qe-equality-ga-into-master (#3400)

* Added upsert limitation (#3252)

* Docsp 28305 qe on disk format wire protocol (#3244)

* Cleaned feature branch

* Internal PR feedback

* Fixed lingering merge text

* External review: removed write amplification for delete operations

* Remove insertmany from QE restricted operations (#3251)

* One line fix

* Removed wording around future release functionality for index compaction. Left key creation language because there's a separate ticket for that content.

* Light editorial cleanup, removed refs to technical preview

* Attempted to clean up wording around unique index limitations

* Attempted to clarify limitation around validation settings

* PR feedback

* Syntax fix

* Updated migration guidance

* Revert "Remove insertmany from QE restricted operations (#3251)" (#3296)

This reverts commit f1377c73483ceed9744d4d48647b56295706dcdc.

* Docsp 29188 remove insertmany from restricted (#3300)

* One line fix

* Removed wording around future release functionality for index compaction. Left key creation language because there's a separate ticket for that content.

* Light editorial cleanup, removed refs to technical preview

* Attempted to clean up wording around unique index limitations

* Attempted to clarify limitation around validation settings

* PR feedback

* Syntax fix

* Docsp 30055 qe public preview ga migration guidance (#3280)

* Updated QE GA constant

* QE constant update, external feedback

* PR feedback

* PR feedback

* PR feedback

* DOCSP-30667 QE Limitations Cleanup (#3331)

* Fixed bulleting for one item, re-ordered and grouped some items for better readability

* Fixed a typo

* Docsp 30646 how qe works cleanup (#3333)

* Removed framework term

* Clarified the inclusion of __safeContent__ applies to queryable fields only

* PR feedback

* Docsp 28249 qe redaction (#3291)

* Rebase to latest state of qe-equality-ga

* Cleaned up old :doc: directives

* Removed self reference links

* Cleaned up old version references

* Spellcheck

* Build cleanup

* Changed collstats redaction per SERVER-75266

* Changed collstats redaction per SERVER-75266--amend

* Moved log redaction to the existing redaction heading

* Moved log redaction to the existing redaction heading--amend

* Moved log redaction to the existing redaction heading--amend

* PR feedback

* Cleanup from qe-equality-ga branch diversion

* PR feedback

* Copy edit, passive voice/future

* Added shortdesc to limitations

* Shortdesc and editorial cleanup

* Rebase cleanup

* Internal review feedback

* External PR feedback

* Docsp 28385 auto encryption keys (#3330)

* Removed manual key creation from limitations

* First look readthrough rebuild

* Reorganization rebuild

* Reviewing current tutorial content

* Self review

* Internal review feedback and merge

* Internal PR feedback

* Rebuild commit

* External review feedback

* DOCSP-30671: libmongocrypt mention and updated driver version
compatibility

* update anchor

* fix wording

* External release notes feedback (#3361)

* updated pymongocrypt version

* updated versions

* Docsp 30670 download links and versions (#3355)

* Rebuild

* Updated shared library version, added second link for downloading

* Internal PR feedback

* csharp version

* Docsp 30840 fix key rotation language (#3387)

* Removed migrate wording

* Internal PR feedback

* Internal PR feedback

* Fle sample app refactor (#3397)

* add java tutorial source only

* maven pom.xml for java build

* update object property passing

* add vm options

* update variables per sync meeting

* Java tutorial naming updates

* c# updates

* c# updates

* fix indents

* update testing instructions

* python - naming updates

* go tutorial - naming updates

* start/end tags and readme

* Go tutorial: added comment labels

* python include tags and readme

* add kms placeholder

* add envrc_template

* update README

* rename project

* start/end tags

* remove extra method

* clean up

* Delete QueryableEncryption.csproj

* Go tutorial: add readme, sample environment template small updates

* remove whitespace

* fix label

* Java tutorial: add labels

* refactored to add auto dek

* c# key auto generation

* refactored tutorial template

* js feedback

* python auto-key

* python replace main script

* python tutorial fix

* java tutorial auto key creation

* create/find first draft

* first draft tutorial text

* typo

* Go tutorial updates for auto key creation

* Python tutorial cleanup

* remove encryptedFieldsMap

* tutorial text feedback

* Add CMK step, fix errors, add Azure tutorial

* admonition for persisting keyId

* keyId admonition edits

* cc feedback

* c# cleanup

* fix compile error

* move return statements

* add project and fix README

* updates to admonition

* PRR fixes to admonition

* cc feedback

* PRR fixes for PyMongo tutorial

* remove insert client from PyMongo tutorial

* apply changes to azure page

* envrc updates for PyMongo tutorial

* apply changes to gcp page

* PRR fix for PyMongo tutorial: check insert result

* apply changes to kmip page

* adds refactored mongosh sample app

* fixes mongosh kmip issue

* Java tutorial dotenv and README updates

* Java README, add dotenv to deps

* update variable names per code review

* code review suggestions

* Golang tutorial updates and various README updates

* fix encrypted fields map

* fix kms

* start adding language tabs

* PRR review fixes for Java tutorial

* add comment in Python tutorial

* PRR fixes for Golang tutorial

* fix for relocated files

* c# edits

* go edits

* java edits

* python edits

* add tabs for all languages

* fix go merge conflict

* fix go merge conflict

* update node variable names per code review

* remove insert client

* update README files

* provide more detail in the README

* adds package.json to mongosh and updates README

* removes package.json

* bd c# feedback

* fix merge error

* README updates for Java and Python, requirements update for Python

* bd c# feedback

* Java and Golang README updates

* envrc fixes

* node readme fix

* updates to READMEs

* fix link to keys and key vaults

* go tutorial fix placeholder

* fix copypasta

* fix driver tab ids

* encryptionCollectionName -> encryptedCollectionName and encryptionDatabaseName -> encryptedDatabaseName

* checks for existing master-key.txt before generating new file

* checks value of acknowledged field on insert results

* updates README

* remove create insert client step

* no need to specify shared lib in mongosh

* clean up

* tutorial fixes

* code fixes for tutorial

* Go fix comment structure

* Python code: update placeholder comments

* mongosh updates

* Bailey feedback and requested changes

* updated code comments to prevent confusion about placeholders

* mongosh - updated code comments to prevent confusion about placeholders

* fix driver tabs for nodejs and java-sync

* small aws fixes

* azure tutorial

* fix language literalinclude references

* azure tutorial

* gcp tutorial

* path updates

* do not install mongosh via homebrew for QE

* fix java paths aws

* tabid fix for java-sync

* tabid fix for nodejs

* Update README.md

* do not install mongosh via homebrew for QE

* tabid and indentation fixes

* direnv install

* remove data

* removes master-key

* removes .envrc

* change insert-patient-document -> insert-document

* snippet fixes

* literalinclude fixes

* fix tabids and include paths

* fix references

* kmip tutorial + code changes

* update go version

* shell placeholder text

* fix includes references

* shell placeholder text azure

* shell placeholder text gcp

* shell placeholder text kmip

* quick start draft

* Java KMIP update

* quick start fixes

* quick start fixes

* kmip include comment fix

* Clarify Java KMIP certificates and TLS options

* fix go code

* update ref tags

* more ref tags + Learn More sections

* rename tutorials and quick start

* fix go code

* fix python comment

* update text

* update import

* Java envrc_template fix

* link to README in Quickstart

* quick-start fixes + automatic encryption wording

* reformat cmk from command line

* automatic encryption wording

* formatting

* formatting

* golang -> go

* Go kmip comment name fix

* refactor branch logic

* add data models to aws tutorial

* java tutorial - updates for quickstart

* fix c# data models

* python tutorial - fix comment boundaries

* add C# data models + fix includes

* python - show kms_provider_credentials

* auto > automatic

* add placeholder

* update java dependencies to latest

* update READMEs to include mention of release candidate

* bd c# feedback

* move c# data models

* update kmsProviders variable

* link to readmes in environment variables admonition

* re-adding deleted method

* java kmip add link

* tutorial fixes

* move start and end comments for kmsProviders

* mongosh fixes

* mongosh kmsProviderCredentials variable

* mongosh updates

* add go models to tutorials and quick start

* go syntax highlight

* spacing

* add shell tab

* bd c# feedback

* kmip fixes

* gcp fix

* go - fix comment boundaries

* remove mongosh

* fix build error

* staging build

* remove duplicates

---------

Co-authored-by: Jordan Smith <[email protected]>
Co-authored-by: Mike Woofter <[email protected]>
Co-authored-by: Mike Woofter <[email protected]>
Co-authored-by: Joseph Dougherty <[email protected]>
Co-authored-by: jmd-mongo <[email protected]>

* Fixing build log errors

---------

Co-authored-by: jason-price-mongodb <[email protected]>
Co-authored-by: Chris Cho <[email protected]>
Co-authored-by: Jordan Smith <[email protected]>
Co-authored-by: Mike Woofter <[email protected]>
Co-authored-by: Mike Woofter <[email protected]>
Co-authored-by: Joseph Dougherty <[email protected]>
Co-authored-by: jmd-mongo <[email protected]>

Author: 6 people

snooty.toml

@@ -266,6 +266,9 @@ csfle = "Client-Side Field Level Encryption"
 csfle-abbrev = "CSFLE"
 qe = "Queryable Encryption"
 qe-abbr = ":abbr:`QE (Queryable Encryption)`"
+qe-preview = "{+qe+} Public Preview"
+qe-equality-ga = "{+qe+} with equality queries"
+qe-equality-ga-title = "{+qe+} With Equality Queries"
 in-use-doc = "document with encrypted fields"
 in-use-doc-title = "Document with Encrypted Fields"
 in-use-docs = "documents with encrypted fields"
@@ -285,6 +288,7 @@ aws-iam-abbr = ":abbr:`IAM (Identity and Access Management)`"
 aws-arn-abbr = ":abbr:`ARN (Amazon Resource Name)`"
 aws-long = "Amazon Web Services"
 azure-kv = "Azure Key Vault"
+gcp-abbr = ":abbr:`GCP (Google Cloud Platform)`"
 gcp-kms = "Google Cloud Key Management Service"
 gcp-kms-abbr = "Google Cloud KMS"
 manual-enc = "explicit encryption"
@@ -298,14 +302,17 @@ csfle-code-snippets-gen-keys = "https://github.com/mongodb/docs/tree/master/sour
 libmongocrypt-version = "1.8"
 mongodb-crypt-version = "1.7.3"
 sample-app-url-csfle = "https://github.com/mongodb-university/docs-in-use-encryption-examples/tree/main/csfle"
-sample-app-url-qe = "https://github.com/mongodb-university/docs-in-use-encryption-examples/tree/main/queryable-encryption"
+sample-app-url-qe = "https://github.com/mongodb/docs/tree/master/source/includes/qe-tutorials"
+sample-app-url-qe-old = "https://github.com/mongodb-university/docs-in-use-encryption-examples/tree/main/queryable-encryption"
 enc-fields-map = "encrypted fields map"
 enc-fields-map-title = "Encrypted Fields Map"
 shared-library = "Automatic Encryption Shared Library"
-shared-library-version = "6.0.0"
+shared-library-version = "7.0.0"
 shared-library-version-drop-down = "{+shared-library-version+} (current)"
 shared-library-package = "``crypt_shared``"
+shared-library-download-link = ""
 efm = "``encryptedFieldsMap``"
+efm-title = "encryptedFieldsMap"
 auto-encrypt-options = "autoEncryptionOpts"
 title-auto-encrypt-options = "AutoEncryptionOpts"
 # Driver Constants
@@ -336,23 +343,21 @@ targets = [
     "core/queryable-encryption/*/*.txt",
 ]
 
-variant = "danger"
+variant = "warning"
 value = """
-    Queryable Encryption is in Public Preview and available for \
-    evaluation purposes. Public Preview is not recommended for \
-    production deployments as breaking changes may be introduced. \
-    To learn more about the Preview please see the \
-    `Queryable Encryption Preview <https://www.mongodb.com/blog/post/mongodb-releases-queryable-encryption-preview/>`__ \
-    blog post.
+    {+qe-equality-ga+} is generally available (GA) in \
+    MongoDB 7.0 and later. Data encrypted using the {+qe-preview+} \ 
+    from earlier versions is incompatible with the GA. \
+    For more information, see :ref:`7.0-compatibility`.
     """
 
 [[banners]]
 targets = ["core/csfle.txt", "core/csfle/*.txt", "core/csfle/*/*.txt"]
 
 variant = "tip"
 value = """
-    The next-generation Queryable Encryption feature is now in Public Preview. \
-    To learn more about Queryable Encryption, see :ref:`qe-manual-feature-qe`.
+    {+qe+} is now generally available (GA). \
+    To learn more, see :ref:`qe-manual-feature-qe`.
     """
 [bundle]
 manpages = "manpages.tar.gz"

source/administration/analyzing-mongodb-performance.txt

@@ -32,8 +32,8 @@ In some cases performance issues may be temporary and related to
 abnormal traffic load. As discussed in :ref:`number-of-connections`, scaling
 can help relax excessive traffic.
 
-:ref:`database-profiling` can help you to understand what operations are causing
-degradation.
+Database profiling can help you to understand what operations are
+causing degradation.
 
 .. _analyzing-performance-locks:
 

source/core/csfle/reference/encryption-schemas.txt

@@ -27,7 +27,7 @@ the `JSON Schema Draft 4 standard syntax
 <https://tools.ietf.org/html/draft-zyp-json-schema-04>`_ and
 the following encryption-specific keywords:
 
-- :ref:`Encrypt <csfle-reference-encyption-schemas-encrypt-keyword>` 
+- :ref:`Encrypt <csfle-reference-encryption-schemas-encrypt-keyword>` 
   specifies the encryption options to use when encrypting the current 
   field. 
 
@@ -59,7 +59,7 @@ configuration object. To learn more about {+csfle-abbrev+}-specific
 Definition
 ----------
 
-.. _csfle-reference-encyption-schemas-encrypt-keyword:
+.. _csfle-reference-encryption-schemas-encrypt-keyword:
 .. _field-level-encryption-encrypt-keyword:
 
 .. autoencryptkeyword:: encrypt
@@ -168,7 +168,7 @@ Definition
   - ``bool``
   - ``object``
   - ``array``
-  - ``javascriptWithScope`` (*Deprecated*)
+  - ``javascriptWithScope`` (*Deprecated in MongoDB 4.4*)
 
   If :autoencryptkeyword:`encrypt.algorithm` or its inherited value is
   ``AED_AES_256_CBC_HMAC_SHA_512-Random``, ``bsonType`` is
@@ -204,7 +204,7 @@ Definition
   automatic field level encryption fails and returns an error.
 
   The :autoencryptkeyword:`~encrypt.keyId` or its inherited value *must*
-  exist in the {+key-vault-long+} specified as  part of the auto encryption
+  exist in the {+key-vault-long+} specified as  part of the automatic encryption
   :ref:`configuration options <{+auto-encrypt-options+}>`.
   If the specified {+dek-long+} does not exist, automatic
   encryption fails.
@@ -296,7 +296,7 @@ Definition
   specifies :autoencryptkeyword:`encryptMetadata.keyId`.
 
   The {+dek-long+} *must* exist in the {+key-vault-long+} specified as
-  part of the auto encryption :ref:`configuration options
+  part of the automatic encryption :ref:`configuration options
   <csfle-reference-mongo-client>`. The specified configuration
   options must *also* include appropriate access to the
   :ref:`Key Management Service (KMS) <field-level-encryption-kms>` and

source/core/csfle/reference/mongocryptd.txt

@@ -34,7 +34,7 @@ responsibilities:
 - Prevents unsupported operations from being executed on encrypted 
   fields.
 
-- Parses the :ref:`encryption schema <csfle-reference-encyption-schemas-encrypt-keyword>`
+- Parses the :ref:`encryption schema <csfle-reference-encryption-schemas-encrypt-keyword>`
   specified to the database connection. Automatic encryption rules use a
   strict subset of JSON schema syntax. If the automatic encryption rules 
   contain invalid automatic encryption syntax *or* any :query:`document validation
@@ -129,7 +129,7 @@ following parameters:
       - | Set to ``true`` to prevent the driver from automatically spawning ``mongocryptd``.
         | **Default**: ``false``
 
-    * - monogocryptdSpawnPath
+    * - mongocryptdSpawnPath
       - | The full path to ``mongocryptd``.
         | **Default**: Defaults to empty string and spawns from the system path.
 

source/core/csfle/reference/supported-operations.txt

@@ -422,4 +422,4 @@ encrypted field to the following value types:
 - ``decimal128``
 - ``double``
 - ``object``
-- ``javascriptWithScope`` *(Deprecated)*
+- ``javascriptWithScope`` (*Deprecated in MongoDB 4.4*)

source/core/queryable-encryption/features.txt

@@ -16,17 +16,16 @@ Overview
 --------
 
 On this page, you can learn about the security benefits of {+qe+}, 
-how {+qe+} works and {+qe+} compares to other
-security mechanisms supported by MongoDB. You can also view a
-fictional scenario that demonstrates the value of
-{+qe+} in securing your data.
+how it works, and how it compares to other security mechanisms supported
+by MongoDB. You can also view a fictional scenario that demonstrates the
+value of {+qe+} in securing your data.
 
 .. _qe-features-csfle:
 
 {+qe+}
 --------------------
 
-{+qe+} is a feature of MongoDB that enables a client application to
+{+qe+} enables a client application to
 encrypt data before transporting it over the network using fully
 randomized encryption, while maintaining queryability.
 Sensitive data is transparently encrypted and decrypted by the client
@@ -36,11 +35,9 @@ cardinality (low-frequency) data and high cardinality data are identical
 
 Unlike :ref:`Client-Side Field Level Encryption <manual-csfle-feature>`
 that can use :ref:`Deterministic Encryption <csfle-deterministic-encryption>`,
-{+qe+} uses fast, searchable encryption schemes based on 
-`Structured Encryption 
-<https://dl.acm.org/doi/abs/10.1007/978-3-030-77883-5_13>`__
-that always encrypts a given cleartext input value to a different 
-encrypted output value.
+{+qe+} uses fast, searchable encryption schemes based on `Structured Encryption <https://dl.acm.org/doi/abs/10.1007/978-3-030-77883-5_13>`__. 
+These schemes produce different encrypted output values even when given
+the same cleartext input.
 
 How {+qe+} Works
 ------------------------------
@@ -54,8 +51,7 @@ used in a customer environment.
 In this diagram, the user is able to query on fully randomly encrypted 
 data such as SSN number.
 
-The process and mechanisms that makes this possible within the
-{+qe+} framework are as follows:
+The process and mechanisms that make this possible within {+qe+} are as follows:
 
 1. When the application submits the query, MongoDB drivers first analyze 
    the query.
@@ -88,11 +84,10 @@ that these are not modified or deleted, or query results will be incorrect.
 
 - {+qe+} adds a ``__safeContent__`` field to documents in any collection where there's a {+qe+}
   encrypted field.
-- {+qe+} creates three metadata collections in the same database as the collection where there's a
+- {+qe+} creates two internal metadata collections in the same database as the collection where there's a
   {+qe+} encrypted field. These are named as follows:
 
   - ``enxcol_.<collectionName>.esc``
-  - ``enxcol_.<collectionName>.ecc``
   - ``enxcol_.<collectionName>.ecoc``
 
 .. warning::