<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:21:59 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-4801] CSFLE/QE Support for more than 1 KMS provider per type</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-4801</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;This ticket was split from &lt;tt&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2731&quot; title=&quot;CSFLE/QE Support for more than 1 KMS provider per type&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2731&quot;&gt;DRIVERS-2731&lt;/a&gt;&lt;/tt&gt;, please see that ticket for a detailed description. &lt;/p&gt;</description>
                <environment></environment>
        <key id="2530032">CDRIVER-4801</key>
            <summary>CSFLE/QE Support for more than 1 KMS provider per type</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="dbeng-pm-bot">PM Bot</reporter>
                        <labels>
                    </labels>
                <created>Wed, 20 Dec 2023 18:50:01 +0000</created>
                <updated>Wed, 31 Jan 2024 20:32:58 +0000</updated>
                            <resolved>Wed, 31 Jan 2024 20:32:58 +0000</resolved>
                                                    <fixVersion>1.26.0</fixVersion>
                                    <component>Client Side Encryption</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="6057173" author="xgen-internal-githook" created="Wed, 31 Jan 2024 20:32:44 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4801&quot; title=&quot;CSFLE/QE Support for more than 1 KMS provider per type&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4801&quot;&gt;&lt;del&gt;CDRIVER-4801&lt;/del&gt;&lt;/a&gt; support named KMS providers (#1509)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;copy in new unified tests&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;copy in new legacy spec test&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;add new KMS providers to test runner&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;add partial support for JSON schema 1.18&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;implement `encrypt` and `decrypt` operations in unified test runner&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;export env vars in run-tests.sh&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;update prose test 11 for named KMS providers&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;add map for TLS options&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Required to configure TLS options on named KMS providers&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;check out libmongocrypt with changes of &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-605&quot; title=&quot;Support for more than 1 KMS provider per type&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-605&quot;&gt;&lt;del&gt;MONGOCRYPT-605&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;update docs to reflect spec terminology&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;KMS provider is specified with string `&amp;lt;KMS provider type&amp;gt;` or `&amp;lt;KMS provider type&amp;gt;:&amp;lt;KMS provider name&amp;gt;`&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/b34cd2b5602e522428bada2a691c229b88d41f5b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/b34cd2b5602e522428bada2a691c229b88d41f5b&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                                                <inwardlinks description="split from">
                                        <issuelink>
            <issuekey id="2449521">DRIVERS-2731</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2530046">PHPLIB-1328</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i2n9gk:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_21457" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Upstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2731&quot; title=&quot;CSFLE/QE Support for more than 1 KMS provider per type&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2731&quot;&gt;DRIVERS-2731&lt;/a&gt;:&lt;/p&gt;
&lt;h1&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;Summary&lt;/h1&gt;
&lt;h2&gt;&lt;a name=&quot;DriverChanges&quot;&gt;&lt;/a&gt;Driver Changes&lt;/h2&gt;

&lt;p&gt;Some drivers may need API changes to accept an arbitrary string where a KMS provider is accepted: &lt;tt&gt;kmsProviders&lt;/tt&gt;, &lt;tt&gt;KMSProvidersTLSOptions&lt;/tt&gt;, &lt;tt&gt;ClientEncryption.createDataKey()&lt;/tt&gt;, and &lt;tt&gt;RewrapManyDataKeyOpts.provider&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://docs.google.com/spreadsheets/d/1lbGE5Id1Q7wxJfmHJf8rz1SlaD6LZY33zFM9GWaMHSE/edit#gid=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Can current drivers accept arbitrary strings for KMS identifier?&lt;/a&gt; suggests Node and Rust will need API changes.&lt;/p&gt;

&lt;p&gt;Drivers may need changes to support named KMS providers in the &lt;tt&gt;KMSProvidersTLSOptions&lt;/tt&gt; map.&lt;/p&gt;
&lt;h2&gt;&lt;a name=&quot;TestChanges&quot;&gt;&lt;/a&gt;Test Changes&lt;/h2&gt;

&lt;p&gt;Specification tests are added. This introduces use of the &lt;tt&gt;encrypt&lt;/tt&gt; and &lt;tt&gt;decrypt&lt;/tt&gt;&#160;operations in the unified test format.&lt;/p&gt;

&lt;p&gt;The Unified Test Format schema 1.18 is added to allow &lt;tt&gt;patternProperties&lt;/tt&gt; in &lt;tt&gt;kmsProviders.&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;Tests refer to additional KMS providers: &lt;tt&gt;local:name1&lt;/tt&gt;, &lt;tt&gt;aws:name1&lt;/tt&gt;, &lt;tt&gt;gcp:name1&lt;/tt&gt;, &lt;tt&gt;azure:name1&lt;/tt&gt;, and &lt;tt&gt;kmip:name1&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;The &lt;tt&gt;name1&lt;/tt&gt; KMS providers may be configured exactly as the unnamed KMS providers. I.e. &lt;tt&gt;aws:name1&lt;/tt&gt; is configured the same as &lt;tt&gt;aws&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;To test configuring two KMS providers of the same type referring to distinct credentials, two more test KMS providers are defined: &lt;tt&gt;local:name2&lt;/tt&gt; and &lt;tt&gt;aws:name2&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;Test credentials for &lt;tt&gt;aws:name2&lt;/tt&gt; are available in AWS Secrets Manager under &lt;tt&gt;drivers/csfle&lt;/tt&gt;. The &lt;tt&gt;aws:name2&lt;/tt&gt; account credentials are in &lt;tt&gt;FLE_AWS_SECRET2&lt;/tt&gt; and &lt;tt&gt;FLE_AWS_KEY2&lt;/tt&gt;. See &lt;a href=&quot;https://wiki.corp.mongodb.com/display/DRIVERS/Using+AWS+Secrets+Manager+to+Store+Testing+Secrets&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://wiki.corp.mongodb.com/display/DRIVERS/Using+AWS+Secrets+Manager+to+Store+Testing+Secrets&lt;/a&gt; for more background on how the secrets are managed.&lt;/p&gt;

&lt;p&gt;Prose Test 11 (&lt;tt&gt;KMS TLS Options Tests&lt;/tt&gt;) is extended to test named KMS providers.&lt;/p&gt;
&lt;h1&gt;&lt;a name=&quot;References&quot;&gt;&lt;/a&gt;References&lt;/h1&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/specifications/pull/1492&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/pull/1492&lt;/a&gt; includes the specification change and tests.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/1509&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/1509&lt;/a&gt; is a reference implementation in the C driver.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>