Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-2267

Allow UUID key_id to be passed to ClientEncryption.encrypt

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.7
    • Affects Version/s: None
    • Component/s: None
    • None

      An often brought up pain point in using the ClientEncryption api is the fact that finding a key from the keyvault collection will decode to a python native UUID that cannot be passed directly to ClientEncryption.encrypt (TypeError: key_id must be a bson.binary.Binary with subtype 4).

      We made this design choice originally because pymongo has legacy UUID encoding/decoding behavior (which is separately being addressed in PYTHON-2152). However, since data keys documents always use the standard UUID subtype 4 it should be fine to accept native UUID in the encrypt API.

      In other words, I think we can safely add this UUID to Binary conversion to save users some headache:

      def encrypt(self, value, algorithm, key_id=None, key_alt_name=None):
      ...
              if isinstance(key_id, uuid.UUID):
                  key_id = Binary(key_id.bytes, UUID_SUBTYPE)
      

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: