minOccurs="0" />
113-
<xsd:element name="tlsOptions" type="tls-options" minOccurs="0">
114-
<xsd:annotation>
115-
<xsd:documentation><![CDATA[TLS options for the Key Vault client if keyVaultClient is not specified.]]></xsd:documentation>
116-
</xsd:annotation>
117-
</xsd:element>
118-
</xsd:all>
119-
</xsd:complexType>
120-
121-
<xsd:complexType name="tls-options">
122-
<xsd:all>
123-
<xsd:element name="tlsCAFile" type="xsd:string" minOccurs="0" />
124-
<xsd:element name="tlsCertificateKeyFile" type="xsd:string" minOccurs="0" />
125-
<xsd:element name="tlsCertificateKeyFilePassword" type="xsd:string" minOccurs="0" />
126-
<xsd:element name="tlsAllowInvalidCertificates" type="xsd:boolean" minOccurs="0" />
127-
<xsd:element name="tlsAllowInvalidHostnames" type="xsd:boolean" minOccurs="0" />
128-
<xsd:element name="tlsDisableCertificateRevocationCheck" type="xsd:boolean" minOccurs="0" />
129-
<xsd:element name="tlsDisableOCSPEndpointCheck" type="xsd:boolean" minOccurs="0" />
130-
<xsd:element name="tlsInsecure" type="xsd:boolean" minOccurs="0" />
131-
</xsd:all>
132-
</xsd:complexType>
133-
134-
<xsd:complexType name="map-like-options">
135-
<xsd:sequence>
136-
<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
137-
</xsd:sequence>
138-
<xsd:anyAttribute namespace="##any" processContents="lax"/>
139-
</xsd:complexType>
140-
141-
<xsd:complexType name="kms-provider-aws">
142-
<xsd:all>
143-
<xsd:element name="accessKeyId" type="xsd:string" minOccurs="0"/>
144-
<xsd:element name="secretAccessKey" type="xsd:string" minOccurs="0"/>
145-
<xsd:element name="sessionToken" type="xsd:string" minOccurs="0"/>
146-
</xsd:all>
147-
</xsd:complexType>
148-
149-
<xsd:complexType name="kms-provider-azure">
150-
<xsd:all>
151-
<xsd:element name="tenantId" type="xsd:string" minOccurs="0"/>
152-
<xsd:element name="clientId" type="xsd:string" minOccurs="0"/>
153-
<xsd:element name="clientSecret" type="xsd:string" minOccurs="0"/>
154-
<xsd:element name="keyVaultEndpoint" type="xsd:string" minOccurs="0"/>
155-
<xsd:element name="identityPlatformEndpoint" type="xsd:string" minOccurs="0"/>
156-
<xsd:element name="keyName" type="xsd:string" minOccurs="0"/>
157-
<xsd:element name="keyVersion" type="xsd:string" minOccurs="0"/>
158-
</xsd:all>
159-
</xsd:complexType>
160-
161-
<xsd:complexType name="kms-provider-gcp">
162-
<xsd:all>
163-
<xsd:element name="email" type="xsd:string" minOccurs="0"/>
164-
<xsd:element name="privateKey" type="xsd:string" minOccurs="0"/>
165-
<xsd:element name="endpoint" type="xsd:string" minOccurs="0"/>
166-
<xsd:element name="projectId" type="xsd:string" minOccurs="0"/>
167-
<xsd:element name="location" type="xsd:string" minOccurs="0"/>
168-
<xsd:element name="keyRing" type="xsd:string" minOccurs="0"/>
169-
<xsd:element name="keyName" type="xsd:string" minOccurs="0"/>
170-
<xsd:element name="keyVersion" type="xsd:string" minOccurs="0"/>
171-
</xsd:all>
172-
</xsd:complexType>
173-
174-
<xsd:complexType name="kms-provider-kmip">
175-
<xsd:all>
176-
<xsd:element name="endpoint" type="xsd:string" minOccurs="0"/>
177-
<xsd:element name="tlsCAFile" type="xsd:string" minOccurs="0"/>
178-
<xsd:element name="tlsClientCertificateKeyFile" type="xsd:string" minOccurs="0"/>
179-
<xsd:element name="tlsClientCertificateKeyFilePassword" type="xsd:string" minOccurs="0"/>
180-
</xsd:all>
181-
</xsd:complexType>
182-
183-
<xsd:complexType name="kms-provider-local">
184-
<xsd:all>
185-
<xsd:element name="key" type="xsd:string" minOccurs="0"/>
186-
</xsd:all>
187-
</xsd:complexType>
188-
18994
<xsd:simpleType name="auth-mechanism">
19095
<xsd:restriction base="xsd:string">
19196
<xsd:enumeration value="SCRAM-SHA-1" />
@@ -218,6 +123,99 @@
218123
<xsd:attribute name="value" type="xsd:string" use="required" />
219124
</xsd:complexType>
220125

126+
<xsd:complexType name="auto-encryption">
127+
<xsd:sequence>
128+
<xsd:element name="kmsProvider" type="kms-provider" minOccurs="0" maxOccurs="1" />
129+
<xsd:element name="masterKey" type="master-key" minOccurs="0" maxOccurs="1" />
130+
<xsd:element name="keyVaultNamespace" type="xsd:string" minOccurs="0" maxOccurs="1" />
131+
<xsd:element name="tlsOptions" type="tls-options" minOccurs="0" maxOccurs="1" />
132+
<xsd:element name="encryptedFieldsMap" type="encrypted-fields-map" minOccurs="0" maxOccurs="1" />
133+
<xsd:element name="extraOptions" type="extra-options" minOccurs="0" maxOccurs="1" />
134+
</xsd:sequence>
135+
<xsd:attribute name="bypassAutoEncryption" type="xsd:boolean" use="optional" />
136+
<xsd:attribute name="bypassQueryAnalysis" type="xsd:boolean" use="optional" />
137+
</xsd:complexType>
138+
139+
<xsd:complexType name="kms-provider">
140+
<xsd:attribute name="type" type="xsd:string" use="required" />
141+
<!-- AWS -->
142+
<xsd:attribute name="accessKeyId" type="xsd:string" use="optional" />
143+
<xsd:attribute name="secretAccessKey" type="xsd:string" use="optional" />
144+
<xsd:attribute name="sessionToken" type="xsd:string" use="optional" />
145+
<!-- Azure -->
146+
<xsd:attribute name="tenantId" type="xsd:string" use="optional" />
147+
<xsd:attribute name="clientId" type="xsd:string" use="optional" />
148+
<xsd:attribute name="clientSecret" type="xsd:string" use="optional" />
149+
<xsd:attribute name="keyVaultEndpoint" type="xsd:string" use="optional" />
150+
<xsd:attribute name="identityPlatformEndpoint" type="xsd:string" use="optional" />
151+
<xsd:attribute name="keyName" type="xsd:string" use="optional" />
152+
<xsd:attribute name="keyVersion" type="xsd:string" use="optional" />
153+
<!-- GCP -->
154+
<xsd:attribute name="email" type="xsd:string" use="optional" />
155+
<xsd:attribute name="privateKey" type="xsd:string" use="optional" />
156+
<xsd:attribute name="endpoint" type="xsd:string" use="optional" />
157+
<xsd:attribute name="projectId" type="xsd:string" use="optional" />
158+
<xsd:attribute name="location" type="xsd:string" use="optional" />
159+
<xsd:attribute name="keyRing" type="xsd:string" use="optional" />
160+
<!-- <xsd:attribute name="keyName" type="xsd:string" use="optional" /> -->
161+
<!-- <xsd:attribute name="keyVersion" type="xsd:string" use="optional" /> -->
162+
<!-- KMIP -->
163+
<!-- <xsd:attribute name="endpoint" type="xsd:string" use="optional" /> -->
164+
<xsd:attribute name="tlsCAFile" type="xsd:string" use="optional" />
165+
<xsd:attribute name="tlsClientCertificateKeyFile" type="xsd:string" use="optional" />
166+
<xsd:attribute name="tlsClientCertificateKeyFilePassword" type="xsd:string" use="optional" />
167+
<!-- Local -->
168+
<xsd:attribute name="key" type="xsd:string" use="optional" />
169+
</xsd:complexType>
170+
171+
<xsd:complexType name="master-key">
172+
<xsd:attribute name="key" type="xsd:string" use="required" />
173+
</xsd:complexType>
174+
175+
<xsd:complexType name="tls-options">
176+
<xsd:attribute name="tlsCAFile" type="xsd:string" use="optional" />
177+
<xsd:attribute name="tlsCertificateKeyFile" type="xsd:string" use="optional" />
178+
<xsd:attribute name="tlsCertificateKeyFilePassword" type="xsd:string" use="optional" />
179+
<xsd:attribute name="tlsDisableOCSPEndpointCheck" type="xsd:boolean" use="optional" />
180+
</xsd:complexType>
181+
182+
<xsd:complexType name="encrypted-fields-map">
183+
<xsd:sequence>
184+
<xsd:element name="encryptedFields" type="encrypted-fields" minOccurs="0" maxOccurs="unbounded" />
185+
</xsd:sequence>
186+
</xsd:complexType>
187+
188+
<xsd:complexType name="encrypted-fields">
189+
<xsd:sequence>
190+
<xsd:element name="field" type="encrypted-field" minOccurs="1" maxOccurs="unbounded" />
191+
</xsd:sequence>
192+
<xsd:attribute name="name" type="xsd:string" use="required" />
193+
</xsd:complexType>
194+
195+
<xsd:complexType name="encrypted-field">
196+
<xsd:sequence>
197+
<xsd:element name="queries" type="encrypted-queries" minOccurs="0" maxOccurs="1" />
198+
</xsd:sequence>
199+
<xsd:attribute name="path" type="xsd:string" use="required" />
200+
<xsd:attribute name="bsonType" type="xsd:string" use="required" />
201+
</xsd:complexType>
202+
203+
<xsd:complexType name="encrypted-queries">
204+
<xsd:attribute name="queryType" type="xsd:string" use="required" />
205+
<xsd:attribute name="min" type="xsd:string" use="optional" />
206+
<xsd:attribute name="max" type="xsd:string" use="optional" />
207+
<xsd:attribute name="sparsity" type="xsd:string" use="optional" />
208+
<xsd:attribute name="trimFactor" type="xsd:string" use="optional" />
209+
</xsd:complexType>
210+
211+
<xsd:complexType name="extra-options">
212+
<xsd:attribute name="mongocryptdURI" type="xsd:string" use="optional" />
213+
<xsd:attribute name="mongocryptdBypassSpawn" type="xsd:boolean" use="optional" />
214+
<xsd:attribute name="mongocryptdSpawnPath" type="xsd:string" use="optional" />
215+
<xsd:attribute name="mongocryptdSpawnArgs" type="xsd:string" use="optional" />
216+
<xsd:attribute name="cryptSharedLibPath" type="xsd:string" use="optional" />
217+
</xsd:complexType>
218+
221219
<xsd:complexType name="document-manager">
222220
<xsd:choice maxOccurs="unbounded">
223221
<xsd:element name="filter" type="filter" minOccurs="0" maxOccurs="unbounded" />

src/DependencyInjection/Configuration.php

Lines changed: 47 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
1212
use Symfony\Component\Config\Definition\ConfigurationInterface;
1313

14+
use function array_is_list;
1415
use function count;
1516
use function in_array;
1617
use function is_array;
@@ -350,14 +351,17 @@ private function addConnectionsSection(ArrayNodeDefinition $rootNode): void
350351
->thenInvalid('Invalid keyVaultNamespace format. It should be "database.collection".')
351352
->end()
352353
->end()
354+
->arrayNode('masterKey')
355+
->prototype('variable')->end()
356+
->end()
353357
->arrayNode('kmsProvider')
354358
->isRequired()
355359
->children()
356-
->scalarNode('name')
360+
->scalarNode('type')
357361
->isRequired()
358362
->validate()
359363
->ifTrue(static fn ($v) => ! in_array($v, ['aws', 'azure', 'gcp', 'kmip', 'local'], true))
360-
->thenInvalid('Invalid KMS provider name "%s". Valid values are "aws", "azure", "gcp", "kmip", or "local".')
364+
->thenInvalid('Invalid KMS provider type "%s". Valid values are "aws", "azure", "gcp", "kmip", or "local".')
361365
->end()
362366
->end()
363367
// AWS
@@ -379,10 +383,10 @@ private function addConnectionsSection(ArrayNodeDefinition $rootNode): void
379383
->scalarNode('projectId')->end()
380384
->scalarNode('location')->end()
381385
->scalarNode('keyRing')->end()
382-
->scalarNode('keyName')->end()
383-
->scalarNode('keyVersion')->end()
386+
//->scalarNode('keyName')->end()
387+
//->scalarNode('keyVersion')->end()
384388
// KMIP
385-
->scalarNode('endpoint')->end()
389+
//->scalarNode('endpoint')->end()
386390
->scalarNode('tlsCAFile')->end()
387391
->scalarNode('tlsClientCertificateKeyFile')->end()
388392
->scalarNode('tlsClientCertificateKeyFilePassword')->end()
@@ -394,7 +398,44 @@ private function addConnectionsSection(ArrayNodeDefinition $rootNode): void
394398
->prototype('variable')->end()
395399
->end()
396400
->arrayNode('encryptedFieldsMap')
397-
->prototype('variable')->end()
401+
->useAttributeAsKey('name', false)
402+
->beforeNormalization()
403+
->always(static function ($v) {
404+
if (isset($v['encryptedFields']) && is_array($v['encryptedFields'])) {
405+
$encryptedFields = $v['encryptedFields'];
406+
if (! array_is_list($encryptedFields)) {
407+
$encryptedFields = [$encryptedFields];
408+
}
409+
410+
$v = [];
411+
foreach ($encryptedFields as $field) {
412+
if (is_array($field['field'] ?? null) && ! array_is_list($field['field'])) {
413+
$field['field'] = [$field['field']];
414+
}
415+
416+
$v[$field['name'] ?? ''] = $field['field'] ?? [];
417+
}
418+
}
419+
420+
return $v;
421+
})->end()
422+
->prototype('array')
423+
->prototype('array')
424+
->children()
425+
->scalarNode('path')->isRequired()->cannotBeEmpty()->end()
426+
->scalarNode('bsonType')->isRequired()->cannotBeEmpty()->end()
427+
->arrayNode('queries')
428+
->children()
429+
->scalarNode('queryType')->isRequired()->cannotBeEmpty()->end()
430+
->integerNode('min')->end()
431+
->integerNode('max')->end()
432+
->integerNode('sparsity')->end()
433+
->integerNode('trimFactor')->end()
434+
->end()
435+
->end()
436+
->end()
437+
->end()
438+
->end()
398439
->end()
399440
->arrayNode('extraOptions')
400441
->prototype('variable')->end()

0 commit comments

Comments
 (0)