Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-449

Reject empty KMS providers if NEED_KMS_CREDENTIALS is not supported

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Minor - P4 Minor - P4
    • 1.6.0, 1.6.0-alpha0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Not Needed

      Scope

      • If mongocrypt_setopt_use_need_kms_credentials_state has not been called, reject an empty KMS provider (e.g. "aws: {}" or "local: {}") in mongocrypt_setopt_kms_providers.

      Background & Motivation

      MONGOCRYPT-382 and MONGOCRYPT-394 added support for supplying KMS providers on-demand. Drivers opt-in to this behavior with mongocrypt_setopt_use_need_kms_credentials_state. If mongocrypt_setopt_use_need_kms_credentials_state is not called, configuring an empty KMS provider has no hope at succeeding when used. It may be preferable to error earlier.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: