Skip to content

Commit 8220c15

Browse files
fimacfimac
authored
Merge pull request #23 from cipherstash/chore/constraint-check-for-jsonb
Updates so encrypted check can be set on plain jsonb types
2 parents 3180ed9 + cf7d4b3 commit 8220c15

File tree

2 files changed

+36
-18
lines changed

2 files changed

+36
-18
lines changed

release/cipherstash-encrypt-dsl.sql

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ DROP FUNCTION IF EXISTS cs_ore_64_8_v1_v0_0;
1414

1515
DROP FUNCTION IF EXISTS _cs_text_to_ore_64_8_v1_term_v1_0;
1616

17+
DROP FUNCTION IF EXISTS cs_check_encrypted_v1;
18+
1719
DROP DOMAIN IF EXISTS cs_match_index_v1;
1820
DROP DOMAIN IF EXISTS cs_unique_index_v1;
1921

@@ -38,21 +40,28 @@ BEGIN ATOMIC
3840
RETURN (val->>'k' = 'ct' AND val ? 'c') AND NOT val ? 'p';
3941
END;
4042

43+
CREATE FUNCTION cs_check_encrypted_v1(val jsonb)
44+
RETURNS BOOLEAN
45+
LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE
46+
BEGIN ATOMIC
47+
RETURN (
48+
-- version and source are required
49+
val ?& array['v'] AND
50+
51+
-- table and column
52+
val->'i' ?& array['t', 'c'] AND
53+
54+
-- plaintext or ciphertext for kind
55+
_cs_encrypted_check_kind(val)
56+
);
57+
END;
4158

4259
-- drop and reset the check constraint
4360
ALTER DOMAIN cs_encrypted_v1 DROP CONSTRAINT IF EXISTS cs_encrypted_v1_check;
4461

4562
ALTER DOMAIN cs_encrypted_v1
4663
ADD CONSTRAINT cs_encrypted_v1_check CHECK (
47-
-- version and source are required
48-
VALUE ?& array['v'] AND
49-
50-
-- table and column
51-
VALUE->'i' ?& array['t', 'c'] AND
52-
53-
-- plaintext or ciphertext for kind
54-
_cs_encrypted_check_kind(VALUE)
55-
64+
cs_check_encrypted_v1(VALUE)
5665
);
5766

5867
CREATE OR REPLACE FUNCTION cs_ciphertext_v1_v0_0(col jsonb)

sql/dsl-core.sql

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ DROP FUNCTION IF EXISTS cs_ore_64_8_v1_v0_0;
1414

1515
DROP FUNCTION IF EXISTS _cs_text_to_ore_64_8_v1_term_v1_0;
1616

17+
DROP FUNCTION IF EXISTS cs_check_encrypted_v1;
18+
1719
DROP DOMAIN IF EXISTS cs_match_index_v1;
1820
DROP DOMAIN IF EXISTS cs_unique_index_v1;
1921

@@ -38,21 +40,28 @@ BEGIN ATOMIC
3840
RETURN (val->>'k' = 'ct' AND val ? 'c') AND NOT val ? 'p';
3941
END;
4042

43+
CREATE FUNCTION cs_check_encrypted_v1(val jsonb)
44+
RETURNS BOOLEAN
45+
LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE
46+
BEGIN ATOMIC
47+
RETURN (
48+
-- version and source are required
49+
val ?& array['v'] AND
50+
51+
-- table and column
52+
val->'i' ?& array['t', 'c'] AND
53+
54+
-- plaintext or ciphertext for kind
55+
_cs_encrypted_check_kind(val)
56+
);
57+
END;
4158

4259
-- drop and reset the check constraint
4360
ALTER DOMAIN cs_encrypted_v1 DROP CONSTRAINT IF EXISTS cs_encrypted_v1_check;
4461

4562
ALTER DOMAIN cs_encrypted_v1
4663
ADD CONSTRAINT cs_encrypted_v1_check CHECK (
47-
-- version and source are required
48-
VALUE ?& array['v'] AND
49-
50-
-- table and column
51-
VALUE->'i' ?& array['t', 'c'] AND
52-
53-
-- plaintext or ciphertext for kind
54-
_cs_encrypted_check_kind(VALUE)
55-
64+
cs_check_encrypted_v1(VALUE)
5665
);
5766

5867
CREATE OR REPLACE FUNCTION cs_ciphertext_v1_v0_0(col jsonb)

0 commit comments

Comments
 (0)