DRIVERS-2731:
Summary
Driver Changes
Some drivers may need API changes to accept an arbitrary string where a KMS provider is accepted: kmsProviders, KMSProvidersTLSOptions, ClientEncryption.createDataKey(), and RewrapManyDataKeyOpts.provider
Can current drivers accept arbitrary strings for KMS identifier? suggests Node and Rust will need API changes.
Drivers may need changes to support named KMS providers in the KMSProvidersTLSOptions map.
Test Changes
Specification tests are added. This introduces use of the encrypt and decrypt operations in the unified test format.
The Unified Test Format schema 1.18 is added to allow patternProperties in kmsProviders.
Tests refer to additional KMS providers: local:name1, aws:name1, gcp:name1, azure:name1, and kmip:name1.
The name1 KMS providers may be configured exactly as the unnamed KMS providers. I.e. aws:name1 is configured the same as aws.
To test configuring two KMS providers of the same type referring to distinct credentials, two more test KMS providers are defined: local:name2 and aws:name2.
Test credentials for aws:name2 are available in AWS Secrets Manager under drivers/csfle. The aws:name2 account credentials are in FLE_AWS_SECRET2 and FLE_AWS_KEY2. See https://wiki.corp.mongodb.com/display/DRIVERS/Using+AWS+Secrets+Manager+to+Store+Testing+Secrets for more background on how the secrets are managed.
Prose Test 11 (KMS TLS Options Tests) is extended to test named KMS providers.
References
https://github.com/mongodb/specifications/pull/1492 includes the specification change and tests.
https://github.com/mongodb/mongo-c-driver/pull/1509 is a reference implementation in the C driver.