-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
An often brought up pain point in using the ClientEncryption api is the fact that finding a key from the keyvault collection will decode to a python native UUID that cannot be passed directly to ClientEncryption.encrypt (TypeError: key_id must be a bson.binary.Binary with subtype 4).
We made this design choice originally because pymongo has legacy UUID encoding/decoding behavior (which is separately being addressed in PYTHON-2152). However, since data keys documents always use the standard UUID subtype 4 it should be fine to accept native UUID in the encrypt API.
In other words, I think we can safely add this UUID to Binary conversion to save users some headache:
def encrypt(self, value, algorithm, key_id=None, key_alt_name=None): ... if isinstance(key_id, uuid.UUID): key_id = Binary(key_id.bytes, UUID_SUBTYPE)
- causes
-
MOTOR-1257 Test Failure - TestExplicitSimple.test_validation
- Closed
- is duplicated by
-
PYTHON-4180 mongo-python-driver - PR #1494: PYTHON-2267: Allow UUID key_id to be passed to ClientEncryption.encrypt
- Closed
- related to
-
PYTHON-2152 Support Handling of Native UUID Types Specification
- Closed