activerecord-cipherstash-pg-adapter 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3eaa0c02e8ccecc531934417632599e4f91edcd67fed514f315ebef2bc424ee8
-  data.tar.gz: 369c9295c615b3468421bcef9142421ac767c4dd6ef3f4a46139ce0183adc37f
+  metadata.gz: 1a76ecda67534aee78fe658b78c5ba3f7834f59c229b7391d75fd736d7aa4e23
+  data.tar.gz: 13284339b37ab578d8ce181a9c291bb4826f556caedbac55f9cc2b9cb1fb3084
 SHA512:
-  metadata.gz: '09b55773769ab21a814208fd25058a82cad19a6c047ccbc84d4a715447bdcfade7b68e399242049e0285c26d0d22725310a02cb62fc4532621d6f095d90e6a93'
-  data.tar.gz: a74e2ead6f0c3029725fbd2b4d1e0b76c228446b8b284a954ce737e8ae488743105baa0f356ad922d5fdedd23051d3059b2a6618cad30b507fe6a2554cc7b3b9
+  metadata.gz: 9644a5705b513fa4356f193995fc5b462acac8d66fba7c02031a51e3a0ad2e864865d84f561ea70ec0582129815a38920b3e557c1a29753597c86f0346c6d5df
+  data.tar.gz: cc240e5e9b255e4075cfc9ea13c40cf9b5715b8cd1b4a82f4dff8b98ae9112999413afaff9a10984947a2629d334868d95888e36b5ff3ea29fb82d5f29344ee4

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 ## [Unreleased]
 
+## [0.5.0] - 2023-04-19
+
+### Added
+
+- Support for Rails credentials to set the required driver environment variables.
+
+### Fixed
+
+- Hide internal CipherStash columns.
+
+## [0.4.0] - 2023-04-06
+
+### Changed
+
+- Bump version of cipherstash-pg.
+
 ## [0.3.0] - 2023-04-04
 ### Added
 

data/activerecord-cipherstash-pg-adapter.gemspec

@@ -31,5 +31,5 @@ Gem::Specification.new do |spec|
 
   # Runtime dependencies here; dev+test go in Gemfile.
   spec.add_dependency "activerecord", ">= 6.0.0", "< 8.0.0"
-  spec.add_dependency "cipherstash-pg", "~> 1.4.5"
+  spec.add_dependency "cipherstash-pg", ">= 1.0.0.beta.1"
 end

data/lib/active_record/connection_adapters/6.1/postgres_cipherstash_adapter.rb

@@ -3,6 +3,7 @@
 require "active_support/core_ext/object/try"
 require "active_record/connection_adapters/abstract_adapter"
 require "active_record/connection_adapters/statement_pool"
+require "active_record/connection_adapters/cipherstash_column_mapper"
 
 require_relative "./cipherstash_pg/column"
 require_relative "./cipherstash_pg/database_statements"
@@ -805,19 +806,31 @@ module ActiveRecord
         # Query implementation notes:
         #  - format_type includes the column size constraint, e.g. varchar(50)
         #  - ::regclass is a function that gives the id for a table name
+        #
+        # NOTE: this method has been modified from the original version that was lifted
+        # from ActiveRecord's PostgreSQL adapter. The query is untouched, but
+        # `CipherStashColumnMapper` is custom. See the docs in `CipherStashColumnMapper`
+        # for details.
+        #
+        # Original source:
+        # https://github.com/rails/rails/blob/main/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb#L1009-L1041
         def column_definitions(table_name)
-          query(<<~SQL, "SCHEMA")
-              SELECT a.attname, format_type(a.atttypid, a.atttypmod),
-                     pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
-                     c.collname, col_description(a.attrelid, a.attnum) AS comment
-                FROM pg_attribute a
-                LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
-                LEFT JOIN pg_type t ON a.atttypid = t.oid
-                LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
-               WHERE a.attrelid = #{quote(quote_table_name(table_name))}::regclass
-                 AND a.attnum > 0 AND NOT a.attisdropped
-               ORDER BY a.attnum
-          SQL
+          column_definitions =
+            query(<<~SQL, "SCHEMA")
+                SELECT a.attname, format_type(a.atttypid, a.atttypmod),
+                      pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
+                      c.collname, col_description(a.attrelid, a.attnum) AS comment,
+                      #{supports_virtual_columns? ? 'attgenerated' : quote('')} as attgenerated
+                  FROM pg_attribute a
+                  LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
+                  LEFT JOIN pg_type t ON a.atttypid = t.oid
+                  LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
+                WHERE a.attrelid = #{quote(quote_table_name(table_name))}::regclass
+                  AND a.attnum > 0 AND NOT a.attisdropped
+                ORDER BY a.attnum
+            SQL
+
+          CipherStashColumnMapper.map_column_definitions(column_definitions)
         end
 
         def extract_table_ref_from_insert_sql(sql)

data/lib/active_record/connection_adapters/7.0/postgres_cipherstash_adapter.rb

@@ -3,6 +3,7 @@
 require "active_support/core_ext/object/try"
 require "active_record/connection_adapters/abstract_adapter"
 require "active_record/connection_adapters/statement_pool"
+require "active_record/connection_adapters/cipherstash_column_mapper"
 
 require_relative "./cipherstash_pg/column"
 require_relative "./cipherstash_pg/database_statements"
@@ -911,20 +912,31 @@ module ActiveRecord
         # Query implementation notes:
         #  - format_type includes the column size constraint, e.g. varchar(50)
         #  - ::regclass is a function that gives the id for a table name
+        #
+        # NOTE: this method has been modified from the original version that was lifted
+        # from ActiveRecord's PostgreSQL adapter. The query is untouched, but
+        # `CipherStashColumnMapper` is custom. See the docs in `CipherStashColumnMapper`
+        # for details.
+        #
+        # Original source:
+        # https://github.com/rails/rails/blob/main/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb#L1009-L1041
         def column_definitions(table_name)
-          query(<<~SQL, "SCHEMA")
-              SELECT a.attname, format_type(a.atttypid, a.atttypmod),
-                     pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
-                     c.collname, col_description(a.attrelid, a.attnum) AS comment,
-                     #{supports_virtual_columns? ? 'attgenerated' : quote('')} as attgenerated
-                FROM pg_attribute a
-                LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
-                LEFT JOIN pg_type t ON a.atttypid = t.oid
-                LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
-               WHERE a.attrelid = #{quote(quote_table_name(table_name))}::regclass
-                 AND a.attnum > 0 AND NOT a.attisdropped
-               ORDER BY a.attnum
-          SQL
+          column_definitions =
+            query(<<~SQL, "SCHEMA")
+                SELECT a.attname, format_type(a.atttypid, a.atttypmod),
+                      pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
+                      c.collname, col_description(a.attrelid, a.attnum) AS comment,
+                      #{supports_virtual_columns? ? 'attgenerated' : quote('')} as attgenerated
+                  FROM pg_attribute a
+                  LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
+                  LEFT JOIN pg_type t ON a.atttypid = t.oid
+                  LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
+                WHERE a.attrelid = #{quote(quote_table_name(table_name))}::regclass
+                  AND a.attnum > 0 AND NOT a.attisdropped
+                ORDER BY a.attnum
+            SQL
+
+          CipherStashColumnMapper.map_column_definitions(column_definitions)
         end
 
         def extract_table_ref_from_insert_sql(sql)

data/lib/active_record/connection_adapters/cipherstash_column_mapper.rb

@@ -0,0 +1,52 @@
+require "set"
+
+module ActiveRecord
+  module ConnectionAdapters
+    # A module for mapping CipherStash internal columns to columns that ActiveRecord can work with.
+    #
+    # @private
+    class CipherStashColumnMapper
+      ENCRYPTED_INDEX_COLUMN_REGEX = /^__.+_(match|ore|unique)$/
+      ENCRYPTED_SOURCE_COLUMN_REGEX = /^__(.+)_encrypted$/
+
+      class << self
+        # Maps the given column definitions by filtering out CipherStash internal columns. This method
+        # also adds in plaintext columns if necessary (for example, when using the driver in "encrypted"
+        # mode after the original plaintext columns have been dropped).
+        def map_column_definitions(column_definitions)
+          all_column_names = column_definitions.map(&:first).to_set
+
+          column_definitions
+            .reject { |column_definition| encrypted_index_column?(column_definition) }
+            .map { |column_definition| maybe_rename_source_column(column_definition, all_column_names) }
+            .reject { |column_definition| encrypted_source_column?(column_definition) }
+        end
+
+        private
+
+          def encrypted_index_column?(column_definition)
+            ENCRYPTED_INDEX_COLUMN_REGEX =~ column_name(column_definition)
+          end
+
+          def encrypted_source_column?(column_definition)
+            ENCRYPTED_SOURCE_COLUMN_REGEX =~ column_name(column_definition)
+          end
+
+          def column_name(column_definition)
+            column_definition.first
+          end
+
+          def maybe_rename_source_column(column_definition, all_column_names)
+            column_name, *rest = column_definition
+            match = column_name.match(ENCRYPTED_SOURCE_COLUMN_REGEX)
+
+            if match && !all_column_names.include?(match.captures.first)
+              [match.captures.first, *rest]
+            else
+              column_definition
+            end
+          end
+      end
+    end
+  end
+end

data/lib/activerecord-cipherstash-pg-adapter.rb

@@ -11,6 +11,16 @@ module ActiveRecord
         rake_tasks do
           load "cipherstash_tasks.rake"
         end
+
+        initializer "postgres_cipherstash_adapter.configure" do
+          if defined?(Rails.application.credentials)
+            cs_credentials = Rails.application.credentials.try(:cipherstash)
+            ENV["CS_CLIENT_ID"] = cs_credentials&.fetch(:client_id, nil)
+            ENV["CS_CLIENT_KEY"] = cs_credentials&.fetch(:client_key, nil)
+            ENV["CS_WORKSPACE_ID"] = cs_credentials&.fetch(:workspace_id, nil)
+            ENV["CS_CLIENT_ACCESS_KEY"] = cs_credentials&.fetch(:client_access_key, nil)
+          end
+        end
       end
 
       # Method to install CipherStash custom ORE types

data/lib/version.rb

@@ -1,3 +1,3 @@
 module ActiveRecord
-  CIPHERSTASH_PG_ADAPTER_VERSION = "0.3.0"
+  CIPHERSTASH_PG_ADAPTER_VERSION = "0.5.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activerecord-cipherstash-pg-adapter
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Robin Howard
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-04 00:00:00.000000000 Z
+date: 2023-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -34,16 +34,16 @@ dependencies:
   name: cipherstash-pg
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.5
+        version: 1.0.0.beta.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.5
+        version: 1.0.0.beta.1
 description: CipherStash PostgreSQL adapter for ActiveRecord.
 email:
 - robin@cipherstash.com
@@ -135,6 +135,7 @@ files:
 - lib/active_record/connection_adapters/7.0/cipherstash_pg/type_metadata.rb
 - lib/active_record/connection_adapters/7.0/cipherstash_pg/utils.rb
 - lib/active_record/connection_adapters/7.0/postgres_cipherstash_adapter.rb
+- lib/active_record/connection_adapters/cipherstash_column_mapper.rb
 - lib/active_record/connection_adapters/cipherstash_pg/database_extensions.rb
 - lib/active_record/connection_adapters/cipherstash_pg/database_tasks.rb
 - lib/active_record/connection_adapters/postgres_cipherstash_adapter.rb
@@ -148,7 +149,7 @@ metadata:
   homepage_uri: https://github.com/cipherstash/activerecord-cipherstash-pg-adapter
   source_code_uri: https://github.com/cipherstash/activerecord-cipherstash-pg-adapter.git
   changelog_uri: https://github.com/cipherstash/activerecord-cipherstash-pg-adapter/blob/main/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -164,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.3.7
-signing_key: 
+signing_key:
 specification_version: 4
 summary: CipherStash PostgreSQL adapter for ActiveRecord.
 test_files: []