diff options
Diffstat (limited to 'src/mongo/db')
-rw-r--r-- | src/mongo/db/commands/find_cmd.cpp | 6 | ||||
-rw-r--r-- | src/mongo/db/fle_crud.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/fle_crud.h | 22 | ||||
-rw-r--r-- | src/mongo/db/fle_crud_mongod.cpp | 5 | ||||
-rw-r--r-- | src/mongo/db/query/canonical_query.cpp | 3 | ||||
-rw-r--r-- | src/mongo/db/query/fle/server_rewrite.cpp | 30 | ||||
-rw-r--r-- | src/mongo/db/query/fle/server_rewrite.h | 14 |
7 files changed, 60 insertions, 24 deletions
diff --git a/src/mongo/db/commands/find_cmd.cpp b/src/mongo/db/commands/find_cmd.cpp index 60910d9df44..9f596d34a4f 100644 --- a/src/mongo/db/commands/find_cmd.cpp +++ b/src/mongo/db/commands/find_cmd.cpp @@ -42,6 +42,7 @@ #include "mongo/db/cursor_manager.h" #include "mongo/db/db_raii.h" #include "mongo/db/exec/working_set_common.h" +#include "mongo/db/fle_crud.h" #include "mongo/db/matcher/extensions_callback_real.h" #include "mongo/db/pipeline/aggregation_request_helper.h" #include "mongo/db/pipeline/variables.h" @@ -119,6 +120,11 @@ std::unique_ptr<FindCommandRequest> parseCmdObjectToFindCommandRequest(Operation std::move(nss), APIParameters::get(opCtx).getAPIStrict().value_or(false)); + // Rewrite any FLE find payloads that exist in the query if this is a FLE 2 query. + if (shouldDoFLERewrite(findCommand)) { + processFLEFindD(opCtx, findCommand.get()); + } + return translateNtoReturnToLimitOrBatchSize(std::move(findCommand)); } diff --git a/src/mongo/db/fle_crud.cpp b/src/mongo/db/fle_crud.cpp index a3f46bd6dac..34a1c4eb6ec 100644 --- a/src/mongo/db/fle_crud.cpp +++ b/src/mongo/db/fle_crud.cpp @@ -1209,4 +1209,8 @@ write_ops::FindAndModifyCommandReply FLEQueryInterfaceImpl::findAndModify( return write_ops::FindAndModifyCommandReply::parse(IDLParserErrorContext("reply"), response); } +void processFLEFindS(OperationContext* opCtx, FindCommandRequest* findCommand) { + fle::processFindCommand(opCtx, findCommand, &getTransactionWithRetriesForMongoS); +} + } // namespace mongo diff --git a/src/mongo/db/fle_crud.h b/src/mongo/db/fle_crud.h index 3ec46fcf0be..299b1410d42 100644 --- a/src/mongo/db/fle_crud.h +++ b/src/mongo/db/fle_crud.h @@ -115,6 +115,28 @@ FLEBatchResult processFLEFindAndModify(OperationContext* opCtx, write_ops::FindAndModifyCommandReply processFLEFindAndModify( OperationContext* opCtx, const write_ops::FindAndModifyCommandRequest& findAndModifyRequest); +/** + * Process a find command from mongos. + */ +void processFLEFindS(OperationContext* opCtx, FindCommandRequest* findCommand); + +/** + * Process a find command from a replica set. + */ +void processFLEFindD(OperationContext* opCtx, FindCommandRequest* findCommand); + +/** + * Helper function to determine if an IDL object with encryption information should be rewritten. + */ +template <typename T> +bool shouldDoFLERewrite(const std::unique_ptr<T>& cmd) { + return gFeatureFlagFLE2.isEnabledAndIgnoreFCV() && cmd->getEncryptionInformation(); +} + +template <typename T> +bool shouldDoFLERewrite(const T& cmd) { + return gFeatureFlagFLE2.isEnabledAndIgnoreFCV() && cmd.getEncryptionInformation(); +} /** * Abstraction layer for FLE diff --git a/src/mongo/db/fle_crud_mongod.cpp b/src/mongo/db/fle_crud_mongod.cpp index 635e94c851a..b15fda8cbb1 100644 --- a/src/mongo/db/fle_crud_mongod.cpp +++ b/src/mongo/db/fle_crud_mongod.cpp @@ -43,6 +43,7 @@ #include "mongo/db/ops/write_ops_gen.h" #include "mongo/db/ops/write_ops_parsers.h" #include "mongo/db/query/find_command_gen.h" +#include "mongo/db/query/fle/server_rewrite.h" #include "mongo/db/repl/repl_client_info.h" #include "mongo/db/session.h" #include "mongo/db/session_catalog.h" @@ -232,4 +233,8 @@ write_ops::UpdateCommandReply processFLEUpdate( return updateReply; } +void processFLEFindD(OperationContext* opCtx, FindCommandRequest* findCommand) { + fle::processFindCommand(opCtx, findCommand, &getTransactionWithRetriesForMongoD); +} + } // namespace mongo diff --git a/src/mongo/db/query/canonical_query.cpp b/src/mongo/db/query/canonical_query.cpp index e36aa6911b3..4d958aad302 100644 --- a/src/mongo/db/query/canonical_query.cpp +++ b/src/mongo/db/query/canonical_query.cpp @@ -134,9 +134,6 @@ StatusWith<std::unique_ptr<CanonicalQuery>> CanonicalQuery::canonicalize( std::unique_ptr<MatchExpression> me = std::move(statusWithMatcher.getValue()); - // TODO: SERVER-64055 if encryptionInformation is present, rewrite MatchExpression FLE find - // payloads. - Status initStatus = cq->init(opCtx, std::move(newExpCtx), diff --git a/src/mongo/db/query/fle/server_rewrite.cpp b/src/mongo/db/query/fle/server_rewrite.cpp index 36ad96a1d4e..63e5e2fa87e 100644 --- a/src/mongo/db/query/fle/server_rewrite.cpp +++ b/src/mongo/db/query/fle/server_rewrite.cpp @@ -29,6 +29,9 @@ #include "mongo/db/query/fle/server_rewrite.h" + +#include <memory> + #include "mongo/bson/bsonobjbuilder.h" #include "mongo/bson/bsontypes.h" #include "mongo/crypto/encryption_fields_gen.h" @@ -39,7 +42,6 @@ #include "mongo/db/pipeline/document_source_graph_lookup.h" #include "mongo/db/pipeline/document_source_match.h" #include "mongo/db/query/collation/collator_factory_interface.h" -#include "mongo/db/transaction_api.h" #include "mongo/s/grid.h" #include "mongo/s/transaction_router_resource_yielder.h" #include "mongo/util/assert_util.h" @@ -153,11 +155,10 @@ public: // executor, and so we can't pass data by reference into the lambda. The provided rewriter should // hold all the data we need to do the rewriting inside the lambda, and is passed in a more // threadsafe shared_ptr. The result of applying the rewrites can be accessed in the RewriteBase. -void doFLERewriteInTxn(OperationContext* opCtx, std::shared_ptr<RewriteBase> sharedBlock) { - auto txn = std::make_shared<txn_api::TransactionWithRetries>( - opCtx, - Grid::get(opCtx)->getExecutorPool()->getFixedExecutor(), - TransactionRouterResourceYielder::makeForLocalHandoff()); +void doFLERewriteInTxn(OperationContext* opCtx, + std::shared_ptr<RewriteBase> sharedBlock, + GetTxnCallback getTxn) { + auto txn = getTxn(opCtx); auto swCommitResult = txn->runSyncNoThrow( opCtx, [sharedBlock](const txn_api::TransactionClient& txnClient, auto txnExec) { @@ -202,16 +203,17 @@ BSONObj rewriteEncryptedFilterInsideTxn(FLEQueryInterface* queryImpl, void processFindCommand(OperationContext* opCtx, - NamespaceString nss, - FindCommandRequest* findCommand) { + FindCommandRequest* findCommand, + GetTxnCallback getTransaction) { + invariant(findCommand->getNamespaceOrUUID().nss()); invariant(findCommand->getEncryptionInformation()); auto sharedBlock = std::make_shared<FilterRewrite>(makeExpCtx(opCtx, findCommand), - nss, + findCommand->getNamespaceOrUUID().nss().get(), findCommand->getEncryptionInformation().get(), findCommand->getFilter().getOwned()); - doFLERewriteInTxn(opCtx, sharedBlock); + doFLERewriteInTxn(opCtx, sharedBlock, getTransaction); auto rewrittenFilter = sharedBlock->rewrittenFilter.getOwned(); findCommand->setFilter(std::move(rewrittenFilter)); @@ -225,7 +227,13 @@ std::unique_ptr<Pipeline, PipelineDeleter> processPipeline( std::unique_ptr<Pipeline, PipelineDeleter> toRewrite) { auto sharedBlock = std::make_shared<PipelineRewrite>(nss, encryptInfo, std::move(toRewrite)); - doFLERewriteInTxn(opCtx, sharedBlock); + doFLERewriteInTxn(opCtx, sharedBlock, [](auto* opCtx) { + // TODO: SERVER-63312 pass in the right transaction callback for mongod. + return std::make_shared<txn_api::TransactionWithRetries>( + opCtx, + Grid::get(opCtx)->getExecutorPool()->getFixedExecutor(), + TransactionRouterResourceYielder::makeForLocalHandoff()); + }); return sharedBlock->getPipeline(); } diff --git a/src/mongo/db/query/fle/server_rewrite.h b/src/mongo/db/query/fle/server_rewrite.h index f0c3d304866..8d1da86009b 100644 --- a/src/mongo/db/query/fle/server_rewrite.h +++ b/src/mongo/db/query/fle/server_rewrite.h @@ -35,29 +35,23 @@ #include "mongo/bson/bsonobj.h" #include "mongo/crypto/fle_crypto.h" +#include "mongo/db/fle_crud.h" #include "mongo/db/matcher/expression_parser.h" #include "mongo/db/namespace_string.h" #include "mongo/db/pipeline/expression_context.h" +#include "mongo/db/transaction_api.h" namespace mongo { class FLEQueryInterface; namespace fle { /** - * Helper function to determine if an IDL object with encryption information should be rewritten. - */ -template <typename T> -bool shouldRewrite(const T& cmd) { - return gFeatureFlagFLE2.isEnabledAndIgnoreFCV() && cmd->getEncryptionInformation(); -} - -/** * Process a find command with encryptionInformation in-place, rewriting the filter condition so * that any query on an encrypted field will properly query the underlying tags array. */ void processFindCommand(OperationContext* opCtx, - NamespaceString nss, - FindCommandRequest* findCommand); + FindCommandRequest* findCommand, + GetTxnCallback txn); /** * Process a pipeline with encryptionInformation by rewriting the pipeline to query against the |