Flatten autoEncryption driver options in MongoDB\Manager::__construct

GromNaN · GromNaN · commit dbba6f696bd1 · 2025-06-30T20:02:00.000+02:00
diff --git a/language-snippets.ent b/language-snippets.ent
@@ -3073,24 +3073,13 @@ paths</simpara></warning>
          </row>
 '>
 <!ENTITY mongodb.option.encryption.keyVaultClient '
-         <row xmlns="http://docbook.org/ns/docbook">
-          <entry>keyVaultClient</entry>
-          <entry><classname>MongoDB\Driver\Manager</classname></entry>
-          <entry>The Manager used to route data key queries to a separate MongoDB cluster. By default, the current Manager and cluster is used.</entry>
-         </row>
+          <entry xmlns="http://docbook.org/ns/docbook">The Manager used to route data key queries to a separate MongoDB cluster. By default, the current Manager and cluster is used.</entry>
 '>
 <!ENTITY mongodb.option.encryption.keyVaultNamespace '
-         <row xmlns="http://docbook.org/ns/docbook">
-          <entry>keyVaultNamespace</entry>
-          <entry><type>string</type></entry>
-          <entry>A fully qualified namespace (e.g. <literal>"databaseName.collectionName"</literal>) denoting the collection that contains all data keys used for encryption and decryption. This option is required.</entry>
-         </row>
+          <entry xmlns="http://docbook.org/ns/docbook">A fully qualified namespace (e.g. <literal>"databaseName.collectionName"</literal>) denoting the collection that contains all data keys used for encryption and decryption. This option is required.</entry>
 '>
 <!ENTITY mongodb.option.encryption.kmsProviders '
-         <row xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
-          <entry>kmsProviders</entry>
-          <entry><type>array</type></entry>
-          <entry>
+          <entry xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
            <para>
             A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include <literal>"aws"</literal>, <literal>"azure"</literal>, <literal>"gcp"</literal>, <literal>"kmip"</literal>, and <literal>"local"</literal> and at least one must be specified.
            </para>
@@ -3159,7 +3148,6 @@ local: {
 ]]>
            </programlisting>
           </entry>
-         </row>
 '>
 <!ENTITY mongodb.option.encryption.masterKey-options-by-provider '
   <para xmlns="http://docbook.org/ns/docbook">
@@ -3303,10 +3291,7 @@ local: {
   </para>
 '>
 <!ENTITY mongodb.option.encryption.tlsOptions '
-         <row xmlns="http://docbook.org/ns/docbook">
-          <entry>tlsOptions</entry>
-          <entry><type>array</type></entry>
-          <entry>
+          <entry xmlns="http://docbook.org/ns/docbook">
            <para>
             A document containing the TLS configuration for one or more KMS providers. Supported providers include <literal>"aws"</literal>, <literal>"azure"</literal>, <literal>"gcp"</literal>, and <literal>"kmip"</literal>. All providers support the following options:
            </para>
@@ -3321,7 +3306,6 @@ local: {
 ]]>
            </programlisting>
           </entry>
-         </row>
 '>
 <!ENTITY mongodb.option.maxCommitTimeMS '
          <row xmlns="http://docbook.org/ns/docbook">
diff --git a/reference/mongodb/mongodb/driver/manager/construct.xml b/reference/mongodb/mongodb/driver/manager/construct.xml
@@ -659,129 +659,6 @@ mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][
              <literal>bypassAutoEncryption</literal> is &true;.
             </para>
            </note>
-           <para>
-            The following options are supported:
-
-            <table>
-             <title>Options for automatic encryption</title>
-             <tgroup cols="3">
-              <thead>
-               <row>
-                <entry>Option</entry>
-                <entry>Type</entry>
-                <entry>Description</entry>
-               </row>
-              </thead>
-              <tbody>
-               &mongodb.option.encryption.keyVaultClient;
-               &mongodb.option.encryption.keyVaultNamespace;
-               &mongodb.option.encryption.kmsProviders;
-               &mongodb.option.encryption.tlsOptions;
-               <row>
-                <entry>schemaMap</entry>
-                <entry><type class="union"><type>array</type><type>object</type></type></entry>
-                <entry>
-                 <para>
-                  Map of collection namespaces to a local JSON schema. This is
-                  used to configure automatic encryption. See
-                  <link xlink:href="&url.mongodb.docs;reference/security-client-side-automatic-json-schema/">Automatic Encryption Rules</link>
-                  in the MongoDB manual for more information. It is an error to
-                  specify a collection in both <literal>schemaMap</literal> and
-                  <literal>encryptedFieldsMap</literal>.
-                 </para>
-                 <note>
-                  <simpara>
-                   Supplying a <literal>schemaMap</literal> provides more
-                   security than relying on JSON schemas obtained from the
-                   server. It protects against a malicious server advertising a
-                   false JSON schema, which could trick the client into sending
-                   unencrypted data that should be encrypted.
-                  </simpara>
-                 </note>
-                 <note>
-                  <simpara>
-                   Schemas supplied in the <literal>schemaMap</literal> only
-                   apply to configuring automatic encryption for client side
-                   encryption. Other validation rules in the JSON schema will
-                   not be enforced by the driver and will result in an error.
-                  </simpara>
-                 </note>
-                </entry>
-               </row>
-               <row>
-                <entry>bypassAutoEncryption</entry>
-                <entry><type>bool</type></entry>
-                <entry>
-                 If &true;, <literal>mongocryptd</literal> will not be spawned
-                 automatically. This is used to disable automatic encryption.
-                 Defaults to &false;.
-                </entry>
-               </row>
-               <row>
-                <entry>bypassQueryAnalysis</entry>
-                <entry><type>bool</type></entry>
-                <entry>
-                 <para>
-                  If &true;, automatic analysis of outgoing commands will be
-                  disabled and <literal>mongocryptd</literal> will not be
-                  spawned automatically. This enables the use case of explicit
-                  encryption for querying indexed fields without requiring the
-                  enterprise licensed <literal>crypt_shared</literal> library or
-                  <literal>mongocryptd</literal> process. Defaults to &false;.
-                 </para>
-                </entry>
-               </row>
-               <row>
-                <entry>encryptedFieldsMap</entry>
-                <entry><type class="union"><type>array</type><type>object</type></type></entry>
-                <entry>
-                 <para>
-                  Map of collection namespaces to an
-                  <literal>encryptedFields</literal> document. This is used to
-                  configure queryable encryption. See
-                  <link xlink:href="&url.mongodb.docs;core/queryable-encryption/fundamentals/encrypt-and-query/">Field Encryption and Queryability</link>
-                  in the MongoDB manual for more information. It is an error to
-                  specify a collection in both
-                  <literal>encryptedFieldsMap</literal> and
-                  <literal>schemaMap</literal>.
-                 </para>
-                 <note>
-                  <simpara>
-                   Supplying an <literal>encryptedFieldsMap</literal> provides
-                   more security than relying on an
-                   <literal>encryptedFields</literal> obtained from the server.
-                   It protects against a malicious server advertising a false
-                   <literal>encryptedFields</literal>.
-                  </simpara>
-                 </note>
-                </entry>
-               </row>
-               <row>
-                <entry>extraOptions</entry>
-                <entry><type>array</type></entry>
-                <entry>
-                 <para>
-                  The <literal>extraOptions</literal> relate to the
-                  <literal>mongocryptd</literal> process. The following options
-                  are supported:
-                 </para>
-                 <simplelist>
-                  <member><literal>mongocryptdURI</literal> (<type>string</type>): URI to connect to an existing <literal>mongocryptd</literal> process. Defaults to <literal>"mongodb://localhost:27020"</literal>.</member>
-                  <member><literal>mongocryptdBypassSpawn</literal> (<type>bool</type>): If &true;, prevent the driver from spawning <literal>mongocryptd</literal>. Defaults to &false;.</member>
-                  <member><literal>mongocryptdSpawnPath</literal> (<type>string</type>): Absolute path to search for <literal>mongocryptd</literal> binary. Defaults to empty string and consults system paths.</member>
-                  <member><literal>mongocryptdSpawnArgs</literal> (<type>array</type>): Array of string arguments to pass to <literal>mongocryptd</literal> when spawning. Defaults to <literal>["--idleShutdownTimeoutSecs=60"]</literal>.</member>
-                  <member><literal>cryptSharedLibPath</literal> (<type>string</type>): Absolute path to <literal>crypt_shared</literal> shared library. Defaults to empty string and consults system paths.</member>
-                  <member><literal>cryptSharedLibRequired</literal> (<type>bool</type>): If &true;, require the driver to load <literal>crypt_shared</literal>. Defaults to &false;.</member>
-                 </simplelist>
-                 <para>
-                  See the <link xlink:href="&url.mongodb.specs;/blob/master/source/client-side-encryption/client-side-encryption.rst#extraoptions">Client-Side Encryption Specification</link> for more information.
-                 </para>
-                </entry>
-               </row>
-              </tbody>
-             </tgroup>
-            </table>
-           </para>
 
            <note>
             <simpara>
@@ -797,6 +674,127 @@ mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][
            </note>
           </entry>
          </row>
+         <row>
+          <entry>autoEncryption.keyVaultClient</entry>
+          <entry><classname>MongoDB\Driver\Manager</classname></entry>
+          &mongodb.option.encryption.keyVaultClient;
+         </row>
+         <row>
+          <entry>autoEncryption.keyVaultNamespace</entry>
+          <entry><type>string</type></entry>
+          &mongodb.option.encryption.keyVaultNamespace;
+         </row>
+         <row>
+          <entry>autoEncryption.kmsProviders</entry>
+          <entry><type>array</type></entry>
+          &mongodb.option.encryption.kmsProviders;
+         </row>
+         <row>
+          <entry>autoEncryption.tlsOptions</entry>
+          <entry><type>array</type></entry>
+          &mongodb.option.encryption.tlsOptions;
+         </row>
+         <row>
+          <entry>autoEncryption.schemaMap</entry>
+          <entry><type class="union"><type>array</type><type>object</type></type></entry>
+          <entry>
+           <para>
+            Map of collection namespaces to a local JSON schema. This is
+            used to configure automatic encryption. See
+            <link xlink:href="&url.mongodb.docs;reference/security-client-side-automatic-json-schema/">Automatic Encryption Rules</link>
+            in the MongoDB manual for more information. It is an error to
+            specify a collection in both <literal>schemaMap</literal> and
+            <literal>encryptedFieldsMap</literal>.
+           </para>
+           <note>
+            <simpara>
+               Supplying a <literal>schemaMap</literal> provides more
+               security than relying on JSON schemas obtained from the
+               server. It protects against a malicious server advertising a
+               false JSON schema, which could trick the client into sending
+               unencrypted data that should be encrypted.
+            </simpara>
+           </note>
+           <note>
+            <simpara>
+               Schemas supplied in the <literal>schemaMap</literal> only
+               apply to configuring automatic encryption for client side
+               encryption. Other validation rules in the JSON schema will
+               not be enforced by the driver and will result in an error.
+            </simpara>
+           </note>
+          </entry>
+         </row>
+         <row>
+            <entry>autoEncryption.bypassAutoEncryption</entry>
+            <entry><type>bool</type></entry>
+            <entry>
+            If &true;, <literal>mongocryptd</literal> will not be spawned
+            automatically. This is used to disable automatic encryption.
+            Defaults to &false;.
+            </entry>
+         </row>
+         <row>
+            <entry>autoEncryption.bypassQueryAnalysis</entry>
+            <entry><type>bool</type></entry>
+            <entry>
+            <para>
+            If &true;, automatic analysis of outgoing commands will be
+            disabled and <literal>mongocryptd</literal> will not be
+            spawned automatically. This enables the use case of explicit
+            encryption for querying indexed fields without requiring the
+            enterprise licensed <literal>crypt_shared</literal> library or
+            <literal>mongocryptd</literal> process. Defaults to &false;.
+            </para>
+            </entry>
+         </row>
+         <row>
+            <entry>autoEncryption.encryptedFieldsMap</entry>
+            <entry><type class="union"><type>array</type><type>object</type></type></entry>
+            <entry>
+            <para>
+            Map of collection namespaces to an
+            <literal>encryptedFields</literal> document. This is used to
+            configure queryable encryption. See
+            <link xlink:href="&url.mongodb.docs;core/queryable-encryption/fundamentals/encrypt-and-query/">Field Encryption and Queryability</link>
+            in the MongoDB manual for more information. It is an error to
+            specify a collection in both
+            <literal>encryptedFieldsMap</literal> and
+            <literal>schemaMap</literal>.
+            </para>
+            <note>
+            <simpara>
+               Supplying an <literal>encryptedFieldsMap</literal> provides
+               more security than relying on an
+               <literal>encryptedFields</literal> obtained from the server.
+               It protects against a malicious server advertising a false
+               <literal>encryptedFields</literal>.
+            </simpara>
+            </note>
+            </entry>
+         </row>
+         <row>
+            <entry>autoEncryption.extraOptions</entry>
+            <entry><type>array</type></entry>
+            <entry>
+            <para>
+            The <literal>extraOptions</literal> relate to the
+            <literal>mongocryptd</literal> process. The following options
+            are supported:
+            </para>
+            <simplelist>
+            <member><literal>mongocryptdURI</literal> (<type>string</type>): URI to connect to an existing <literal>mongocryptd</literal> process. Defaults to <literal>"mongodb://localhost:27020"</literal>.</member>
+            <member><literal>mongocryptdBypassSpawn</literal> (<type>bool</type>): If &true;, prevent the driver from spawning <literal>mongocryptd</literal>. Defaults to &false;.</member>
+            <member><literal>mongocryptdSpawnPath</literal> (<type>string</type>): Absolute path to search for <literal>mongocryptd</literal> binary. Defaults to empty string and consults system paths.</member>
+            <member><literal>mongocryptdSpawnArgs</literal> (<type>array</type>): Array of string arguments to pass to <literal>mongocryptd</literal> when spawning. Defaults to <literal>["--idleShutdownTimeoutSecs=60"]</literal>.</member>
+            <member><literal>cryptSharedLibPath</literal> (<type>string</type>): Absolute path to <literal>crypt_shared</literal> shared library. Defaults to empty string and consults system paths.</member>
+            <member><literal>cryptSharedLibRequired</literal> (<type>bool</type>): If &true;, require the driver to load <literal>crypt_shared</literal>. Defaults to &false;.</member>
+            </simplelist>
+            <para>
+            See the <link xlink:href="&url.mongodb.specs;/blob/master/source/client-side-encryption/client-side-encryption.rst#extraoptions">Client-Side Encryption Specification</link> for more information.
+            </para>
+            </entry>
+         </row>
          <row>
           <entry>ca_dir</entry>
           <entry><type>string</type></entry>
diff --git a/reference/mongodb/mongodb/driver/manager/createclientencryption.xml b/reference/mongodb/mongodb/driver/manager/createclientencryption.xml
@@ -36,10 +36,26 @@
          </row>
         </thead>
         <tbody>
-         &mongodb.option.encryption.keyVaultClient;
-         &mongodb.option.encryption.keyVaultNamespace;
-         &mongodb.option.encryption.kmsProviders;
-         &mongodb.option.encryption.tlsOptions;
+         <row>
+          <entry>keyVaultClient</entry>
+          <entry><classname>MongoDB\Driver\Manager</classname></entry>
+          &mongodb.option.encryption.keyVaultClient;
+         </row>
+         <row>
+          <entry>keyVaultNamespace</entry>
+          <entry><type>string</type></entry>
+          &mongodb.option.encryption.keyVaultNamespace;
+         </row>
+         <row>
+          <entry>kmsProviders</entry>
+          <entry><type>array</type></entry>
+          &mongodb.option.encryption.kmsProviders;
+         </row>
+         <row>
+          <entry>tlsOptions</entry>
+          <entry><type>array</type></entry>
+          &mongodb.option.encryption.tlsOptions;
+         </row>
         </tbody>
        </tgroup>
       </table>
