From f7c09e693e1d4e57bcedd5776396f7bd76ce842b Mon Sep 17 00:00:00 2001 From: Neal Beeken Date: Mon, 17 Oct 2022 14:41:10 -0400 Subject: [PATCH 1/5] docs(NODE-4724): update fle docs to use "in use encryption" terminology --- src/deps.ts | 2 +- src/mongo_client.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deps.ts b/src/deps.ts index 9201c30b2b8..acc2be11f38 100644 --- a/src/deps.ts +++ b/src/deps.ts @@ -288,7 +288,7 @@ export interface AutoEncryptionOptions { * * **NOTE**: Supplying options.schemaMap provides more security than relying on JSON Schemas obtained from the server. * It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending decrypted data that should be encrypted. - * Schemas supplied in the schemaMap only apply to configuring automatic encryption for client side encryption. + * Schemas supplied in the schemaMap only apply to configuring automatic encryption for in use encryption. * Other validation rules in the JSON schema will not be enforced by the driver and will result in an error. */ schemaMap?: Document; diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 42bee20bf87..9d5add2f61a 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -243,7 +243,7 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC /** Server API version */ serverApi?: ServerApi | ServerApiVersion; /** - * Optionally enable client side auto encryption + * Optionally enable in use auto encryption * * @remarks * Automatic encryption is an enterprise only feature that only applies to operations on a collection. Automatic encryption is not supported for operations on a database or view, and operations that are not bypassed will result in error From 8f8b480a6aeed89ea40f034b16c6b26355959781 Mon Sep 17 00:00:00 2001 From: Neal Beeken Date: Tue, 18 Oct 2022 11:53:30 -0400 Subject: [PATCH 2/5] change private comments too --- src/collection.ts | 2 +- src/error.ts | 4 ++-- src/sdam/topology.ts | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/collection.ts b/src/collection.ts index 3229b0b27ef..039d2ecffa3 100644 --- a/src/collection.ts +++ b/src/collection.ts @@ -288,7 +288,7 @@ export class Collection { options = {}; } - // CSFLE passes in { w: 'majority' } to ensure the lib works in both 3.x and 4.x + // In use encryption passes in { w: 'majority' } to ensure the lib works in both 3.x and 4.x // we support that option style here only if (options && Reflect.get(options, 'w')) { options.writeConcern = WriteConcern.fromOptions(Reflect.get(options, 'w')); diff --git a/src/error.ts b/src/error.ts index d6abfec879a..34dd0a12180 100644 --- a/src/error.ts +++ b/src/error.ts @@ -111,7 +111,7 @@ export interface ErrorDescription extends Document { * @category Error * * @privateRemarks - * CSFLE has a dependency on this error, it uses the constructor with a string argument + * In use encryption has a dependency on this error, it uses the constructor with a string argument */ export class MongoError extends Error { /** @internal */ @@ -568,7 +568,7 @@ export class MongoNetworkError extends MongoError { * @category Error * * @privateRemarks - * CSFLE has a dependency on this error with an instanceof check + * In use encryption has a dependency on this error with an instanceof check */ export class MongoNetworkTimeoutError extends MongoNetworkError { constructor(message: string, options?: MongoNetworkErrorOptions) { diff --git a/src/sdam/topology.ts b/src/sdam/topology.ts index 48bf9f7bdba..01936cbfa33 100644 --- a/src/sdam/topology.ts +++ b/src/sdam/topology.ts @@ -252,7 +252,7 @@ export class Topology extends TypedEventEmitter { ) => this.selectServer(selector, options, callback as any) ); - // Legacy CSFLE support + // Legacy in use encryption support this.bson = Object.create(null); this.bson.serialize = serialize; this.bson.deserialize = deserialize; From 70e88fa86e2f17a93d392b798b14342d69c3b7e3 Mon Sep 17 00:00:00 2001 From: Neal Beeken Date: Tue, 18 Oct 2022 15:05:35 -0400 Subject: [PATCH 3/5] update internal comments to be specific about package support --- src/collection.ts | 4 ++-- src/error.ts | 4 ++-- src/sdam/topology.ts | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/collection.ts b/src/collection.ts index 039d2ecffa3..a713d85d900 100644 --- a/src/collection.ts +++ b/src/collection.ts @@ -288,8 +288,8 @@ export class Collection { options = {}; } - // In use encryption passes in { w: 'majority' } to ensure the lib works in both 3.x and 4.x - // we support that option style here only + // Older versions of mongodb-client-encryption passes in hardcoded { w: 'majority' } + // specifically to an insertOne call, so we want to just support this here if (options && Reflect.get(options, 'w')) { options.writeConcern = WriteConcern.fromOptions(Reflect.get(options, 'w')); } diff --git a/src/error.ts b/src/error.ts index 34dd0a12180..800be95c8b8 100644 --- a/src/error.ts +++ b/src/error.ts @@ -111,7 +111,7 @@ export interface ErrorDescription extends Document { * @category Error * * @privateRemarks - * In use encryption has a dependency on this error, it uses the constructor with a string argument + * mongodb-client-encryption has a dependency on this error, it uses the constructor with a string argument */ export class MongoError extends Error { /** @internal */ @@ -568,7 +568,7 @@ export class MongoNetworkError extends MongoError { * @category Error * * @privateRemarks - * In use encryption has a dependency on this error with an instanceof check + * mongodb-client-encryption has a dependency on this error with an instanceof check */ export class MongoNetworkTimeoutError extends MongoNetworkError { constructor(message: string, options?: MongoNetworkErrorOptions) { diff --git a/src/sdam/topology.ts b/src/sdam/topology.ts index 01936cbfa33..96f34502518 100644 --- a/src/sdam/topology.ts +++ b/src/sdam/topology.ts @@ -252,7 +252,7 @@ export class Topology extends TypedEventEmitter { ) => this.selectServer(selector, options, callback as any) ); - // Legacy in use encryption support + // Keeping a reference to these BSON functions supports older mongodb-client-encryption versions this.bson = Object.create(null); this.bson.serialize = serialize; this.bson.deserialize = deserialize; From a239218d6c7ba7167548774d6323c625c6855981 Mon Sep 17 00:00:00 2001 From: Neal Beeken Date: Tue, 18 Oct 2022 15:36:29 -0400 Subject: [PATCH 4/5] add module versions and fix hyphen --- src/collection.ts | 4 ++-- src/deps.ts | 2 +- src/mongo_client.ts | 2 +- src/sdam/topology.ts | 3 ++- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/collection.ts b/src/collection.ts index a713d85d900..275ba537093 100644 --- a/src/collection.ts +++ b/src/collection.ts @@ -288,8 +288,8 @@ export class Collection { options = {}; } - // Older versions of mongodb-client-encryption passes in hardcoded { w: 'majority' } - // specifically to an insertOne call, so we want to just support this here + // versions of mongodb-client-encryption before 1.2.1 pass in hardcoded { w: 'majority' } + // specifically to an insertOne call in createDataKey, so we want to support this only here if (options && Reflect.get(options, 'w')) { options.writeConcern = WriteConcern.fromOptions(Reflect.get(options, 'w')); } diff --git a/src/deps.ts b/src/deps.ts index acc2be11f38..5436b21044c 100644 --- a/src/deps.ts +++ b/src/deps.ts @@ -288,7 +288,7 @@ export interface AutoEncryptionOptions { * * **NOTE**: Supplying options.schemaMap provides more security than relying on JSON Schemas obtained from the server. * It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending decrypted data that should be encrypted. - * Schemas supplied in the schemaMap only apply to configuring automatic encryption for in use encryption. + * Schemas supplied in the schemaMap only apply to configuring automatic encryption for Client-Side Field Level Encryption. * Other validation rules in the JSON schema will not be enforced by the driver and will result in an error. */ schemaMap?: Document; diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 9d5add2f61a..23a6d502b7f 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -243,7 +243,7 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC /** Server API version */ serverApi?: ServerApi | ServerApiVersion; /** - * Optionally enable in use auto encryption + * Optionally enable in-use auto encryption * * @remarks * Automatic encryption is an enterprise only feature that only applies to operations on a collection. Automatic encryption is not supported for operations on a database or view, and operations that are not bypassed will result in error diff --git a/src/sdam/topology.ts b/src/sdam/topology.ts index 96f34502518..f132cdc24af 100644 --- a/src/sdam/topology.ts +++ b/src/sdam/topology.ts @@ -252,7 +252,8 @@ export class Topology extends TypedEventEmitter { ) => this.selectServer(selector, options, callback as any) ); - // Keeping a reference to these BSON functions supports older mongodb-client-encryption versions + // Saving a reference to these BSON functions + // supports v2.2.0 and older versions of mongodb-client-encryption this.bson = Object.create(null); this.bson.serialize = serialize; this.bson.deserialize = deserialize; From 4431e2fd58c45f3a19463164595035632df71722 Mon Sep 17 00:00:00 2001 From: Neal Beeken Date: Tue, 18 Oct 2022 15:37:24 -0400 Subject: [PATCH 5/5] correct node pkg version --- src/collection.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/collection.ts b/src/collection.ts index 275ba537093..e22ce9eeca4 100644 --- a/src/collection.ts +++ b/src/collection.ts @@ -288,7 +288,7 @@ export class Collection { options = {}; } - // versions of mongodb-client-encryption before 1.2.1 pass in hardcoded { w: 'majority' } + // versions of mongodb-client-encryption before v1.2.6 pass in hardcoded { w: 'majority' } // specifically to an insertOne call in createDataKey, so we want to support this only here if (options && Reflect.get(options, 'w')) { options.writeConcern = WriteConcern.fromOptions(Reflect.get(options, 'w'));