diff options
author | Shreyas Kalyan <shreyas.kalyan@mongodb.com> | 2023-04-13 14:30:53 -0400 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-04-17 21:50:39 +0000 |
commit | 5ba4b4c02e154502455c98ff5e605eeb7b2bc555 (patch) | |
tree | 1eb345e78f9983efe9bc7e974bcf517261160459 /src/mongo | |
parent | a45535c81c645dc190485e033a6ed6b91678bd50 (diff) | |
download | mongo-5ba4b4c02e154502455c98ff5e605eeb7b2bc555.tar.gz |
SERVER-72937 Create the QE cleanupStructuredEncryptionData command skeleton for mongod
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/crypto/fle_stats.idl | 6 | ||||
-rw-r--r-- | src/mongo/db/auth/action_type.idl | 4 | ||||
-rw-r--r-- | src/mongo/db/auth/builtin_roles.yml | 1 | ||||
-rw-r--r-- | src/mongo/db/commands/SConscript | 2 | ||||
-rw-r--r-- | src/mongo/db/commands/fle2_cleanup.idl | 55 | ||||
-rw-r--r-- | src/mongo/db/commands/fle2_cleanup_cmd.cpp | 104 | ||||
-rw-r--r-- | src/mongo/db/commands/fle2_compact.idl | 2 | ||||
-rw-r--r-- | src/mongo/shell/encrypted_dbclient_base.cpp | 7 |
8 files changed, 177 insertions, 4 deletions
diff --git a/src/mongo/crypto/fle_stats.idl b/src/mongo/crypto/fle_stats.idl index 485a59f8f50..69e8f1f418c 100644 --- a/src/mongo/crypto/fle_stats.idl +++ b/src/mongo/crypto/fle_stats.idl @@ -67,3 +67,9 @@ structs: type: ECStats optional: true esc: ECStats + + CleanupStats: + description: "Stats about records in ECOC, and ESC cleanup touched" + fields: + ecoc: ECOCStats + esc: ECStats diff --git a/src/mongo/db/auth/action_type.idl b/src/mongo/db/auth/action_type.idl index 26d993be4c1..8e5a2000745 100644 --- a/src/mongo/db/auth/action_type.idl +++ b/src/mongo/db/auth/action_type.idl @@ -67,6 +67,7 @@ enums: checkMetadataConsistency : "checkMetadataConsistency" cleanupOrphaned : "cleanupOrphaned" clearJumboFlag : "clearJumboFlag" + cleanupStructuredEncryptionData: "cleanupStructuredEncryptionData" closeAllDatabases : "closeAllDatabases" # Deprecated (backwards compatibility) collMod : "collMod" collStats : "collStats" @@ -242,6 +243,7 @@ enums: - analyze - bypassDocumentValidation - changeStream + - cleanupStructuredEncryptionData - collMod - collStats - compact @@ -290,6 +292,7 @@ enums: - analyze - bypassDocumentValidation - changeStream + - cleanupStructuredEncryptionData - collMod - collStats - compact @@ -363,6 +366,7 @@ enums: - analyze - bypassDocumentValidation - changeStream + - cleanupStructuredEncryptionData - collMod - collStats - compact diff --git a/src/mongo/db/auth/builtin_roles.yml b/src/mongo/db/auth/builtin_roles.yml index 1babdd93486..4f52b65ffd7 100644 --- a/src/mongo/db/auth/builtin_roles.yml +++ b/src/mongo/db/auth/builtin_roles.yml @@ -51,6 +51,7 @@ roles: - matchType: database actions: &readWriteRoleActions - *readRoleActions + - cleanupStructuredEncryptionData - compactStructuredEncryptionData - convertToCapped # db admin gets this also - createCollection # db admin gets this also diff --git a/src/mongo/db/commands/SConscript b/src/mongo/db/commands/SConscript index ee96de65509..aacacce4b2a 100644 --- a/src/mongo/db/commands/SConscript +++ b/src/mongo/db/commands/SConscript @@ -48,6 +48,7 @@ env.Library( source=[ 'end_sessions_command.cpp', 'fail_point_cmd.cpp', + 'fle2_cleanup.idl', 'fle2_compact.cpp', 'fle2_compact.idl', 'generic.cpp', @@ -572,6 +573,7 @@ env.Library( 'get_cluster_parameter_command.cpp', "internal_rename_if_options_and_indexes_match_cmd.cpp", "internal_transactions_test_command_d.cpp", + "fle2_cleanup_cmd.cpp", "fle2_compact_cmd.cpp", "map_reduce_command.cpp", "oplog_application_checks.cpp", diff --git a/src/mongo/db/commands/fle2_cleanup.idl b/src/mongo/db/commands/fle2_cleanup.idl new file mode 100644 index 00000000000..836897b065d --- /dev/null +++ b/src/mongo/db/commands/fle2_cleanup.idl @@ -0,0 +1,55 @@ +# Copyright (C) 2023-present MongoDB, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the Server Side Public License, version 1, +# as published by MongoDB, Inc. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# Server Side Public License for more details. +# +# You should have received a copy of the Server Side Public License +# along with this program. If not, see +# <http://www.mongodb.com/licensing/server-side-public-license>. +# +# As a special exception, the copyright holders give permission to link the +# code of portions of this program with the OpenSSL library under certain +# conditions as described in each individual source file and distribute +# linked combinations including the program with the OpenSSL library. You +# must comply with the Server Side Public License in all respects for +# all of the code used other than as permitted herein. If you modify file(s) +# with this exception, you may extend this exception to your version of the +# file(s), but you are not obligated to do so. If you do not wish to do so, +# delete this exception statement from your version. If you delete this +# exception statement from all source files in the program, then also delete +# it in the license file. +# + +global: + cpp_namespace: "mongo" + +imports: + - "mongo/db/basic_types.idl" + - "mongo/crypto/fle_stats.idl" + +structs: + CleanupStructuredEncryptionDataCommandReply: + description: "Reply from the {cleanupStructuredEncryptionData: ...} command" + strict: true + is_command_reply: true + fields: + stats: CleanupStats + +commands: + cleanupStructuredEncryptionData: + description: "Parser for the 'cleanupStructuredEncryptionData' command" + command_name: cleanupStructuredEncryptionData + api_version: "" + namespace: concatenate_with_db + strict: true + reply_type: CleanupStructuredEncryptionDataCommandReply + fields: + cleanupTokens: + description: "Map of field path to ECOCToken" + type: object diff --git a/src/mongo/db/commands/fle2_cleanup_cmd.cpp b/src/mongo/db/commands/fle2_cleanup_cmd.cpp new file mode 100644 index 00000000000..36f016c092e --- /dev/null +++ b/src/mongo/db/commands/fle2_cleanup_cmd.cpp @@ -0,0 +1,104 @@ +/** + * Copyright (C) 2022-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + + +#include "mongo/platform/basic.h" + +#include "mongo/db/commands.h" +#include "mongo/db/commands/create_gen.h" +#include "mongo/db/commands/feature_compatibility_version.h" + +#include "mongo/crypto/fle_stats.h" +#include "mongo/db/auth/authorization_session.h" + +#include "mongo/db/commands/fle2_cleanup_gen.h" + +#define MONGO_LOGV2_DEFAULT_COMPONENT ::mongo::logv2::LogComponent::kStorage + +namespace mongo { + +namespace { + +CleanupStats cleanupEncryptedCollection(OperationContext* opCtx, + const CleanupStructuredEncryptionData& request) { + uasserted(7293700, "Function not implemented."); +} + +class CleanupStructuredEncryptionDataCmd final + : public TypedCommand<CleanupStructuredEncryptionDataCmd> { +public: + using Request = CleanupStructuredEncryptionData; + using Reply = CleanupStructuredEncryptionData::Reply; + using TC = TypedCommand<CleanupStructuredEncryptionDataCmd>; + + class Invocation final : public TC::InvocationBase { + public: + using TC::InvocationBase::InvocationBase; + using TC::InvocationBase::request; + + Reply typedRun(OperationContext* opCtx) { + return Reply(cleanupEncryptedCollection(opCtx, request())); + } + + private: + bool supportsWriteConcern() const final { + return false; + } + + void doCheckAuthorization(OperationContext* opCtx) const final { + auto* as = AuthorizationSession::get(opCtx->getClient()); + uassert(ErrorCodes::Unauthorized, + "Not authorized to cleanup structured encryption data", + as->isAuthorizedForActionsOnResource( + ResourcePattern::forExactNamespace(request().getNamespace()), + ActionType::cleanupStructuredEncryptionData)); + } + + NamespaceString ns() const final { + return request().getNamespace(); + } + }; + + typename TC::AllowedOnSecondary secondaryAllowed(ServiceContext*) const final { + return BasicCommand::AllowedOnSecondary::kNever; + } + + bool adminOnly() const final { + return false; + } + + std::set<StringData> sensitiveFieldNames() const final { + return {CleanupStructuredEncryptionData::kCleanupTokensFieldName}; + } +} cleanupStructuredEncryptionDataCmd; + + +} // namespace + +} // namespace mongo diff --git a/src/mongo/db/commands/fle2_compact.idl b/src/mongo/db/commands/fle2_compact.idl index 3ba9a9c9686..3ac36f10da0 100644 --- a/src/mongo/db/commands/fle2_compact.idl +++ b/src/mongo/db/commands/fle2_compact.idl @@ -35,7 +35,7 @@ imports: structs: CompactStructuredEncryptionDataCommandReply: - description: "Reply from the {compactStructuredEncryptedData: ...} command" + description: "Reply from the {compactStructuredEncryptionData: ...} command" strict: true is_command_reply: true fields: diff --git a/src/mongo/shell/encrypted_dbclient_base.cpp b/src/mongo/shell/encrypted_dbclient_base.cpp index 62ce4d06a2e..253ed8a560e 100644 --- a/src/mongo/shell/encrypted_dbclient_base.cpp +++ b/src/mongo/shell/encrypted_dbclient_base.cpp @@ -607,9 +607,10 @@ void EncryptedDBClientBase::cleanup(JSContext* cx, JS::CallArgs args) { builder.append("cleanupTokens", efc ? FLEClientCrypto::generateCompactionTokens(*efc, this) : BSONObj()); - // TODO SERVER-72937: Add call to cleanup function - mozjs::ValueReader(cx, args.rval()).fromBSON(BSONObj(), nullptr, false); - return; + BSONObj reply; + runCommand(nss.dbName(), builder.obj(), reply, 0); + reply = reply.getOwned(); + mozjs::ValueReader(cx, args.rval()).fromBSON(reply, nullptr, false); } void EncryptedDBClientBase::trace(JSTracer* trc) { |