[MONGOCRYPT-449] Reject empty KMS providers if NEED_KMS_CREDENTIALS is not supported Created: 28/Jun/22  Updated: 28/Oct/23  Resolved: 19/Jul/22

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.6.0, 1.6.0-alpha0

Type: Improvement Priority: Minor - P4
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Binding Changes: Not Needed

 Description   

Scope

  • If mongocrypt_setopt_use_need_kms_credentials_state has not been called, reject an empty KMS provider (e.g. "aws: {}" or "local: {}") in mongocrypt_setopt_kms_providers.

Background & Motivation

MONGOCRYPT-382 and MONGOCRYPT-394 added support for supplying KMS providers on-demand. Drivers opt-in to this behavior with mongocrypt_setopt_use_need_kms_credentials_state. If mongocrypt_setopt_use_need_kms_credentials_state is not called, configuring an empty KMS provider has no hope at succeeding when used. It may be preferable to error earlier.



 Comments   
Comment by Githook User [ 19/Jul/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-449 Reject empty KMS providers if NEED_KMS_CREDENTIALS is not supported (#419)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/66a183385641802f482a9520b8dfdf41b3ef646b

Generated at Thu Feb 08 09:08:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.