[DRIVERS-2539] createEncryptedCollection should not accept keyAltNames or keyMaterial Created: 31/Jan/23 Updated: 02/Jun/23 Resolved: 02/Jun/23 |
|
| Status: | Closed |
| Project: | Drivers |
| Component/s: | Client Side Encryption |
| Fix Version/s: | None |
| Type: | Task | Priority: | Unknown |
| Reporter: | Shane Harvey | Assignee: | Kevin Albertson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Changes: | Needed | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Downstream Changes Summary: | For drivers that have implemented DRIVERS-2312, replace the DataKeyOpts with masterKey in CreateEncryptedCollection. See: https://github.com/mongodb/specifications/commit/479f4bddf517eb6d90abdfc71043b711ccc1f867
The Downstream Changes Summary of DRIVERS-2312 has been updated to include this specification change. Drivers that have not implemented DRIVERS-2312 should do this with DRIVERS-2312. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
SummarycreateEncryptedCollection (DRIVERS-2312) should not accept keyAltNames. The problem is that if keyAltNames is given and createEncryptedCollection creates >1 key, then the method will always fail because of a duplicate key error. MONGOCRYPT-432 would allow createEncryptedCollection to create keys with different keyAltNames through encryptedFieldsMap/encryptedFields. MotivationWho is the affected end user?Users will be confused by duplicate key errors. How does this affect the end user?Users that want to create keys with keyAltNames will need to call createDataKey manually. How likely is it that this problem or use case will occur?Likely if keyAltNames is given. Is this issue urgent?Would be good to remove the keyAltNames parameter before users encounter this issue. Is this ticket required by a downstream team?No. Is this ticket only for tests?No. |
| Comments |
| Comment by Githook User [ 02/Feb/23 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message:
|