Support configuration of KMS provider credentials with a Supplier #894
Conversation
There was a problem hiding this comment.
It seems redundant to have and use both:
private final Map<String, Map<String, Object>> kmsProviders;
private final Map<String, Supplier<Map<String, Object>>> kmsProviderSupplierMap;
Should the maps be merged by the builder? - It may make it easier to debug if users have the same key in both settings (eg a warning could be logged).
This way internally only getKmsProviderSupplierMap is used? and getKmsProviders() could be deprecated. The builder could keep both setters for simplicity as translating a value to a supplier of a value is trivial.
It's actually required to have the same key in both maps. The |
There was a problem hiding this comment.
LGTM. MONGOCRYPT-394 is in review. I do not think it impacts the changes in this PR.
| /** | ||
| * Gets the KMS provider to Supplier map. | ||
| * | ||
| * <p> | ||
| * If the {@link #getKmsProviders()} map contains an empty map as its value, the driver will use a {@link Supplier} configured for | ||
| * the same provider in this map to obtain a non-empty map that contains the credential for the provider. | ||
| * </p> | ||
| * | ||
| * @return the KMS provider to Supplier map | ||
| * @see #getKmsProviders() | ||
| * @since 4.6 | ||
| */ | ||
| public Map<String, Supplier<Map<String, Object>>> getKmsProviderSupplierMap() { |
There was a problem hiding this comment.
I found that both the method name and the documentation is confusing because of the provider/supplier word play (the same is applicable to the corresponding setter and to the counterpart in the ClientEncryptionSettings class). The problem is further aggravated by the method getKmsProviders, for which getKmsProviderProperties appears to be a more appropriate name, or better just getKmsProperties (we can't change it). In order to mitigate the problem I propose the following:
- Rename the method to
getKmsProviderPropertySuppliersorgetKmsPropertySuppliers. We don't have the "Map" suffix in thegetKmsProvidersmethod, and it does not seem helpful here because a user may see it's aMapfrom the explicit return type. Having "Properties" part in the name is inconsistent with the name of the methodgetKmsProviders, but is helpful as it separates the "Provider" and "Supplier" parts. - Rename the
kmsProviderSupplierMapfield/parameter accordingly in this class and inMongoCryptHelper,Crypt. - Never use just "provider" in the documentation of the method, use "KMS provider" instead.
- Never use just "
Supplier" or "supplier" in the documentation of the method, use "Supplierof properties" instead.
Example:
/**
* This method is similar to {@link #getKmsProviders()},
* but instead of getting properties for KMS providers,
* it gets {@link Supplier}s of properties.
* <p>If {@link #getKmsProviders()} returns empty properties for a KMS provider,
* the driver will use a {@link Supplier} of properties configured for the KMS provider
* to obtain a non-empty properties.</p>
*
* @return A {@link Map} where keys identify KMS providers,
* and values specify {@link Supplier}s of properties for the KMS providers.
* @see #getKmsProviders()
* @since 4.6
*/There was a problem hiding this comment.
I went with kmsProviderPropertySuppliers as the property name. PTAL
I haven't touched the Javadoc yet.
There was a problem hiding this comment.
For Javadoc changes, it would be easier if you propose the changes directly by adding a commit.
There was a problem hiding this comment.
The proposed Java API documentation changes: stIncMale@57f5aac.
There was a problem hiding this comment.
Reviewed and pushed
driver-core/src/main/com/mongodb/internal/capi/MongoCryptHelper.java
Outdated
Show resolved
Hide resolved
...ctional/com/mongodb/client/AbstractClientSideEncryptionAwsCredentialFromEnvironmentTest.java
Outdated
Show resolved
Hide resolved
JAVA-4504