New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(connection-form): add support for FLE KMS options COMPASS-5639 #2928
Conversation
packages/connection-form/src/components/advanced-options-tabs/advanced-options-tabs.tsx
Show resolved
Hide resolved
packages/connection-form/src/components/advanced-options-tabs/csfle-tab/csfle-tab.tsx
Outdated
Show resolved
Hide resolved
packages/connection-form/src/components/advanced-options-tabs/csfle-tab/csfle-tab.tsx
Outdated
Show resolved
Hide resolved
...nection-form/src/components/advanced-options-tabs/csfle-tab/encrypted-field-config-input.tsx
Outdated
Show resolved
Hide resolved
packages/connection-form/src/components/advanced-options-tabs/csfle-tab/kms-tls-options.tsx
Show resolved
Hide resolved
…csfle-tab/csfle-tab.tsx
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! Couple comments/suggestions/thoughts. Looking good. Nice react work!
packages/connection-form/src/components/advanced-options-tabs/advanced-options-tabs.tsx
Outdated
Show resolved
Hide resolved
packages/connection-form/src/components/advanced-options-tabs/csfle-tab/csfle-tab.tsx
Outdated
Show resolved
Hide resolved
packages/connection-form/src/components/advanced-options-tabs/csfle-tab/csfle-tab.tsx
Show resolved
Hide resolved
.../connection-form/src/components/advanced-options-tabs/tls-ssl-tab/tls-client-certificate.tsx
Show resolved
Hide resolved
theme="mongodb" | ||
width="100%" | ||
value={currentText} | ||
onChange={changeCurrentText} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this action does some more logic with the textToEncryptedFieldConfig
function do we want to add a test for this component that types into this editor and spies on the response to the onChange
prop we pass to the component?
An example of a test like this: https://github.com/mongodb-js/compass/blob/main/packages/compass-find-in-page/src/components/find-in-page-input.spec.tsx#L121 - there are also probably a few in this package to reference as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ugh, thanks for noticing this error. No, it’s not expected, it’s a weird quirk of our ejson-shell-parser
package that I cannot understand at all, where invalid input is mapped to an empty string as a result, rather than an exception.
(This is worrying me a little bit, because it means that we might be reading an empty string where we expect something else in other places as well. Here this would have been particularly bad, since accidentally omitting a clien-provided EncryptedFieldConfig
can be dangerous from a security perspective.)
Since this action does some more logic with the
textToEncryptedFieldConfig
function do we want to add a test for this component that types into this editor and spies on the response to theonChange
prop we pass to the component?
I’ve tinkered around a bit with writing a test like this, but in the end I’m not sure how to make this work with the ace editor rather than a text input.
Fwiw, the bulk of the work here is done by textToEncryptedFieldConfig()
and encryptedFieldConfigToText()
, and those are tested quite well, so I’ve moved the remainder of the text conversions there as well.
Somewhat relatedly, I noticed that we also need to use the logic here for reviving EncryptedFieldConfig when double-clicking through the sidebar, where otherwise the stored data in the model would have led to errors. I’ve exposed a wrapper around adjustCSFLEParams()
in the connection-form exports (see 5f8f819), it doesn’t feel like an ideal solution here though and I’m happy to take suggestions on where a better place for this would be.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gotcha - nice find.
For the location of adjustCSFLEParams
- would it make sense to be in the data-service instead?
Something on load/save? I'm thinking then the connect layer would only interact with the expected connectionOptions.
https://github.com/mongodb-js/compass/blob/main/packages/data-service/src/legacy/legacy-connection-model.ts#L206
Used here: https://github.com/mongodb-js/compass/blob/main/packages/data-service/src/connection-storage.ts#L46
Not sure if that's a better spot, just a thought. I think ideally we want this connection form to be usable in places like VSCode or other projects down the line - it would make sense to keep the connection form logic/usage to be minimal where we can then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mhh … I thought about that, and actually wrote a version that placed it in data-service at some point, but:
- This is solving a problem with how options are stored (i.e. not in a way that properly serializes/deserializes BSON values), not with how we connect
- It makes sense to me to keep the
$compass.xxx
special field handling as localized as possible, not spread across packages
The ideal way to handle this would probably be adjusting the connection storage to handle BSON data well, e.g. by using EJSON instead of JSON, but that might not be trivial (since some of the data might not be handled well by EJSON, and we’re aiming to move the storage layer away from Ampersand entirely at some point).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm! Couple styling thoughts/suggestions, not blockers. Nice work – I like how you've made each dropdown accordion show the state and error state if there is one.
description="Specify a collection in which data encryption keys are stored in the format <db>.<collection>." | ||
/> | ||
</FormFieldContainer> | ||
<EncryptedFieldConfigInput |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would you feel about wrapping this in the FormFieldContainer
so that it gets a little bit of top margin?
We might be able to remove the first withMarginStyles
from that component then
https://github.com/mongodb-js/compass/pull/2928/files#diff-02ecb09ae0d4678618b443da67f6a9cdf5c3043d424727b39d494a2dc53fb9a9R55
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, done – I’ve removed these everywhere and used FormFieldContainer
instead. I’m not sure if this is what you had in mind exactly, but in any case these feel like things that are fairly easy to adjust :)
Description
Checklist
Motivation and Context
Open Questions
Dependents
Types of changes