forked from mongodb/mongo-go-driver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
encryptoptions.go
155 lines (136 loc) · 5.44 KB
/
encryptoptions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
// Copyright (C) MongoDB, Inc. 2017-present.
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License. You may obtain
// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
package options
import (
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
)
// These constants specify valid values for QueryType
// QueryType is used for Queryable Encryption.
// Beta: Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used in production and is subject to backwards breaking changes.
const (
QueryTypeEquality string = "equality"
)
// RangeOptions specifies index options for a Queryable Encryption field supporting "rangePreview" queries.
// Beta: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
type RangeOptions struct {
Min *bson.RawValue
Max *bson.RawValue
Sparsity int64
Precision *int32
}
// EncryptOptions represents options to explicitly encrypt a value.
type EncryptOptions struct {
KeyID *primitive.Binary
KeyAltName *string
Algorithm string
QueryType string
ContentionFactor *int64
RangeOptions *RangeOptions
}
// Encrypt creates a new EncryptOptions instance.
func Encrypt() *EncryptOptions {
return &EncryptOptions{}
}
// SetKeyID specifies an _id of a data key. This should be a UUID (a primitive.Binary with subtype 4).
func (e *EncryptOptions) SetKeyID(keyID primitive.Binary) *EncryptOptions {
e.KeyID = &keyID
return e
}
// SetKeyAltName identifies a key vault document by 'keyAltName'.
func (e *EncryptOptions) SetKeyAltName(keyAltName string) *EncryptOptions {
e.KeyAltName = &keyAltName
return e
}
// SetAlgorithm specifies an algorithm to use for encryption. This should be one of the following:
// - AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic
// - AEAD_AES_256_CBC_HMAC_SHA_512-Random
// - Indexed
// - Unindexed
// This is required.
// Indexed and Unindexed are used for Queryable Encryption.
// Beta: Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used in production and is subject to backwards breaking changes.
func (e *EncryptOptions) SetAlgorithm(algorithm string) *EncryptOptions {
e.Algorithm = algorithm
return e
}
// SetQueryType specifies the intended query type. It is only valid to set if algorithm is "Indexed".
// This should be one of the following:
// - equality
// QueryType is used for Queryable Encryption.
// Beta: Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used in production and is subject to backwards breaking changes.
func (e *EncryptOptions) SetQueryType(queryType string) *EncryptOptions {
e.QueryType = queryType
return e
}
// SetContentionFactor specifies the contention factor. It is only valid to set if algorithm is "Indexed".
// ContentionFactor is used for Queryable Encryption.
// Beta: Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used in production and is subject to backwards breaking changes.
func (e *EncryptOptions) SetContentionFactor(contentionFactor int64) *EncryptOptions {
e.ContentionFactor = &contentionFactor
return e
}
// SetRangeOptions specifies the options to use for explicit encryption with range. It is only valid to set if algorithm is "rangePreview".
// Beta: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
func (e *EncryptOptions) SetRangeOptions(ro RangeOptions) *EncryptOptions {
e.RangeOptions = &ro
return e
}
// SetMin sets the range index minimum value.
// Beta: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
func (ro *RangeOptions) SetMin(min bson.RawValue) *RangeOptions {
ro.Min = &min
return ro
}
// SetMax sets the range index maximum value.
// Beta: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
func (ro *RangeOptions) SetMax(max bson.RawValue) *RangeOptions {
ro.Max = &max
return ro
}
// SetSparsity sets the range index sparsity.
// Beta: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
func (ro *RangeOptions) SetSparsity(sparsity int64) *RangeOptions {
ro.Sparsity = sparsity
return ro
}
// SetPrecision sets the range index precision.
// Beta: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes.
func (ro *RangeOptions) SetPrecision(precision int32) *RangeOptions {
ro.Precision = &precision
return ro
}
// MergeEncryptOptions combines the argued EncryptOptions in a last-one wins fashion.
//
// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
// single options struct instead.
func MergeEncryptOptions(opts ...*EncryptOptions) *EncryptOptions {
eo := Encrypt()
for _, opt := range opts {
if opt == nil {
continue
}
if opt.KeyID != nil {
eo.KeyID = opt.KeyID
}
if opt.KeyAltName != nil {
eo.KeyAltName = opt.KeyAltName
}
if opt.Algorithm != "" {
eo.Algorithm = opt.Algorithm
}
if opt.QueryType != "" {
eo.QueryType = opt.QueryType
}
if opt.ContentionFactor != nil {
eo.ContentionFactor = opt.ContentionFactor
}
if opt.RangeOptions != nil {
eo.RangeOptions = opt.RangeOptions
}
}
return eo
}