mongodb/mongo-python-driver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PYTHON-3709 Remove "beta" from Queryable Encryption Equality API (#1210)

Browse Source
This commit is contained in:
Shane Harvey 2023-05-12 12:17:40 -07:00 committed by GitHub
parent bc1a513d10
commit 0123d32a20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/examples/encryption.rst
View File

@ -605,18 +605,17 @@ Queryable Encryption
.. _automatic-queryable-client-side-encryption:
Automatic Queryable Encryption (Beta)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Automatic Queryable Encryption
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PyMongo 4.4 brings beta support for Queryable Encryption with MongoDB >=7.0.
Automatic Queryable Encryption requires MongoDB 7.0+ Enterprise or a MongoDB 7.0+ Atlas cluster.
Queryable Encryption is the second version of Client-Side Field Level Encryption.
Data is encrypted client-side. Queryable Encryption supports indexed encrypted fields,
which are further processed server-side.
You must have MongoDB 7.0 Enterprise to preview the capability.
Automatic encryption in Queryable Encryption is configured with an ``encrypted_fields`` mapping, as demonstrated by the following example::
Automatic encryption in Queryable Encryption is configured with an ``encrypted_fields`` mapping,
as demonstrated by the following example::
import os
from bson.codec_options import CodecOptions
@ -669,10 +668,10 @@ Automatic encryption in Queryable Encryption is configured with an ``encrypted_f
In the above example, the ``firstName`` and ``lastName`` fields are
automatically encrypted and decrypted.
Explicit Queryable Encryption (Beta)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Explicit Queryable Encryption
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PyMongo 4.4 brings beta support for Queryable Encryption with MongoDB >=7.0.
Explicit Queryable Encryption requires MongoDB 7.0+.
Queryable Encryption is the second version of Client-Side Field Level Encryption.
Data is encrypted client-side. Queryable Encryption supports indexed encrypted fields,

37
pymongo/encryption.py
View File

@ -417,17 +417,11 @@ class Algorithm(str, enum.Enum):
INDEXED = "Indexed"
"""Indexed.
.. note:: Support for Queryable Encryption is in beta.
Backwards-breaking changes may be made before the final release.
.. versionadded:: 4.2
"""
UNINDEXED = "Unindexed"
"""Unindexed.
.. note:: Support for Queryable Encryption is in beta.
Backwards-breaking changes may be made before the final release.
.. versionadded:: 4.2
"""
RANGEPREVIEW = "RangePreview"
@ -441,10 +435,7 @@ class Algorithm(str, enum.Enum):
class QueryType(str, enum.Enum):
"""**(BETA)** An enum that defines the supported values for explicit encryption query_type.
.. note:: Support for Queryable Encryption is in beta.
Backwards-breaking changes may be made before the final release.
"""An enum that defines the supported values for explicit encryption query_type.
.. versionadded:: 4.2
"""
@ -453,7 +444,11 @@ class QueryType(str, enum.Enum):
"""Used to encrypt a value for an equality query."""
RANGEPREVIEW = "rangePreview"
"""Used to encrypt a value for a range query."""
"""Used to encrypt a value for a range query.
.. note:: Support for Range queries is in beta.
Backwards-breaking changes may be made before the final release.
"""
class ClientEncryption(Generic[_DocumentType]):
@ -577,9 +572,6 @@ class ClientEncryption(Generic[_DocumentType]):
) -> Tuple[Collection[_DocumentType], Mapping[str, Any]]:
"""Create a collection with encryptedFields.
.. note:: Support for Queryable Encryption is in beta.
Backwards-breaking changes may be made before the final release.
.. warning::
This function does not update the encryptedFieldsMap in the client's
AutoEncryptionOpts, thus the user must create a new client after calling this function with
@ -592,7 +584,7 @@ class ClientEncryption(Generic[_DocumentType]):
:Parameters:
- `name`: the name of the collection to create
- `encrypted_fields` (dict): **(BETA)** Document that describes the encrypted fields for
- `encrypted_fields` (dict): Document that describes the encrypted fields for
Queryable Encryption. For example::
{
@ -801,23 +793,18 @@ class ClientEncryption(Generic[_DocumentType]):
:class:`~bson.binary.Binary` with subtype 4 (
:attr:`~bson.binary.UUID_SUBTYPE`).
- `key_alt_name`: Identifies a key vault document by 'keyAltName'.
- `query_type` (str): **(BETA)** The query type to execute. See
:class:`QueryType` for valid options.
- `contention_factor` (int): **(BETA)** The contention factor to use
- `query_type` (str): The query type to execute. See :class:`QueryType` for valid options.
- `contention_factor` (int): The contention factor to use
when the algorithm is :attr:`Algorithm.INDEXED`. An integer value
*must* be given when the :attr:`Algorithm.INDEXED` algorithm is
used.
- `range_opts`: Experimental only, not intended for public use.
.. note:: `query_type`, and `contention_factor` are part of the Queryable Encryption beta.
Backwards-breaking changes may be made before the final release.
:Returns:
The encrypted value, a :class:`~bson.binary.Binary` with subtype 6.
.. versionchanged:: 4.2
Added the `query_type` and `contention_factor` parameters.
"""
return self._encrypt_helper(
value=value,
@ -846,16 +833,16 @@ class ClientEncryption(Generic[_DocumentType]):
provided.
:Parameters:
- `expression`: **(BETA)** The BSON aggregate or match expression to encrypt.
- `expression`: The BSON aggregate or match expression to encrypt.
- `algorithm` (string): The encryption algorithm to use. See
:class:`Algorithm` for some valid options.
- `key_id`: Identifies a data key by ``_id`` which must be a
:class:`~bson.binary.Binary` with subtype 4 (
:attr:`~bson.binary.UUID_SUBTYPE`).
- `key_alt_name`: Identifies a key vault document by 'keyAltName'.
- `query_type` (str): **(BETA)** The query type to execute. See
- `query_type` (str): The query type to execute. See
:class:`QueryType` for valid options.
- `contention_factor` (int): **(BETA)** The contention factor to use
- `contention_factor` (int): The contention factor to use
when the algorithm is :attr:`Algorithm.INDEXED`. An integer value
*must* be given when the :attr:`Algorithm.INDEXED` algorithm is
used.

8
pymongo/encryption_options.py
View File

@ -148,11 +148,11 @@ class AutoEncryptionOpts:
- `crypt_shared_lib_path` (optional): Override the path to load the crypt_shared library.
- `crypt_shared_lib_required` (optional): If True, raise an error if libmongocrypt is
unable to load the crypt_shared library.
- `bypass_query_analysis` (optional): **(BETA)** If ``True``, disable automatic analysis
- `bypass_query_analysis` (optional): If ``True``, disable automatic analysis
of outgoing commands. Set `bypass_query_analysis` to use explicit
encryption on indexed fields without the MongoDB Enterprise Advanced
licensed crypt_shared library.
- `encrypted_fields_map`: **(BETA)** Map of collection namespace ("db.coll") to documents
- `encrypted_fields_map`: Map of collection namespace ("db.coll") to documents
that described the encrypted fields for Queryable Encryption. For example::
{
@ -175,10 +175,6 @@ class AutoEncryptionOpts:
}
}
.. note:: `bypass_query_analysis` and `encrypted_fields_map` are part of the
Queryable Encryption beta. Backwards-breaking changes may be made before the
final release.
.. versionchanged:: 4.2
Added `encrypted_fields_map` `crypt_shared_lib_path`, `crypt_shared_lib_required`,
and `bypass_query_analysis` parameters.

3
pymongo/errors.py
View File

@ -356,9 +356,6 @@ class EncryptionError(PyMongoError):
class EncryptedCollectionError(EncryptionError):
"""Raised when creating a collection with encrypted_fields fails.
.. note:: EncryptedCollectionError and `create_encrypted_collection` are both part of the
Queryable Encryption beta. Backwards-breaking changes may be made before the final release.
.. versionadded:: 4.4
"""