diff options
| author | Ted Tuckman <ted.tuckman@mongodb.com> | 2023-05-03 13:36:39 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-05-03 14:38:45 +0000 |
| commit | 8e79f414b58d1ca97027312cd721dfecb636ce69 (patch) | |
| tree | 0ab65b51b07a51277a1a3a58ca1c943f564ff030 /src | |
| parent | 280c055694d28c5eb8a88f9f676a92c67dc2f72f (diff) | |
| download | mongo-8e79f414b58d1ca97027312cd721dfecb636ce69.tar.gz | |
SERVER-76424 Replace 'redact' with 'hmac' in $telemetry syntax
Diffstat (limited to 'src')
43 files changed, 287 insertions, 286 deletions
diff --git a/src/mongo/base/error_codes.yml b/src/mongo/base/error_codes.yml index e7f81af385d..0ff84270100 100644 --- a/src/mongo/base/error_codes.yml +++ b/src/mongo/base/error_codes.yml @@ -505,7 +505,7 @@ error_codes: - {code: 386, name: DuplicateKeyId} - - {code: 387, name: EncounteredFLEPayloadWhileRedacting} + - {code: 387, name: EncounteredFLEPayloadWhileApplyingHmac} - {code: 388, name: TransactionTooLargeForCache} - {code: 389, name: LibmongocryptError} diff --git a/src/mongo/db/exec/projection_executor_redaction_test.cpp b/src/mongo/db/exec/projection_executor_redaction_test.cpp index ed4fd5a7793..1f4d5eb4281 100644 --- a/src/mongo/db/exec/projection_executor_redaction_test.cpp +++ b/src/mongo/db/exec/projection_executor_redaction_test.cpp @@ -58,7 +58,7 @@ std::unique_ptr<projection_executor::ProjectionExecutor> compileProjection(BSONO expCtx, &ast, policies, projection_executor::kDefaultBuilderParams); return exec; } -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -66,9 +66,9 @@ TEST(Redaction, ProjectionTest) { SerializationOptions options; options.replacementForLiteralArgs = "?"; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - options.redactIdentifiers = true; + options.applyHmacToIdentifiers = true; - options.identifierRedactionPolicy = redactFieldNameForTest; + options.identifierHmacPolicy = applyHmacForTest; auto redactProj = [&](std::string obj) { return compileProjection(fromjson(obj))->serializeTransformation(boost::none, options); }; diff --git a/src/mongo/db/matcher/expression_expr_test.cpp b/src/mongo/db/matcher/expression_expr_test.cpp index 9c294ddab88..7b03ee19fdd 100644 --- a/src/mongo/db/matcher/expression_expr_test.cpp +++ b/src/mongo/db/matcher/expression_expr_test.cpp @@ -803,7 +803,7 @@ DEATH_TEST_REGEX(ExprMatchTest, GetChildFailsIndexGreaterThanZero, "Tripwire ass /** * A default redaction strategy that generates easy to check results for testing purposes. */ -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -813,8 +813,8 @@ TEST_F(ExprMatchTest, ExprRedactsCorrectly) { SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.identifierRedactionPolicy = redactFieldNameForTest; - opts.redactIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; + opts.applyHmacToIdentifiers = true; ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({"$expr":{"$sum":["$HASH<a>","$HASH<b>"]}})", diff --git a/src/mongo/db/matcher/expression_geo_test.cpp b/src/mongo/db/matcher/expression_geo_test.cpp index 947967cfb16..b98e293fa89 100644 --- a/src/mongo/db/matcher/expression_geo_test.cpp +++ b/src/mongo/db/matcher/expression_geo_test.cpp @@ -158,7 +158,7 @@ TEST(ExpressionGeoTest, GeoNearEquivalent) { TEST(ExpressionGeoTest, SerializeGeoExpressions) { SerializationOptions opts = {}; - opts.redactIdentifiers = true; + opts.applyHmacToIdentifiers = true; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; { BSONObj query = fromjson("{$within: {$box: [{x: 4, y: 4}, [6, 6]]}}"); diff --git a/src/mongo/db/matcher/expression_serialization_test.cpp b/src/mongo/db/matcher/expression_serialization_test.cpp index 024a90404d3..7c48dd7ecba 100644 --- a/src/mongo/db/matcher/expression_serialization_test.cpp +++ b/src/mongo/db/matcher/expression_serialization_test.cpp @@ -1854,7 +1854,7 @@ TEST(SerializeInternalBinDataSubType, ExpressionBinDataSubTypeSerializesCorrectl ASSERT_TRUE(original.matches(obj)); } -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { // Avoid ending in a parenthesis since the results will occur in a raw string where the )" // sequence will accidentally terminate the string. return str::stream() << "HASH<" << s << ">"; @@ -1869,8 +1869,8 @@ TEST(SerializeInternalSchema, AllowedPropertiesRedactsCorrectly) { ASSERT_OK(objMatch.getStatus()); SerializationOptions opts; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; ASSERT_BSONOBJ_EQ_AUTO( // NOLINT @@ -1914,9 +1914,9 @@ std::unique_ptr<InternalSchemaCondMatchExpression> createCondMatchExpression(BSO TEST(SerializeInternalSchema, CondMatchRedactsCorrectly) { SerializationOptions opts; - opts.redactIdentifiers = true; + opts.applyHmacToIdentifiers = true; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.identifierHmacPolicy = applyHmacForTest; auto conditionQuery = BSON("age" << BSON("$lt" << 18)); auto thenQuery = BSON("job" << "student"); @@ -1970,8 +1970,8 @@ TEST(SerializeInternalSchema, MatchArrayIndexRedactsCorrectly) { BSONObjBuilder bob; SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; objMatch.getValue()->serialize(&bob, opts); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ @@ -1994,8 +1994,8 @@ TEST(SerializeInternalSchema, MaxItemsRedactsCorrectly) { InternalSchemaMaxItemsMatchExpression maxItems("a.b"_sd, 2); SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({"$_internalSchemaMaxItems":"?number"})", maxItems.getSerializedRightHandSide(opts)); @@ -2005,8 +2005,8 @@ TEST(SerializeInternalSchema, MaxLengthRedactsCorrectly) { InternalSchemaMaxLengthMatchExpression maxLength("a"_sd, 2); SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({"$_internalSchemaMaxLength":"?number"})", maxLength.getSerializedRightHandSide(opts)); @@ -2016,8 +2016,8 @@ TEST(SerializeInternalSchema, MinItemsRedactsCorrectly) { InternalSchemaMinItemsMatchExpression minItems("a.b"_sd, 2); SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({"$_internalSchemaMinItems":"?number"})", @@ -2048,8 +2048,8 @@ TEST(SerializeInternalSchema, MinPropertiesRedactsCorrectly) { TEST(SerializeInternalSchema, ObjectMatchRedactsCorrectly) { SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; auto query = fromjson( " {a: {$_internalSchemaObjectMatch: {" " c: {$eq: 3}" @@ -2068,8 +2068,8 @@ TEST(SerializeInternalSchema, RootDocEqRedactsCorrectly) { boost::intrusive_ptr<ExpressionContextForTest> expCtx(new ExpressionContextForTest()); SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; auto objMatch = MatchExpressionParser::parse(query, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ @@ -2122,8 +2122,8 @@ TEST(SerializesInternalSchema, MaxPropertiesRedactsCorrectly) { TEST(SerializesInternalSchema, EqRedactsCorrectly) { SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.identifierRedactionPolicy = redactFieldNameForTest; - opts.redactIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; + opts.applyHmacToIdentifiers = true; opts.replacementForLiteralArgs = "?"; auto query = fromjson("{$_internalSchemaEq: {a:1, b: {c: 1, d: [1]}}}"); BSONObjBuilder bob; @@ -2155,8 +2155,8 @@ TEST(InternalSchemaAllElemMatchFromIndexMatchExpression, RedactsExpressionCorrec expr.getValue().get()); SerializationOptions opts; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; ASSERT_BSONOBJ_EQ_AUTO( // NOLINT diff --git a/src/mongo/db/matcher/schema/expression_internal_schema_eq.cpp b/src/mongo/db/matcher/schema/expression_internal_schema_eq.cpp index c41a1e51c4d..8d428ad46fd 100644 --- a/src/mongo/db/matcher/schema/expression_internal_schema_eq.cpp +++ b/src/mongo/db/matcher/schema/expression_internal_schema_eq.cpp @@ -67,7 +67,7 @@ BSONObj InternalSchemaEqMatchExpression::getSerializedRightHandSide( if (opts.literalPolicy != LiteralSerializationPolicy::kUnchanged && _rhsElem.isABSONObj()) { BSONObjBuilder eqObj; BSONObjBuilder exprSpec(eqObj.subobjStart(kName)); - opts.redactObjToBuilder(&exprSpec, _rhsElem.Obj()); + opts.addHmacedObjToBuilder(&exprSpec, _rhsElem.Obj()); exprSpec.done(); return eqObj.obj(); } diff --git a/src/mongo/db/matcher/schema/expression_internal_schema_root_doc_eq.cpp b/src/mongo/db/matcher/schema/expression_internal_schema_root_doc_eq.cpp index f9e40a3856d..a499781ba9c 100644 --- a/src/mongo/db/matcher/schema/expression_internal_schema_root_doc_eq.cpp +++ b/src/mongo/db/matcher/schema/expression_internal_schema_root_doc_eq.cpp @@ -50,7 +50,7 @@ void InternalSchemaRootDocEqMatchExpression::debugString(StringBuilder& debug, void InternalSchemaRootDocEqMatchExpression::serialize(BSONObjBuilder* out, SerializationOptions opts) const { BSONObjBuilder subObj(out->subobjStart(kName)); - opts.redactObjToBuilder(&subObj, _rhsObj); + opts.addHmacedObjToBuilder(&subObj, _rhsObj); subObj.doneFast(); } diff --git a/src/mongo/db/pipeline/accumulator_test.cpp b/src/mongo/db/pipeline/accumulator_test.cpp index de86cf48b95..71a3ba284b0 100644 --- a/src/mongo/db/pipeline/accumulator_test.cpp +++ b/src/mongo/db/pipeline/accumulator_test.cpp @@ -1736,7 +1736,7 @@ TEST(Accumulators, CovarianceWithRandomVariables) { assertCovariance<AccumulatorCovarianceSamp>(&expCtx, randomVariables, boost::none); } // Test serialization with redaction -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -1749,8 +1749,8 @@ Value parseAndSerializeAccumExpr( std::string replacementChar = "?"; options.replacementForLiteralArgs = replacementChar; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - options.redactIdentifiers = true; - options.identifierRedactionPolicy = redactFieldNameForTest; + options.applyHmacToIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; auto expCtx = make_intrusive<ExpressionContextForTest>(); auto expr = func(expCtx.get(), obj.firstElement(), expCtx->variablesParseState); return expr->serialize(options); @@ -1765,8 +1765,8 @@ Document parseAndSerializeAccum( std::string replacementChar = "?"; options.replacementForLiteralArgs = replacementChar; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - options.redactIdentifiers = true; - options.identifierRedactionPolicy = redactFieldNameForTest; + options.applyHmacToIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; auto expCtx = make_intrusive<ExpressionContextForTest>(); VariablesParseState vps = expCtx->variablesParseState; diff --git a/src/mongo/db/pipeline/aggregation_context_fixture.h b/src/mongo/db/pipeline/aggregation_context_fixture.h index fdc7bc2f7b6..5643c3d3aa8 100644 --- a/src/mongo/db/pipeline/aggregation_context_fixture.h +++ b/src/mongo/db/pipeline/aggregation_context_fixture.h @@ -86,10 +86,10 @@ public: options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; // TODO SERVER-75399 Use only 'literalPolicy.' options.replacementForLiteralArgs = "?"; - options.identifierRedactionPolicy = [](StringData s) -> std::string { + options.identifierHmacPolicy = [](StringData s) -> std::string { return str::stream() << "HASH<" << s << ">"; }; - options.redactIdentifiers = true; + options.applyHmacToIdentifiers = true; } std::vector<Value> serialized; docSource.serializeToArray(serialized, options); @@ -104,10 +104,10 @@ public: // TODO SERVER-75399 Use only 'literalPolicy.' options.replacementForLiteralArgs = "?"; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - options.identifierRedactionPolicy = [](StringData s) -> std::string { + options.identifierHmacPolicy = [](StringData s) -> std::string { return str::stream() << "HASH<" << s << ">"; }; - options.redactIdentifiers = true; + options.applyHmacToIdentifiers = true; } std::vector<Value> serialized; docSource.serializeToArray(serialized, options); diff --git a/src/mongo/db/pipeline/document_source_change_stream_oplog_match.cpp b/src/mongo/db/pipeline/document_source_change_stream_oplog_match.cpp index c824afbed4d..dc975681266 100644 --- a/src/mongo/db/pipeline/document_source_change_stream_oplog_match.cpp +++ b/src/mongo/db/pipeline/document_source_change_stream_oplog_match.cpp @@ -215,7 +215,7 @@ Value DocumentSourceChangeStreamOplogMatch::serialize(SerializationOptions opts) sub.done(); } else { BSONObjBuilder sub(builder.subobjStart(kStageName)); - if (opts.replacementForLiteralArgs || opts.redactIdentifiers) { + if (opts.replacementForLiteralArgs || opts.applyHmacToIdentifiers) { sub.append(DocumentSourceChangeStreamOplogMatchSpec::kFilterFieldName, getMatchExpression()->serialize(opts)); } else { diff --git a/src/mongo/db/pipeline/document_source_change_stream_unwind_transaction.cpp b/src/mongo/db/pipeline/document_source_change_stream_unwind_transaction.cpp index 6ed09402bdf..501291599f0 100644 --- a/src/mongo/db/pipeline/document_source_change_stream_unwind_transaction.cpp +++ b/src/mongo/db/pipeline/document_source_change_stream_unwind_transaction.cpp @@ -141,7 +141,7 @@ Value DocumentSourceChangeStreamUnwindTransaction::serialize(SerializationOption } Value spec; - if (opts.replacementForLiteralArgs || opts.redactIdentifiers) { + if (opts.replacementForLiteralArgs || opts.applyHmacToIdentifiers) { spec = Value(DOC(DocumentSourceChangeStreamUnwindTransactionSpec::kFilterFieldName << _expression->serialize(opts))); } else { diff --git a/src/mongo/db/pipeline/document_source_cursor.cpp b/src/mongo/db/pipeline/document_source_cursor.cpp index ae35d219af5..7fd92681059 100644 --- a/src/mongo/db/pipeline/document_source_cursor.cpp +++ b/src/mongo/db/pipeline/document_source_cursor.cpp @@ -215,7 +215,7 @@ void DocumentSourceCursor::recordPlanSummaryStats() { Value DocumentSourceCursor::serialize(SerializationOptions opts) const { auto verbosity = opts.verbosity; - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { MONGO_UNIMPLEMENTED_TASSERT(7484350); } // We never parse a DocumentSourceCursor, so we only serialize for explain. diff --git a/src/mongo/db/pipeline/document_source_geo_near.cpp b/src/mongo/db/pipeline/document_source_geo_near.cpp index 5e966e09cd5..a5761968b16 100644 --- a/src/mongo/db/pipeline/document_source_geo_near.cpp +++ b/src/mongo/db/pipeline/document_source_geo_near.cpp @@ -86,7 +86,7 @@ Value DocumentSourceGeoNear::serialize(SerializationOptions opts) const { result.setField("minDistance", opts.serializeLiteralValue(*minDistance)); } - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { auto matchExpr = uassertStatusOK(MatchExpressionParser::parse(query, pExpCtx)); result.setField("query", Value(matchExpr->serialize(opts))); } else { diff --git a/src/mongo/db/pipeline/document_source_graph_lookup.cpp b/src/mongo/db/pipeline/document_source_graph_lookup.cpp index 6ac50848ef5..5b6eb2cb437 100644 --- a/src/mongo/db/pipeline/document_source_graph_lookup.cpp +++ b/src/mongo/db/pipeline/document_source_graph_lookup.cpp @@ -607,7 +607,7 @@ void DocumentSourceGraphLookUp::serializeToArray(std::vector<Value>& array, } if (_additionalFilter) { - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { auto matchExpr = uassertStatusOK(MatchExpressionParser::parse(*_additionalFilter, pExpCtx)); spec["restrictSearchWithMatch"] = Value(matchExpr->serialize(opts)); diff --git a/src/mongo/db/pipeline/document_source_internal_unpack_bucket_test/unpack_bucket_exec_test.cpp b/src/mongo/db/pipeline/document_source_internal_unpack_bucket_test/unpack_bucket_exec_test.cpp index 8ca1f6ec75d..38b4a6b70c0 100644 --- a/src/mongo/db/pipeline/document_source_internal_unpack_bucket_test/unpack_bucket_exec_test.cpp +++ b/src/mongo/db/pipeline/document_source_internal_unpack_bucket_test/unpack_bucket_exec_test.cpp @@ -926,7 +926,7 @@ TEST_F(InternalUnpackBucketExecTest, ParserRoundtripsComputedMetaProjFieldOverri ASSERT_BSONOBJ_EQ(array[0].getDocument().toBson(), bson); } -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -936,8 +936,8 @@ TEST_F(InternalUnpackBucketExecTest, RedactsCorrectly) { "bucketMaxSpanSeconds: 3600, computedMetaProjFields: ['a', 'b', 'c']}}"); auto array = std::vector<Value>{}; SerializationOptions opts; - opts.identifierRedactionPolicy = redactFieldNameForTest; - opts.redactIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; + opts.applyHmacToIdentifiers = true; opts.replacementForLiteralArgs = "?"; DocumentSourceInternalUnpackBucket::createFromBsonInternal(bson.firstElement(), getExpCtx()) ->serializeToArray(array, opts); diff --git a/src/mongo/db/pipeline/document_source_list_sampled_queries.cpp b/src/mongo/db/pipeline/document_source_list_sampled_queries.cpp index d361eeddfe9..2caa1fa442e 100644 --- a/src/mongo/db/pipeline/document_source_list_sampled_queries.cpp +++ b/src/mongo/db/pipeline/document_source_list_sampled_queries.cpp @@ -61,7 +61,7 @@ boost::intrusive_ptr<DocumentSource> DocumentSourceListSampledQueries::createFro } Value DocumentSourceListSampledQueries::serialize(SerializationOptions opts) const { - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { MONGO_UNIMPLEMENTED_TASSERT(6876002); } diff --git a/src/mongo/db/pipeline/document_source_lookup.cpp b/src/mongo/db/pipeline/document_source_lookup.cpp index 1079fbca093..2350db50ae3 100644 --- a/src/mongo/db/pipeline/document_source_lookup.cpp +++ b/src/mongo/db/pipeline/document_source_lookup.cpp @@ -1045,14 +1045,14 @@ void DocumentSourceLookUp::serializeToArray(std::vector<Value>& array, // syntax) or if a $match was absorbed. auto serializedPipeline = [&]() -> std::vector<BSONObj> { auto pipeline = _userPipeline.get_value_or(std::vector<BSONObj>()); - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { return Pipeline::parse(pipeline, _fromExpCtx)->serializeToBson(opts); } return pipeline; }(); if (_additionalFilter) { auto serializedFilter = [&]() -> BSONObj { - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { auto filter = uassertStatusOK(MatchExpressionParser::parse(*_additionalFilter, pExpCtx)); return filter->serialize(opts); diff --git a/src/mongo/db/pipeline/document_source_match.cpp b/src/mongo/db/pipeline/document_source_match.cpp index 83079a6629d..b51d28fffb5 100644 --- a/src/mongo/db/pipeline/document_source_match.cpp +++ b/src/mongo/db/pipeline/document_source_match.cpp @@ -69,7 +69,7 @@ const char* DocumentSourceMatch::getSourceName() const { } Value DocumentSourceMatch::serialize(SerializationOptions opts) const { - if (opts.verbosity || opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.verbosity || opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { return Value(DOC(getSourceName() << Document(_expression->serialize(opts)))); } return Value(DOC(getSourceName() << Document(getQuery()))); diff --git a/src/mongo/db/pipeline/document_source_merge.cpp b/src/mongo/db/pipeline/document_source_merge.cpp index 6cb337d73ae..22f271babb6 100644 --- a/src/mongo/db/pipeline/document_source_merge.cpp +++ b/src/mongo/db/pipeline/document_source_merge.cpp @@ -535,7 +535,7 @@ boost::optional<DocumentSource::DistributedPlanLogic> DocumentSourceMerge::distr Value DocumentSourceMerge::serialize(SerializationOptions opts) const { auto explain = opts.verbosity; - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { // TODO: SERVER-76208 support query shapification for IDL types with custom serializers. MONGO_UNIMPLEMENTED_TASSERT(7484324); } diff --git a/src/mongo/db/pipeline/document_source_plan_cache_stats.cpp b/src/mongo/db/pipeline/document_source_plan_cache_stats.cpp index 8d7b3367d53..c2c1b4eab1d 100644 --- a/src/mongo/db/pipeline/document_source_plan_cache_stats.cpp +++ b/src/mongo/db/pipeline/document_source_plan_cache_stats.cpp @@ -77,7 +77,7 @@ void DocumentSourcePlanCacheStats::serializeToArray(std::vector<Value>& array, if (opts.verbosity) { tassert(7513100, "$planCacheStats is not equipped to serialize in explain mode with redaction on", - !opts.redactIdentifiers && !opts.replacementForLiteralArgs); + !opts.applyHmacToIdentifiers && !opts.replacementForLiteralArgs); array.push_back(Value{Document{ {kStageName, Document{{"match"_sd, _absorbedMatch ? Value{_absorbedMatch->getQuery()} : Value{}}, diff --git a/src/mongo/db/pipeline/document_source_project_test.cpp b/src/mongo/db/pipeline/document_source_project_test.cpp index 682702df6c6..41e6435a3ae 100644 --- a/src/mongo/db/pipeline/document_source_project_test.cpp +++ b/src/mongo/db/pipeline/document_source_project_test.cpp @@ -341,7 +341,7 @@ TEST_F(ProjectStageTest, CannotAddNestedDocumentExceedingDepthLimit) { /** * A default redaction strategy that generates easy to check results for testing purposes. */ -std::string redactIdentifiersForTest(StringData s) { +std::string applyHmacToIdentifiersForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } diff --git a/src/mongo/db/pipeline/document_source_set_variable_from_subpipeline.cpp b/src/mongo/db/pipeline/document_source_set_variable_from_subpipeline.cpp index 965173f29d5..a85e0e68af2 100644 --- a/src/mongo/db/pipeline/document_source_set_variable_from_subpipeline.cpp +++ b/src/mongo/db/pipeline/document_source_set_variable_from_subpipeline.cpp @@ -54,7 +54,7 @@ REGISTER_INTERNAL_DOCUMENT_SOURCE(setVariableFromSubPipeline, true); Value DocumentSourceSetVariableFromSubPipeline::serialize(SerializationOptions opts) const { - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { // TODO: SERVER-76208 support query shapification for IDL types like pipeline with custom // serializers. MONGO_UNIMPLEMENTED_TASSERT(7484314); diff --git a/src/mongo/db/pipeline/document_source_sort_test.cpp b/src/mongo/db/pipeline/document_source_sort_test.cpp index 6f68a46a2d9..e0b58c55f24 100644 --- a/src/mongo/db/pipeline/document_source_sort_test.cpp +++ b/src/mongo/db/pipeline/document_source_sort_test.cpp @@ -538,7 +538,7 @@ TEST_F(DocumentSourceSortExecutionTest, ShouldCorrectlyTrackMemoryUsageBetweenPa ASSERT_THROWS_CODE( sort->getNext(), AssertionException, ErrorCodes::QueryExceededMemoryLimitNoDiskUseAllowed); } -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } TEST_F(DocumentSourceSortTest, Redaction) { diff --git a/src/mongo/db/pipeline/document_source_telemetry.cpp b/src/mongo/db/pipeline/document_source_telemetry.cpp index dae30b4c46b..01f35893bac 100644 --- a/src/mongo/db/pipeline/document_source_telemetry.cpp +++ b/src/mongo/db/pipeline/document_source_telemetry.cpp @@ -38,7 +38,7 @@ namespace mongo { namespace { -CounterMetric telemetryRedactionErrors("telemetry.numRedactionErrors"); +CounterMetric telemetryHmacApplicationErrors("telemetry.numHmacApplicationErrors"); } REGISTER_DOCUMENT_SOURCE_WITH_FEATURE_FLAG(telemetry, @@ -49,14 +49,14 @@ REGISTER_DOCUMENT_SOURCE_WITH_FEATURE_FLAG(telemetry, namespace { /** - * Try to parse the redactIdentifiers property from the element. + * Try to parse the applyHmacToIdentifiers property from the element. */ -boost::optional<bool> parseRedactIdentifiers(const BSONElement& el) { - if (el.fieldNameStringData() == "redactIdentifiers"_sd) { +boost::optional<bool> parseApplyHmacToIdentifiers(const BSONElement& el) { + if (el.fieldNameStringData() == "applyHmacToIdentifiers"_sd) { auto type = el.type(); uassert(ErrorCodes::FailedToParse, str::stream() << DocumentSourceTelemetry::kStageName - << " redactIdentifiers parameter must be boolean. Found type: " + << " applyHmacToIdentifiers parameter must be boolean. Found type: " << typeName(type), type == BSONType::Bool); return el.trueValue(); @@ -65,33 +65,32 @@ boost::optional<bool> parseRedactIdentifiers(const BSONElement& el) { } /** - * Try to parse the `redactionKey' property from the element. + * Try to parse the `hmacKey' property from the element. */ -boost::optional<std::string> parseRedactionKey(const BSONElement& el) { - if (el.fieldNameStringData() == "redactionKey"_sd) { +boost::optional<std::string> parseHmacKey(const BSONElement& el) { + if (el.fieldNameStringData() == "hmacKey"_sd) { auto type = el.type(); if (el.isBinData(BinDataType::BinDataGeneral)) { int len; auto data = el.binData(len); uassert(ErrorCodes::FailedToParse, str::stream() << DocumentSourceTelemetry::kStageName - << "redactionKey must be greater than or equal to 32 bytes", + << "hmacKey must be greater than or equal to 32 bytes", len >= 32); return {{data, (size_t)len}}; } - uasserted( - ErrorCodes::FailedToParse, - str::stream() - << DocumentSourceTelemetry::kStageName - << " redactionKey parameter must be bindata of length 32 or greater. Found type: " - << typeName(type)); + uasserted(ErrorCodes::FailedToParse, + str::stream() + << DocumentSourceTelemetry::kStageName + << " hmacKey parameter must be bindata of length 32 or greater. Found type: " + << typeName(type)); } return boost::none; } /** - * Parse the spec object calling the `ctor` with the bool redactIdentifiers and std::string - * redactionKey arguments. + * Parse the spec object calling the `ctor` with the bool applyHmacToIdentifiers and std::string + * hmacKey arguments. */ template <typename Ctor> auto parseSpec(const BSONElement& spec, const Ctor& ctor) { @@ -100,32 +99,34 @@ auto parseSpec(const BSONElement& spec, const Ctor& ctor) { << " value must be an object. Found: " << typeName(spec.type()), spec.type() == BSONType::Object); - bool redactIdentifiers = false; - std::string redactionKey; + bool applyHmacToIdentifiers = false; + std::string hmacKey; for (auto&& el : spec.embeddedObject()) { - if (auto maybeRedactIdentifiers = parseRedactIdentifiers(el); maybeRedactIdentifiers) { - redactIdentifiers = *maybeRedactIdentifiers; - } else if (auto maybeRedactionKey = parseRedactionKey(el); maybeRedactionKey) { - redactionKey = *maybeRedactionKey; + if (auto maybeApplyHmacToIdentifiers = parseApplyHmacToIdentifiers(el); + maybeApplyHmacToIdentifiers) { + applyHmacToIdentifiers = *maybeApplyHmacToIdentifiers; + } else if (auto maybeHmacKey = parseHmacKey(el); maybeHmacKey) { + hmacKey = *maybeHmacKey; } else { uasserted(ErrorCodes::FailedToParse, - str::stream() << DocumentSourceTelemetry::kStageName - << " parameters object may only contain 'redactIdentifiers' or " - "'redactionKey' options. Found: " - << el.fieldName()); + str::stream() + << DocumentSourceTelemetry::kStageName + << " parameters object may only contain 'applyHmacToIdentifiers' or " + "'hmacKey' options. Found: " + << el.fieldName()); } } - return ctor(redactIdentifiers, redactionKey); + return ctor(applyHmacToIdentifiers, hmacKey); } } // namespace std::unique_ptr<DocumentSourceTelemetry::LiteParsed> DocumentSourceTelemetry::LiteParsed::parse( const NamespaceString& nss, const BSONElement& spec) { - return parseSpec(spec, [&](bool redactIdentifiers, std::string redactionKey) { + return parseSpec(spec, [&](bool applyHmacToIdentifiers, std::string hmacKey) { return std::make_unique<DocumentSourceTelemetry::LiteParsed>( - spec.fieldName(), redactIdentifiers, redactionKey); + spec.fieldName(), applyHmacToIdentifiers, hmacKey); }); } @@ -137,14 +138,14 @@ boost::intrusive_ptr<DocumentSource> DocumentSourceTelemetry::createFromBson( "$telemetry must be run against the 'admin' database with {aggregate: 1}", nss.db() == DatabaseName::kAdmin.db() && nss.isCollectionlessAggregateNS()); - return parseSpec(spec, [&](bool redactIdentifiers, std::string redactionKey) { - return new DocumentSourceTelemetry(pExpCtx, redactIdentifiers, redactionKey); + return parseSpec(spec, [&](bool applyHmacToIdentifiers, std::string hmacKey) { + return new DocumentSourceTelemetry(pExpCtx, applyHmacToIdentifiers, hmacKey); }); } Value DocumentSourceTelemetry::serialize(SerializationOptions opts) const { // This document source never contains any user information, so no need for any work when - // redacting. + // applying hmac. return Value{Document{{kStageName, Document{}}}}; } @@ -189,16 +190,16 @@ DocumentSource::GetNextResult DocumentSourceTelemetry::doGetNext() { Timestamp{Timestamp(Date_t::now().toMillisSinceEpoch() / 1000, 0)}; for (auto&& [key, metrics] : *partition) { try { - auto redactedKey = - metrics->redactKey(key, _redactIdentifiers, _redactionKey, pExpCtx->opCtx); - _materializedPartition.push_back({{"key", std::move(redactedKey)}, + auto hmacKey = + metrics->applyHmacToKey(key, _applyHmacToIdentifiers, _hmacKey, pExpCtx->opCtx); + _materializedPartition.push_back({{"key", std::move(hmacKey)}, {"metrics", metrics->toBSON()}, {"asOf", partitionReadTime}}); } catch (const DBException& ex) { - telemetryRedactionErrors.increment(); + telemetryHmacApplicationErrors.increment(); LOGV2_DEBUG(7349403, 3, - "Error encountered when redacting query shape, will not publish " + "Error encountered when applying hmac to query shape, will not publish " "telemetry for this entry.", "status"_attr = ex.toStatus()); if (kDebugBuild) { diff --git a/src/mongo/db/pipeline/document_source_telemetry.h b/src/mongo/db/pipeline/document_source_telemetry.h index 5f35f177ea7..c71bff210ac 100644 --- a/src/mongo/db/pipeline/document_source_telemetry.h +++ b/src/mongo/db/pipeline/document_source_telemetry.h @@ -47,10 +47,10 @@ public: static std::unique_ptr<LiteParsed> parse(const NamespaceString& nss, const BSONElement& spec); - LiteParsed(std::string parseTimeName, bool redactIdentifiers, std::string redactionKey) + LiteParsed(std::string parseTimeName, bool applyHmacToIdentifiers, std::string hmacKey) : LiteParsedDocumentSource(std::move(parseTimeName)), - _redactIdentifiers(redactIdentifiers), - _redactionKey(redactionKey) {} + _applyHmacToIdentifiers(applyHmacToIdentifiers), + _hmacKey(hmacKey) {} stdx::unordered_set<NamespaceString> getInvolvedNamespaces() const override { return stdx::unordered_set<NamespaceString>(); @@ -75,9 +75,9 @@ public: transactionNotSupported(kStageName); } - bool _redactIdentifiers; + bool _applyHmacToIdentifiers; - std::string _redactionKey; + std::string _hmacKey; }; static boost::intrusive_ptr<DocumentSource> createFromBson( @@ -115,11 +115,11 @@ public: private: DocumentSourceTelemetry(const boost::intrusive_ptr<ExpressionContext>& expCtx, - bool redactIdentifiers = false, - std::string redactionKey = {}) + bool applyHmacToIdentifiers = false, + std::string hmacKey = {}) : DocumentSource(kStageName, expCtx), - _redactIdentifiers(redactIdentifiers), - _redactionKey(redactionKey) {} + _applyHmacToIdentifiers(applyHmacToIdentifiers), + _hmacKey(hmacKey) {} GetNextResult doGetNext() final; @@ -135,13 +135,13 @@ private: */ TelemetryStore::PartitionId _currentPartition = -1; - // When true, redact field names from returned query shapes. - bool _redactIdentifiers; + // When true, apply hmac to field names from returned query shapes. + bool _applyHmacToIdentifiers; /** - * Key used for SHA-256 HMAC redaction of field names. + * Key used for SHA-256 HMAC application on field names. */ - std::string _redactionKey; + std::string _hmacKey; }; } // namespace mongo diff --git a/src/mongo/db/pipeline/expression.cpp b/src/mongo/db/pipeline/expression.cpp index 2f4c725865b..0ef3a2db975 100644 --- a/src/mongo/db/pipeline/expression.cpp +++ b/src/mongo/db/pipeline/expression.cpp @@ -2608,7 +2608,7 @@ Value ExpressionFieldPath::serialize(SerializationOptions options) const { auto [prefix, path] = getPrefixAndPath(_fieldPath); // First handles special cases for redaction of system variables. User variables will fall // through to the default full redaction case. - if (options.redactIdentifiers && prefix.length() == 2) { + if (options.applyHmacToIdentifiers && prefix.length() == 2) { if (path.getPathLength() == 1 && Variables::isBuiltin(_variable)) { // Nothing to redact for builtin variables. return Value(prefix + path.fullPath()); @@ -2956,8 +2956,8 @@ Value ExpressionLet::serialize(SerializationOptions options) const { for (VariableMap::const_iterator it = _variables.begin(), end = _variables.end(); it != end; ++it) { auto key = it->second.name; - if (options.redactIdentifiers) { - key = options.identifierRedactionPolicy(key); + if (options.applyHmacToIdentifiers) { + key = options.identifierHmacPolicy(key); } vars[key] = it->second.expression->serialize(options); } diff --git a/src/mongo/db/pipeline/expression_field_path_test.cpp b/src/mongo/db/pipeline/expression_field_path_test.cpp index 480cfe0d2fd..6ce0a7ed8a0 100644 --- a/src/mongo/db/pipeline/expression_field_path_test.cpp +++ b/src/mongo/db/pipeline/expression_field_path_test.cpp @@ -61,7 +61,7 @@ Document fromBson(BSONObj obj) { return Document(obj); } -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -233,8 +233,8 @@ TEST(FieldPath, ScalarVariableWithDottedFieldPathOptimizesToConstantMissingValue TEST(FieldPath, SerializeWithRedaction) { SerializationOptions options; - options.identifierRedactionPolicy = redactFieldNameForTest; - options.redactIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; + options.applyHmacToIdentifiers = true; auto expCtx = ExpressionContextForTest{}; intrusive_ptr<Expression> expression = diff --git a/src/mongo/db/pipeline/expression_function_test.cpp b/src/mongo/db/pipeline/expression_function_test.cpp index 8c4d841a0b5..1d29fb54f05 100644 --- a/src/mongo/db/pipeline/expression_function_test.cpp +++ b/src/mongo/db/pipeline/expression_function_test.cpp @@ -40,7 +40,7 @@ namespace { /** * A default redaction strategy that generates easy to check results for testing purposes. */ -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -51,8 +51,8 @@ TEST(ExpressionFunction, SerializeAndRedactArgs) { std::string replacementChar = "?"; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; options.replacementForLiteralArgs = replacementChar; - options.redactIdentifiers = true; - options.identifierRedactionPolicy = redactFieldNameForTest; + options.applyHmacToIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; auto expCtx = ExpressionContextForTest(); auto expr = BSON("$function" << BSON("body" diff --git a/src/mongo/db/pipeline/expression_let_test.cpp b/src/mongo/db/pipeline/expression_let_test.cpp index fe4e1291fc5..988c04b730e 100644 --- a/src/mongo/db/pipeline/expression_let_test.cpp +++ b/src/mongo/db/pipeline/expression_let_test.cpp @@ -38,14 +38,14 @@ namespace mongo { namespace ExpressionTests { namespace { -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } TEST(RedactionTest, ExpressionLet) { SerializationOptions options; - options.identifierRedactionPolicy = redactFieldNameForTest; - options.redactIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; + options.applyHmacToIdentifiers = true; auto expCtx = ExpressionContextForTest{}; diff --git a/src/mongo/db/pipeline/expression_test.cpp b/src/mongo/db/pipeline/expression_test.cpp index 05209b55f63..7358800e991 100644 --- a/src/mongo/db/pipeline/expression_test.cpp +++ b/src/mongo/db/pipeline/expression_test.cpp @@ -179,7 +179,7 @@ void parseAndVerifyResults( /** * A default redaction strategy that generates easy to check results for testing purposes. */ -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -3725,8 +3725,8 @@ TEST(ExpressionGetFieldTest, GetFieldSerializesCorrectly) { TEST(ExpressionGetFieldTest, GetFieldSerializesAndRedactsCorrectly) { SerializationOptions options; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - options.redactIdentifiers = true; - options.identifierRedactionPolicy = redactFieldNameForTest; + options.applyHmacToIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; auto expCtx = ExpressionContextForTest{}; VariablesParseState vps = expCtx.variablesParseState; @@ -3801,8 +3801,8 @@ TEST(ExpressionGetFieldTest, GetFieldSerializesAndRedactsCorrectly) { TEST(ExpressionSetFieldTest, SetFieldRedactsCorrectly) { SerializationOptions options; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - options.identifierRedactionPolicy = redactFieldNameForTest; - options.redactIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; + options.applyHmacToIdentifiers = true; auto expCtx = ExpressionContextForTest{}; VariablesParseState vps = expCtx.variablesParseState; diff --git a/src/mongo/db/query/projection_ast_test.cpp b/src/mongo/db/query/projection_ast_test.cpp index 98655778be3..1d6164b4426 100644 --- a/src/mongo/db/query/projection_ast_test.cpp +++ b/src/mongo/db/query/projection_ast_test.cpp @@ -773,7 +773,7 @@ TEST_F(ProjectionASTTest, ShouldThrowWithPositionalOnExclusion) { DBException, 31395); } -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -781,8 +781,8 @@ TEST_F(ProjectionASTTest, TestASTRedaction) { SerializationOptions options; options.replacementForLiteralArgs = "?"; options.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - options.redactIdentifiers = true; - options.identifierRedactionPolicy = redactFieldNameForTest; + options.applyHmacToIdentifiers = true; + options.identifierHmacPolicy = applyHmacForTest; auto proj = fromjson("{'a.b': 1}"); diff --git a/src/mongo/db/query/query_shape.cpp b/src/mongo/db/query/query_shape.cpp index 05d91f94279..817583304a0 100644 --- a/src/mongo/db/query/query_shape.cpp +++ b/src/mongo/db/query/query_shape.cpp @@ -50,21 +50,20 @@ BSONObj representativePredicateShape(const MatchExpression* predicate) { } BSONObj debugPredicateShape(const MatchExpression* predicate, - std::function<std::string(StringData)> identifierRedactionPolicy) { + std::function<std::string(StringData)> identifierHmacPolicy) { SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.identifierRedactionPolicy = identifierRedactionPolicy; - opts.redactIdentifiers = true; + opts.identifierHmacPolicy = identifierHmacPolicy; + opts.applyHmacToIdentifiers = true; return predicate->serialize(opts); } -BSONObj representativePredicateShape( - const MatchExpression* predicate, - std::function<std::string(StringData)> identifierRedactionPolicy) { +BSONObj representativePredicateShape(const MatchExpression* predicate, + std::function<std::string(StringData)> identifierHmacPolicy) { SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToRepresentativeParseableValue; - opts.identifierRedactionPolicy = identifierRedactionPolicy; - opts.redactIdentifiers = true; + opts.identifierHmacPolicy = identifierHmacPolicy; + opts.applyHmacToIdentifiers = true; return predicate->serialize(opts); } diff --git a/src/mongo/db/query/query_shape.h b/src/mongo/db/query/query_shape.h index e27b4795a29..0fa0d7c863e 100644 --- a/src/mongo/db/query/query_shape.h +++ b/src/mongo/db/query/query_shape.h @@ -56,10 +56,9 @@ BSONObj debugPredicateShape(const MatchExpression* predicate); BSONObj representativePredicateShape(const MatchExpression* predicate); BSONObj debugPredicateShape(const MatchExpression* predicate, - std::function<std::string(StringData)> identifierRedactionPolicy); -BSONObj representativePredicateShape( - const MatchExpression* predicate, - std::function<std::string(StringData)> identifierRedactionPolicy); + std::function<std::string(StringData)> identifierHmacPolicy); +BSONObj representativePredicateShape(const MatchExpression* predicate, + std::function<std::string(StringData)> identifierHmacPolicy); BSONObj extractSortShape(const BSONObj& sortSpec, const boost::intrusive_ptr<ExpressionContext>& expCtx, diff --git a/src/mongo/db/query/query_shape_test.cpp b/src/mongo/db/query/query_shape_test.cpp index c62b53652d1..2e0ec2e1fe7 100644 --- a/src/mongo/db/query/query_shape_test.cpp +++ b/src/mongo/db/query/query_shape_test.cpp @@ -44,12 +44,12 @@ namespace { /** * Simplistic redaction strategy for testing which appends the field name to the prefix "REDACT_". */ -std::string redactFieldNameForTest(StringData sd) { +std::string applyHmacForTest(StringData sd) { return "REDACT_" + sd.toString(); } static const SerializationOptions literalAndFieldRedactOpts{ - redactFieldNameForTest, LiteralSerializationPolicy::kToDebugTypeString}; + applyHmacForTest, LiteralSerializationPolicy::kToDebugTypeString}; BSONObj predicateShape(std::string filterJson) { @@ -59,7 +59,7 @@ BSONObj predicateShape(std::string filterJson) { BSONObj predicateShapeRedacted(std::string filterJson) { ParsedMatchExpressionForTest expr(filterJson); - return query_shape::debugPredicateShape(expr.get(), redactFieldNameForTest); + return query_shape::debugPredicateShape(expr.get(), applyHmacForTest); } #define ASSERT_SHAPE_EQ_AUTO(expected, actual) \ @@ -165,7 +165,7 @@ void assertShapeIs(std::string filterJson, BSONObj expectedShape) { void assertRedactedShapeIs(std::string filterJson, BSONObj expectedShape) { ParsedMatchExpressionForTest expr(filterJson); ASSERT_BSONOBJ_EQ(expectedShape, - query_shape::debugPredicateShape(expr.get(), redactFieldNameForTest)); + query_shape::debugPredicateShape(expr.get(), applyHmacForTest)); } } // namespace @@ -573,8 +573,8 @@ TEST(SortPatternShape, RespectsRedactionPolicy) { expCtx = make_intrusive<ExpressionContextForTest>(); SerializationOptions opts; opts.replacementForLiteralArgs = query_shape::kLiteralArgString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({"REDACT_normal":1,"REDACT_y":1})", query_shape::extractSortShape(fromjson(R"({normal: 1, y: 1})"), expCtx, opts)); @@ -587,8 +587,8 @@ TEST(SortPatternShape, RespectsRedactionPolicy) { TEST(QueryShapeIDL, ShapifyIDLStruct) { SerializationOptions options; - options.redactIdentifiers = true; - options.identifierRedactionPolicy = [](StringData s) -> std::string { + options.applyHmacToIdentifiers = true; + options.identifierHmacPolicy = [](StringData s) -> std::string { return str::stream() << "HASH<" << s << ">"; }; options.replacementForLiteralArgs = "?"_sd; diff --git a/src/mongo/db/query/serialization_options.cpp b/src/mongo/db/query/serialization_options.cpp index 71ecf426e5a..9a907049e5a 100644 --- a/src/mongo/db/query/serialization_options.cpp +++ b/src/mongo/db/query/serialization_options.cpp @@ -360,7 +360,7 @@ Value SerializationOptions::serializeLiteral(const ImplicitValue& v) const { } std::string SerializationOptions::serializeFieldPathFromString(StringData path) const { - if (redactIdentifiers) { + if (applyHmacToIdentifiers) { // Some valid field names are considered invalid as a FieldPath (for example, fields // like "foo.$bar" where a sub-component is prefixed with "$"). For now, if // serializeFieldPath errors due to an "invalid" field name, we'll serialize that field diff --git a/src/mongo/db/query/serialization_options.h b/src/mongo/db/query/serialization_options.h index 60ad85215b9..cb708cae4f0 100644 --- a/src/mongo/db/query/serialization_options.h +++ b/src/mongo/db/query/serialization_options.h @@ -42,7 +42,7 @@ namespace mongo { namespace { // Should never be called, throw to ensure we catch this in tests. -std::string defaultRedactionStrategy(StringData s) { +std::string defaultHmacStrategy(StringData s) { MONGO_UNREACHABLE_TASSERT(7332410); } } // namespace @@ -83,38 +83,38 @@ struct SerializationOptions { SerializationOptions(ExplainOptions::Verbosity verbosity_) : verbosity(verbosity_) {} - SerializationOptions(std::function<std::string(StringData)> identifierRedactionPolicy_, + SerializationOptions(std::function<std::string(StringData)> identifierHmacPolicy_, boost::optional<StringData> replacementForLiteralArgs_) : replacementForLiteralArgs(replacementForLiteralArgs_), - redactIdentifiers(identifierRedactionPolicy_), - identifierRedactionPolicy(identifierRedactionPolicy_) {} + applyHmacToIdentifiers(identifierHmacPolicy_), + identifierHmacPolicy(identifierHmacPolicy_) {} - SerializationOptions(std::function<std::string(StringData)> redactFieldNamesStrategy_, + SerializationOptions(std::function<std::string(StringData)> fieldNamesHmacPolicy_, LiteralSerializationPolicy policy) : literalPolicy(policy), - redactIdentifiers(redactFieldNamesStrategy_), - identifierRedactionPolicy(redactFieldNamesStrategy_) {} + applyHmacToIdentifiers(fieldNamesHmacPolicy_), + identifierHmacPolicy(fieldNamesHmacPolicy_) {} - // Helper function for redacting identifiable information (like collection/db names). - // Note: serializeFieldPath/serializeFieldPathFromString should be used for redacting field + // Helper function for removing identifiable information (like collection/db names). + // Note: serializeFieldPath/serializeFieldPathFromString should be used for field // names. std::string serializeIdentifier(StringData str) const { - if (redactIdentifiers) { - return identifierRedactionPolicy(str); + if (applyHmacToIdentifiers) { + return identifierHmacPolicy(str); } return str.toString(); } std::string serializeFieldPath(FieldPath path) const { - if (redactIdentifiers) { - std::stringstream redacted; + if (applyHmacToIdentifiers) { + std::stringstream hmaced; for (size_t i = 0; i < path.getPathLength(); ++i) { if (i > 0) { - redacted << "."; + hmaced << "."; } - redacted << identifierRedactionPolicy(path.getFieldName(i)); + hmaced << identifierHmacPolicy(path.getFieldName(i)); } - return redacted.str(); + return hmaced.str(); } return path.fullPath(); } @@ -143,17 +143,17 @@ struct SerializationOptions { return ImplicitValue(n); } - // Helper functions for redacting BSONObj. Does not take into account anything to do with MQL - // semantics, redacts all field names and literals in the passed in obj. - void redactArrayToBuilder(BSONArrayBuilder* bab, std::vector<BSONElement> array) { + // Helper functions for applying hmac to BSONObj. Does not take into account anything to do with + // MQL semantics, removes all field names and literals in the passed in obj. + void addHmacedArrayToBuilder(BSONArrayBuilder* bab, std::vector<BSONElement> array) { for (const auto& elem : array) { if (elem.type() == BSONType::Object) { BSONObjBuilder subObj(bab->subobjStart()); - redactObjToBuilder(&subObj, elem.Obj()); + addHmacedObjToBuilder(&subObj, elem.Obj()); subObj.done(); } else if (elem.type() == BSONType::Array) { BSONArrayBuilder subArr(bab->subarrayStart()); - redactArrayToBuilder(&subArr, elem.Array()); + addHmacedArrayToBuilder(&subArr, elem.Array()); subArr.done(); } else { *bab << serializeLiteral(elem); @@ -161,16 +161,16 @@ struct SerializationOptions { } } - void redactObjToBuilder(BSONObjBuilder* bob, BSONObj objToRedact) { - for (const auto& elem : objToRedact) { + void addHmacedObjToBuilder(BSONObjBuilder* bob, BSONObj objToHmac) { + for (const auto& elem : objToHmac) { auto fieldName = serializeFieldPath(elem.fieldName()); if (elem.type() == BSONType::Object) { BSONObjBuilder subObj(bob->subobjStart(fieldName)); - redactObjToBuilder(&subObj, elem.Obj()); + addHmacedObjToBuilder(&subObj, elem.Obj()); subObj.done(); } else if (elem.type() == BSONType::Array) { BSONArrayBuilder subArr(bob->subarrayStart(fieldName)); - redactArrayToBuilder(&subArr, elem.Array()); + addHmacedArrayToBuilder(&subArr, elem.Array()); subArr.done(); } else { appendLiteral(bob, fieldName, elem); @@ -235,11 +235,11 @@ struct SerializationOptions { // so the serialization expected would be {$and: [{a: {$gt: '?'}}, {b: {$lt: '?'}}]}. LiteralSerializationPolicy literalPolicy = LiteralSerializationPolicy::kUnchanged; - // If true the caller must set identifierRedactionPolicy. 'redactIdentifiers' if set along with + // If true the caller must set identifierHmacPolicy. 'applyHmacToIdentifiers' if set along with // a strategy the redaction strategy will be called on any personal identifiable information // (e.g., field paths/names, collection names) encountered before serializing them. - bool redactIdentifiers = false; - std::function<std::string(StringData)> identifierRedactionPolicy = defaultRedactionStrategy; + bool applyHmacToIdentifiers = false; + std::function<std::string(StringData)> identifierHmacPolicy = defaultHmacStrategy; // If set, serializes without including the path. For example {a: {$gt: 2}} would serialize // as just {$gt: 2}. diff --git a/src/mongo/db/query/sort_pattern_test.cpp b/src/mongo/db/query/sort_pattern_test.cpp index c96416a70f5..8d2ae30eb38 100644 --- a/src/mongo/db/query/sort_pattern_test.cpp +++ b/src/mongo/db/query/sort_pattern_test.cpp @@ -37,7 +37,7 @@ namespace mongo { namespace { -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } @@ -50,8 +50,8 @@ TEST(SerializeSortPatternTest, SerializeAndRedactFieldName) { auto expCtx = getExpCtx(); auto sortPattern = SortPattern(fromjson("{val: 1}"), expCtx); SerializationOptions opts = {}; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; // Most basic sort pattern, confirm that field name gets redacted. ASSERT_DOCUMENT_EQ_AUTO( // NOLINT @@ -87,7 +87,7 @@ TEST(SerializeSortPatternTest, SerializeNoRedaction) { auto expCtx = getExpCtx(); auto sortPattern = SortPattern(fromjson("{val: 1}"), expCtx); SerializationOptions opts = {}; - opts.redactIdentifiers = false; + opts.applyHmacToIdentifiers = false; ASSERT_DOCUMENT_EQ_AUTO( // NOLINT R"({"val":1})", sortPattern.serialize(SortPattern::SortKeySerialization::kForPipelineSerialization, opts)); diff --git a/src/mongo/db/query/telemetry.cpp b/src/mongo/db/query/telemetry.cpp index 7d8f62c32d4..be688807e5d 100644 --- a/src/mongo/db/query/telemetry.cpp +++ b/src/mongo/db/query/telemetry.cpp @@ -285,7 +285,7 @@ bool shouldCollect(const ServiceContext* serviceCtx) { } /** - * Add a field to the find op's telemetry key. The `value` will be redacted. + * Add a field to the find op's telemetry key. The `value` will have hmac applied. */ void addToFindKey(BSONObjBuilder& builder, const StringData& fieldName, const BSONObj& value) { serializeBSONWhenNotEmpty(value.redact(false), fieldName, &builder); @@ -299,29 +299,29 @@ void throwIfEncounteringFLEPayload(const BSONElement& e) { constexpr auto fieldpath = "$__safeContent__"_sd; if (e.type() == BSONType::Object) { auto fieldname = e.fieldNameStringData(); - uassert(ErrorCodes::EncounteredFLEPayloadWhileRedacting, + uassert(ErrorCodes::EncounteredFLEPayloadWhileApplyingHmac, "Encountered __safeContent__, or an $_internalFle operator, which indicate a " "rewritten FLE2 query.", fieldname != safeContentLabel && !fieldname.startsWith("$_internalFle"_sd)); } else if (e.type() == BSONType::String) { auto val = e.valueStringData(); - uassert(ErrorCodes::EncounteredFLEPayloadWhileRedacting, + uassert(ErrorCodes::EncounteredFLEPayloadWhileApplyingHmac, "Encountered $__safeContent__ fieldpath, which indicates a rewritten FLE2 query.", val != fieldpath); } else if (e.type() == BSONType::BinData && e.isBinData(BinDataType::Encrypt)) { int len; auto data = e.binData(len); - uassert(ErrorCodes::EncounteredFLEPayloadWhileRedacting, + uassert(ErrorCodes::EncounteredFLEPayloadWhileApplyingHmac, "FLE1 Payload encountered in expression.", len > 1 && data[1] != char(EncryptedBinDataType::kDeterministic)); } } /** - * Upon reading telemetry data, we redact some keys. This is the list. See - * TelemetryMetrics::redactKey(). + * Upon reading telemetry data, we apply hmac to some keys. This is the list. See + * TelemetryMetrics::applyHmacToKey(). */ -const stdx::unordered_set<std::string> kKeysToRedact = {"pipeline", "find"}; +const stdx::unordered_set<std::string> kKeysToApplyHmac = {"pipeline", "find"}; std::string sha256HmacStringDataHasher(std::string key, const StringData& sd) { auto hashed = SHA256Block::computeHmac( @@ -349,16 +349,16 @@ std::string fleSafeFieldNameRedactor(const BSONElement& e) { } /** - * Append the element to the builder and redact any literals within the element. The element may be - * of any type. + * Append the element to the builder and apply hmac to any literals within the element. The element + * may be of any type. */ -void appendWithRedactedLiterals(BSONObjBuilder& builder, const BSONElement& el) { +void appendWithHmacAppliedLiterals(BSONObjBuilder& builder, const BSONElement& el) { if (el.type() == Object) { builder.append(el.fieldNameStringData(), el.Obj().redact(false, fleSafeFieldNameRedactor)); } else if (el.type() == Array) { BSONObjBuilder arrayBuilder = builder.subarrayStart(fleSafeFieldNameRedactor(el)); for (auto&& arrayElem : el.Obj()) { - appendWithRedactedLiterals(arrayBuilder, arrayElem); + appendWithHmacAppliedLiterals(arrayBuilder, arrayElem); } arrayBuilder.done(); } else { @@ -371,19 +371,19 @@ static const StringData replacementForLiteralArgs = "?"_sd; } // namespace -BSONObj TelemetryMetrics::redactKey(const BSONObj& key, - bool redactIdentifiers, - std::string redactionKey, - OperationContext* opCtx) const { - if (!redactIdentifiers) { +BSONObj TelemetryMetrics::applyHmacToKey(const BSONObj& key, + bool applyHmacToIdentifiers, + std::string hmacKey, + OperationContext* opCtx) const { + if (!applyHmacToIdentifiers) { return key; } - if (_redactedKey) { - return *_redactedKey; + if (_hmacAppliedKey) { + return *_hmacAppliedKey; } // The telemetry key for find queries is generated by serializing all the command fields - // and redacting if SerializationOptions indicate to do so. The resulting key is of the form: + // and applied hmac if SerializationOptions indicate to do so. The resulting key is of the form: // { // queryShape: { // cmdNs: {db: "...", coll: "..."}, @@ -401,9 +401,9 @@ BSONObj TelemetryMetrics::redactKey(const BSONObj& key, auto nss = findCommand->getNamespaceOrUUID().nss(); uassert(7349400, "Namespace must be defined", nss.has_value()); - auto serializationOpts = redactIdentifiers + auto serializationOpts = applyHmacToIdentifiers ? SerializationOptions( - [&](StringData sd) { return sha256HmacStringDataHasher(redactionKey, sd); }, + [&](StringData sd) { return sha256HmacStringDataHasher(hmacKey, sd); }, LiteralSerializationPolicy::kToDebugTypeString) : SerializationOptions(false); @@ -416,11 +416,11 @@ BSONObj TelemetryMetrics::redactKey(const BSONObj& key, // TODO SERVER-76557 call makeTelemetryKey thru FindRequestShapifier kept in telemetry store auto key = makeTelemetryKey(*findCommand, serializationOpts, expCtx, *this); - // TODO: SERVER-76526 as part of this ticket, no form of the key (redacted or not) will be - // cached with TelemetryMetrics. - if (redactIdentifiers) { - _redactedKey = key; - return *_redactedKey; + // TODO: SERVER-76526 as part of this ticket, no form of the key (hmac applied or not) will + // be cached with TelemetryMetrics. + if (applyHmacToIdentifiers) { + _hmacAppliedKey = key; + return *_hmacAppliedKey; } return key; } @@ -428,22 +428,22 @@ BSONObj TelemetryMetrics::redactKey(const BSONObj& key, // The telemetry key for agg queries is of the following form: // { "agg": {...}, "namespace": "...", "applicationName": "...", ... } // - // The part of the key we need to redact is the object in the <CMD_TYPE> element. In the case of - // an aggregate() command, it will look something like: - // > "pipeline" : [ { "$telemetry" : {} }, + // The part of the key we need to apply hmac to is the object in the <CMD_TYPE> element. In the + // case of an aggregate() command, it will look something like: > "pipeline" : [ { "$telemetry" + // : {} }, // { "$addFields" : { "x" : { "$someExpr" {} } } } ], - // We should preserve the top-level stage names in the pipeline but redact all field names of - // children. - BSONObjBuilder redacted; + // We should preserve the top-level stage names in the pipeline but apply hmac to all field + // names of children. + BSONObjBuilder hmacAppliedBuilder; for (BSONElement e : key) { if ((e.type() == Object || e.type() == Array) && - kKeysToRedact.count(e.fieldNameStringData().toString()) == 1) { - auto redactor = [&](BSONObjBuilder subObj, const BSONObj& obj) { + kKeysToApplyHmac.count(e.fieldNameStringData().toString()) == 1) { + auto hmacApplicator = [&](BSONObjBuilder subObj, const BSONObj& obj) { for (BSONElement e2 : obj) { if (e2.type() == Object) { subObj.append(e2.fieldNameStringData(), e2.Obj().redact(false, [&](const BSONElement& e) { - return sha256HmacFieldNameHasher(redactionKey, e); + return sha256HmacFieldNameHasher(hmacKey, e); })); } else { subObj.append(e2); @@ -455,19 +455,19 @@ BSONObj TelemetryMetrics::redactKey(const BSONObj& key, // Now we're inside the <CMD_TYPE>:{} entry and want to preserve the top-level field // names. If it's a [pipeline] array, we redact each element in isolation. if (e.type() == Object) { - redactor(redacted.subobjStart(e.fieldNameStringData()), e.Obj()); + hmacApplicator(hmacAppliedBuilder.subobjStart(e.fieldNameStringData()), e.Obj()); } else { - BSONObjBuilder subArr = redacted.subarrayStart(e.fieldNameStringData()); + BSONObjBuilder subArr = hmacAppliedBuilder.subarrayStart(e.fieldNameStringData()); for (BSONElement stage : e.Obj()) { - redactor(subArr.subobjStart(""), stage.Obj()); + hmacApplicator(subArr.subobjStart(""), stage.Obj()); } } } else { - redacted.append(e); + hmacAppliedBuilder.append(e); } } - _redactedKey = redacted.obj(); - return *_redactedKey; + _hmacAppliedKey = hmacAppliedBuilder.obj(); + return *_hmacAppliedKey; } // The originating command/query does not persist through the end of query execution. In order to @@ -503,7 +503,7 @@ void registerAggRequest(const AggregateCommandRequest& request, OperationContext try { for (auto&& stage : request.getPipeline()) { BSONObjBuilder stageBuilder = pipelineBuilder.subobjStart("stage"_sd); - appendWithRedactedLiterals(stageBuilder, stage.firstElement()); + appendWithHmacAppliedLiterals(stageBuilder, stage.firstElement()); stageBuilder.done(); } pipelineBuilder.done(); @@ -514,7 +514,7 @@ void registerAggRequest(const AggregateCommandRequest& request, OperationContext if (auto metadata = ClientMetadata::get(opCtx->getClient())) { telemetryKey.append("applicationName", metadata->getApplicationName()); } - } catch (ExceptionFor<ErrorCodes::EncounteredFLEPayloadWhileRedacting>&) { + } catch (ExceptionFor<ErrorCodes::EncounteredFLEPayloadWhileApplyingHmac>&) { return; } diff --git a/src/mongo/db/query/telemetry.h b/src/mongo/db/query/telemetry.h index 48b6bc8e7e2..539f8420bb7 100644 --- a/src/mongo/db/query/telemetry.h +++ b/src/mongo/db/query/telemetry.h @@ -128,10 +128,10 @@ public: /** * Redact a given telemetry key and set _keySize. */ - BSONObj redactKey(const BSONObj& key, - bool redactIdentifiers, - std::string redactionKey, - OperationContext* opCtx) const; + BSONObj applyHmacToKey(const BSONObj& key, + bool applyHmacToIdentifiers, + std::string hmacKey, + OperationContext* opCtx) const; /** * Timestamp for when this query shape was added to the store. Set on construction. @@ -153,7 +153,7 @@ public: AggregatedMetric docsReturned; /** - * A representative command for a given telemetry key. This is used to derive the redacted + * A representative command for a given telemetry key. This is used to derive the hmac applied * telemetry key at read-time. */ BSONObj cmdObj; @@ -168,9 +168,9 @@ public: private: /** - * We cache the redacted key the first time it's computed. + * We cache the hmac applied key the first time it's computed. */ - mutable boost::optional<BSONObj> _redactedKey; + mutable boost::optional<BSONObj> _hmacAppliedKey; }; struct TelemetryPartitioner { @@ -230,7 +230,7 @@ void writeTelemetry(OperationContext* opCtx, /** * Serialize the FindCommandRequest according to the Options passed in. Returns the serialized BSON - * with all field names and literals redacted. + * with hmac applied to all field names and literals. */ BSONObj makeTelemetryKey(const FindCommandRequest& findCommand, const SerializationOptions& opts, diff --git a/src/mongo/db/query/telemetry_store_test.cpp b/src/mongo/db/query/telemetry_store_test.cpp index 4d1c608b0dd..ccbf85574b3 100644 --- a/src/mongo/db/query/telemetry_store_test.cpp +++ b/src/mongo/db/query/telemetry_store_test.cpp @@ -121,9 +121,9 @@ TEST_F(TelemetryStoreTest, EvictEntries) { } /** - * A default redaction strategy that generates easy to check results for testing purposes. + * A default hmac application strategy that generates easy to check results for testing purposes. */ -std::string redactFieldNameForTest(StringData s) { +std::string applyHmacForTest(StringData s) { return str::stream() << "HASH<" << s << ">"; } TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { @@ -136,10 +136,10 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { // TODO SERVER-75419 Use only 'literalPolicy.' opts.replacementForLiteralArgs = "?"; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; - auto redacted = findShapifier.makeTelemetryKey(opts, expCtx); + auto hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ @@ -156,11 +156,11 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { } } })", - redacted); + hmacApplied); // Add sort. fcr.setSort(BSON("sortVal" << 1 << "otherSort" << -1)); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -180,11 +180,11 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { } } })", - redacted); + hmacApplied); // Add inclusion projection. fcr.setProjection(BSON("e" << true << "f" << true)); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -209,14 +209,14 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { } } })", - redacted); + hmacApplied); // Add let. fcr.setLet(BSON("var1" << "$a" << "var2" << "const1")); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -245,13 +245,13 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { } } })", - redacted); + hmacApplied); // Add hinting fields. fcr.setHint(BSON("z" << 1 << "c" << 1)); fcr.setMax(BSON("z" << 25)); fcr.setMin(BSON("z" << 80)); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -290,7 +290,7 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { } } })", - redacted); + hmacApplied); // Add the literal redaction fields. fcr.setLimit(5); @@ -299,7 +299,7 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { fcr.setMaxTimeMS(1000); fcr.setNoCursorTimeout(false); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -342,9 +342,9 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { "maxTimeMS": "?number" } })", - redacted); + hmacApplied); - // Add the fields that shouldn't be redacted. + // Add the fields that shouldn't be hmacApplied. fcr.setSingleBatch(true); fcr.setAllowDiskUse(false); fcr.setAllowPartialResults(true); @@ -352,7 +352,7 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { fcr.setShowRecordId(true); fcr.setAwaitData(false); fcr.setMirrored(true); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = findShapifier.makeTelemetryKey(opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -401,7 +401,7 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestAllFields) { "mirrored": "?bool" } })", - redacted); + hmacApplied); } TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestEmptyFields) { @@ -413,10 +413,10 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestEmptyFields) { fcr.setProjection(BSONObj()); SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; - auto redacted = findShapifier.makeTelemetryKey(opts, expCtx); + auto hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -428,7 +428,7 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsFindCommandRequestEmptyFields) { "filter": {} } })", - redacted); // NOLINT (test auto-update) + hmacApplied); // NOLINT (test auto-update) } TEST_F(TelemetryStoreTest, CorrectlyRedactsHintsWithOptions) { @@ -445,7 +445,7 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsHintsWithOptions) { fcr.setMax(BSON("z" << 25)); fcr.setMin(BSON("z" << 80)); - auto redacted = findShapifier.makeTelemetryKey(opts, expCtx); + auto hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ @@ -472,13 +472,13 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsHintsWithOptions) { } } })", - redacted); + hmacApplied); // Test with a string hint. Note that this is the internal representation of the string hint // generated at parse time. fcr.setHint(BSON("$hint" << "z")); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -503,14 +503,14 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsHintsWithOptions) { } } })", - redacted); + hmacApplied); fcr.setHint(BSON("z" << 1 << "c" << 1)); - opts.identifierRedactionPolicy = redactFieldNameForTest; - opts.redactIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; + opts.applyHmacToIdentifiers = true; opts.replacementForLiteralArgs = boost::none; opts.literalPolicy = LiteralSerializationPolicy::kUnchanged; - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -536,12 +536,12 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsHintsWithOptions) { } } })", - redacted); + hmacApplied); // TODO SERVER-75419 Use only 'literalPolicy.' opts.replacementForLiteralArgs = "?"; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -567,11 +567,11 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsHintsWithOptions) { } } })", - redacted); + hmacApplied); // Test that $natural comes through unmodified. fcr.setHint(BSON("$natural" << -1)); - redacted = findShapifier.makeTelemetryKey(opts, expCtx); + hmacApplied = telemetry::makeTelemetryKey(fcr, opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -596,12 +596,12 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsHintsWithOptions) { } } })", - redacted); + hmacApplied); } TEST_F(TelemetryStoreTest, DefinesLetVariables) { - // Test that the expression context we use to redact will understand the 'let' part of the find - // command while parsing the other pieces of the command. + // Test that the expression context we use to apply hmac will understand the 'let' part of the + // find command while parsing the other pieces of the command. // Note that this ExpressionContext will not have the let variables defined - we expect the // 'makeTelemetryKey' call to do that. @@ -615,9 +615,10 @@ TEST_F(TelemetryStoreTest, DefinesLetVariables) { << "testDB")); TelemetryMetrics testMetrics{cmdObj, boost::none, fcr.getNamespaceOrUUID()}; - bool redactIdentifiers = false; - auto redacted = testMetrics.redactKey(cmdObj, redactIdentifiers, std::string{}, opCtx.get()); - // As the query never moves through registerFindRequest and redaction is not enabled, + bool applyHmacToIdentifiers = false; + auto hmacApplied = + testMetrics.applyHmacToKey(cmdObj, applyHmacToIdentifiers, std::string{}, opCtx.get()); + // As the query never moves through registerFindRequest and hmac is not enabled, // makeTelemetryKey() never gets called and consequently the query never gets shapified. ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ @@ -640,12 +641,13 @@ TEST_F(TelemetryStoreTest, DefinesLetVariables) { }, "$db": "testDB" })", - redacted); + hmacApplied); - // Now be sure the variable names are redacted. We don't currently expose a different - // way to do the hashing, so we'll just stick with the big long strings here for now. - redactIdentifiers = true; - redacted = testMetrics.redactKey(cmdObj, redactIdentifiers, std::string{}, opCtx.get()); + // Now be sure hmac is applied to variable names. We don't currently expose a different way to + // do the hashing, so we'll just stick with the big long strings here for now. + applyHmacToIdentifiers = true; + hmacApplied = + testMetrics.applyHmacToKey(cmdObj, applyHmacToIdentifiers, std::string{}, opCtx.get()); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ "queryShape": { @@ -673,7 +675,7 @@ TEST_F(TelemetryStoreTest, DefinesLetVariables) { } } })", - redacted); + hmacApplied); } TEST_F(TelemetryStoreTest, CorrectlyRedactsAggregateCommandRequestAllFieldsSimplePipeline) { @@ -702,8 +704,8 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsAggregateCommandRequestAllFieldsSimpl SerializationOptions opts; opts.literalPolicy = LiteralSerializationPolicy::kUnchanged; - opts.redactIdentifiers = false; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = false; + opts.identifierHmacPolicy = applyHmacForTest; auto shapified = aggShapifier.makeTelemetryKey(opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT @@ -763,7 +765,7 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsAggregateCommandRequestAllFieldsSimpl // TODO SERVER-75419 Use only 'literalPolicy.' opts.replacementForLiteralArgs = "?"; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; + opts.applyHmacToIdentifiers = true; shapified = aggShapifier.makeTelemetryKey(opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT R"({ @@ -1058,8 +1060,8 @@ TEST_F(TelemetryStoreTest, CorrectlyRedactsAggregateCommandRequestEmptyFields) { // TODO SERVER-75419 Use only 'literalPolicy.' opts.replacementForLiteralArgs = "?"; opts.literalPolicy = LiteralSerializationPolicy::kToDebugTypeString; - opts.redactIdentifiers = true; - opts.identifierRedactionPolicy = redactFieldNameForTest; + opts.applyHmacToIdentifiers = true; + opts.identifierHmacPolicy = applyHmacForTest; auto shapified = aggShapifier.makeTelemetryKey(opts, expCtx); ASSERT_BSONOBJ_EQ_AUTO( // NOLINT diff --git a/src/mongo/db/s/document_source_analyze_shard_key_read_write_distribution.cpp b/src/mongo/db/s/document_source_analyze_shard_key_read_write_distribution.cpp index cc5b52d25bd..6783b6f8833 100644 --- a/src/mongo/db/s/document_source_analyze_shard_key_read_write_distribution.cpp +++ b/src/mongo/db/s/document_source_analyze_shard_key_read_write_distribution.cpp @@ -314,7 +314,7 @@ DocumentSourceAnalyzeShardKeyReadWriteDistribution::createFromBson( Value DocumentSourceAnalyzeShardKeyReadWriteDistribution::serialize( SerializationOptions opts) const { - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { // TODO: SERVER-76208 support query shapification for IDL types like KeyPattern with custom // serializers. MONGO_UNIMPLEMENTED_TASSERT(7484305); diff --git a/src/mongo/db/s/resharding/document_source_resharding_ownership_match.cpp b/src/mongo/db/s/resharding/document_source_resharding_ownership_match.cpp index 42056f44f65..0df5fde9dcd 100644 --- a/src/mongo/db/s/resharding/document_source_resharding_ownership_match.cpp +++ b/src/mongo/db/s/resharding/document_source_resharding_ownership_match.cpp @@ -93,7 +93,7 @@ StageConstraints DocumentSourceReshardingOwnershipMatch::constraints( } Value DocumentSourceReshardingOwnershipMatch::serialize(SerializationOptions opts) const { - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { // TODO: SERVER-76208 support query shapification for IDL types like KeyPattern with custom // serializers. MONGO_UNIMPLEMENTED_TASSERT(7484302); diff --git a/src/mongo/s/query/document_source_merge_cursors.cpp b/src/mongo/s/query/document_source_merge_cursors.cpp index 3ebff23110b..1d49bcdf916 100644 --- a/src/mongo/s/query/document_source_merge_cursors.cpp +++ b/src/mongo/s/query/document_source_merge_cursors.cpp @@ -117,7 +117,7 @@ DocumentSource::GetNextResult DocumentSourceMergeCursors::doGetNext() { Value DocumentSourceMergeCursors::serialize(SerializationOptions opts) const { invariant(!_blockingResultsMerger); invariant(_armParams); - if (opts.redactIdentifiers || opts.replacementForLiteralArgs) { + if (opts.applyHmacToIdentifiers || opts.replacementForLiteralArgs) { // TODO: SERVER-76208 support query shapification for IDL types like namespacestring with // custom serializers. MONGO_UNIMPLEMENTED_TASSERT(7484301); |