Docs for Database::createEncryptedCollection()

Author: jmikola

docs/includes/apiargs-MongoDBDatabase-method-createEncryptedCollection-option.yaml

@@ -0,0 +1,93 @@
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: autoIndexId
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: capped
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: changeStreamPreAndPostImages
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: clusteredIndex
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: collation
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: comment
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: encryptedFields
+optional: false
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: expireAfterSeconds
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: flags
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: indexOptionDefaults
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: max
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: maxTimeMS
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: pipeline
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: session
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: size
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: storageEngine
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: timeseries
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: typeMap
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: validator
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: validationAction
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: validationLevel
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: viewOn
+---
+source:
+  file: apiargs-MongoDBDatabase-method-createCollection-option.yaml
+  ref: writeConcern
+...

docs/includes/apiargs-MongoDBDatabase-method-createEncryptedCollection-param.yaml

@@ -0,0 +1,46 @@
+source:
+  file: apiargs-common-param.yaml
+  ref: $collectionName
+replacement:
+  subject: "encrypted collection"
+  action: " to create"
+---
+arg_name: param
+name: $clientEncryption
+type: :php:`MongoDB\\Driver\\ClientEncryption <mongodb-driver-clientencryption>`
+description: |
+  The ClientEncryption object used to create data keys.
+interface: phpmethod
+operation: ~
+optional: false
+---
+arg_name: param
+name: $kmsProvider
+type: string
+description: |
+  KMS provider (e.g. "local", "aws") that will be used to encrypt new encryption
+  keys. This corresponds to the ``$kmsProvider`` parameter for
+  :php:`MongoDB\\Driver\\ClientEncryption::createDataKey() <mongodb-driver-clientencryption.createdatakey>`.
+interface: phpmethod
+operation: ~
+optional: false
+---
+arg_name: param
+name: $masterKey
+type: array|null
+description: |
+  KMS-specific key options that will be used to encrypt new encryption keys.
+  This corresponds to the ``$masterKey`` parameter for
+  :php:`MongoDB\\Driver\\ClientEncryption::createDataKey() <mongodb-driver-clientencryption.createdatakey>`.
+
+  If ``$kmsProvider`` is "local", this parameter should be ``null``.
+interface: phpmethod
+operation: ~
+optional: false
+---
+source:
+  file: apiargs-common-param.yaml
+  ref: $options
+post: |
+  The ``encryptedFields`` option is required.
+...

docs/reference/class/MongoDBDatabase.txt

@@ -48,6 +48,7 @@ Methods
    /reference/method/MongoDBDatabase-aggregate
    /reference/method/MongoDBDatabase-command
    /reference/method/MongoDBDatabase-createCollection
+   /reference/method/MongoDBDatabase-createEncryptedCollection
    /reference/method/MongoDBDatabase-drop
    /reference/method/MongoDBDatabase-dropCollection
    /reference/method/MongoDBDatabase-getDatabaseName

docs/reference/exception-classes.txt

@@ -30,6 +30,22 @@ MongoDB\\Exception\\BadMethodCallException
 
 ----
 
+MongoDB\\Exception\\CreateEncryptedCollectionException
+------------------------------------------------------
+
+.. phpclass:: MongoDB\\Exception\\CreateEncryptedCollectionException
+
+   Thrown by :phpmethod:`MongoDB\\Database::createEncryptedCollection()` if any
+   error is encountered while creating data keys or invoking
+   ``createCollection()``. The original exception and modified
+   ``encryptedFields`` option can be accessed via ``getPrevious()`` and
+   ``getEncryptedFields()``, respectively.
+
+   This class extends the library's :phpclass:`RuntimeException
+   <MongoDB\\Exception\\RuntimeException>` class.
+
+----
+
 MongoDB\\Exception\\InvalidArgumentException
 --------------------------------------------
 

docs/reference/method/MongoDBDatabase-createEncryptedCollection.txt

@@ -0,0 +1,121 @@
+==============================================
+MongoDB\\Database::createEncryptedCollection()
+==============================================
+
+.. versionadded:: 1.16
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+Definition
+----------
+
+.. phpmethod:: MongoDB\\Database::createEncryptedCollection()
+
+   Explicitly creates an encrypted collection.
+
+   .. code-block:: php
+
+      function createEncryptedCollection(string $collectionName, ClientEncryption $clientEncryption, string $kmsProvider, ?array $masterKey, array $options = []): array
+
+   This method wraps :phpmethod:`MongoDB\\Database::createCollection()` with
+   additional functionality. Unlike ``createCollection()`, this method requires
+   that the ``encryptedFields`` option be specified.
+
+   This function will automatically create data keys for any encrypted fields
+   where the ``keyId`` option is ``null``. Data keys will be created using
+   :php:`MongoDB\\Driver\\ClientEncryption::createDataKey() <mongodb-driver-clientencryption.createdatakey>`
+   and the provided ``$kmsProvider`` and ``$masterKey`` parameters.
+
+   This method does not affect any auto encryption settings on existing
+   :phpclass:`MongoDB\\Client` objects. Users must configure auto encryption
+   after creating the encrypted collection with ``createEncryptedCollection()``.
+
+   This method has the following parameters:
+
+   .. include:: /includes/apiargs/MongoDBDatabase-method-createEncryptedCollection-param.rst
+
+   The ``$options`` parameter supports the following options:
+
+   .. include:: /includes/apiargs/MongoDBDatabase-method-createEncryptedCollection-option.rst
+
+   Note that not all options are available on all versions of MongoDB. Refer to
+   the :manual:`create </reference/command/create>` command reference in the
+   MongoDB manual for compatibility considerations.
+
+Return Values
+-------------
+
+A tuple consisting of the result from
+:phpmethod:`MongoDB\\Database::createCollection()` and the modified
+``encryptedFields`` option.
+
+Errors/Exceptions
+-----------------
+
+:phpclass:`MongoDB\\Driver\\Exception\\CreateEncryptedCollectionException` if
+any error is encountered while creating data keys or invoking
+``createCollection()``. The original exception and modified ``encryptedFields``
+option can be accessed via ``getPrevious()`` and ``getEncryptedFields()``,
+respectively.
+
+.. include:: /includes/extracts/error-invalidargumentexception.rst
+
+Example
+-------
+
+The following example creates an encrypted ``users`` collection in the ``test``
+database. The ``ssn`` field within the ``users`` collection will be defined as
+an encrypted string field.
+
+.. code-block:: php
+
+   <?php
+
+   // 96-byte master key used to encrypt/decrypt data keys
+   define('LOCAL_MASTERKEY', '...');
+
+   $client = new MongoDB\Client;
+
+   $clientEncryption = $client->createClientEncryption([
+       'keyVaultNamespace' => 'keyvault.datakeys',
+       'kmsProviders' => [
+           'local' => ['key' => new MongoDB\BSON\Binary(base64_decode(LOCAL_MASTERKEY), 0)],
+        ],
+   );
+
+   [$result, $encryptedFields] = $client->test->createEncryptedCollection(
+       'users',
+       $clientEncryption,
+       'local',
+       null,
+       [
+           'encryptedFields' => [
+               'fields' => [
+                   ['path' => 'ssn', 'bsonType' => 'string', 'keyId' => null],
+               ],
+           ],
+       ]
+   );
+
+If the encrypted collection was successfully created, ``$result`` will contain
+the return value from :phpmethod:`MongoDB\\Database::createCollection()` (i.e.
+:manual:`create </reference/command/create>` command response) and
+``$encryptedFields['fields'][0]['keyId']`` will contain the return value from
+:php:`MongoDB\\Driver\\ClientEncryption::createDataKey() <mongodb-driver-clientencryption.createdatakey>`
+(i.e. a :php:`MongoDB\\BSON\\Binary <class.mongodb-bson-binary>` with subtype 4,
+UUID).
+
+See Also
+--------
+
+- :phpmethod:`MongoDB\\Database::createCollection()`
+- :phpmethod:`MongoDB\\Client::createClientEncryption()`
+- :php:`MongoDB\\Driver\\ClientEncryption::createDataKey() <mongodb-driver-clientencryption.createdatakey>`
+- :manual:`create </reference/command/create>` command reference in the MongoDB
+  manual