INTPYTHON-527 Add Queryable Encryption support #329
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
django_mongodb_backend/management/commands/get_encrypted_fields_map.py
Outdated
Show resolved
Hide resolved
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
25b7e8b to
2469f84
Compare
cd8aa5c to
62db35a
Compare
QE Doc flow - Three top level (or close to it) docs - How to guide on QE configuration - QE field guide (moved out of model field ref to its own section) - Topic guide on QE usage
- Planning to finish QE setup in the how-to doc then switch back to the topic doc to explain the workflow.
In the QE topics guide I'm going to explain how to develop a patient model similar to the Python QE tutorial and the encryption test suite. If embedding were possible now, I could present the same example. Since embedded models are a WIP I may either: - design the guide to work around that issue - design the guide to anticipate resolution of that issue In ether case, I'll try to wrap this 24-48 hour docs jam having covered everything I know about QE and Django and having presented it to Django folks in a way we can support.
- Configuring the encrypted_fields_map section
21c237e to
cd035eb
Compare
- Configuring the Automatic Encryption Shared Library
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
bff8bcf to
33b9b58
Compare
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| @@ -15,7 +15,7 @@ | |||
|
|
|||
| @skipUnlessDBFeature("supports_queryable_encryption") | |||
| @override_settings(DATABASE_ROUTERS=[TestEncryptedRouter()]) | |||
| class QueryableEncryptionTestCase(TransactionTestCase): | |||
| class QueryableEncryptionTests(TransactionTestCase): | |||
There was a problem hiding this comment.
This is indeed a base "TestCase" as it has no tests itself. I think it's useful to keep this class for the shared skipUnless and override settings, even if setUp is removed per my comment below.
| from django.db import models | ||
|
|
||
|
|
||
| class EncryptedFieldMixin(models.Field): |
There was a problem hiding this comment.
I don't remember this inheriting from Field. Was it a recent change? I don't think it should considering the field it's mixed in with should already do that inheriting.
|
|
||
| class Command(BaseCommand): | ||
| help = """ | ||
| This command shows the mapping of encrypted fields to attributes |
There was a problem hiding this comment.
The old wording "Shows..." is more consistent with the built-in command's documentation. Avoid boilerplate like "This command...", "this option..."
| ``EncryptedFieldMixin`` | ||
| ======================= | ||
|
|
||
| .. class:: EncryptedFieldMixin(models.Field) |
There was a problem hiding this comment.
Inheritance isn't documented here, but rather (sometimess) the __init__() signature.
Example from Django's docs: .. class:: TimestampSigner(*, key=None, sep=':', salt=None, algorithm='sha256')
| connection = connections["encrypted"] | ||
| with connection.schema_editor() as editor: | ||
| client = connection.connection | ||
| encrypted_fields_map = editor._get_encrypted_fields_map(self.patient, client) |
There was a problem hiding this comment.
The test happens to work with either, but the first argument is supposed to be a model class rather than a model instance.
| """ | ||
| Used in schema and field tests. | ||
| """ |
There was a problem hiding this comment.
I think there's not enough shared data to justify a common setUp method. Many of these models are used in only one test, so it's wasteful to create them before every test. If it helps, you can make many of the fields nullable to make creating objects easier. (e.g. test_datefield can create a PatientRecord with only a date).
Previous attempts and additional context here: