From 33f01c2958726b51900c98b3976002f80c8907e6 Mon Sep 17 00:00:00 2001 From: Mark Benvenuto Date: Mon, 16 May 2022 10:22:33 -0400 Subject: SERVER-66120 Use consistent way to refer to FLE 2 encryption in user-facing messages (cherry picked from commit ad2271e4c9dfeffd8a11b04a23da361483d695fb) --- jstests/fle2/implicit_schema_validation.js | 6 ++--- src/mongo/crypto/encryption_fields.idl | 2 +- src/mongo/crypto/fle_crypto.cpp | 30 +++++++++++++--------- src/mongo/crypto/fle_field_schema.idl | 8 +++--- src/mongo/db/commands/fle2_compact_cmd.cpp | 2 +- src/mongo/db/fle_crud.cpp | 17 +++++++----- src/mongo/db/fle_crud_mongod.cpp | 8 +++--- src/mongo/db/matcher/doc_validation_error.cpp | 3 ++- ..._compact_structured_encryption_data_command.cpp | 2 +- .../s/commands/cluster_shard_collection_cmd.cpp | 2 +- 10 files changed, 46 insertions(+), 34 deletions(-) diff --git a/jstests/fle2/implicit_schema_validation.js b/jstests/fle2/implicit_schema_validation.js index 41eabb9a6e7..81098070d7d 100644 --- a/jstests/fle2/implicit_schema_validation.js +++ b/jstests/fle2/implicit_schema_validation.js @@ -30,7 +30,7 @@ const valueNotEncryptedError = { }; const wrongEncryptedTypeError = { operator: "fle2Encrypt", - reason: "FLE2 encrypted value has wrong type" + reason: "Queryable Encryption encrypted value has wrong type" }; const userMalformedSchema = { @@ -242,7 +242,7 @@ function negativeTests(coll, hasUserValidator, invert = false) { }), {"a.b.c": valueNotEncryptedError}); - jsTestLog("test inserting encrypted field with incorrect FLE2 subtype"); + jsTestLog("test inserting encrypted field with incorrect Queryable Encryption subtype"); assertExpectedResult(coll.insert({firstName: fle1RandomBinData}), {firstName: wrongEncryptedTypeError}); assertExpectedResult(coll.insert({ @@ -451,7 +451,7 @@ dbTest.test.drop(); assert.commandFailed(dbTest.createCollection( "test", {encryptedFields: sampleEncryptedFields, validator: userMalformedSchema})); -jsTestLog("test FLE1 schema validator on FLE2 collection"); +jsTestLog("test FLE1 schema validator on Queryable Encryption collection"); dbTest.test.drop(); assert.commandFailedWithCode( dbTest.createCollection("test", diff --git a/src/mongo/crypto/encryption_fields.idl b/src/mongo/crypto/encryption_fields.idl index 1a1090ab59d..fc8b243c908 100644 --- a/src/mongo/crypto/encryption_fields.idl +++ b/src/mongo/crypto/encryption_fields.idl @@ -40,7 +40,7 @@ enums: feature_flags: featureFlagFLE2: - description: "Enable FLE2 support" + description: "Enable Queryable Encryption support" cpp_varname: gFeatureFlagFLE2 default: true version: 6.0 diff --git a/src/mongo/crypto/fle_crypto.cpp b/src/mongo/crypto/fle_crypto.cpp index e870634cb48..38800792351 100644 --- a/src/mongo/crypto/fle_crypto.cpp +++ b/src/mongo/crypto/fle_crypto.cpp @@ -903,7 +903,7 @@ void convertToFLE2Payload(FLEKeyVault* keyVault, if (ep.getAlgorithm() == Fle2AlgorithmInt::kEquality) { uassert(6338602, str::stream() << "Type '" << typeName(el.type()) - << "' is not a valid type for FLE 2 encryption", + << "' is not a valid type for Queryable Encryption", isFLE2EqualityIndexedSupportedType(el.type())); if (ep.getType() == Fle2PlaceholderType::kInsert) { @@ -923,19 +923,21 @@ void convertToFLE2Payload(FLEKeyVault* keyVault, findpayload, builder); } else { - uasserted(6410100, "No other FLE2 placeholders supported at this time."); + uasserted(6410100, + "No other Queryable Encryption placeholders supported at this time."); } } else if (ep.getAlgorithm() == Fle2AlgorithmInt::kUnindexed) { uassert(6379102, str::stream() << "Type '" << typeName(el.type()) - << "' is not a valid type for FLE 2 encryption", + << "' is not a valid type for Queryable Encryption", isFLE2UnindexedSupportedType(el.type())); auto payload = FLE2UnindexedEncryptedValue::serialize(userKey, el); builder->appendBinData( fieldNameToSerialize, payload.size(), BinDataType::Encrypt, payload.data()); } else { - uasserted(6338603, "Only FLE 2 style encryption placeholders are supported"); + uasserted(6338603, + "Only Queryable Encryption style encryption placeholders are supported"); } @@ -954,7 +956,7 @@ void parseAndVerifyInsertUpdatePayload(std::vector* pField uassert(6373504, str::stream() << "Type '" << typeName(static_cast(iupayload.getType())) - << "' is not a valid type for FLE 2 encryption", + << "' is not a valid type for Queryable Encryption", isValidBSONType(iupayload.getType()) && isFLE2EqualityIndexedSupportedType(static_cast(iupayload.getType()))); @@ -1023,7 +1025,7 @@ void convertServerPayload(ConstDataRange cdr, uassert(6373506, str::stream() << "Type '" << typeName(sp.bsonType) - << "' is not a valid type for FLE 2 encryption", + << "' is not a valid type for Queryable Encryption", isFLE2EqualityIndexedSupportedType(sp.bsonType)); auto swEncrypted = @@ -1450,8 +1452,8 @@ void FLEClientCrypto::validateDocument(const BSONObj& doc, BSONElement safeContent = doc[kSafeContent]; - // If there are no tags and no safeContent, then this document is not FLE 2 and is therefore - // fine + // If there are no tags and no safeContent, then this document is not Queryable Encryption and + // is therefore fine if (tags.size() == 0 && safeContent.eoo()) { return; } @@ -1807,7 +1809,7 @@ FLE2IndexedEqualityEncryptedValue::FLE2IndexedEqualityEncryptedValue( indexKeyId(payload.getIndexKeyId()), clientEncryptedValue(vectorFromCDR(payload.getValue())) { uassert(6373508, - "Invalid BSON Type in FLE2InsertUpdatePayload", + "Invalid BSON Type in Queryable Encryption InsertUpdatePayload", isValidBSONType(payload.getType())); } @@ -1856,7 +1858,7 @@ StatusWith FLE2IndexedEqualityEncryptedValue: } uassert(6373509, - "Invalid BSON Type in FLE2InsertUpdatePayload", + "Invalid BSON Type in Queryable Encryption InsertUpdatePayload", isValidBSONType(swBsonType.getValue())); auto type = static_cast(swBsonType.getValue()); @@ -1964,7 +1966,9 @@ StatusWith> FLE2IndexedEqualityEncryptedValue::serialize( std::vector FLE2UnindexedEncryptedValue::serialize(const FLEUserKeyAndId& userKey, const BSONElement& element) { BSONType bsonType = element.type(); - uassert(6379107, "Invalid BSON data type", isFLE2UnindexedSupportedType(bsonType)); + uassert(6379107, + "Invalid BSON data type for Queryable Encryption", + isFLE2UnindexedSupportedType(bsonType)); auto value = ConstDataRange(element.value(), element.value() + element.valuesize()); auto cdrKeyId = userKey.keyId.toCDR(); @@ -2000,7 +2004,9 @@ std::pair> FLE2UnindexedEncryptedValue::deseriali auto userKey = keyVault->getUserKeyById(keyId); BSONType bsonType = static_cast(adc.read()); - uassert(6379111, "Invalid BSON data type", isFLE2UnindexedSupportedType(bsonType)); + uassert(6379111, + "Invalid BSON data type for Queryable Encryption", + isFLE2UnindexedSupportedType(bsonType)); auto data = uassertStatusOK( decryptDataWithAssociatedData(userKey.key.toCDR(), assocDataCdr, cipherTextCdr)); diff --git a/src/mongo/crypto/fle_field_schema.idl b/src/mongo/crypto/fle_field_schema.idl index a1d3ef5394a..f1184621c85 100644 --- a/src/mongo/crypto/fle_field_schema.idl +++ b/src/mongo/crypto/fle_field_schema.idl @@ -134,7 +134,7 @@ structs: type: IDLAnyType cpp_name: value cm: - description: "FLE2 max contention counter" + description: "Queryable Encryption max contention counter" type: long cpp_name: maxContentionCounter @@ -205,13 +205,13 @@ structs: type: bindata_generic cpp_name: eccDerivedToken cm: - description: "FLE2 max counter" + description: "Queryable Encryption max counter" type: long cpp_name: maxCounter optional: true EncryptionInformation: - description: "Implements Encryption Information which includes the schema for FLE 2 that is consumed by query_analysis, queries and write_ops" + description: "Implements Encryption Information which includes the schema for Queryable Encryption that is consumed by query_analysis, queries and write_ops" strict: true fields: type: @@ -229,7 +229,7 @@ structs: type: object_owned unstable: true crudProcessed: - description: "A boolean to indicate whether the CRUD layer has already processed this FLE2 request. Used to prevent infinite recursion." + description: "A boolean to indicate whether the CRUD layer has already processed this Queryable Encryption request. Used to prevent infinite recursion." type: bool optional: true unstable: true diff --git a/src/mongo/db/commands/fle2_compact_cmd.cpp b/src/mongo/db/commands/fle2_compact_cmd.cpp index 4d0e5bba6bb..d4e04c22db3 100644 --- a/src/mongo/db/commands/fle2_compact_cmd.cpp +++ b/src/mongo/db/commands/fle2_compact_cmd.cpp @@ -89,7 +89,7 @@ CompactStats compactEncryptedCompactionCollection(OperationContext* opCtx, // TODO (SERVER-65077): Remove FCV check once 6.0 is released uassert(6319903, - "FLE 2 is only supported when FCV supports 6.0", + "Queryable Encryption is only supported when FCV supports 6.0", gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); validateCompactRequest(request, *edc.get()); diff --git a/src/mongo/db/fle_crud.cpp b/src/mongo/db/fle_crud.cpp index 1b2d86c0bff..cf1d991e151 100644 --- a/src/mongo/db/fle_crud.cpp +++ b/src/mongo/db/fle_crud.cpp @@ -190,7 +190,9 @@ std::pair processInsert( auto documents = insertRequest.getDocuments(); // TODO - how to check if a document will be too large??? - uassert(6371202, "Only single insert batches are supported in FLE2", documents.size() == 1); + uassert(6371202, + "Only single insert batches are supported in Queryable Encryption", + documents.size() == 1); auto document = documents[0]; EDCServerCollection::validateEncryptedFieldInfo(document, efc); @@ -241,7 +243,8 @@ std::pair processInsert( // does not try to commit the transaction. if (reply->getWriteErrors().has_value() && !reply->getWriteErrors().value().empty()) { return SemiFuture::makeReady( - Status(ErrorCodes::FLETransactionAbort, "FLE2 write errors on insert")); + Status(ErrorCodes::FLETransactionAbort, + "Queryable Encryption write errors on insert")); } return SemiFuture::makeReady(); @@ -320,7 +323,8 @@ write_ops::DeleteCommandReply processDelete(OperationContext* opCtx, // does not try to commit the transaction. if (reply->getWriteErrors().has_value() && !reply->getWriteErrors().value().empty()) { return SemiFuture::makeReady( - Status(ErrorCodes::FLETransactionAbort, "FLE2 write errors on delete")); + Status(ErrorCodes::FLETransactionAbort, + "Queryable Encryption write errors on delete")); } return SemiFuture::makeReady(); @@ -404,7 +408,8 @@ write_ops::UpdateCommandReply processUpdate(OperationContext* opCtx, // does not try to commit the transaction. if (reply->getWriteErrors().has_value() && !reply->getWriteErrors().value().empty()) { return SemiFuture::makeReady( - Status(ErrorCodes::FLETransactionAbort, "FLE2 write errors on delete")); + Status(ErrorCodes::FLETransactionAbort, + "Queryable Encryption write errors on delete")); } return SemiFuture::makeReady(); @@ -885,7 +890,7 @@ FLEBatchResult processFLEBatch(OperationContext* opCtx, // TODO (SERVER-65077): Remove FCV check once 6.0 is released uassert(6371209, - "FLE 2 is only supported when FCV supports 6.0", + "Queryable Encryption is only supported when FCV supports 6.0", gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); if (request.getBatchType() == BatchedCommandRequest::BatchType_Insert) { @@ -1143,7 +1148,7 @@ FLEBatchResult processFLEFindAndModify(OperationContext* opCtx, // TODO (SERVER-65077): Remove FCV check once 6.0 is released if (!gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) { - uasserted(6371405, "FLE 2 is only supported when FCV supports 6.0"); + uasserted(6371405, "Queryable Encryption is only supported when FCV supports 6.0"); } // FLE2 Mongos CRUD operations loopback through MongoS with EncryptionInformation as diff --git a/src/mongo/db/fle_crud_mongod.cpp b/src/mongo/db/fle_crud_mongod.cpp index e8ac3a9b77b..ba0d98e69b4 100644 --- a/src/mongo/db/fle_crud_mongod.cpp +++ b/src/mongo/db/fle_crud_mongod.cpp @@ -180,7 +180,7 @@ FLEBatchResult processFLEInsert(OperationContext* opCtx, repl::ReplicationCoordinator::modeReplSet); uassert(5926101, - "FLE 2 is only supported when FCV supports 6.0", + "Queryable Encryption is only supported when FCV supports 6.0", gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); auto [batchResult, insertReplyReturn] = @@ -206,7 +206,7 @@ write_ops::DeleteCommandReply processFLEDelete( repl::ReplicationCoordinator::modeReplSet); uassert(5926102, - "FLE 2 is only supported when FCV supports 6.0", + "Queryable Encryption is only supported when FCV supports 6.0", gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); auto deleteReply = processDelete(opCtx, deleteRequest, &getTransactionWithRetriesForMongoD); @@ -225,7 +225,7 @@ write_ops::FindAndModifyCommandReply processFLEFindAndModify( repl::ReplicationCoordinator::modeReplSet); uassert(5926103, - "FLE 2 is only supported when FCV supports 6.0", + "Queryable Encryption is only supported when FCV supports 6.0", gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); auto reply = processFindAndModifyRequest( @@ -243,7 +243,7 @@ write_ops::UpdateCommandReply processFLEUpdate( repl::ReplicationCoordinator::modeReplSet); uassert(5926104, - "FLE 2 is only supported when FCV supports 6.0", + "Queryable Encryption is only supported when FCV supports 6.0", gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); auto updateReply = processUpdate(opCtx, updateRequest, &getTransactionWithRetriesForMongoD); diff --git a/src/mongo/db/matcher/doc_validation_error.cpp b/src/mongo/db/matcher/doc_validation_error.cpp index 69dd9c387d3..3810b190132 100644 --- a/src/mongo/db/matcher/doc_validation_error.cpp +++ b/src/mongo/db/matcher/doc_validation_error.cpp @@ -902,7 +902,8 @@ public: } void visit(const InternalSchemaBinDataFLE2EncryptedTypeExpression* expr) final { static constexpr auto kNotEncryptedReason = "value was not encrypted"; - static constexpr auto kBadValueTypeReason = "FLE2 encrypted value has wrong type"; + static constexpr auto kBadValueTypeReason = + "Queryable Encryption encrypted value has wrong type"; static constexpr auto kInvertedReason = "value was encrypted"; _context->pushNewFrame(*expr); diff --git a/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp b/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp index c4fd520e805..117e5f087f2 100644 --- a/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp +++ b/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp @@ -77,7 +77,7 @@ public: Reply typedRun(OperationContext* opCtx) { // TODO (SERVER-65077): Remove FCV check once 6.0 is released uassert(6350499, - "FLE 2 is only supported when FCV supports 6.0", + "Queryable Encryption is only supported when FCV supports 6.0", gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); FixedFCVRegion fixedFcvRegion(opCtx); diff --git a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp index 70fa815b574..3a925fd730a 100644 --- a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp +++ b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp @@ -91,7 +91,7 @@ public: !nss.isTimeseriesBucketsCollection()); uassert(6464401, - "Sharding a FLE 2 state collection is not allowed", + "Sharding a Queryable Encryption state collection is not allowed", !nss.isFLE2StateCollection()); auto shardCollRequest = -- cgit v1.2.1