Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-449

Reject empty KMS providers if NEED_KMS_CREDENTIALS is not supported

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor - P4 Minor - P4
    • 1.6.0, 1.6.0-alpha0
    • None
    • None
    • None
    • Not Needed

    Description

      Scope

      • If mongocrypt_setopt_use_need_kms_credentials_state has not been called, reject an empty KMS provider (e.g. "aws: {}" or "local: {}") in mongocrypt_setopt_kms_providers.

      Background & Motivation

      MONGOCRYPT-382 and MONGOCRYPT-394 added support for supplying KMS providers on-demand. Drivers opt-in to this behavior with mongocrypt_setopt_use_need_kms_credentials_state. If mongocrypt_setopt_use_need_kms_credentials_state is not called, configuring an empty KMS provider has no hope at succeeding when used. It may be preferable to error earlier.

      Attachments

        Activity

          People

            kevin.albertson@mongodb.com Kevin Albertson
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: