Renama schema_map -> encrypted_fields_map

aclark4life · aclark4life · commit 0e6e4691bbb6 · 2025-08-04T22:15:27.000-04:00
- Client-side QE configuration mistakenly used `schema_map` to pass the
  encrypted fields map to Django's schema editor through `AutoEncryptionOpts`.
  Although confusing, and despite the error, client-side configuration
  still succeeded because the map given to `AutoEncryptionOpts` in `schema_map`
  was then correctly passed to `create_collection` via the `encryptedFields`
  arg.

- Re-confirmed in local manual testing that client-side configuration
  works as expected and requires data keys. There is no code (as far as
  I can tell) to create data keys in PyMongo that is initiated by the
  existence of `encrypted_fields_map` alone. Rather, data keys appear
  to be created in `create_encrypted_collection` and only in
  `create_encrypted_collection`.

- Renamed `showschemamap` -&gt; `showfieldsmap` and updated tests
  and docs accordingly.
diff --git a/django_mongodb_backend/management/commands/showfieldsmap.py b/django_mongodb_backend/management/commands/showfieldsmap.py
@@ -8,7 +8,7 @@
 
 
 class Command(BaseCommand):
-    help = "Generate a `schema_map` of encrypted fields for all encrypted"
+    help = "Generate an `encrypted_fields_map` of encrypted fields for all encrypted"
     " models in the database for use with `AutoEncryptionOpts` in"
     " client configuration."
 
@@ -28,7 +28,7 @@ def add_arguments(self, parser):
     def handle(self, *args, **options):
         db = options["database"]
         connection = connections[db]
-        schema_map = {}
+        encrypted_fields_map = {}
         for app_config in apps.get_app_configs():
             for model in app_config.get_models():
                 if has_encrypted_fields(model):
@@ -49,5 +49,5 @@ def handle(self, *args, **options):
                             master_key=master_key,
                         )
                         field["keyId"] = data_key
-                    schema_map[model._meta.db_table] = fields
-        self.stdout.write(json_util.dumps(schema_map, indent=2))
+                    encrypted_fields_map[model._meta.db_table] = fields
+        self.stdout.write(json_util.dumps(encrypted_fields_map, indent=2))
diff --git a/django_mongodb_backend/schema.py b/django_mongodb_backend/schema.py
@@ -424,7 +424,7 @@ def _field_should_have_unique(self, field):
     def _create_collection(self, model):
         """
         Create a collection for the model with the encrypted fields. If
-        provided, use the `_schema_map` in the client's
+        provided, use the `_encrypted_fields_map` in the client's
         `auto_encryption_opts`. Otherwise, create the encrypted fields map
         with `_get_encrypted_fields_map`.
         """
@@ -434,8 +434,8 @@ def _create_collection(self, model):
             client = self.connection.connection
             options = getattr(client._options, "auto_encryption_opts", None)
             if options is not None:
-                if schema_map := getattr(options, "_schema_map", None):
-                    db.create_collection(db_table, encryptedFields=schema_map[db_table])
+                if encrypted_fields_map := getattr(options, "_encrypted_fields_map", None):
+                    db.create_collection(db_table, encryptedFields=encrypted_fields_map[db_table])
                 else:
                     ce = ClientEncryption(
                         options._kms_providers,
diff --git a/docs/source/faq.rst b/docs/source/faq.rst
@@ -75,15 +75,15 @@ In addition to the
 you will need to provide a ``schema_map`` to the ``AutoEncryptionOpts``.
 
 Fortunately, this is easy to do with Django MongoDB Backend. You can use
-the ``showschemamap`` management command to generate the schema map
+the ``showfieldsmap`` management command to generate the schema map
 for your encrypted fields, and then use the results in your settings.
 
 To generate the schema map, run the following command in your Django project:
 ::
 
-    python manage.py showschemamap
+    python manage.py showfieldsmap
 
-.. note:: The ``showschemamap`` command is only available if you have the
+.. note:: The ``showfieldsmap`` command is only available if you have the
     ``django_mongodb_backend`` app included in the :setting:`INSTALLED_APPS`
     setting.
 
diff --git a/docs/source/ref/django-admin.rst b/docs/source/ref/django-admin.rst
@@ -28,14 +28,14 @@ Available commands
         Defaults to ``default``.
 
 
-``showschemamap``
+``showfieldsmap``
 ----------------------------
 
-.. django-admin:: showschemamap
+.. django-admin:: showfieldsmap
 
-    Creates a schema map for encrypted fields that can be used with
-    :class:`~pymongo.encryption_options.AutoEncryptionOpts` to configure
-    an encrypted client.
+    Creates an encrypted fields map that can be used with `encrypted_fields_map`
+    in :class:`~pymongo.encryption_options.AutoEncryptionOpts` to configure
+    client-side Queryable Encryption.
 
     .. django-admin-option:: --database DATABASE
 
diff --git a/tests/encryption_/test_management.py b/tests/encryption_/test_management.py
@@ -128,7 +128,7 @@ def test_show_schema_map(self):
         self.maxDiff = None
         out = StringIO()
         call_command(
-            "showschemamap",
+            "showfieldsmap",
             "--database",
             "encrypted",
             verbosity=0,
