INTPYTHON-527 Add Queryable Encryption support #329
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
- MongoDB 7 has rangePreview which we do not plan to support
aclark4life
force-pushed
the
INTPYTHON-527
branch
3 times, most recently
from
54bd164 to
db4aadb
Compare
- Add mongocryptd to atlas CI - Doc updates - Remove custom db_type, not needed after mongodb#414 - SupportsQueryableEncryptionTests require MongoDB 8 - Update test model names prefix and suffix
aclark4life
force-pushed
the
INTPYTHON-527
branch
from
8b8704f to
13ed19a
Compare
aclark4life
force-pushed
the
INTPYTHON-527
branch
from
0cbca21 to
59825cd
Compare
- Isolate test failures
- admin_scripts
- check_framework
- migrations
- test_runner
- user_commands
- Add support for EncryptedEmbeddedModelArrayField
- Refactor
- Factor _get_data_key from _get_encrypted_fields
- Refactor for DRY in _get_encrypted_fields method with _field_dict
helper
aclark4life
force-pushed
the
INTPYTHON-527
branch
from
59825cd to
b23c4f2
Compare
Ruff killed the nested if statements
aclark4life
force-pushed
the
INTPYTHON-527
branch
from
e10d8dc to
96156c8
Compare
aclark4life
force-pushed
the
INTPYTHON-527
branch
3 times, most recently
from
7e155a9 to
f7846a6
Compare
- Remove extra check for auto_encryption_opts - Earlier check should suffice - Remove Encrypted* class name prefix - We know these are the QE tests - Move create data key back to _get_encrypted_fields - Remove getattr for client_encryption - Remove EmbeddedModelArrayField
aclark4life
force-pushed
the
INTPYTHON-527
branch
from
f7846a6 to
65b96b2
Compare
aclark4life
force-pushed
the
INTPYTHON-527
branch
from
52bb16e to
25e7da1
Compare
| class EncryptedTimeField(EncryptedFieldMixin, models.TimeField): | ||
| pass | ||
|
|
||
|
|
||
| class EncryptedTextField(EncryptedFieldMixin, models.TextField): | ||
| pass |
There was a problem hiding this comment.
out of alphabetical order
django_mongodb_backend/schema.py
Outdated
| if not key: | ||
| raise ValueError( | ||
| f"No key found in keyvault for keyAltName={key_alt_name}. " | ||
| "Run with '--create-data-keys' to create missing keys." | ||
| ) | ||
| return key["_id"] |
There was a problem hiding this comment.
We lose this helpful message:
File "/home/tim/code/django-mongodb/django_mongodb_backend/schema.py", line 541, in _get_encrypted_fields
data_key = key["_id"]
~~~^^^^^^^
TypeError: 'NoneType' object is not subscriptable
There was a problem hiding this comment.
I think that logic was flawed. Updated to check for existing keys or create if not found.
There was a problem hiding this comment.
Then showencryptedfieldsmap isn't read-only and may have a side effect of creating keys?
What is still missing for me is the "why" of setting encrypted_fields_map in AutoEncryptionOpts. Based on past discussion in this PR, I recall it has something to do with security, but I don't think this is explained in this PR's documention or in the design doc.
There was a problem hiding this comment.
Then
showencryptedfieldsmapisn't read-only and may have a side effect of creating keys?
I've removed --create-data-keys so now we're just talking about showencryptedfieldsmap and yes, since it calls _get_encrypted_fields it will create the data keys if they aren't found in the key vault.
What is still missing for me is the "why" of setting
encrypted_fields_mapinAutoEncryptionOpts. Based on past discussion in this PR, I recall it has something to do with security, but I don't think this is explained in this PR's documention or in the design doc.
That's in the spec:
Supplying an encryptedFieldsMap provides more security than relying on an encryptedFields obtained from the server. It protects against a malicious server advertising a false encryptedFields.
I don't fully understand that explanation so I haven't gone too far in documenting it other than to say "recommended".
| def test_array(self): | ||
| self.assertEqual(len(self.movie.cast), 2) | ||
| self.assertEqual(self.movie.cast[0].name, "Actor One") | ||
| self.assertEqual(self.movie.cast[1].name, "Actor Two") | ||
|
|
There was a problem hiding this comment.
Like the other tests, I think you meant to fetch the data from the database before checking it.
In addition to removing the arg from the showencryptedfields command, reduces complexity in schema editor with removal of the `create_data_keys` boolean. Previous logic may have been flawed in looking up existing keys.
Also put the key vault inside the test database for easy tear down, tested and working local.
Previous attempts and additional context here: