Skip to content

PHPLIB-1702: Always consult server encryptedFieldsMap when dropping collections with autoEncryption enabled #1745

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 13, 2025
Merged

PHPLIB-1702: Always consult server encryptedFieldsMap when dropping collections with autoEncryption enabled #1745

merged 4 commits into from
Aug 13, 2025

Conversation

jmikola
Copy link
Member

@jmikola jmikola commented Aug 12, 2025

https://jira.mongodb.org/browse/PHPLIB-1702

This is a rebase of #1742 on v1.21 with additional modifications from @GromNaN's code review.

@jmikola jmikola requested a review from a team as a code owner August 12, 2025 18:28
@jmikola jmikola requested review from alcaeus and GromNaN August 12, 2025 18:28
@jmikola jmikola mentioned this pull request Aug 12, 2025
Closed
@jmikola
Bump tests/drivers-evergreen-tools to a332144
8ef5fe6 
Necessary to fix PyMongo compat with MongoDB 4.0
GromNaN
GromNaN reviewed Aug 13, 2025
View reviewed changes
tests/Functions/GetEncryptedFieldsFromServerFunctionalTest.php Outdated
);

// createEncryptedCollection should create three collections
$this->assertCount($originalNumCollections + 3, $this->database->listCollectionNames());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the collection already exists before running the test, this assertion fails.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this only a concern when aborting the test locally (or retrying after a failure)?

No objections to dropping it before this first assertion.

GromNaN
GromNaN reviewed Aug 13, 2025
View reviewed changes
src/Client.php

private WriteConcern $writeConcern;

private bool $autoEncryptionEnabled;
Copy link
Member

@GromNaN GromNaN Aug 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alcaeus @jmikola This new property will not be documented in Database and Collection options.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created PHPC-2615 to allow us to fetch this from the Manager directly.

jmikola
jmikola commented Aug 13, 2025
View reviewed changes
src/Client.php
$this->uri = $uri ?? self::DEFAULT_URI;
$this->builderEncoder = $driverOptions['builderEncoder'] ?? new BuilderEncoder();
$this->typeMap = $driverOptions['typeMap'];
$this->autoEncryptionEnabled = isset($driverOptions['autoEncryption']['keyVaultNamespace']);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted that keyVaultNamespace is a required autoEncryption option.

phongo_manager_set_auto_encryption_opts doesn't seem to check about keyVaultNamespace being unset, so I assume we'd rely on libmongoc(rypt) raising an error since it's documented as required. In any event, it's sensible to check for it directly instead of just seeing if autoEncryption is set.

jmikola
jmikola commented Aug 13, 2025
View reviewed changes
src/functions.php
function get_encrypted_fields_from_server(string $databaseName, string $collectionName, Server $server)
{
// No-op if the encryptedFieldsMap autoEncryption driver option was omitted
if ($manager->getEncryptedFieldsMap() === null) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally, it seems like we'd want the Manager to be able to report whether autoEncryption is enabled.

@GromNaN GromNaN changed the title PHPLIB-1702: Always consult server encryptedFieldsMap when dropping collections PHPLIB-1702: Always consult server encryptedFieldsMap when dropping collections with autoEncryption enabled Aug 13, 2025
@jmikola
Bump tests/specifications to 0aee4aa
bbc1700 
Necessary to fix change stream tests for server 8.2+
@jmikola jmikola merged commit 75eb24a into mongodb:v1.21 Aug 13, 2025
31 checks passed
@jmikola jmikola deleted the 1.21-phplib-1702 branch August 13, 2025 14:41
This was referenced Aug 13, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alcaeus alcaeus alcaeus approved these changes

@GromNaN GromNaN GromNaN approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmikola @alcaeus @GromNaN