[CDRIVER-3534] Vendor kms-message Created: 11/Feb/20 Updated: 28/Oct/23 Resolved: 24/Feb/20 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | None |
| Fix Version/s: | 1.17.0-beta, 1.17.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Kevin Albertson | Assignee: | Roberto Sanchez |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
To support the MONGODB-AWS authentication mechanism, the driver will need to make signed AWS requests. The kms-message library does exactly that. Here is a rough sketch of what I had in mind. Feel free to amend as needed.
Also to consider. If it seems a lot cleaner, we could move both zlib-1.2.11 and kms-message into a subdirectory named "vendor". We don't need rigorous testing (if anything, maybe just check calling a kms function from libmongoc as a one-off test). The implementation of |
| Comments |
| Comment by Githook User [ 21/Feb/20 ] |
|
Author: {'name': 'Kevin Albertson', 'username': 'kevinAlbs', 'email': 'kevin.albertson@mongodb.com'}Message:
|
| Comment by Githook User [ 19/Feb/20 ] |
|
Author: {'username': 'kevinAlbs', 'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com'}Message: |
| Comment by Githook User [ 19/Feb/20 ] |
|
Author: {'username': 'rcsanchez97', 'name': 'Roberto C. Sánchez', 'email': 'roberto@connexer.com'}Message: |
| Comment by Kevin Albertson [ 12/Feb/20 ] |
|
In deciding on vendoring kms-message, roberto.sanchez and I discussed these options. 1. vendor kms-message (2) seems like it may be an unreasonable ask of users. It would require users to first obtain libbson, build libmongocrypt (which is only required for Client Side Field Level Encryption not authenticating with MONGODB-AWS), then link against libkms_message built from that project. |