CDRIVER-4317 Add support for rewrapManyDataKey and keyMaterial #991
Conversation
There was a problem hiding this comment.
Looking good. Before merging, please add documentation for the new functions.
To report leaks locally, build with -fsanitize=leak -fsanitize=address and use the environment variables:
export ASAN_OPTIONS='detect_leaks=1'
export LSAN_OPTIONS='suppressions=.lsan-suppressions'The test failure on ASAN for /client_side_encryption/legacy/explain may be resolved by updating skip-tests.txt with the new path to /client_side_encryption/legacy/explain.
| } | ||
|
|
||
| /* Create a ClientEncryption object (referred to as client_encryption) with | ||
| * keyvault.datakeys as the keyVaultClient. */ |
There was a problem hiding this comment.
| * keyvault.datakeys as the keyVaultClient. */ | |
| * keyvault.datakeys as the keyVaultNamespace. */ |
There was a problem hiding this comment.
Actually keyvault.datakeys -> client as noted here: https://github.com/mongodb/specifications/pull/1213/files/f02cca1e713b2b46a2fa28473a214185bda7a7e7#r874205518
| mongoc_collection_t *const datakeys = | ||
| mongoc_client_get_collection (client, "keyvault", "datakeys"); | ||
| bson_t modified_datakey = BSON_INITIALIZER; | ||
| uint8_t bytes[16] = {0}; | ||
|
|
||
| bson_copy_to_excluding_noinit (&datakey, &modified_datakey, "_id", NULL); | ||
| BSON_ASSERT (BSON_APPEND_BINARY ( | ||
| &modified_datakey, "_id", BSON_SUBTYPE_UUID, bytes, sizeof (bytes))); | ||
|
|
||
| ASSERT_OR_PRINT (mongoc_collection_insert_one ( | ||
| datakeys, &modified_datakey, NULL, NULL, &error), | ||
| error); | ||
|
|
||
| mongoc_collection_destroy (datakeys); | ||
| bson_destroy (&modified_datakey); |
There was a problem hiding this comment.
Use majority write concern to insert. Majority read concern is used to find keys. If majority write concern is not used, the find may not see the inserted document if it has not replicated to a majority of nodes in a replica set. Also suggested on the specification https://github.com/mongodb/specifications/pull/1213/files#r875179801
Here is a sample of setting majority write concern:
mongoc_write_concern_t *wc;
bson_t insert_opts = BSON_INITIALIZER;
wc = mongoc_write_concern_new ();
mongoc_write_concern_set_w (wc, MONGOC_WRITE_CONCERN_W_MAJORITY);
mongoc_write_concern_append (wc, &insert_opts);
ASSERT_OR_PRINT (
mongoc_collection_insert_one (
datakeys, &modified_datakey, NULL, &insert_opts, &error),
error);
mongoc_write_concern_destroy (wc);
bson_destroy (&insert_opts);
|
Before merging, try merging changes from #995 to get past the system failures. |
|
Spec tests updated to account for "no additional keys" requirement of non-root document matching in |
This PR is a part of CDRIVER-4317. It is being reviewed as the PoC implementation of changes proposed in mongodb/specifications#1213.
This PR:
legacysubdirectory.unifiedsubdirectory.rewrapManyDataKey()function to C Driver API.keyMaterialfield to C Driver API.As drive-by improvements,
constwas added to the parameters of some helper functions inresult.hand a newresult_from_bulk_write()helper function was added toresult.hfor reusability ofbulkWriteResultresult comparisons.