Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-4462 Add support for GCP attached service accounts when using GCP KMS
  3. NODE-5053

Fix aws kms provider automatic credential fetching to only happen when passed an empty map

    • 0
    • Not Needed
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      The AWS credential fetching code is too permissive of the input options for setting up FLE. It checks for the falesiness of the aws property on kmsProviders, which could lead to an issue if a user is not using aws for their kms provider but do have the sdk installed for another use case. The library will pull in the SDK and attempt to fetch credentials, which in this scenario should fail since they are not using AWS for that.

      This is a bug, although it will be a behavior change that we need to call out clearly at release time.

      AC

      • Modify the condition in loadCredentials to only enter the aws credential obtaining logic if an 'aws' key is defined on kmsProviders and it is an empty js object.
      • Add a test to assert we don't obtain credentials if aws is falsey
        • Can be sinon powered unit test.

            Assignee:
            neal.beeken@mongodb.com Neal Beeken
            Reporter:
            neal.beeken@mongodb.com Neal Beeken
            Durran Jordan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: