[MONGOCRYPT-605] Support for more than 1 KMS provider per type Created: 04/Dec/23  Updated: 31/Jan/24  Resolved: 16/Jan/24

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.9.0

Type: New Feature Priority: Unknown
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by DRIVERS-2731 CSFLE/QE Support for more than 1 KMS ... Implementing

 Comments   
Comment by Githook User [ 31/Jan/24 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4801 support named KMS providers (#1509)

  • copy in new unified tests
  • copy in new legacy spec test
  • add new KMS providers to test runner

add partial support for JSON schema 1.18

  • implement `encrypt` and `decrypt` operations in unified test runner
  • export env vars in run-tests.sh
  • update prose test 11 for named KMS providers
  • add map for TLS options

Required to configure TLS options on named KMS providers

  • update docs to reflect spec terminology

KMS provider is specified with string `<KMS provider type>` or `<KMS provider type>:<KMS provider name>`
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/b34cd2b5602e522428bada2a691c229b88d41f5b

Comment by Githook User [ 16/Jan/24 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-605 support named KMS providers (#735)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/c87cc3489c9a68875ff7fab541154841469991fb

Comment by Cloud GitHub Webhooks [ 16/Jan/24 ]

kevinAlbs merged a pull request (MONGOCRYPT-605 support named KMS providers) into the following branch:
master: c87cc3489c9a68875ff7fab541154841469991fb

Comment by Githook User [ 04/Jan/24 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-605 access KMS provider data by ID (#723)

  • add `lookup` API for KMS provider credentials by `kmsid`
  • store `kmsid` in `_mongocrypt_kek_t`
  • move `_mongocrypt_parse_kms_providers` to `mongocrypt-opts.h`

This is intended to better isolate functions modifying `_mongocrypt_opts_kms_providers_t` to `mongocrypt-opts.c`. Future changes supporting named providers may need to call static functions in `mongocrypt-opts.c`. Example: `_mongocrypt_opts_kms_provider_azure_cleanup`

  • add cleanup functions for `local`, `aws`, and `kmip` credentials.
  • replace `_mongocrypt_cache_oauth_t` with `mc_mapof_kmsid_to_token_t`
  • add missing `_key_broker_fail` calls
  • replace `auth_request_azure` and `auth_request_gcp` with `mc_mapof_kmsid_to_authrequest_t`
  • move definition of `auth_request_t` to mongocrypt-key-broker.c
  • remove no-longer-needed `initialized` field from `auth_request_t`

---------

Co-authored-by: Adrian Dole <donald@dole.tech>
Branch: master
https://github.com/mongodb/libmongocrypt/commit/664c3ef57abd96b9c8e7a5cd783210e537b4cac7

Comment by Cloud GitHub Webhooks [ 04/Jan/24 ]

kevinAlbs merged a pull request (MONGOCRYPT-605 access KMS provider data by ID) into the following branch:
master: 664c3ef57abd96b9c8e7a5cd783210e537b4cac7

Generated at Thu Feb 08 09:09:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.