Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PHPLIB-1176: Various improvements for In-Use Encryption tutorial #1122

Merged
merged 6 commits into from
Jul 10, 2023
Merged

PHPLIB-1176: Various improvements for In-Use Encryption tutorial #1122

merged 6 commits into from
Jul 10, 2023

Conversation

jmikola
Copy link
Member

@jmikola jmikola commented Jul 3, 2023
edited
Loading

https://jira.mongodb.org/browse/PHPLIB-1176

Note: this is rebased on #1123, which fixes the docs build.

Also, I'll plan to create a separate PR (or DOCSP ticket) to setup the redirect in mongodb/docs-php-library.

Summary of changes

Adds additional non-enterprise examples from the PyMongo tutorial: "Explicit Encryption with Automatic Decryption" and "Explicit Queryable Encryption".

Examples are now broken out into separate files, which are tested in ExamplesTest.

Renames "Client-Side Encryption" to "In-Use Encryption" (PHPLIB-997). This will warrant adding a redirect from "/tutorial/client-side-encryption/" to "/tutorial/encryption/" in the related docs-php-library project.

Adds docs for crypt_shared and mongocryptd (PHPLIB-985).

@jmikola jmikola requested review from alcaeus and GromNaN July 3, 2023 03:50
alcaeus
alcaeus approved these changes Jul 3, 2023
View reviewed changes
Copy link
Member

@alcaeus alcaeus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This tutorial is much better than the previous version. Not sure if literalinclude is supported on Snooty (whenever we migrate to it), but that's something to worry about once the time comes.

@jmikola jmikola force-pushed the phplib-1176-encryption-tutorial branch from 11e7964 to de1f890 Compare July 3, 2023 15:11
@jmikola
Copy link
Member Author

jmikola commented Jul 3, 2023

Added test coverage for example script output. Also fixed some issues in the original example scripts:

  • Ensure that we drop the key vault collection going into each script
  • The local schema was previously setting a server-side schema (copypasta). Fixed this to actually set the schemaMap option in the client auto encryption opts.

@jmikola jmikola force-pushed the phplib-1176-encryption-tutorial branch from c85e70c to cf0b7e1 Compare July 3, 2023 20:46
@alcaeus alcaeus self-requested a review July 4, 2023 06:52
@jmikola jmikola force-pushed the phplib-1176-encryption-tutorial branch 2 times, most recently from f2328c3 to 890dd41 Compare July 5, 2023 19:44
@jmikola
Copy link
Member Author

jmikola commented Jul 5, 2023

Not sure if literalinclude is supported on Snooty

See: https://github.com/mongodb/snooty-parser/blob/master/snooty/rstspec.toml#L194

@jmikola jmikola force-pushed the phplib-1176-encryption-tutorial branch 2 times, most recently from 4c9f55a to 29db0f8 Compare July 5, 2023 20:34
@jmikola
Copy link
Member Author

jmikola commented Jul 5, 2023

@alcaeus, @GromNaN: Feel free to take another pass on this (or opt out). I fixed up the test cases since Andreas' last review in order to get CI passing. Also rebased after merging #1123.

GromNaN
GromNaN reviewed Jul 5, 2023
View reviewed changes
Copy link
Member

@GromNaN GromNaN left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, CSFLE holds no secrets for me now 👍🏻

docs/examples/csfle-automatic_encryption-local_schema.php Outdated Show resolved Hide resolved
docs/examples/csfle-automatic_encryption-local_schema.php Outdated Show resolved Hide resolved
docs/examples/csfle-automatic_encryption-local_schema.php Outdated Show resolved Hide resolved
docs/examples/csfle-explicit_encryption.php Outdated Show resolved Hide resolved
tests/ExamplesTest.php Show resolved Hide resolved
@jmikola jmikola requested a review from GromNaN July 10, 2023 01:29
jmikola
jmikola commented Jul 10, 2023
View reviewed changes
docs/examples/csfle-automatic_encryption-local_schema.php

/* Note: this script assumes that the test database is empty and that the key
* vault collection exists and has a partial, unique index on keyAltNames (as
* demonstrated in the encryption key management scripts). */
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This note is included in scripts other than create_data_key.php and key_alt_name.php, which demonstrate creation of the unique index on the key vault. I'm reasonably happy with this, as it avoids repetition, and also goes along with the note I added in the RST prose above the key_alt_name.php example.

This means all drop() calls are removed and createCollection() only exists in the QE example scripts, since it's necessary to handle encryptedFields. I've revised the comments to remind users about encryptedFields when dropping collections.

ExamplesTest was also updated to ensure a clean test environment going into each script, and create the necessary key vault index.

GromNaN
GromNaN approved these changes Jul 10, 2023
View reviewed changes
Copy link
Member

@GromNaN GromNaN left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jmikola
PHPLIB-1176: Various improvements for In-Use Encryption tutorial
4a1e55d 
Adds additional non-enterprise examples from the PyMongo tutorial: "Explicit Encryption with Automatic Decryption" and "Explicit Queryable Encryption".

Examples are now broken out into separate files, which are tested in ExamplesTest.

Renames "Client-Side Encryption" to "In-Use Encryption" (PHPLIB-997). This will warrant adding a redirect from "/tutorial/client-side-encryption/" to "/tutorial/encryption/" in the related docs-php-library project.

Adds docs for crypt_shared and mongocryptd (PHPLIB-985).
@jmikola
Code review feedback
c2ca7b0 
Demonstrates schema validation errors in example scripts

Relocates local schema section after server-side schema, and clarifies that it should be used in conjunction with server-side schemas (not instead of).

Revise comments and variable names in scripts and update expected output for tests accordingly.
@jmikola
Create key vault index in key management scripts and remove setup cod…
e81560a 
…e elsewhere

This replaces the setup code with a top-of-script comment to avoid repetition. ExamplesTest now prepares the cleans up the necessary collections.

Add a note about creating the partial, unique index on keyAltNames.
@jmikola
Fix variable typo
e05aa7d
@jmikola
Update baseline
af018f1
@jmikola
PHP 7.2 doesn't allow indenting nowdoc closing identifiers
847023d
@jmikola jmikola force-pushed the phplib-1176-encryption-tutorial branch from bb1393b to 847023d Compare July 10, 2023 22:53
@jmikola jmikola merged commit 31a8d3b into mongodb:master Jul 10, 2023
@jmikola jmikola deleted the phplib-1176-encryption-tutorial branch July 10, 2023 23:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GromNaN GromNaN GromNaN approved these changes

@alcaeus alcaeus Awaiting requested review from alcaeus

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmikola @alcaeus @GromNaN