INTPYTHON-527 Add Queryable Encryption support #329
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
aclark4life
force-pushed
the
INTPYTHON-527
branch
5 times, most recently
from
26874aa to
f32d62b
Compare
django_mongodb_backend/schema.py
Outdated
| field_list = [] | ||
| for field in fields: | ||
| if getattr(field, "encrypted", False): | ||
| key_alt_name = f"{db_table}_{field.column}" |
There was a problem hiding this comment.
Is this sufficient to avoid collisions? Unlikely as it may be:
db_table = "foo"
column = "bar_id"
db_table = "foo_bar"
column = "id"
There was a problem hiding this comment.
Well now that you mention it, how about a double separator ? {db_table}__{field.column} would pass that test with these key alt names:
- foo__bar_id
- foo_bar__id
There was a problem hiding this comment.
A period may be a more typical separator, including to indicate nested fields.
aclark4life
force-pushed
the
INTPYTHON-527
branch
3 times, most recently
from
1169c04 to
d04bdbb
Compare
aclark4life
force-pushed
the
INTPYTHON-527
branch
2 times, most recently
from
ccd2f36 to
94c1dc2
Compare
aclark4life
requested review from
timgraham,
a team and
addaleax
and removed request for
addaleax
The spec says: "encryptedFieldsMap maps a collection namespace to an encryptedFields." In this commit, we clarify the distinction between encrypted fields map and encrypted fields.
- Test Python tutorial models (still unencrypted in this commit) - Test all supported encrypted fields. - Test equality and range query type queries - Test management command - Test schema - Removed test router - Removed test_base
- EncryptedEmbeddedModel for encrypted objects - EmbeddedModel for models with encrypted fields
aclark4life
force-pushed
the
INTPYTHON-527
branch
from
e1077a1 to
d48ebc9
Compare
| db_table = model._meta.db_table | ||
| field_list = [] | ||
| for field in fields: | ||
| if isinstance(field, EmbeddedModelField): |
There was a problem hiding this comment.
How about PolymorphicEmbeddedFields or EmbeddedModelArrayFIeld? The design doc still needs a list of all encrypted fields that will be implemented, I think.
There was a problem hiding this comment.
Those could be added because I think the existing embedded models are doing all the work.
django_mongodb_backend/models.py
Outdated
| class EncryptedEmbeddedModel(EmbeddedModel): | ||
| encrypted = True | ||
|
|
||
| class Meta: | ||
| abstract = True | ||
| required_db_features = {"supports_queryable_encryption"} |
There was a problem hiding this comment.
EncryptedEmbeddedModel isn't present in the design doc. Did you thinking change? I don't see what purpose it serves.
There was a problem hiding this comment.
Without it, I get this:
django.core.exceptions.ImproperlyConfigured: No kms_provider found in database router.
There was a problem hiding this comment.
EncryptedEmbeddedModelisn't present in the design doc. Did you thinking change? I don't see what purpose it serves.
And yes the design doc needs to be updated.
There was a problem hiding this comment.
Without it, I get this:
django.core.exceptions.ImproperlyConfigured: No kms_provider found in database router.
The encryption_ tests pass for me without it. We shouldn't be trying to resolve a kms_provider for an embedded model anyway.
tests/encryption_/models.py
Outdated
| patient_name = models.CharField(max_length=255) | ||
| patient_id = models.BigIntegerField() | ||
| patient_record = EmbeddedModelField(PatientRecord) | ||
| patient_record = EncryptedEmbeddedModelField(PatientRecord) |
There was a problem hiding this comment.
Per design doc, this is supposed to be EmbeddedModelField.
django_mongodb_backend/models.py
Outdated
| class EncryptedEmbeddedModel(EmbeddedModel): | ||
| encrypted = True | ||
|
|
||
| class Meta: | ||
| abstract = True | ||
| required_db_features = {"supports_queryable_encryption"} |
There was a problem hiding this comment.
Embedded models aren't created anyway, so required_db_features = {"supports_queryable_encryption"} would serve no purpose.
There was a problem hiding this comment.
This seems to facilitate use of the skip decorator.
There was a problem hiding this comment.
The purpose of required_db_features is to prevent the model from being created if the database doesn't support it. Since SchemaEditor already ignores embedded models, required_db_features serves no purpose here.
django_mongodb_backend/utils.py
Outdated
| if getattr(field, "encrypted", False): | ||
| return True | ||
|
|
||
| return bool(issubclass(model, EncryptedEmbeddedModel)) |
There was a problem hiding this comment.
If the model has encrypted fields, the loop above would already have returned True. This would only be executed if the model doesn't have any encrypted fields. :-D
There was a problem hiding this comment.
This is for the case when an EncryptedEmbeddedModel has no encrypted fields but itself is encrypted e.g. Billing.
There was a problem hiding this comment.
The code that calls model_has_encrypted_fields() shouldn't receive embedded models. Embedded models don't have their own collection, so they aren't going to be passed to SchemaEditor._create_collection() and neither are they returned by router.get_migratable_models() in showencryptedfieldsmap.py.
I don't see EncryptedEmbeddedModel serving any purpose. If I missed something, revert my commit.
Previous attempts and additional context here: