ClientEncryption options for queryable encryption

https://jira.mongodb.org/browse/PHPC-2092
This commit is contained in:
Jeremy Mikola 2022-06-07 14:20:25 -04:00
parent d8a3faa4af
commit 993d171344
No known key found for this signature in database
GPG key ID: 826DE44395E8A8FC
3 changed files with 112 additions and 11 deletions

View file

@ -49,6 +49,24 @@
<varname linkend="mongodb-driver-clientencryption.constants.random">MongoDB\Driver\ClientEncryption::AEAD_AES_256_CBC_HMAC_SHA_512_RANDOM</varname>
<initializer>AEAD_AES_256_CBC_HMAC_SHA_512-Random</initializer>
</fieldsynopsis>
<fieldsynopsis>
<modifier>const</modifier>
<type>string</type>
<varname linkend="mongodb-driver-clientencryption.constants.algorithm-indexed">MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED</varname>
<initializer>Indexed</initializer>
</fieldsynopsis>
<fieldsynopsis>
<modifier>const</modifier>
<type>string</type>
<varname linkend="mongodb-driver-clientencryption.constants.algorithm-unindexed">MongoDB\Driver\ClientEncryption::ALGORITHM_UNINDEXED</varname>
<initializer>Unindexed</initializer>
</fieldsynopsis>
<fieldsynopsis>
<modifier>const</modifier>
<type>int</type>
<varname linkend="mongodb-driver-clientencryption.constants.query-type-equality">MongoDB\Driver\ClientEncryption::QUERY_TYPE_EQUALITY</varname>
<initializer>0</initializer>
</fieldsynopsis>
<classsynopsisinfo role="comment">&Methods;</classsynopsisinfo>
<xi:include xpointer="xmlns(db=http://docbook.org/ns/docbook) xpointer(id('class.mongodb-driver-clientencryption')/db:refentry/db:refsect1[@role='description']/descendant::db:methodsynopsis[not(@role='procedural')])" />
@ -76,6 +94,28 @@
</listitem>
</varlistentry>
<varlistentry xml:id="mongodb-driver-clientencryption.constants.algorithm-indexed">
<term><constant>MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED</constant></term>
<listitem>
<para>Specifies an algorithm for an indexed, encrypted payload, which can be used with queryable encryption.</para>
<para>To insert or query with an indexed, encrypted payload, the <classname>MongoDB\Driver\Manager</classname> must be configured with the <literal>"autoEncryption"</literal> driver option. The <literal>"bypassQueryAnalysis"</literal> auto encryption option may be &true;. The <literal>"bypassAutoEncryption"</literal> auto encryption option must be &false;.</para>
</listitem>
</varlistentry>
<varlistentry xml:id="mongodb-driver-clientencryption.constants.algorithm-unindexed">
<term><constant>MongoDB\Driver\ClientEncryption::ALGORITHM_UNINDEXED</constant></term>
<listitem>
<para>Specifies an algorithm for an unindexed, encrypted payload.</para>
</listitem>
</varlistentry>
<varlistentry xml:id="mongodb-driver-clientencryption.constants.query-type-equality">
<term><constant>MongoDB\Driver\ClientEncryption::QUERY_TYPE_EQUALITY</constant></term>
<listitem>
<para>Specifies an equality query type, which is used in conjunction with <constant>MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED</constant>.</para>
</listitem>
</varlistentry>
</variablelist>
</section>
<!-- }}} -->

View file

@ -52,8 +52,30 @@
<entry><type>string</type></entry>
<entry>
<para>
The encryption algorithm to be used. Use the constants defined in
<classname>MongoDB\Driver\ClientEncryption</classname>.
The encryption algorithm to be used. This option is required.
Specify one of the following
<link linkend="mongodb-driver-clientencryption.constants">ClientEncryption constants</link>:
</para>
<simplelist>
<member><constant>MongoDB\Driver\ClientEncryption::AEAD_AES_256_CBC_HMAC_SHA_512_DETERMINISTIC</constant></member>
<member><constant>MongoDB\Driver\ClientEncryption::AEAD_AES_256_CBC_HMAC_SHA_512_RANDOM</constant></member>
<member><constant>MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED</constant></member>
<member><constant>MongoDB\Driver\ClientEncryption::ALGORITHM_UNINDEXED</constant></member>
</simplelist>
</entry>
</row>
<row>
<entry>contentionFactor</entry>
<entry><type>int</type></entry>
<entry>
<para>
The contention factor for evaluating queries with indexed, encrypted
payloads.
</para>
<para>
This option only applies and may only be specified when
<literal>algorithm</literal> is
<constant>MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED</constant>.
</para>
</entry>
</row>
@ -63,7 +85,8 @@
<entry>
<para>
Identifies a key vault collection document by
<literal>keyAltName</literal>.
<literal>keyAltName</literal>. This option is mutually exclusive
with <literal>keyId</literal> and exactly one is required.
</para>
</entry>
</row>
@ -73,7 +96,26 @@
<entry>
<para>
Identifies a data key by <literal>_id</literal>. The value is a UUID
(binary subtype 4).
(binary subtype 4). This option is mutually exclusive with
<literal>keyAltName</literal> and exactly one is required.
</para>
</entry>
</row>
<row>
<entry>queryType</entry>
<entry><type>int</type></entry>
<entry>
<para>
The query type for evaluating queries with indexed, encrypted
payloads. Specify one of the following
<link linkend="mongodb-driver-clientencryption.constants">ClientEncryption constants</link>:
</para>
<simplelist>
<member><constant>MongoDB\Driver\ClientEncryption::QUERY_TYPE_EQUALITY</constant></member>
</simplelist>
<para>This option only applies and may only be specified when
<literal>algorithm</literal> is
<constant>MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED</constant>.
</para>
</entry>
</row>
@ -81,12 +123,6 @@
</tgroup>
</table>
</para>
<note>
<simpara>
Exactly one of <literal>keyId</literal> and <literal>keyAltName</literal>
must be provided. The <literal>algorithm</literal> option is required.
</simpara>
</note>
</listitem>
</varlistentry>
</variablelist>
@ -108,6 +144,31 @@
</simplelist>
</refsect1>
<refsect1 role="changelog">
&reftitle.changelog;
<para>
<informaltable>
<tgroup cols="2">
<thead>
<row>
<entry>&Version;</entry>
<entry>&Description;</entry>
</row>
</thead>
<tbody>
<row>
<entry>PECL mongodb 1.14.0</entry>
<entry>
Added the <literal>"contentionFactor"</literal> and
<literal>"queryType"</literal> options.
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</para>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<simplelist>

View file

@ -764,7 +764,7 @@ mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][
<entry>
With this option set to &true;, <literal>mongocryptd</literal>
will not be spawned automatically. This is used to disable
automatic encryption.
automatic encryption. Defaults to &false;.
</entry>
</row>
<row>