123456789_123456789_123456789_123456789_123456789_

Class: Mongo::Crypt::AutoEncrypter Private

Do not use. This class is for internal use only.
Relationships & Source Files
Inherits: Object
Defined in: lib/mongo/crypt/auto_encrypter.rb

Overview

An AutoEncrypter is an object that encapsulates the behavior of automatic encryption. It controls all resources associated with auto-encryption, including the libmongocrypt handle, key vault client object, mongocryptd client object, and encryption I/O.

The AutoEncrypter is kept as an instance on a ::Mongo::Client. ::Mongo::Client objects with the same auto_encryption_options Hash may share AutoEncrypters.

Constant Summary

Class Method Summary

  • .new(options) ⇒ AutoEncrypter constructor Internal use only

    Set up encryption-related options and instance variables on the class that includes this module.

Instance Attribute Summary

Instance Method Summary

Instance Attribute Details

#encrypt?Boolean (readonly)

Whether this encrypter should perform encryption (returns false if the :bypass_auto_encryption option is set to true).

Returns:

  • (Boolean)

    Whether to perform encryption.

[ GitHub ] 

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 172



def encrypt?
  !@options[:bypass_auto_encryption]
end


  








  

    #key_vault_client   (readonly)
  

  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 30



attr_reader :mongocryptd_client, :key_vault_client, :metadata_client, :options


  








  

    #metadata_client   (readonly)
  

  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 30



attr_reader :mongocryptd_client, :key_vault_client, :metadata_client, :options


  








  

    #mongocryptd_client   (readonly)
  

  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 30



attr_reader :mongocryptd_client, :key_vault_client, :metadata_client, :options


  








  

    #options   (readonly)
  

  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 30



attr_reader :mongocryptd_client, :key_vault_client, :metadata_client, :options


  







Instance Method Details



  

    #closetrue 
  



  

    
Close the resources created by the AutoEncrypter.

  





  
Returns:


    
  
  • 
    (true)
    Always true.
    
  
    • 





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 208



def close
  @mongocryptd_client.close if @mongocryptd_client

  if @key_vault_client && @key_vault_client != options[:client] &&
     @key_vault_client.cluster != options[:client].cluster
    @key_vault_client.close
  end

  if @metadata_client && @metadata_client != options[:client] &&
     @metadata_client.cluster != options[:client].cluster
    @metadata_client.close
  end

  true
end


  








  

    #decrypt(command, timeout_holder)  ⇒ BSON::Document 
  



  

    
Decrypt a database command.

  





  
Parameters:


    
  
  • 
    command
    (Hash)
    The command with encrypted fields.
    
  
    • 



Returns:


    
  
  • 
    (BSON::Document)
    The decrypted command.
    
  
    • 





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 197



def decrypt(command, timeout_holder)
  AutoDecryptionContext.new(
    @crypt_handle,
    @encryption_io,
    command
  ).run_state_machine(timeout_holder)
end


  








  

    #encrypt(database_name, command, timeout_holder)  ⇒ BSON::Document  (readonly)
  



  

    
Encrypt a database command.

  





  
Parameters:


    
  
  • 
    database_name
    (String)
    The name of the database on which the
command is being run.
    
  
    • 
  
  • 
    command
    (Hash)
    The command to be encrypted.
    
  
    • 



Returns:


    
  
  • 
    (BSON::Document)
    The encrypted command.
    
  
    • 





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 183



def encrypt(database_name, command, timeout_holder)
  AutoEncryptionContext.new(
    @crypt_handle,
    @encryption_io,
    database_name,
    command
  ).run_state_machine(timeout_holder)
end


  








  

    #internal_client(client)  ⇒ Mongo::Client  (private)
  



  

    
Creates or return already created internal client to be used for
auto encryption.


auto encryption.

  





  
Parameters:


    
  
  • 
    client
    (Mongo::Client)
    A client connected to the
encrypted collection.
    
  
    • 



Returns:





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 286



def internal_client(client)
  @internal_client ||= client.with(
    auto_encryption_options: nil,
    min_pool_size: 0,
    monitoring: client.send(:monitoring)
  )
end


  








  

    #set_default_options(options)   (private)
  



  

    
Returns a new set of options with the following changes:


    

  • sets default values for all extra_options
    • 

  • adds --idleShutdownTimeoutSecs=60 to extra_options
if not already present
    • 

  • sets bypass_auto_encryption to false
    • 

  • sets default key vault client
    • 


  





  


  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 232



def set_default_options(options)
  opts = options.dup

  extra_options = opts.delete(:extra_options) || Options::Redacted.new
  extra_options = DEFAULT_EXTRA_OPTIONS.merge(extra_options)

  has_timeout_string_arg = extra_options[:mongocryptd_spawn_args].any? do |elem|
    elem.is_a?(String) && elem.match(/\A--idleShutdownTimeoutSecs=\d+\z/)
  end

  timeout_int_arg_idx = extra_options[:mongocryptd_spawn_args].index('--idleShutdownTimeoutSecs')
  has_timeout_int_arg = timeout_int_arg_idx && extra_options[:mongocryptd_spawn_args][timeout_int_arg_idx + 1].is_a?(Integer)

  unless has_timeout_string_arg || has_timeout_int_arg
    extra_options[:mongocryptd_spawn_args] << '--idleShutdownTimeoutSecs=60'
  end

  opts[:bypass_auto_encryption] ||= false
  set_or_create_clients(opts)
  opts[:key_vault_client] = @key_vault_client

  Options::Redacted.new(opts).merge(extra_options: extra_options)
end


  








  

    #set_or_create_clients(options)   (private)
  



  

    
Create additional clients for auto encryption, if necessary

  





  
Parameters:


    
  
  • 
    options
    (Hash)
    Auto encryption options.
    
  
    • 





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/auto_encrypter.rb', line 259



def set_or_create_clients(options)
  client = options[:client]
  @key_vault_client = if options[:key_vault_client]
                        options[:key_vault_client]
                      elsif client.options[:max_pool_size] == 0
                        client
                      else
                        internal_client(client)
                      end

  @metadata_client = if options[:bypass_auto_encryption]
                       nil
                     elsif client.options[:max_pool_size] == 0
                       client
                     else
                       internal_client(client)
                     end
end