Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2493

Ensure Auth Environment Variables are Always Dynamic

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: None
    • None
    • Needed
    • Hide

      Summary of required changes

      • Ensure that AWS credentials fetched from environment variables are handled appropriately.
      • Add tests to verify environment variable handling

      Additional background

      Please see https://github.com/mongodb/specifications/commit/875446db44aade414011731840831f38a6c668dffor the specification change.

      Please see https://github.com/mongodb/mongo-python-driver/commit/ff94b0e3094f6bf08645ff0a491ec9b51f504b53 for a reference implementation in Python.

      Integration test

      Drivers are expected to add integration tests as described in the specification change

      Show
      Summary of required changes Ensure that AWS credentials fetched from environment variables are handled appropriately. Add tests to verify environment variable handling Additional background Please see https://github.com/mongodb/specifications/commit/875446db44aade414011731840831f38a6c668dffor the specification change. Please see https://github.com/mongodb/mongo-python-driver/commit/ff94b0e3094f6bf08645ff0a491ec9b51f504b53  for a reference implementation in Python. Integration test Drivers are expected to add integration tests as described in the specification change
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CSHARP-4395 Fixed 2.19.0
      CDRIVER-4518 Backlog
      CXX-2611 Backlog
      GODRIVER-2641 Backlog
      JAVA-4800 Won't Do
      NODE-4797 Backlog
      MOTOR-1063 Duplicate
      PYTHON-3501 Fixed 4.3.3
      PHPLIB-1036 Backlog
      RUBY-3172 Backlog
      RUST-1533 Duplicate
      SWIFT-1677 Duplicate
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CSHARP-4395 Fixed 2.19.0 CDRIVER-4518 Backlog CXX-2611 Backlog GODRIVER-2641 Backlog JAVA-4800 Won't Do NODE-4797 Backlog MOTOR-1063 Duplicate PYTHON-3501 Fixed 4.3.3 PHPLIB-1036 Backlog RUBY-3172 Backlog RUST-1533 Duplicate SWIFT-1677 Duplicate

      Summary

      What is the problem or use case, what are we trying to achieve?
      In DRIVERS-2333 we introduced caching of AWS credentials. However, if credentials from environment variables are cached, the user will see an error if their application updates those environment variables and attempts a new connection.

      Drivers should ensure that credentials read from environment variables are never cached or stored, and instead are read as appropriate from the system. For programming languages that do not support dynamically changing environment variables, no change is necessary.

      Motivation

      Who is the affected end user?

      See CSHARP-4395 for an affected user. In this case the user will be better served once EKS credentials are properly handled in DRIVERS-1746, but the workaround is unavailable in the interim.

            Assignee:
            steve.silvester@mongodb.com Steve Silvester
            Reporter:
            steve.silvester@mongodb.com Steve Silvester
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: