[C++] Content formatting (#4)

* add content

Author: rachel-mack

snooty.toml

@@ -8,8 +8,7 @@ intersphinx = [
 ]
 
 toc_landing_pages = [
-    "/installation",
-    "/contributing"
+    "/installation"
     ]
 
 sharedinclude_root = "https://raw.githubusercontent.com/10gen/docs-shared/main/"
@@ -19,4 +18,5 @@ driver = "cpp"
 driver-long = "MongoDB C++ Driver"
 driver-short = "C++ driver"
 version = "3.10"
+full-version = "{+version+}.0"
 api = "https://mongocxx.org/api/current"

source/api-abi-versioning.txt

@@ -0,0 +1,142 @@
+.. _cpp-api-abi-versioning:
+
+======================
+API and ABI Versioning
+======================
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+.. facet::
+   :name: genre
+   :values: reference
+
+API Versioning
+--------------
+
+- We use `semantic versioning <http://semver.org/>`__.
+- bsoncxx and mongocxx both define corresponding CMake variables for MAJOR, MINOR, and PATCH.
+
+ABI Versioning
+--------------
+
+- Both bsoncxx and mongocxx both have a single scalar ABI version.
+- Only bump ABI version on **incompatible** ABI change (not for ABI additions).
+- **We stay on ABI version \_noabi (without bumping for incompatible changes) until ABI is stable.**
+
+Parallel Header Installation
+----------------------------
+
+- For mongocxx, install all headers to ``$PREFIX/mongocxx/v$ABI/``.
+- For bsoncxx, install all headers to ``$PREFIX/bsoncxx/v$ABI/``.
+- We install a pkg-config file to shield consumers from this complexity.
+
+Sonames and Symlinks
+--------------------
+
+.. note::
+
+   - Below examples are given for libmongocxx, but also apply to libbsoncxx
+   
+   - DSO refers to Dynamic Shared Object, to use Ulrich Drepper’s terminology
+
+Windows (MSVC only)
+~~~~~~~~~~~~~~~~~~~
+
+Since version 3.10.0, the physical filename for CXX Driver libraries is different
+from other platforms when built with the MSVC toolchain on Windows
+(even when the CMake generator is not Visual Studio).
+To restore prior behavior, which is similar to other platforms, set ``ENABLE_ABI_TAG_IN_LIBRARY_FILENAMES=OFF``.
+
+- Physical filename for a DSO is ``mongocxx-$ABI-$TAG.dll``
+- Physical filename for a static library is ``mongocxx-static-$TAG.lib``
+
+Where ``$TAG`` is a triplet of letters indicating:
+
+- Build Type
+- mongoc Link Type
+- Polyfill Library
+
+This is followed by a suffix describing the toolset and runtime library used to build the library.
+
+Some examples of common DSO filenames expected to be generated include:
+
+- ``mongocxx-v_noabi-rhs-x64-v142-md.dll`` (release build configuration)
+- ``mongocxx-v_noabi-dhs-x64-v142-mdd.dll`` (debug build configuration)
+- ``mongocxx-v_noabi-rts-x64-v142-md.dll`` (link with mongoc statically)
+- ``mongocxx-v_noabi-rhi-x64-v142-md.dll`` (bsoncxx polyfill library)
+- ``mongocxx-v_noabi-rhm-x64-v142-md.dll`` (mnmlstc/core polyfill library)
+- ``mongocxx-v_noabi-rhb-x64-v142-md.dll`` (Boost polyfill library)
+
+This allows libraries built with different build configurations (and different runtime library requirements) to be built and installed without conflicting with each other.
+
+See references to ``ENABLE_ABI_TAG_IN_LIBRARY_FILENAMES`` and related code in the CMake configuration for more details.
+
+Other Platforms (Linux, MacOS)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Physical filename for a DSO is ``libmongocxx.so.$MAJOR.$MINOR.$PATCH``
+
+.. note:: 
+   
+   The physical filename is disconnected from ABI version/soname. This looks a bit strange, but allows multiple versions of the library with the same ABI version to be installed on the same system.
+
+- soname for a DSO is ``libmongocxx.$ABI``
+
+We provide a soname symlink that links to the physical DSO.  We also
+provide a dev symlink that links to the soname symlink of the highest ABI
+version of the library installed.
+
+Inline Namespaces
+-----------------
+
+- We provide inline namespace macros for both mongocxx and bsoncxx.
+- This allows multiple, ABI incompatible versions of the library to be linked into the same application.
+- The name of the namespace is ``v$ABI``. We create them from ABI version to maintain forwards compatibibility.
+
+Deprecation
+-----------
+
+Occasionally we will phase features out of use in the driver.
+In the release that marks a feature as deprecated we offer several transition options:
+
+1. The original method, marked with ``MONGOCXX_DEPRECATED``. This will raise deprecation warnings when compiled.
+#. A variant of the feature suffixed with ``_deprecated``. This will require
+   only small code changes and will not raise deprecation warnings.
+#. A new feature that provides alternate functionality. The new feature may not
+   be a drop-in replacement for the deprecated feature and switching to it may
+   require code changes. In the rare case where we remove a feature without replacing it, this third option will not be available.
+
+In the following release, the original feature marked with ``MONGOCXX_DEPRECATED`` and its
+suffixed ``_deprecated`` equivalent will be removed.
+
+.. code-block:: cpp
+
+   // release 1 with a supported feature
+   void do_thing();
+
+   // release 2 where the feature is deprecated in favor of a new feature
+   MONGOCXX_DEPRECATED void do_thing();
+   void do_thing_deprecated();
+   void do_new_thing();
+
+   // release 3 where the original feature is removed
+   void do_new_thing();
+
+In the case of a feature rename we do not offer a suffixed ``_deprecated`` variant,
+as one can simply switch to using the new name with the same amount of effort.
+
+.. code-block:: cpp
+
+   // release 1 with a supported feature
+   void do_thing();
+
+   // release 2 where the feature name is renamed
+   MONGOCXX_DEPRECATED void do_thing();
+   void do_stuff();
+
+   // release 3 where the original feature name is removed
+   void do_stuff();

source/client-side-encryption.txt

@@ -0,0 +1,162 @@
+.. _cpp-client-side-encryption:
+
+===================================
+Client-Side Field Level Encryption
+===================================
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+.. facet::
+   :name: genre
+   :values: reference
+
+Client-Side Field Level Encryption
+----------------------------------
+
+New in MongoDB 4.2 `Client-Side Field Level Encryption (CSFLE) <https://www.mongodb.com/docs/drivers/use-cases/client-side-field-level-encryption-guide>`__ allows administrators and developers to encrypt specific data fields in addition to other MongoDB encryption features.
+
+With CSFLE, developers can encrypt fields client side without any server-side configuration or directives. Client-Side Field Level Encryption supports workloads where applications must guarantee that unauthorized parties, including server administrators, cannot read the encrypted data.
+
+For an overview of CSFLE, please read :manual:`the official MongoDB documentation in the manual </core/security-client-side-encryption/>`.
+
+Installation
+------------
+
+``libmongocrypt``
+~~~~~~~~~~~~~~~~~
+
+Client-Side Field Level Encryption relies on a C library called ``libmongocrypt`` to do the heavy lifting encryption work. This dependency is managed by the C driver.  As long as the C driver installation is 1.16.0 or higher, and has been compiled with Client-Side Field Level Encryption support, this dependency should be managed internally.  See the C driver's `Using Client-Side Field Level Encryption <https://mongoc.org/libmongoc/current/client-side-field-level-encryption.html>`__ for more information.
+
+``mongocryptd``
+~~~~~~~~~~~~~~~
+
+Automatic CSFLE relies upon a new binary called ``mongocryptd`` running as a daemon while the driver operates.  This binary is only available with MongoDB Enterprise.
+
+``mongocryptd`` can either be started separately from the driver, or left to spawn automatically when encryption is used.
+
+To run mongocryptd separately, pass the ``mongocryptdBypassSpawn`` flag to the client's auto encryption options:
+
+.. code-block:: cpp
+
+   auto mongocryptd_options = make_document(kvp("mongocryptdBypassSpawn", true));
+
+   options::auto_encryption auto_encrypt_opts{};
+   auto_encrypt_opts.extra_options({mongocryptd_options.view()});
+
+If the mongocryptd binary is on the current path, the driver will be able to spawn it without any custom flags.  However, if the mongocryptd binary is on a different path, set the path with the ``mongocryptdSpawnPath`` option:
+
+.. code-block:: cpp
+
+   auto mongocryptd_options = make_document(kvp("mongocryptdSpawnPath", "path/to/mongocryptd"));
+
+   options::auto_encryption auto_encrypt_opts{};
+   auto_encrypt_opts.extra_options({mongocryptd_options.view()});
+
+Examples
+--------
+
+Automatic Client-Side Field Level Encryption
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Automatic Client-Side Field Level Encryption is enabled by creating a ``mongocxx::client`` with the ``auto_encryption_opts`` option set to an instance of ``mongocxx::options::auto_encryption``. The following examples show how to set up automatic client-side field level encryption using the ``mongocxx::client_encryption`` class to create a new encryption data key.
+
+.. note::
+   
+   Automatic client-side field level encryption requires MongoDB 4.2 enterprise or a MongoDB 4.2 Atlas cluster. The community version of the server supports automatic decryption as well as explicit client-side field level encryption.
+
+Providing Local Automatic Encryption Rules
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following example shows how to specify automatic encryption rules via the
+schema_map option. The automatic encryption rules are expressed using a `strict
+subset of the JSON Schema syntax
+<https://www.mongodb.com/docs/manual/reference/security-client-side-automatic-json-schema/>`__.
+
+Supplying a ``schema_map`` provides more security than relying on JSON Schemas obtained from the server. It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending unencrypted data that should be encrypted.
+
+JSON Schemas supplied in the ``schema_map`` only apply to configuring automatic client-side field level encryption. Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.
+
+.. code-block:: cpp
+
+   //
+   // The schema map has the following form:
+   //
+   //   {
+   //      "test.coll" : {
+   //         "bsonType" : "object",
+   //         "properties" : {
+   //            "encryptedFieldName" : {
+   //               "encrypt" : {
+   //                  "keyId" : [ <datakey as UUID> ],
+   //                  "bsonType" : "string",
+   //                  "algorithm" : <algorithm>
+   //               }
+   //            }
+   //         }
+   //      }
+   //   }
+   //
+
+Please see `examples/mongocxx/automatic_client_side_field_level_encryption.cpp <https://github.com/mongodb/mongo-cxx-driver/blob/master/examples/mongocxx/automatic_client_side_field_level_encryption.cpp>`__ for a full example of how to set a json schema for automatic encryption.
+
+Server-Side Field Level Encryption Enforcement
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The MongoDB 4.2 server supports using schema validation to enforce encryption of specific fields in a collection. This schema validation will prevent an application from inserting unencrypted values for any fields marked with the ``"encrypt"`` JSON schema keyword.
+
+It is possible to set up automatic client-side field level encryption using the ``mongocxx::client_encryption`` to create a new encryption data key and create a collection with the :manual:`Automatic Encryption JSON Schema Syntax </reference/security-client-side-automatic-json-schema/>`.
+
+.. code-block:: cpp
+
+   // Please see the linked example below for full json_schema construction.
+   bsoncxx::document::value json_schema{};
+
+   // Create the collection with the encryption JSON Schema.
+   auto cmd = document{} << "create"
+                         << "coll"
+                         << "validator" << open_document
+		         << "$jsonSchema" << json_schema.view()
+                         << close_document << finalize;
+
+   db.run_command(cmd.view());
+
+Please see `examples/mongocxx/server_side_field_level_encryption_enforcement.cpp <https://github.com/mongodb/mongo-cxx-driver/blob/master/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp>`__ for a full example of setting encryption enforcement on the server.
+
+Explicit Encryption
+~~~~~~~~~~~~~~~~~~~
+
+Explicit encryption is a MongoDB community feature and does not use the ``mongocryptd`` process. Explicit encryption is provided by the ``mongocxx::client_encryption`` class.
+
+.. code-block:: cpp
+
+   // Explicitly encrypt a BSON value.
+   auto to_encrypt = bsoncxx::types::bson_value::make_value("secret message");
+   auto encrypted_message = client_encryption.encrypt(to_encrypt, encrypt_opts);
+
+   // Explicitly decrypt a BSON value.
+   auto decrypted_message = client_encryption.decrypt(encrypted_message);
+
+Please see `examples/mongocxx/explicit_encryption.cpp <https://github.com/mongodb/mongo-cxx-driver/blob/master/examples/mongocxx/explicit_encryption.cpp>`__ for a full example of using explicit encryption and decryption.
+
+Explicit Encryption with Automatic Decryption
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Although automatic encryption requires MongoDB 4.2 enterprise or a MongoDB 4.2 Atlas cluster, automatic decryption is supported for all users. To configure automatic decryption without automatic encryption, set ``bypass_auto_encryption=True`` in the ``options::auto_encryption`` class.
+
+.. code-block:: cpp
+
+   options::auto_encryption auto_encrypt_opts{};
+   auto_encrypt_opts.bypass_auto_encryption(true);
+   // Please see full example for complete options construction.
+
+   // Create a client with automatic decryption enabled, but automatic encryption bypassed.
+   options::client client_opts{};
+   client_opts.auto_encryption_opts(std::move(auto_encrypt_opts));
+   class client client_encrypted {uri{}, std::move(client_opts)};
+
+Please see  `examples/mongocxx/explicit_encryption_auto_decryption.cpp <https://github.com/mongodb/mongo-cxx-driver/blob/master/examples/mongocxx/explicit_encryption_auto_decryption.cpp>`__ for an example of using explicit encryption with automatic decryption.
+