<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:25:11 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2280] Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2280</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;Currently, for MONGODB-AWS authentication mechanism the driver obtains the credentials according to the rules specified in &lt;a href=&quot;https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials&lt;/a&gt;.  In addition, there is a high priority feature request to obtain credentials from an application-provided callback (see &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2011&quot; title=&quot;On-demand callback for AWS credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2011&quot;&gt;&lt;del&gt;DRIVERS-2011&lt;/del&gt;&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;With CSFLE, in contrast, AWS credentials must be provided explicitly via the &lt;tt&gt;kmsProviders&lt;/tt&gt; property of &lt;tt&gt;AutoEncryptionSettings&lt;/tt&gt; or &lt;tt&gt;ClientEncryptionSettings&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;This feature  will add equivalent support in CSFLE as is already provided for MONGODB-AWS.&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;
&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;Developer and security teams of enterprise customers.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;There is a workaround, but it&apos;s onerous, as it involves recreating MongoClient instances before credentials expire.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;This is very likely to be an issue for users of client-side encryption.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;They will be unable or at least unwilling to use client-side encryption in production.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;It was certainly urgent for the initial customer that encountered this issue.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;font color=&quot;#1a1a1a&quot;&gt;Is this ticket required by a downstream team?&lt;/font&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;No&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;No&lt;/em&gt;&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="2026870">DRIVERS-2280</key>
            <summary>Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="jeff.yemin@mongodb.com">Jeffrey Yemin</reporter>
                        <labels>
                    </labels>
                <created>Mon, 18 Apr 2022 12:56:42 +0000</created>
                <updated>Mon, 14 Aug 2023 19:14:58 +0000</updated>
                            <resolved>Fri, 31 Mar 2023 13:24:35 +0000</resolved>
                                                        <component>Client Side Encryption</component>
                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="4674533" author="xgen-internal-githook" created="Tue, 12 Jul 2022 18:35:03 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;vector-of-bool&apos;, &apos;email&apos;: &apos;vectorofbool@gmail.com&apos;, &apos;username&apos;: &apos;vector-of-bool&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2280&quot; title=&quot;Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2280&quot;&gt;&lt;del&gt;DRIVERS-2280&lt;/del&gt;&lt;/a&gt; New on-demand credential loading for AWS in CSE (#1260)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;New on-demand credential loading for AWS in CSE&lt;/li&gt;
	&lt;li&gt;Add a prose test for the on-demand AWS credentials.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/5cf3ed72d0520c216980f7e443bdeac0976e3c30&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/5cf3ed72d0520c216980f7e443bdeac0976e3c30&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="1973459">DRIVERS-2179</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                            <outwardlinks description="split to">
                                        <issuelink>
            <issuekey id="2040434">JAVA-4604</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040430">CDRIVER-4382</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040432">CSHARP-4168</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040431">CXX-2508</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040433">GODRIVER-2410</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040436">MOTOR-959</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040435">NODE-4234</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040437">PYTHON-3256</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040439">RUBY-2989</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040440">RUST-1314</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2040438">PHPLIB-866</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1985033">JAVA-4499</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1953998">DRIVERS-2011</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1845855">DRIVERS-2377</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;ul&gt;
	&lt;li&gt;Call &lt;tt&gt;mongocrypt_setopt_use_need_kms_credentials_state&lt;/tt&gt; to opt in to handling the new &lt;tt&gt;MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS&lt;/tt&gt; state.&lt;/li&gt;
	&lt;li&gt;Handle the new &lt;tt&gt;MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS&lt;/tt&gt; state. If the originally configured KMS providers have an empty &lt;tt&gt;aws: {&lt;/tt&gt;}, attempt to obtain AWS credentials following the logic of Obtaining Credentials (excluding the URI section). Pass the new credentials back with &lt;tt&gt;mongocrypt_ctx_provide_kms_providers&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;A new CSFLE prose test is introduced in &lt;a href=&quot;https://github.com/mongodb/specifications/commit/5cf3ed72d0520c216980f7e443bdeac0976e3c30&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;5cf3ed7&lt;/a&gt;.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Please see the &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/3ed55ed9b01a22e8208f9f382c9a976645bdbe4a#diff-6611c8b7be663c2fc9c7942692d314e8464f9398d0275e7ce691905fd5eeeeb0R700&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;C driver implementation as a reference&lt;/a&gt;. Note: the C driver also supports a user-provided callback for KMS providers. That is not in scope of &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2280&quot; title=&quot;Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2280&quot;&gt;&lt;del&gt;DRIVERS-2280&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_23952" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Driver Compliance</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<style type='text/css'>
         #scriptField, #scriptField *{
                border: 1px solid black;
            }

            #scriptField{
                border-collapse: collapse;
            }

            #scriptField td {
                text-align: center; /* Center-align text in table cells */
            }

            #scriptField td.key {
                text-align: left; /* Left-align text in the Key column */
            }

            #scriptField a {
                text-decoration: none; /* Remove underlines from links */
                border: none; /* Remove border from links */
            }
            
            /* Add green background color to cells with FixVersion */
            #scriptField td.hasFixVersion {
                background-color: #00FF00; /* Green color code */
            }

            /* Center-align the first row headers */
            #scriptField th {
                text-align: center;
            }
        </style>
<table id='scriptField'>
  <tr>
    <th>Key</th>
    <th>Status/Resolution</th>
    <th>FixVersion</th>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CDRIVER-4382'>CDRIVER-4382</a>
    </td>
    <td>Done</td>
    <td class='hasFixVersion'>1.23.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CXX-2508'>CXX-2508</a>
    </td>
    <td>Works as Designed</td>
    <td class='hasFixVersion'>3.8.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CSHARP-4168'>CSHARP-4168</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.18.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/GODRIVER-2410'>GODRIVER-2410</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.12.0, 1.12.0-alpha1</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/JAVA-4604'>JAVA-4604</a>
    </td>
    <td>Duplicate</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/NODE-4234'>NODE-4234</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>4.11.0, mongodb-client-encryption-2.4.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/MOTOR-959'>MOTOR-959</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PYTHON-3256'>PYTHON-3256</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>pymongocrypt-1.4, 4.3.3</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PHPLIB-866'>PHPLIB-866</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.16.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUBY-2989'>RUBY-2989</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.19.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUST-1314'>RUST-1314</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.4.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/SWIFT-1564'>SWIFT-1564</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
</table>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_21553" key="com.atlassian.jira.plugin.system.customfieldtypes:labels">
                        <customfieldname>Quarter</customfieldname>
                        <customfieldvalues>
                                        <label>FY23Q3</label>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr6i7r:f3z</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>