Merge pull request #115 from cipherstash/encrypted-stabby-selector-param

-> and ->> variants with eql_v2_encrypted selector

Author: tobyhede

src/encrypted/aggregates.sql

@@ -9,7 +9,6 @@ CREATE FUNCTION eql_v2.min(a eql_v2_encrypted, b eql_v2_encrypted)
 STRICT
 AS $$
   BEGIN
-    PERFORM eql_v2.log('eql_v2.min');
     IF eql_v2.ore_block_u64_8_256(a) < eql_v2.ore_block_u64_8_256(b) THEN
       RETURN a;
     ELSE
@@ -31,7 +30,6 @@ RETURNS eql_v2_encrypted
 STRICT
 AS $$
   BEGIN
-    PERFORM eql_v2.log('eql_v2.max');
     IF eql_v2.ore_block_u64_8_256(a) > eql_v2.ore_block_u64_8_256(b) THEN
       RETURN a;
     ELSE

src/operators/->.sql

@@ -5,19 +5,21 @@
 
 
 --
--- The -> operator returns an encrypted matching the selector
+-- The -> operator returns an encrypted matching the provided selector
+--
 -- Encyprted JSON is represented as an array of `eql_v2_encrypted`.
--- Each `eql_v2_encrypted` value has a selector, ciphertext, and an index term of
---   - blake3
---   - ore_cllw_u64_8
---   - ore_cllw_var_8
+-- Each `eql_v2_encrypted` value has a selector, ciphertext, and an index term
 --
 --     {
 --       "sv": [ {"c": "", "s": "", "b3": "" } ]
 --     }
 --
-
-
+-- Note on oeprator resolution:
+--   Assignment casts are considered for operator resolution (see PostgreSQL docs),
+--   the system may pick the "more specific" one, which is the one with both arguments of the same type.
+--
+-- This means that to use the text operator, the parameter will need to be cast to text
+--
 CREATE FUNCTION eql_v2."->"(e eql_v2_encrypted, selector text)
   RETURNS eql_v2_encrypted
   IMMUTABLE STRICT PARALLEL SAFE
@@ -43,10 +45,34 @@ AS $$
   END;
 $$ LANGUAGE plpgsql;
 
+CREATE OPERATOR ->(
+  FUNCTION=eql_v2."->",
+  LEFTARG=eql_v2_encrypted,
+  RIGHTARG=text
+);
+
+---------------------------------------------------
 
---
+
+CREATE FUNCTION eql_v2."->"(e eql_v2_encrypted, selector eql_v2_encrypted)
+  RETURNS eql_v2_encrypted
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+	BEGIN
+    RETURN eql_v2."->"(e, eql_v2.selector(selector));
+  END;
+$$ LANGUAGE plpgsql;
+
+
+
+CREATE OPERATOR ->(
+  FUNCTION=eql_v2."->",
+  LEFTARG=eql_v2_encrypted,
+  RIGHTARG=eql_v2_encrypted
+);
 
 
+---------------------------------------------------
 
 
 CREATE FUNCTION eql_v2."->"(e eql_v2_encrypted, selector integer)
@@ -76,11 +102,7 @@ AS $$
 $$ LANGUAGE plpgsql;
 
 
-CREATE OPERATOR ->(
-  FUNCTION=eql_v2."->",
-  LEFTARG=eql_v2_encrypted,
-  RIGHTARG=text
-);
+
 
 
 CREATE OPERATOR ->(

src/operators/->>.sql

@@ -11,9 +11,7 @@ AS $$
   DECLARE
     found eql_v2_encrypted;
 	BEGIN
-
     found = eql_v2."->"(e, selector);
-
     RETURN eql_v2.ciphertext(found);
   END;
 $$ LANGUAGE plpgsql;
@@ -26,3 +24,22 @@ CREATE OPERATOR ->> (
 );
 
 
+
+---------------------------------------------------
+
+
+CREATE FUNCTION eql_v2."->>"(e eql_v2_encrypted, selector eql_v2_encrypted)
+  RETURNS text
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+	BEGIN
+    RETURN eql_v2."->>"(e, eql_v2.selector(selector));
+  END;
+$$ LANGUAGE plpgsql;
+
+
+CREATE OPERATOR ->> (
+  FUNCTION=eql_v2."->>",
+  LEFTARG=eql_v2_encrypted,
+  RIGHTARG=eql_v2_encrypted
+);

src/operators/->>_test.sql

@@ -3,17 +3,18 @@
 SELECT create_table_with_encrypted();
 SELECT seed_encrypted_json();
 
+
 --
 -- The ->> operator returns ciphertext matching the selector
 DO $$
   BEGIN
     PERFORM assert_result(
         'Selector ->> returns at least one eql_v2_encrypted',
-        'SELECT e->>''bca213de9ccce676fa849ff9c4807963'' FROM encrypted;');
+        'SELECT e->>''bca213de9ccce676fa849ff9c4807963''::text FROM encrypted;');
 
     PERFORM assert_count(
         'Selector ->> returns all eql_v2_encrypted',
-        'SELECT e->>''bca213de9ccce676fa849ff9c4807963'' FROM encrypted;',
+        'SELECT e->>''bca213de9ccce676fa849ff9c4807963''::text FROM encrypted;',
         3);
   END;
 $$ LANGUAGE plpgsql;
@@ -25,7 +26,7 @@ DO $$
   BEGIN
     PERFORM assert_no_result(
         'Unknown selector -> returns null',
-        'SELECT e->>''blahvtha'' FROM encrypted;');
+        'SELECT e->>''blahvtha''::text FROM encrypted;');
 
   END;
 $$ LANGUAGE plpgsql;
@@ -38,8 +39,29 @@ DO $$
 
     PERFORM assert_result(
         'Selector ->> returns all eql_v2_encrypted',
-        'SELECT e->>''bca213de9ccce676fa849ff9c4807963'' FROM encrypted LIMIT 1;',
+        'SELECT e->>''bca213de9ccce676fa849ff9c4807963''::text FROM encrypted LIMIT 1;',
         'mBbLGB9xHAGzLvUj-`@Wmf=IhD87n7r3ir3n!Sk6AKir_YawR=0c>pk(OydB;ntIEXK~c>V&4>)rNkf<JN7fmlO)c^iBv;-X0+3XyK5d`&&I-oeIEOcwPf<3zy');
   END;
 $$ LANGUAGE plpgsql;
 
+
+--
+-- The ->> operator accepts an eql_v2_encrypted as the selector
+--
+DO $$
+ DECLARE
+    term text;
+  BEGIN
+    term := '{"s": "bca213de9ccce676fa849ff9c4807963"}';
+
+    PERFORM assert_result(
+        'Selector ->> returns at least one eql_v2_encrypted',
+        format('SELECT e->>%L::jsonb::eql_v2_encrypted FROM encrypted;', term));
+
+    PERFORM assert_count(
+        'Selector ->> returns all eql_v2_encrypted',
+        format('SELECT e->>%L::jsonb::eql_v2_encrypted FROM encrypted;', term),
+        3);
+  END;
+$$ LANGUAGE plpgsql;
+

src/operators/->_test.sql

@@ -5,17 +5,18 @@ SELECT create_table_with_encrypted();
 SELECT seed_encrypted_json();
 
 
+
 --
 -- The -> operator returns an encrypted matching the selector
 DO $$
   BEGIN
     PERFORM assert_result(
         'Selector -> returns at least one eql_v2_encrypted',
-        'SELECT e->''bca213de9ccce676fa849ff9c4807963'' FROM encrypted;');
+        'SELECT e->''bca213de9ccce676fa849ff9c4807963''::text FROM encrypted;');
 
     PERFORM assert_count(
         'Selector -> returns all eql_v2_encrypted',
-        'SELECT e->''bca213de9ccce676fa849ff9c4807963'' FROM encrypted;',
+        'SELECT e->''bca213de9ccce676fa849ff9c4807963''::text FROM encrypted;',
         3);
   END;
 $$ LANGUAGE plpgsql;
@@ -27,13 +28,34 @@ DO $$
   BEGIN
     PERFORM assert_no_result(
         'Unknown selector -> returns null',
-        'SELECT e->''blahvtha'' FROM encrypted;');
+        'SELECT e->''blahvtha''::text FROM encrypted;');
 
   END;
 $$ LANGUAGE plpgsql;
 
 
 
+--
+-- The -> operator accepts an eql_v2_encrypted as the selector
+--
+DO $$
+ DECLARE
+    term text;
+  BEGIN
+    term := '{"s": "bca213de9ccce676fa849ff9c4807963"}';
+
+    PERFORM assert_result(
+        'Selector -> returns at least one eql_v2_encrypted',
+        format('SELECT e->%L::jsonb::eql_v2_encrypted FROM encrypted;', term));
+
+    PERFORM assert_count(
+        'Selector -> returns all eql_v2_encrypted',
+        format('SELECT e->%L::jsonb::eql_v2_encrypted FROM encrypted;', term),
+        3);
+  END;
+$$ LANGUAGE plpgsql;
+
+
 --
 -- encrypted returned from -> operator expression called via eql_v2.ciphertext
 --
@@ -43,11 +65,11 @@ DO $$
   BEGIN
     PERFORM assert_result(
         'Fetch ciphertext via selector',
-        'SELECT eql_v2.ciphertext(e->''2517068c0d1f9d4d41d2c666211f785e'') FROM encrypted;');
+        'SELECT eql_v2.ciphertext(e->''2517068c0d1f9d4d41d2c666211f785e''::text) FROM encrypted;');
 
     PERFORM assert_count(
         'Fetch ciphertext via selector returns all eql_v2_encrypted',
-        'SELECT eql_v2.ciphertext(e->''2517068c0d1f9d4d41d2c666211f785e'') FROM encrypted;',
+        'SELECT eql_v2.ciphertext(e->''2517068c0d1f9d4d41d2c666211f785e''::text) FROM encrypted;',
         3);
   END;
 $$ LANGUAGE plpgsql;

src/operators/<=_test.sql

@@ -3,7 +3,7 @@
 SELECT create_table_with_encrypted();
 SELECT seed_encrypted_json();
 
-SELECT e FROM encrypted WHERE e->'a7cea93975ed8c01f861ccb6bd082784' <= '("{""c"": ""mBbM0#UZON2jQ3@LiWcvns2Yf6y3L;hykEh`}*fX#aF;n*=>+*o5Uarod39C7TF-SiCD-NgkG)l%Vw=l!tX>H*P<PfE$+0Szy"", ""s"": ""2517068c0d1f9d4d41d2c666211f785e"", ""ocf"": ""b0c13d4a4a9ffcb2ef853959fb2d26236337244ed86d66470d08963ed703356a1cee600a9a75a70aaefc1b4ca03b7918a7df25b7cd4ca774fd5b8616e6b9adb8""}")'::eql_v2_encrypted;
+SELECT e FROM encrypted WHERE e->'a7cea93975ed8c01f861ccb6bd082784'::text <= '("{""c"": ""mBbM0#UZON2jQ3@LiWcvns2Yf6y3L;hykEh`}*fX#aF;n*=>+*o5Uarod39C7TF-SiCD-NgkG)l%Vw=l!tX>H*P<PfE$+0Szy"", ""s"": ""2517068c0d1f9d4d41d2c666211f785e"", ""ocf"": ""b0c13d4a4a9ffcb2ef853959fb2d26236337244ed86d66470d08963ed703356a1cee600a9a75a70aaefc1b4ca03b7918a7df25b7cd4ca774fd5b8616e6b9adb8""}")'::eql_v2_encrypted;
 
 
 -- ------------------------------------------------------------------------
@@ -29,23 +29,23 @@ DECLARE
       -- json n: 30
       sv := get_numeric_ste_vec_30()::eql_v2_encrypted;
       -- extract the term at $.n returned as eql_v2_encrypted
-      term := sv->'2517068c0d1f9d4d41d2c666211f785e';
+      term := sv->'2517068c0d1f9d4d41d2c666211f785e'::text;
 
       -- -- -- -- $.n
       PERFORM assert_result(
         format('eql_v2_encrypted <= eql_v2_encrypted with ore_cllw_u64_8 index term'),
-        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e'' <= %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e''::text <= %L::eql_v2_encrypted', term));
 
       PERFORM assert_count(
         format('eql_v2_encrypted <= eql_v2_encrypted with ore index term'),
-        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e'' <= %L::eql_v2_encrypted', term),
+        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e''::text <= %L::eql_v2_encrypted', term),
         3);
 
       -- -- Check the $.hello path
       -- -- Returned encrypted does not have ore_cllw_u64_8
       PERFORM assert_no_result(
         format('eql_v2_encrypted <= eql_v2_encrypted with ore_cllw_u64_8 index term'),
-        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784'' <= %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784''::text <= %L::eql_v2_encrypted', term));
 
   END;
 $$ LANGUAGE plpgsql;
@@ -73,23 +73,23 @@ DECLARE
       -- json n: 30
       sv := get_numeric_ste_vec_30()::eql_v2_encrypted;
       -- extract the term at $.n returned as eql_v2_encrypted
-      term := sv->'a7cea93975ed8c01f861ccb6bd082784';
+      term := sv->'a7cea93975ed8c01f861ccb6bd082784'::text;
 
       -- -- -- -- $.n
       PERFORM assert_result(
         format('eql_v2_encrypted <= eql_v2_encrypted with ore_cllw_var_8 index term'),
-        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784'' <= %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784''::text <= %L::eql_v2_encrypted', term));
 
       PERFORM assert_count(
         format('eql_v2_encrypted <= eql_v2_encrypted with ore_cllw_var_8 index term'),
-        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784'' <= %L::eql_v2_encrypted', term),
+        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784''::text <= %L::eql_v2_encrypted', term),
         2);
 
       -- -- Check the $.n path
       -- -- Returned encrypted does not have ore_cllw_u64_8
       PERFORM assert_no_result(
         format('eql_v2_encrypted <= eql_v2_encrypted with ore_cllw_var_8 index term'),
-        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e'' <= %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e''::text <= %L::eql_v2_encrypted', term));
 
   END;
 $$ LANGUAGE plpgsql;

src/operators/<>_ore_cllw_u64_8_test.sql

@@ -31,23 +31,23 @@ DECLARE
       -- json n: 10
       sv := get_numeric_ste_vec_10()::eql_v2_encrypted;
       -- extract the term at $.n returned as eql_v2_encrypted
-      term := sv->'2517068c0d1f9d4d41d2c666211f785e';
+      term := sv->'2517068c0d1f9d4d41d2c666211f785e'::text;
 
       -- -- -- -- $.n
       PERFORM assert_result(
         format('eql_v2_encrypted <> eql_v2_encrypted with ore_cllw_u64_8 index term'),
-        format('SELECT e FROM encrypted WHERE (e->''2517068c0d1f9d4d41d2c666211f785e'') <> %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE (e->''2517068c0d1f9d4d41d2c666211f785e''::text) <> %L::eql_v2_encrypted', term));
 
       PERFORM assert_count(
         format('eql_v2_encrypted <> eql_v2_encrypted with ore index term'),
-        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e'' <> %L::eql_v2_encrypted', term),
+        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e''::text <> %L::eql_v2_encrypted', term),
         2);
 
       -- -- Check the $.hello path
       -- -- Returned encrypted does not have ore_cllw_u64_8
       PERFORM assert_result(
         format('eql_v2_encrypted <> eql_v2_encrypted with ore index term'),
-        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784'' <> %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784''::text <> %L::eql_v2_encrypted', term));
 
   END;
 $$ LANGUAGE plpgsql;

src/operators/<>_ore_cllw_var_8_test.sql

@@ -30,23 +30,23 @@ DECLARE
       -- json n: 10
       sv := get_numeric_ste_vec_10()::eql_v2_encrypted;
       -- extract the term at $.n returned as eql_v2_encrypted
-      term := sv->'a7cea93975ed8c01f861ccb6bd082784';
+      term := sv->'a7cea93975ed8c01f861ccb6bd082784'::text;
 
       -- -- -- -- $.n
       PERFORM assert_result(
         format('eql_v2_encrypted <> eql_v2_encrypted with ore_cllw_var_8 index term'),
-        format('SELECT e FROM encrypted WHERE (e->''a7cea93975ed8c01f861ccb6bd082784'') <> %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE (e->''a7cea93975ed8c01f861ccb6bd082784''::text) <> %L::eql_v2_encrypted', term));
 
       PERFORM assert_count(
         format('eql_v2_encrypted <> eql_v2_encrypted with ore_cllw_var_8 index term'),
-        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784'' <> %L::eql_v2_encrypted', term),
+        format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784''::text <> %L::eql_v2_encrypted', term),
         2);
 
       -- -- Check the $.n path
       -- -- Returned encrypted does not have ore_cllw_var_8
       PERFORM assert_result(
         format('eql_v2_encrypted <> eql_v2_encrypted with ore_cllw_var_8 index term'),
-        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e'' <> %L::eql_v2_encrypted', term));
+        format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e''::text <> %L::eql_v2_encrypted', term));
 
   END;
 $$ LANGUAGE plpgsql;

src/operators/<@_test.sql

@@ -25,7 +25,7 @@ DECLARE
       -- This extracts the data associated with the field from the test eql_v2_encrypted
       sv := get_numeric_ste_vec_10()::eql_v2_encrypted;
       -- extract the term at $.n returned as eql_v2_encrypted
-      term := sv->'a7cea93975ed8c01f861ccb6bd082784';
+      term := sv->'a7cea93975ed8c01f861ccb6bd082784'::text;
 
       -- -- -- -- $.n
       PERFORM assert_result(