[DRIVERS-2493] Ensure Auth Environment Variables are Always Dynamic Created: 02/Nov/22  Updated: 08/Nov/22

Status: Implementing
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Task Priority: Unknown
Reporter: Steve Silvester Assignee: Steve Silvester
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Issue split
split to CSHARP-4395 C# Driver caches AWS credentials assu... Closed
split to RUBY-3172 Ensure Auth Environment Variables are... Backlog
split to CDRIVER-4518 Ensure Auth Environment Variables are... Backlog
split to CXX-2611 Ensure Auth Environment Variables are... Backlog
split to GODRIVER-2641 Ensure Auth Environment Variables are... Backlog
split to NODE-4797 Ensure Auth Environment Variables are... Backlog
split to PHPLIB-1036 Ensure Auth Environment Variables are... Backlog
split to JAVA-4800 Ensure Auth Environment Variables are... Closed
split to MOTOR-1063 Ensure Auth Environment Variables are... Closed
split to PYTHON-3501 Ensure Auth Environment Variables are... Closed
split to RUST-1533 Ensure Auth Environment Variables are... Closed
Driver Changes: Needed
Downstream Changes Summary:

Summary of required changes

  • Ensure that AWS credentials fetched from environment variables are handled appropriately.
  • Add tests to verify environment variable handling

Additional background

Please see https://github.com/mongodb/specifications/commit/875446db44aade414011731840831f38a6c668dffor the specification change.

Please see https://github.com/mongodb/mongo-python-driver/commit/ff94b0e3094f6bf08645ff0a491ec9b51f504b53 for a reference implementation in Python.

Integration test

Drivers are expected to add integration tests as described in the specification change

Driver Compliance:
Key Status/Resolution FixVersion
CSHARP-4395 Fixed 2.19.0
CDRIVER-4518 Backlog
CXX-2611 Backlog
GODRIVER-2641 Backlog
JAVA-4800 Won't Do
NODE-4797 Backlog
MOTOR-1063 Duplicate
PYTHON-3501 Fixed 4.3.3
PHPLIB-1036 Backlog
RUBY-3172 Backlog
RUST-1533 Duplicate
SWIFT-1677 Duplicate

 Description   

Summary

What is the problem or use case, what are we trying to achieve?
In DRIVERS-2333 we introduced caching of AWS credentials. However, if credentials from environment variables are cached, the user will see an error if their application updates those environment variables and attempts a new connection.

Drivers should ensure that credentials read from environment variables are never cached or stored, and instead are read as appropriate from the system. For programming languages that do not support dynamically changing environment variables, no change is necessary.

Motivation

Who is the affected end user?

See CSHARP-4395 for an affected user. In this case the user will be better served once EKS credentials are properly handled in DRIVERS-1746, but the workaround is unavailable in the interim.



 Comments   
Comment by Githook User [ 08/Nov/22 ]

Author:

{'name': 'Steven Silvester', 'email': 'steven.silvester@ieee.org', 'username': 'blink1073'}

Message: DRIVERS-2493 Ensure Auth Environment Variables are Always Dynamic (#1337)
Branch: master
https://github.com/mongodb/specifications/commit/875446db44aade414011731840831f38a6c668df

Comment by Steve Silvester [ 02/Nov/22 ]

In both cases the SDKS are using dynamic calls to fetch the credentials, and are not caching them.

Comment by Jeffrey Yemin [ 02/Nov/22 ]

Do the C# and Python AWS SDKs abide by this behavior?  Do they assume that the env vars can change at any time?

Comment by Steve Silvester [ 02/Nov/22 ]

That's fair, both Python and C# support dynamic environment variables. I'll add a note that this only applies to languages that support it.

Comment by Jeffrey Yemin [ 02/Nov/22 ]

I find this odd.  I thought that environment variables were essentially constants.  Java, for example, has a System.getenv method but no System.setenv.  And IIRC the Java AWS SDK treats environment variables as constants.

Generated at Thu Feb 08 08:25:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.