Loading...

XML

Word

Printable

JSON

Type: Epic
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 2.4.0
Affects Version/s: None
Component/s: None
Labels:
None

Epic Status:
Done
Epic Name:
Rust FLE Support

Quarter:
- FY23Q2
- FY23Q3
- FY23Q4
Scope Cost Estimate:
17
Cost to Date:
21
Final Cost Estimate:
22
Detailed Project Statuses:
Hide

Engineer: Abraham Egnor
Summary: Add Field Level Encryption capability into Rust driver, specifically:
CSFLE 1.0, Azure and GCP and AWS as KMS providers, KMIP as generic KMS for those with custom key management requirements, CSFLE 2.0

2022-12-09:

Status update:

Last two tickets are in review.

Rationale for delays:

Needed additional time to wrap up reviews.

Risks:

No Risks.

2022-11-23:

Status update:

All code merged, working on wrapping up smaller project tasks.

Rationale for delays:

No Delays.

Risks:

No Risks.

2022-11-11:

Status update:

All prose tests are now in review.

Working on spec tests.

Rationale for delays:

Investigations into openssl debugging and iteration on API

Risks:

No Risks.

2022-10-28:

Status update:

All prose tests are now in review.

Working on spec tests next.

Rationale for delays:

No delays.

Risks:

No Risks.

2022-10-14:

Status update:

Still working on prose test implementation.

Spec tests next.

Rationale for delays:

We need the project due to complexity of prose tests and tickets that have been added to the project.

Risks:

No Risks.

2022-09-29:

Status update:

Working on prose test implementation.

Rationale for delays:

No delays.

Risks:

We may need to extend the project due to complexity of prose tests and tickets had been added to the project.

2022-09-16:

Status update:

Working on prose test implementation.

Will be on hold next week due to buildfest.

Rationale for delays:

No delays.

Risks:

No risks.

2022-09-02:

Status update:

Abraham was on PTO for one week and then focused on spec work. Will resume next week.

Rationale for delays:

No delays.

Risks:

No risks.

2022-08-19:

Status update:

Auto encryption merged

Explicit encryption in review

Remaining work is testing and miscellaneous catch-up on tickets filed during implementation.

Rationale for delays:

No delays.

Risks:

No risks.

2022-08-05:

Status update:

Client initialization merged

Working on auto encryption

Rationale for delays:

No delays.

Risks:

No risks.

2022-07-22:

Status update:

Working on implementation and client initialization

Rationale for delays:

No delays.

Risks:

No risks.

2022-07-08:

Status update:

Testing and Integration plan are complete.

Started on implementation and client initialization

Rationale for delays:

No delays.

Risks:

No risks.

2022-06-24:

Status update:

Wrappers and Infrastructure config complete.

Testing and Integration plan are up next.

End Date and Cost Estimate pending Integration plan.

Rationale for delays:

No delays.

Risks:

No risks.

2022-06-10:

Status update:

Rust bindings for libmongocrypt are done and merged

Nearing completion of safe idiomatic Rust wrapper of libmongocrypt atop bindings. We expect review on this to take a while as it will need close review due to the amount of unsafe code to interop with C. After that, driver integration.

Rationale for delays:

No delays.

Risks:

No risks.

2022-05-12:

Status update:
Abraham is working on the rust bindings for FLE, this is a prerequisite for the Rust FLE design/implementation. Estimates and ETA TBD.

Rationale for delays:
No delays.

Risks:
No risks.

2022-05-12: Abraham kicked off the RUST Design for the project. Estimates and ETA TBD.
Show
Engineer: Abraham Egnor Summary: Add Field Level Encryption capability into Rust driver, specifically: CSFLE 1.0, Azure and GCP and AWS as KMS providers, KMIP as generic KMS for those with custom key management requirements, CSFLE 2.0 2022-12-09: Status update: Last two tickets are in review. Rationale for delays: Needed additional time to wrap up reviews. Risks: No Risks. 2022-11-23: Status update: All code merged, working on wrapping up smaller project tasks. Rationale for delays: No Delays. Risks: No Risks. 2022-11-11: Status update: All prose tests are now in review. Working on spec tests. Rationale for delays: Investigations into openssl debugging and iteration on API Risks: No Risks. 2022-10-28: Status update: All prose tests are now in review. Working on spec tests next. Rationale for delays: No delays. Risks: No Risks. 2022-10-14: Status update: Still working on prose test implementation. Spec tests next. Rationale for delays: We need the project due to complexity of prose tests and tickets that have been added to the project. Risks: No Risks. 2022-09-29: Status update: Working on prose test implementation. Rationale for delays: No delays. Risks: We may need to extend the project due to complexity of prose tests and tickets had been added to the project. 2022-09-16: Status update: Working on prose test implementation. Will be on hold next week due to buildfest. Rationale for delays: No delays. Risks: No risks. 2022-09-02: Status update: Abraham was on PTO for one week and then focused on spec work. Will resume next week. Rationale for delays: No delays. Risks: No risks. 2022-08-19: Status update: Auto encryption merged Explicit encryption in review Remaining work is testing and miscellaneous catch-up on tickets filed during implementation. Rationale for delays: No delays. Risks: No risks. 2022-08-05: Status update: Client initialization merged Working on auto encryption Rationale for delays: No delays. Risks: No risks. 2022-07-22: Status update: Working on implementation and client initialization Rationale for delays: No delays. Risks: No risks. 2022-07-08: Status update: Testing and Integration plan are complete. Started on implementation and client initialization Rationale for delays: No delays. Risks: No risks. 2022-06-24: Status update: Wrappers and Infrastructure config complete. Testing and Integration plan are up next. End Date and Cost Estimate pending Integration plan. Rationale for delays: No delays. Risks: No risks. 2022-06-10: Status update: Rust bindings for libmongocrypt are done and merged Nearing completion of safe idiomatic Rust wrapper of libmongocrypt atop bindings. We expect review on this to take a while as it will need close review due to the amount of unsafe code to interop with C. After that, driver integration. Rationale for delays: No delays. Risks: No risks. 2022-05-12: Status update: Abraham is working on the rust bindings for FLE, this is a prerequisite for the Rust FLE design/implementation. Estimates and ETA TBD. Rationale for delays: No delays. Risks: No risks. 2022-05-12: Abraham kicked off the RUST Design for the project. Estimates and ETA TBD.

Epic Summary

Summary

Add Field Level Encryption capability into Rust driver, specifically:
CSFLE 1.0
Azure and GCP and AWS as KMS providers
KMIP as generic KMS for those with custom key management requirements
CSFLE 2.0

Motivation
We are expanding our field level encryption capabilities substantially in MongoDB 6.0, and the Rust driver needs to be caught up with our new, comprehensive suite of offerings.

Cast of Characters

Engineering Lead:
Document Author:
POCers:
Product Owner: Rachelle Palmer
Program Manager:
Stakeholders:

Documentation

[Scope Document|some.url]
[Technical Design Document|some.url]

is depended on by

RUST-1227 Add ClientEncryption entity and Key Management API operations to Unified Test Format

Closed

is duplicated by

RUST-1368 Require 4.2.0 server for tests with "csfle: true" runOnRequirement

Closed

RUST-936 CSFLE 1.0 KMIP Support

Development Complete

RUST-1161 FLE 1.0 Shared Library

Development Complete

RUST-1257 FLE 2.0 Support

Development Complete

RUST-119 Support Client-side Field Level Encryption

Closed

RUST-1136 Key Management API

Closed

RUST-1264 Add CSFLE spec test for auto encryption on a collection with no jsonSchema

Closed

RUST-1265 CSFLE badQueries and types errorContains failing to match on mongocryptd 6.0.0-alpha

Closed

RUST-1378 Require contentionFactor for "Indexed" explicit encryption

Closed

RUST-1430 Update expected error in fle2-InsertFind-Unindexed test

Closed

RUST-1471 Run legacy Client Side Encryption tests on serverless

Closed

RUST-1255 CSFLE "Custom Endpoint Test" Case 5 fails match

Closed

RUST-1288 Add FLE 2 behavior for CreateCollection() and Collection.Drop()

Closed

RUST-1304 Add FLE 2 test for compactStructuredEncryptionData

Closed

RUST-1331 Replace public references to "FLE2" with "Queryable Encryption".

Closed

RUST-1350 Test auto decryption occurs after CommandSucceeded events

Closed

RUST-1377 Remove ClientEncryption.createKey() in favor of createDataKey()

Closed

RUST-1427 Update key material for Azure and KMIP datakeys in RewrapManyDataKey

Closed

RUST-1429 Add prose test for RewrapManyDataKey

Closed

RUST-1470 FLE - maxWireVersion should run on Mongo Server 4.0.x

Closed

RUST-559 Support Azure and GCP keystores in FLE

Closed

RUST-651 Support AWS authentication with temporary credentials in CSFLE

Closed

RUST-704 Test that KMS TLS connections verify peer certificates

Closed

RUST-1242 Remove use of admin database in CSFLE driver doc examples

Closed

RUST-1326 Ban comparisons to encrypted fields in collection validator and partialFilterExpression

Closed

RUST-1379 Remove unnecessary on-demand credentials in CSE unified spec tests

Closed

RUST-1324 Update FLE 2 collection management

Closed

RUST-1365 Reduce expected removeKeyAltName operations to a single findOneAndUpdate

Closed

RUST-1367 Ensure "does not fail" in CSE Prose Test 13 accounts for (no) matching documents

Closed

RUST-1376 Allow RewrapManyDataKeyResult.bulkWriteResult to be optional

Closed

RUST-1397 Update CSE unified tests expectResult: null

Closed

RUST-1307 Ensure FLE2 Create-from-EncryptedFieldsMap test sends encryptedFields in options

Closed

RUST-1296 Add FLE 2 API to AutoEncryptionOpts

Closed

RUST-1301 Add FLE 2 API to ClientEncryptionOpts

Closed

RUST-1361 EncryptOpts queryType should accept a string consistent with queryType in encryptedFields

Closed

is related to

RUST-1338 Update expected FLE 2 find payloads in tests

Closed

(31 is duplicated by, 1 is related to)

Assignee:: Abraham Egnor

Reporter:: Kaitlin Mahar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: Oct 05 2020 06:54:22 PM UTC

Updated:: Jul 19 2024 05:26:35 PM UTC

Resolved:: Dec 13 2022 03:32:04 PM UTC

Calendar Time:: 32 weeks, 1 day

Start date:: 02/May/22

End date:: 13/Dec/22

Details

Description

Cast of Characters

Documentation

Attachments

Issue Links

Activity

People

Dates