Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding queryable encryption range support #4885

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Adding queryable encryption range support #4885

wants to merge 1 commit into from

Conversation

rozza
Copy link

@rozza rozza commented Jan 24, 2025

Supports range style queries for encrypted fields.

Note: This feature requires MongoDB 8.0 and a Mongo Client 5.x

  • You have read the Spring Data contribution guidelines.
  • You use the code formatters provided here and have them applied to your changes. Don’t submit any formatting related changes.
  • You submit test cases (unit or integration tests) that back your changes.
  • You added yourself as author in the headers of the classes you touched. Amend the date range in the Apache license header if needed. For new types, add the license header (copy from another file and set the current year only).

@rozza
Adding queryable encryption range support
94d2f6f 
Supports range style queries for encrypted fields
rozza
rozza commented Jan 24, 2025
View reviewed changes
spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/CollectionOptions.java
*
* @param encryptedFields can be null
* @return new instance of {@link CollectionOptions}.
* @since 4.5.0
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this is the correct version?

rozza
rozza commented Jan 24, 2025
View reviewed changes
...a-mongodb/src/main/java/org/springframework/data/mongodb/util/MongoCompatibilityAdapter.java
* @param options
* @return
*/
public static RangeOptionsAdapter rangeOptionsAdapter(RangeOptions options) {
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only available in the 5.x driver

rozza
rozza commented Jan 24, 2025
View reviewed changes
...odb/src/test/java/org/springframework/data/mongodb/core/encryption/RangeEncryptionTests.java
database.getCollection("test").drop();

ClientEncryption clientEncryption = mongoClientEncryption.getClientEncryption();
BsonDocument encryptedFields = new BsonDocument().append("fields",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added multiple fields as:

a) its non trivial / not obvious how to do so.
b) needed to ensure testing worked as expected

rozza
rozza commented Jan 24, 2025
View reviewed changes
...odb/src/test/java/org/springframework/data/mongodb/core/encryption/RangeEncryptionTests.java

private static final String LOCAL_KMS_PROVIDER = "local";

private static final Lazy<Map<String, Map<String, Object>>> LAZY_KMS_PROVIDERS = Lazy.of(() -> {
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lazily constructed the master key - so does this only once.

rozza
rozza commented Jan 24, 2025
View reviewed changes
...odb/src/test/java/org/springframework/data/mongodb/core/encryption/RangeEncryptionTests.java
builder.autoEncryptionSettings(AutoEncryptionSettings.builder() //
.kmsProviders(clientEncryptionSettings.getKmsProviders()) //
.keyVaultNamespace(clientEncryptionSettings.getKeyVaultNamespace()) //
.bypassQueryAnalysis(true).build());
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bypassQueryAnalysis is required to be true.

@rozza rozza marked this pull request as ready for review January 24, 2025 15:32
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 24, 2025
@rozza
Copy link
Author

rozza commented Jan 24, 2025

@christophstrobl apologies I closed #4879 while I was still working through it and couldn't reopen it - so created a new PR.

rozza
rozza commented Jan 24, 2025
View reviewed changes
...ongodb/src/main/java/org/springframework/data/mongodb/core/encryption/EncryptionOptions.java
Assert.isInstanceOf(Integer.class, trimFactor, () -> String
.format("Expected to find a %s but it turned out to be %s.", Integer.class, trimFactor.getClass()));

rangeOptionsAdapter(encryptionRangeOptions).trimFactor((Integer) trimFactor);
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what the best approach is for handling Mongo driver 4 user. This adapter is needed to compile - but should there be another check to prevent them using range options at all?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we're going to remove the 4.x driver backwards compatibility for the next release, so don't worry about that one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christophstrobl christophstrobl christophstrobl left review comments

Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rozza @christophstrobl @spring-projects-issues