Skip to content

[Encryption] Refactor encrypted fields map generator #2783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 18, 2025
Merged

[Encryption] Refactor encrypted fields map generator #2783

merged 4 commits into from
Jun 18, 2025

Conversation

alcaeus
Copy link
Member

@alcaeus alcaeus commented Jun 13, 2025

Refactors the encrypted field map generator and adds a method to generate field maps for all metadata. Note that testing this is difficult, as loading all metadata in tests causes errors due to some documents being invalid on purpose.

@alcaeus alcaeus requested review from GromNaN and Copilot June 13, 2025 07:42
@alcaeus alcaeus mentioned this pull request Jun 13, 2025
Closed
Copilot
Copilot AI reviewed Jun 13, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Refactors the encrypted fields map generator into a more flexible EncryptedFieldsMapGenerator, adds a method to produce maps across all metadata, and updates dependent code and tests.

  • Renames and splits EncryptionFieldMap into EncryptedFieldsMapGenerator with two public methods.
  • Introduces getEncryptedFieldsMap to generate maps for all document classes, and adds a recursion guard.
  • Updates SchemaManager and ClassMetadata, removes old tests, and adds new tests for the generator.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptionFieldMapTest.php Removed outdated tests for the old generator.
tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php Added comprehensive tests for the new generator methods.
lib/Doctrine/ODM/MongoDB/Utility/EncryptedFieldsMapGenerator.php Renamed class, added getEncryptedFieldsMap and recursion guard.
lib/Doctrine/ODM/MongoDB/SchemaManager.php Switched to use EncryptedFieldsMapGenerator methods.
lib/Doctrine/ODM/MongoDB/Mapping/ClassMetadata.php Added isDocument() helper used by the generator.
Comments suppressed due to low confidence (1)

lib/Doctrine/ODM/MongoDB/Utility/EncryptedFieldsMapGenerator.php:87

  • The @todo indicates that keyId resolution is pending. If this is intentional, consider documenting the placeholder or implement the key extraction to avoid confusion later.
$mapping['encrypt'] ??= []; // @todo get the keyId

@GromNaN GromNaN changed the title Refactor encrypted fields map generator [Encryption] Refactor encrypted fields map generator Jun 13, 2025
@GromNaN GromNaN mentioned this pull request Jun 13, 2025
Open
7 tasks
GromNaN
GromNaN reviewed Jun 13, 2025
View reviewed changes
lib/Doctrine/ODM/MongoDB/Utility/EncryptedFieldsMapGenerator.php Outdated
Comment on lines 89 to 92
yield from $this->createEncryptedFieldsMapForClass(
$embedMetadata,
$path . $mapping['name'] . '.',
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of the class property $generatorStack, I would use a method parameter so that the scope is clear and you don't have to unset the class once it's handled.

Suggested change
yield from $this->createEncryptedFieldsMapForClass(
$embedMetadata,
$path . $mapping['name'] . '.',
);
yield from $this->createEncryptedFieldsMapForClass(
$embedMetadata,
$path . $mapping['name'] . '.',
$visitedClasses + [$classMetadata->getName() => true],
);

As an improvement: using an int level counter instead of true, we can set a limit in the recursion deep (if necessary).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the recursion prevention to a method parameter. Not sure how many recursion levels would be ok, but for the time being I'll prevent any recursion.

@alcaeus alcaeus requested a review from GromNaN June 16, 2025 12:42
@GromNaN GromNaN merged commit e26f275 into doctrine:feature/queryable-encryption Jun 18, 2025
36 of 37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@GromNaN GromNaN GromNaN approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alcaeus @GromNaN