Skip to content

PYTHON-3256 Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS #448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Aug 30, 2022
Merged

PYTHON-3256 Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS #448

merged 11 commits into from
Aug 30, 2022

Conversation

@blink1073
Copy link
Member

@blink1073 blink1073 commented Aug 25, 2022

Re-do of #440 after an accidental merge and revert.

@blink1073 blink1073 closed this Aug 25, 2022
@blink1073 blink1073 reopened this Aug 25, 2022
juliusgeo
juliusgeo approved these changes Aug 29, 2022
View reviewed changes
Copy link
Contributor

@juliusgeo juliusgeo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@blink1073 blink1073 merged commit e8fbed9 into mongodb:master Aug 30, 2022
@blink1073 blink1073 deleted the PYTHON-3256 branch August 30, 2022 14:52
ShaneHarvey
ShaneHarvey reviewed Aug 30, 2022
View reviewed changes
bindings/python/pymongocrypt/mongocrypt.py
import copy

try:
from pymongo_auth_aws.auth import _aws_temp_credentials
Copy link
Member

@ShaneHarvey ShaneHarvey Aug 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you open a new ticket to make _aws_temp_credentials a public API?

Copy link
Member Author

@blink1073 blink1073 Aug 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://jira.mongodb.org/browse/PYTHON-3418

bindings/python/pymongocrypt/mongocrypt.py
return
if not _HAVE_AUTH_AWS:
raise RuntimeError(
"MONGODB-AWS authentication requires pymongo-auth-aws: "
Copy link
Member

@ShaneHarvey ShaneHarvey Aug 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"MONGODB-AWS authentication" is not relevant here. Should say "on demand aws credentials require..."

Should we add pymongo-auth-aws to pymongo[encryption] too?

Copy link
Member Author

@blink1073 blink1073 Aug 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opened #452 and updated mongodb/mongo-python-driver#1035

bindings/python/pymongocrypt/mongocrypt.py
This is a separate function so it can be overridden in unit tests."""
if 'aws' not in kms_providers:
return
if len(kms_providers['aws']):
Copy link
Member

@ShaneHarvey ShaneHarvey Aug 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we already provided non-empty aws creds to libmongocrypt is this state even possible to reach?

Copy link
Member Author

@blink1073 blink1073 Aug 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was in preparation for other types of on-demand credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShaneHarvey ShaneHarvey ShaneHarvey left review comments

+1 more reviewer

@juliusgeo juliusgeo juliusgeo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@blink1073 @juliusgeo @ShaneHarvey