[Encryption] Fix format of encryptedFieldsMaps in the autoEncryption configuration
#905
Conversation
| $encryptedFieldsMap = []; | ||
| foreach ($documentManager->getMetadataFactory()->getAllMetadata() as $metadata) { | ||
| $database = $documentManager->getDocumentDatabase($metadata->getName()); | ||
| $collectionInfoIterator = $database->listCollections(['filter' => ['name' => $metadata->getCollection()]]); |
There was a problem hiding this comment.
This is inspired by the get_encrypted_fields_from_server function.
alcaeus
left a comment
alcaeus
left a comment
There was a problem hiding this comment.
I think this change is reasonable. We need to make sure how to properly generate the encryptedFieldsMap for use in the configuration. For a future improvement, we can consider dumping the encryptedFieldsMap based on the return value of createEncryptedCollection calls in the schema:create command.
GromNaN
force-pushed
the
encryptedFieldsMap
branch
from
125545d to
96849e3
Compare
| <doctrine:queries queryType="equality" /> | ||
| </doctrine:field> | ||
| </doctrine:encryptedFields> | ||
| <![CDATA[ |
There was a problem hiding this comment.
@alcaeus Since the XML format is set to disappear, I have simplified the configuration here. EncryptedFieldsMap is a JSON string that is copied from the dump command in the XML. It is too complicated to convert this to XML tags, and most likely unusable anyway.
GromNaN
changed the title
encryptedFieldsMaps in the autoEncryption configurationencryptedFieldsMaps in the autoEncryption configuration
GromNaN
force-pushed
the
encryptedFieldsMap
branch
from
96849e3 to
3eb3779
Compare
| ], | ||
| [ | ||
| 'path' => 'sensitive_field', | ||
| 'keyId' => ['$binary' => ['base64' => '2CSosXLSTEKaYphcSnUuCw==', 'subType' => '04' ] ], |
There was a problem hiding this comment.
For PHP, should we suggest people create a Binary instance?
| 'keyId' => ['$binary' => ['base64' => '2CSosXLSTEKaYphcSnUuCw==', 'subType' => '04' ] ], | |
| 'keyId' => new Binary(base64_decode('2CSosXLSTEKaYphcSnUuCw=='), Binary::TYPE_UUID), |
On second thought after reviewing the rest of this PR, I'm guessing this format is created by the PHP dumper in the command that dumps the encryptedFieldsMap. Feel free to disregard in that case.
There was a problem hiding this comment.
BSON binary is not supported because I use json_encode on the value in DoctrineMongoDBExtension.
There is no function that is able to read a mix of BSON and RelaxedExtendedJSON in an array.
Co-authored-by: Andreas Braun <git@alcaeus.org>
GromNaN
merged commit 7bf0b5c
into
doctrine:feature/queryable-encryption
…on` configuration (#905) * Fix format of encryptedFieldsMaps in the configuration * EncryptedFieldsMaps loaded from a JSON string from XML configuration * Enable client configuration for tests - partial
2 participants
In driver options, the
encryptedFieldsMapoption must:fieldskey with the list of fieldsquery.minandquery.maxto the same BSON type as the fieldkeyId. But this value will change every time the database is reset.This needs to be improved by leveraging
keyAltNames.