This implements several changes to encourage deterministic encryption to
remain unchanged. The main motivation is letting you define unique
indexes on deterministically-encrypted columns:
- By default, deterministic encryption will always use the oldest
encryption scheme to encrypt new data, when there are many.
- You can skip this default behavior and make it always use the current
encryption scheme with:
```ruby
deterministic: { fixed: false } # using this should be a rare need
```
- Deterministic encryption still supports previous encryption schemes
normally. So they will be used to add additional values to queries, for
example.
- You can't rotate deterministic encryption keys anymore. We can add
support for that in the future.
This makes for reasonable defaults:
- People using "deterministic: true" will get unique indexes working out
of the box.
- The system will encourage keeping deterministic encryption stable:
- By always using oldest encryption schemes
- By forbidding configuring multiple keys
But you can still opt-out of the default if you need to.
Currently, the payload of the unpermitted_parameters.action_controller
events emitted by StrongParameters does not provide enough information for
developers to understand which controller and action received the
unpermitted parameters. This PR modifies ActionController::Parameters to
allow callers to specify a "context" which is included in the logging
payload.
*Implementation Strategy*
Since the ActionController::Parameters class is only loosely coupled
with controllers and can technically be used in any context, this PR
expects the caller to provide logging context.
Since StrongParameters is caller in Rails and has access to the
request object I chose to provide a payload similar to the
start_processing.action_controller event.
* Improve Readability of Guides on Multiple Databases
* Add comma after the introductory clause.
* Add backtick for the symbols used in the program.
* `primary`
* `false`
* Add descriptive information on ambiguous words.
* users => database users
* use the first configuration => use the first configuration as default
* a recent write => a recent write by the requesting user
* for an environment => for each environment
* both a `role` and `shard` => both a `role` and a `shard`
* Add missing period at the end of a sentence.
* Add double quote inside backtick
[Rafael Mendonça França + Takumasa Ochi]
* Document Destroy Async
Motivation:
- Add docs for Destroy async. I think I probably need to add
information about setting up active job, but I am not sure where we
want this, so I am putting this together to start conversation.
Related Issues:
- #41093
* Active Job not ActiveJob
* Fix some spelling issues
[Cory Gwin, Rafael Mendonça França, Eileen M. Uchitelle, Henrik Nyh]
Shallow routes is one of the most difficult-to-use features for
generating routes in Rails.
To make it easier to understand how it works, a routing table
shows us the final result and really helps.
However, there's only one table for shallow routes and it's with
shallow_path option, which is even more complicated.
Adding a table for simpler shallow routes will help people
understand shallow routing's idea and usage better.
There's a drawback of this addition. Adding a large table occupies
the screen and might make it slightly difficult to walk through
the documentation.
OrderedHash is deprecated but there are some requires and references
to OrderedHash, which might be confusing.
As described in
https://github.com/rails/rails/issues/22681#issuecomment-166059717
OrderedHash is internal only so references in the docs should be
removed.
The policy for security patches is very strict, and some people may find it surprising that even breaking changes as a result of an oversight or bug in a security fix will neither receive a release of their own nor be included in any subsequent security patches to address other security issues. Hopefully this additional text will help clarify this and avoid confusion.
This starts a series of patches in which we drop classic mode. The final
result no longer has a const_missing callback, there is no hook/unhook,
and so on.
So, in this patch we remove the ability of configuring classic, but some
of the code that remains will be further refactored.
Carlos Antonio da Silva