Code review fixes for tests and docs

Author: aclark4life

docs/source/howto/queryable-encryption.rst

@@ -3,11 +3,12 @@ Configuring Queryable Encryption
 ================================
 
 Configuring Queryable Encryption in Django is similar to
-`configuring Queryable Encryption in Python <https://www.mongodb.com/docs/manual/core/queryable-encryption/quick-start/>`_
-but with some additional steps required for Django.
+:doc:`manual:core/queryable-encryption/quick-start` but with some additional
+steps required for Django.
 
-.. note:: This section describes how to configure server side Queryable Encryption in Django.
-    For configuration of client side Queryable Encryption, please refer to this :ref:`FAQ question <queryable-encryption>`.
+.. note:: This section describes how to configure server side Queryable
+   Encryption in Django. For configuration of client side Queryable Encryption,
+   please refer to this :ref:`FAQ question <queryable-encryption>`.
 
 Prerequisites
 -------------
@@ -19,18 +20,18 @@ you will need to install PyMongo with Queryable Encryption support::
     pip install django-mongodb-backend[encryption]
 
 .. note:: You can use Queryable Encryption on a MongoDB 7.0 or later replica
-    set or sharded cluster, but not a standalone instance.
-    `This table <https://www.mongodb.com/docs/manual/core/queryable-encryption/reference/compatibility/#std-label-qe-compatibility-reference>`_
-    shows which MongoDB server products support which Queryable Encryption mechanisms.
+   set or sharded cluster, but not a standalone instance.
+   :ref:`This table <manual:qe-compatibility-reference>` shows which MongoDB
+   server products support which Queryable Encryption mechanisms.
 
 .. _server-side-queryable-encryption-settings:
 
 Settings
 --------
 
-Queryable Encryption in Django requires the use of an additional encrypted database
-and Key Management Service (KMS) credentials as well as an encrypted database
-router. Here's how to set it up in your Django settings.
+Queryable Encryption in Django requires the use of an additional encrypted
+database and Key Management Service (KMS) credentials as well as an encrypted
+database router. Here's how to set it up in your Django settings.
 
 ::
 
@@ -73,4 +74,5 @@ router. Here's how to set it up in your Django settings.
 
     DATABASE_ROUTERS = [EncryptedRouter()]
 
-You are now ready to use server side :doc:`Queryable Encryption </topics/queryable-encryption>` in your Django project.
+You are now ready to use server side :doc:`Queryable Encryption
+</topics/queryable-encryption>` in your Django project.

docs/source/topics/known-issues.rst

@@ -102,8 +102,3 @@ Caching
 Secondly, you must use the :class:`django_mongodb_backend.cache.MongoDBCache`
 backend rather than Django's built-in database cache backend,
 ``django.core.cache.backends.db.DatabaseCache``.
-
-Queryable Encryption
-====================
-
-.. TODO: Add Django core limitations that affect Queryable Encryption.

docs/source/topics/queryable-encryption.rst

@@ -1,8 +1,8 @@
 Queryable Encryption
 ====================
 
-Use :ref:`encrypted fields <encrypted-fields>` to store sensitive data in MongoDB
-your data using `Queryable Encryption <https://www.mongodb.com/docs/manual/core/queryable-encryption/>`_.
+Use :ref:`encrypted fields <encrypted-fields>` to store sensitive data in
+MongoDB with :doc:`manual:core/queryable-encryption`.
 
 .. _encrypted-field-example:
 
@@ -22,25 +22,11 @@ Let's consider this example::
         def __str__(self):
             return self.ssn
 
-The API is similar to that of Django's relational fields, with some
-security-related changes::
-
-    >>> bob = Patient(ssn="123-45-6789")
-    >>> bob.ssn
-    '123-45-6789'
-
-Represented in BSON, from an encrypted client connection, the patient data looks like this:
-
-.. code-block:: js
-
-    {
-      _id: ObjectId('68825b066fac55353a8b2b41'),
-      ssn: '123-45-6789',
-      __safeContent__: [b'\xe0)NOFB\x9a,\x08\xd7\xdd\xb8\xa6\xba$…']
-    }
+Querying encrypted fields
+-------------------------
 
-The ``ssn`` field is only visible from an encrypted client connection. From an unencrypted client connection,
-the patient data looks like this:
+The ``ssn`` field is only visible from an encrypted client connection. From an
+unencrypted client connection, the patient data looks like this:
 
 .. code-block:: js
 
@@ -51,17 +37,27 @@ the patient data looks like this:
 
 .. admonition:: List of encrypted fields
 
-    See the full list of :ref:`encrypted fields <encrypted-fields>` in the :doc:`Model field reference </ref/models/fields>`.
+    See the full list of :ref:`encrypted fields <encrypted-fields>` in the
+    :doc:`Model field reference </ref/models/fields>`.
 
-Querying encrypted fields
--------------------------
-
-You can query encrypted fields using a `limited set of
-query operators <https://www.mongodb.com/docs/manual/core/queryable-encryption/reference/supported-operations/#std-label-qe-supported-query-operators>`_
-which must be specified in the field definition. For example, to query the ``ssn`` field for equality, you can use the
-``EqualityQuery`` operator as shown in the example above.
+You can query encrypted fields using a
+:ref:`manual:qe-supported-query-operators` which must be specified in the
+field definition. For example, to query the ``ssn`` field for equality, you
+can use the ``EqualityQuery`` operator as shown in the example above.
 
     >>> Patient.objects.get(ssn="123-45-6789").ssn
     '123-45-6789'
 
-If the ``ssn`` field provided in the query matches the encrypted value in the database, the query will succeed.
+If the ``ssn`` field provided in the query matches the encrypted value in the
+database, the query will succeed.
+
+Represented in BSON, from an encrypted client connection, the patient data
+looks like this:
+
+.. code-block:: js
+
+    {
+      _id: ObjectId('68825b066fac55353a8b2b41'),
+      ssn: '123-45-6789',
+      __safeContent__: [b'\xe0)NOFB\x9a,\x08\xd7\xdd\xb8\xa6\xba$…']
+    }

tests/encryption_/tests.py renamed to tests/encryption_/test_base.py

@@ -1,13 +1,10 @@
 import importlib
 from datetime import datetime, time
-from io import StringIO
 from unittest.mock import patch
 
 import pymongo
-from bson import json_util
 from bson.binary import Binary
 from django.conf import settings
-from django.core.management import call_command
 from django.db import connections, models
 from django.test import TransactionTestCase, modify_settings, override_settings
 
@@ -23,115 +20,6 @@
 )
 from .routers import TestEncryptedRouter
 
-EXPECTED_ENCRYPTED_FIELDS_MAP = {
-    "encryption__billing": {
-        "fields": [
-            {
-                "bsonType": "string",
-                "path": "cc_type",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b" \x901\x89\x1f\xafAX\x9b*\xb1\xc7\xc5\xfdl\xa4", 4),
-            },
-            {
-                "bsonType": "long",
-                "path": "cc_number",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b"\x97\xb4\x9d\xb8\xd5\xa6Ay\x85\xfe\x00\xc0\xd4{\xa2\xff", 4),
-            },
-            {
-                "bsonType": "decimal",
-                "path": "account_balance",
-                "queries": {"queryType": "range"},
-                # "keyId": Binary(b"\xcc\x01-s\xea\xd9B\x8d\x80\xd7\xf8!n\xc6\xf5U", 4),
-            },
-        ]
-    },
-    "encryption__patientrecord": {
-        "fields": [
-            {
-                "bsonType": "string",
-                "path": "ssn",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b"\x14F\x89\xde\x8d\x04K7\xa9\x9a\xaf_\xca\x8a\xfb&", 4),
-            },
-            {
-                "bsonType": "date",
-                "path": "birth_date",
-                "queries": {"queryType": "range"},
-                # "keyId": Binary(b"@\xdd\xb4\xd2%\xc2B\x94\xb5\x07\xbc(ER[s", 4),
-            },
-            {
-                "bsonType": "binData",
-                "path": "profile_picture",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b"Q\xa2\xebc!\xecD,\x8b\xe4$\xb6ul9\x9a", 4),
-            },
-            {
-                "bsonType": "int",
-                "path": "patient_age",
-                "queries": {"queryType": "range"},
-                # "keyId": Binary(b"\ro\x80\x1e\x8e1K\xde\xbc_\xc3bi\x95\xa6j", 4),
-            },
-            {
-                "bsonType": "double",
-                "path": "weight",
-                "queries": {"queryType": "range"},
-                # "keyId": Binary(b"\x9b\xfd:n\xe1\xd0N\xdd\xb3\xe7e)\x06\xea\x8a\x1d", 4),
-            },
-        ]
-    },
-    "encryption__patient": {
-        "fields": [
-            {
-                "bsonType": "int",
-                "path": "patient_id",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b"\x8ft\x16:\x8a\x91D\xc7\x8a\xdf\xe5O\n[\xfd\\", 4),
-            },
-            {
-                "bsonType": "string",
-                "path": "patient_name",
-                # "keyId": Binary(b"<\x9b\xba\xeb:\xa4@m\x93\x0e\x0c\xcaN\x03\xfb\x05", 4),
-            },
-            {
-                "bsonType": "string",
-                "path": "patient_notes",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b"\x01\xe7\xd1isnB$\xa9(gwO\xca\x10\xbd", 4),
-            },
-            {
-                "bsonType": "date",
-                "path": "registration_date",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b"F\xfb\xae\x82\xd5\x9a@\xee\xbfJ\xaf#\x9c:-I", 4),
-            },
-            {
-                "bsonType": "bool",
-                "path": "is_active",
-                "queries": {"queryType": "equality"},
-                # "keyId": Binary(b"\xb2\xb5\xc4K53A\xda\xb9V\xa6\xa9\x97\x94\xea;", 4),
-            },
-            {"bsonType": "string", "path": "email", "queries": {"queryType": "equality"}},
-        ]
-    },
-    "encryption__patientportaluser": {
-        "fields": [
-            {"bsonType": "string", "path": "ip_address", "queries": {"queryType": "equality"}},
-            {"bsonType": "string", "path": "url", "queries": {"queryType": "equality"}},
-        ]
-    },
-    "encryption__encryptednumbers": {
-        "fields": [
-            {"bsonType": "int", "path": "pos_bigint", "queries": {"queryType": "equality"}},
-            {"bsonType": "int", "path": "pos_smallint", "queries": {"queryType": "equality"}},
-            {"bsonType": "int", "path": "smallint", "queries": {"queryType": "equality"}},
-        ]
-    },
-    "encryption__appointment": {
-        "fields": [{"bsonType": "date", "path": "time", "queries": {"queryType": "equality"}}]
-    },
-}
-
 
 class EncryptedDurationField(EncryptedFieldMixin, models.DurationField):
     """
@@ -166,38 +54,36 @@ class EncryptedFieldTests(TransactionTestCase):
     available_apps = ["django_mongodb_backend", "encryption_"]
 
     def setUp(self):
-        self.appointment = Appointment(time="8:00")
-        self.appointment.save()
+        self.appointment = Appointment.objects.create(time="8:00")
 
-        self.billing = Billing(cc_type="Visa", cc_number=1234567890123456, account_balance=100.50)
-        self.billing.save()
+        self.billing = Billing.objects.create(
+            cc_type="Visa", cc_number=1234567890123456, account_balance=100.50
+        )
 
-        self.portal_user = PatientPortalUser(
+        self.portal_user = PatientPortalUser.objects.create(
             ip_address="127.0.0.1",
             url="https://example.com",
         )
-        self.portal_user.save()
 
-        self.patientrecord = PatientRecord(
+        self.patientrecord = PatientRecord.objects.create(
             ssn="123-45-6789",
             birth_date="1970-01-01",
             profile_picture=b"image data",
             weight=175.5,
             patient_age=47,
         )
-        self.patientrecord.save()
 
-        self.patient = Patient(
+        self.patient = Patient.objects.create(
             patient_id=1,
             patient_name="John Doe",
             patient_notes="patient notes " * 25,
             registration_date=datetime(2023, 10, 1, 12, 0, 0),
             is_active=True,
             email="john.doe@example.com",
         )
-        self.patient.save()
 
-        # TODO: Embed billing and patient_record models in patient model then add tests
+        # TODO: Embed billing and patient_record models in patient model
+        # then add tests
 
     @classmethod
     def setUpClass(cls):
@@ -284,25 +170,6 @@ def test_get_encrypted_fields_map(self):
                 expected_encrypted_fields_map[db_table],
             )
 
-    def test_show_schema_map(self):
-        self.maxDiff = None
-        out = StringIO()
-        call_command(
-            "showschemamap",
-            "--database",
-            "encrypted",
-            verbosity=0,
-            stdout=out,
-        )
-        # Remove keyIds since they are different for each run.
-        output_json = json_util.loads(out.getvalue())
-        for table in output_json:
-            for field in output_json[table]["fields"]:
-                del field["keyId"]
-        # TODO: probably we don't need to test the entire mapping, otherwise it
-        # requires updates every time a new model or field is added!
-        self.assertEqual(EXPECTED_ENCRYPTED_FIELDS_MAP, output_json)
-
     def test_set_encrypted_fields_map_in_client(self):
         # TODO: Create new client with and without schema map provided then
         # sync database to ensure encrypted collections are created in both
@@ -373,9 +240,10 @@ def test_patient(self):
         records = connections["encrypted"].database.encryption__patientrecord.find()
         self.assertTrue("__safeContent__" in records[0])
 
-
-class EncryptedNumberFieldTests(EncryptedFieldTests):
-    def test_create_and_query(self):
+    def test_numeric_fields(self):
+        """
+        Fields that have not been tested elsewhere.
+        """
         EncryptedNumbers.objects.create(
             pos_bigint=1000000,
             # FIXME: pymongo.errors.EncryptionError: Cannot encrypt element of type int