Merge pull request #284 from cipherstash/jsonb-array-functions

Integration tests for jsonb array functions

Author: tobyhede

Cargo.lock

@@ -43,7 +43,8 @@ debug = true
 
 [workspace.dependencies]
 sqltk = { version = "0.10.0" }
-cipherstash-client = "0.23.0"
+cipherstash-client = "0.25.0"
+cts-common = { version = "0.3.0" }
 thiserror = "2.0.9"
 tokio = { version = "1.44.2", features = ["full"] }
 tracing = "0.1"

Cargo.toml

@@ -31,7 +31,7 @@ CS_PROXY__HOST = "proxy"
 # Misc
 DOCKER_CLI_HINTS = "false" # Please don't show us What's Next.
 
-CS_EQL_VERSION = "eql-2.1.4"
+CS_EQL_VERSION = "eql-2.1.5"
 
 
 [tools]
@@ -92,7 +92,12 @@ if [ "${CS_DATABASE__HOST}" == "localhost" ]; then
 fi
 
 # run the container
-echo docker compose up {{arg(name="service",default="proxy")}} {{option(name="extra-args",default="")}} | bash
+if ! echo docker compose up {{arg(name="service",default="proxy")}} {{option(name="extra-args",default="")}} | bash; then
+  echo "Error occurred during docker compose up, showing container logs:"
+  docker logs --timestamps --follow proxy
+  exit 1
+fi
+
 """
 
 [tasks."proxy:psql"]
@@ -478,10 +483,6 @@ done
 alias = 'e'
 description = "Download latest EQL release or use local copy"
 dir = "{{config_root}}/tests"
-outputs = [
-  "{{config_root}}/cipherstash-encrypt.sql",
-  "{{config_root}}/cipherstash-encrypt-uninstall.sql",
-]
 run = """
 # install script
 if [ -z "$CS_EQL_PATH" ]; then

mise.toml

@@ -4,14 +4,14 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+aws-lc-rs = "1.13.3"
 bytes = "1.10.1"
 cipherstash-client = { workspace = true, features = ["tokio"] }
 cipherstash-config = "0.2.3"
 cipherstash-proxy = { path = "../cipherstash-proxy/" }
 chrono = { version = "0.4.39", features = ["clock"] }
 clap = "4.5.32"
 fake = { version = "4", features = ["chrono", "derive"] }
-
 hex = "0.4.3"
 postgres-types = { version = "0.2.9", features = ["derive"] }
 rand = "0.9"

packages/cipherstash-proxy-integration/Cargo.toml

@@ -268,6 +268,8 @@ pub async fn insert_jsonb_for_search() {
 ///
 /// This is because the test database uses a self-signed certificate.
 pub fn configure_test_client() -> ClientConfig {
+    let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+
     let verifier = DangerousTestCertVerifier;
     rustls::ClientConfig::builder()
         .dangerous()

packages/cipherstash-proxy-integration/src/common.rs

@@ -0,0 +1,55 @@
+#[cfg(test)]
+mod tests {
+    use crate::common::{clear, insert_jsonb, query_by, simple_query, trace};
+    use crate::support::assert::assert_expected;
+    use crate::support::json_path::JsonPath;
+    use serde_json::Value;
+
+    async fn select_jsonb(selector: &str, expected: &[Value]) {
+        let selector = JsonPath::new(selector);
+
+        let sql =
+            "SELECT jsonb_array_elements(jsonb_path_query(encrypted_jsonb, $1)) FROM encrypted";
+        let actual = query_by::<Value>(sql, &selector).await;
+
+        assert_expected(expected, &actual);
+
+        let sql = format!("SELECT jsonb_array_elements(jsonb_path_query(encrypted_jsonb, '{selector}')) FROM encrypted");
+        let actual = simple_query::<Value>(&sql).await;
+
+        assert_expected(expected, &actual);
+    }
+
+    #[tokio::test]
+    async fn select_jsonb_array_elements_with_string() {
+        trace();
+
+        clear().await;
+        insert_jsonb().await;
+
+        let expected = vec![Value::from("hello"), Value::from("world")];
+        select_jsonb("$.array_string[@]", &expected).await;
+    }
+
+    #[tokio::test]
+    async fn select_jsonb_array_elements_with_numeric() {
+        trace();
+
+        clear().await;
+        insert_jsonb().await;
+
+        let expected = vec![Value::from(42), Value::from(84)];
+        select_jsonb("$.array_number[@]", &expected).await;
+    }
+
+    #[tokio::test]
+    async fn select_jsonb_array_elements_with_unknown_field() {
+        trace();
+
+        clear().await;
+        insert_jsonb().await;
+
+        let expected = vec![];
+        select_jsonb("$.blah", &expected).await;
+    }
+}

packages/cipherstash-proxy-integration/src/select/jsonb_array_elements.rs

@@ -0,0 +1,61 @@
+#[cfg(test)]
+mod tests {
+    use crate::common::{clear, insert_jsonb, query_by, simple_query, trace};
+    use crate::support::assert::assert_expected;
+    use crate::support::json_path::JsonPath;
+
+    async fn select_jsonb(selector: &str, expected: i32) {
+        let selector = JsonPath::new(selector);
+
+        let sql = "SELECT jsonb_array_length(jsonb_path_query(encrypted_jsonb, $1)) FROM encrypted";
+        let actual = query_by::<i32>(sql, &selector).await;
+
+        if expected == 0 {
+            assert!(actual.is_empty());
+        } else {
+            let expected = vec![expected];
+            assert_expected(&expected, &actual);
+        }
+
+        let sql = format!("SELECT jsonb_array_length(jsonb_path_query(encrypted_jsonb, '{selector}')) FROM encrypted");
+        let actual = simple_query::<i32>(&sql).await;
+
+        if expected == 0 {
+            assert!(actual.is_empty());
+        } else {
+            let expected = vec![expected];
+            assert_expected(&expected, &actual);
+        }
+    }
+
+    #[tokio::test]
+    async fn select_jsonb_array_length_with_string() {
+        trace();
+
+        clear().await;
+        insert_jsonb().await;
+
+        select_jsonb("$.array_string[@]", 2).await;
+    }
+
+    #[tokio::test]
+    async fn select_jsonb_array_length_with_numeric() {
+        trace();
+
+        clear().await;
+
+        insert_jsonb().await;
+
+        select_jsonb("$.array_number[@]", 2).await;
+    }
+
+    #[tokio::test]
+    async fn select_jsonb_array_length_with_unknown_field() {
+        trace();
+
+        clear().await;
+        insert_jsonb().await;
+
+        select_jsonb("$.blah", 0).await;
+    }
+}

packages/cipherstash-proxy-integration/src/select/jsonb_array_length.rs

@@ -1,4 +1,6 @@
 mod group_by;
+mod jsonb_array_elements;
+mod jsonb_array_length;
 mod jsonb_contained_by;
 mod jsonb_contains;
 mod jsonb_get_field;
@@ -10,6 +12,7 @@ mod order_by;
 mod order_by_with_null;
 mod pg_catalog;
 mod regression;
+mod select_domain_type;
 mod select_where_jsonb_eq;
 mod select_where_jsonb_gt;
 mod select_where_jsonb_gte;

packages/cipherstash-proxy-integration/src/select/mod.rs

@@ -4,6 +4,7 @@ version = "2.0.0"
 edition = "2021"
 
 [dependencies]
+aws-lc-rs = "1.13.3"
 bigdecimal = { version = "0.4.6", features = ["serde-json"] }
 arc-swap = "1.7.1"
 bytes = { version = "1.9", default-features = false }
@@ -16,7 +17,7 @@ config = { version = "0.15", features = [
     "json",
     "toml",
 ], default-features = false }
-cts-common = { version = "0.3.0" }
+cts-common = { workspace = true }
 eql-mapper = { path = "../eql-mapper" }
 exitcode = "1.1.2"
 hex = "0.4.3"
@@ -30,7 +31,6 @@ postgres-protocol = "0.6.7"
 postgres-types = { version = "0.2.8", features = ["with-serde_json-1"] }
 rand = "0.9"
 regex = "1.11.1"
-ring = { version = "0.17", default-features = false }
 rust_decimal = { version = "1.36.0", default-features = false, features = [
     "db-postgres",
 ] }
@@ -56,6 +56,7 @@ uuid = { version = "1.11.0", features = ["serde", "v4"] }
 x509-parser = "0.17.0"
 vitaminc-protected = "0.1.0-pre2"
 
+
 [dev-dependencies]
 recipher = "0.1.3"
 temp-env = "0.3.6"

packages/cipherstash-proxy/Cargo.toml

@@ -1,13 +1,14 @@
 use super::{configure, connect_with_retry};
 use crate::{error::Error, log::AUTHENTICATION};
+use aws_lc_rs::digest;
 use core::str;
 use oid_registry::{
     Oid, OID_HASH_SHA1, OID_NIST_HASH_SHA256, OID_NIST_HASH_SHA384, OID_NIST_HASH_SHA512,
     OID_PKCS1_SHA1WITHRSA, OID_PKCS1_SHA256WITHRSA, OID_PKCS1_SHA384WITHRSA,
     OID_PKCS1_SHA512WITHRSA, OID_SIG_ECDSA_WITH_SHA256, OID_SIG_ECDSA_WITH_SHA384, OID_SIG_ED25519,
 };
 use postgres_protocol::authentication::sasl::ChannelBinding;
-use ring::digest;
+
 use std::{
     pin::Pin,
     task::{Context, Poll},