Class: Mongo::Crypt::AutoEncrypter Private

Do not use. This class is for internal use only.

Relationships & Source Files
Inherits:	Object
Defined in:	lib/mongo/crypt/auto_encrypter.rb

Overview

An AutoEcnrypter is an object that encapsulates the behavior of automatic encryption. It controls all resources associated with auto-encryption, including the libmongocrypt handle, key vault client object, mongocryptd client object, and encryption I/O.

The AutoEncrypter is kept as an instance on a ::Mongo::Client. ::Mongo::Client objects with the same auto_encryption_options Hash may share AutoEncrypters.

Constant Summary

DEFAULT_EXTRA_OPTIONS =

A Hash of default values for the :extra_options option

# File 'lib/mongo/crypt/auto_encrypter.rb', line 39

Options::Redacted.new({
  mongocryptd_uri: 'mongodb://localhost:27020',
  mongocryptd_bypass_spawn: false,
  mongocryptd_spawn_path: 'mongocryptd',
  mongocryptd_spawn_args: ['--idleShutdownTimeoutSecs=60'],
})

Class Method Summary

.new(options) ⇒ AutoEncrypter constructor Internal use only

Set up encryption-related options and instance variables on the class that includes this module.

Instance Attribute Summary

#encrypt? ⇒ Boolean readonly Internal use only

Whether this encrypter should perform encryption (returns false if the :bypass_auto_encryption option is set to true).
#key_vault_client readonly Internal use only
#metadata_client readonly Internal use only
#mongocryptd_client readonly Internal use only
#options readonly Internal use only

Instance Method Summary

#close ⇒ true Internal use only

Close the resources created by the AutoEncrypter.
#decrypt(command, timeout_holder) ⇒ BSON::Document Internal use only

Decrypt a database command.
#encrypt(database_name, command, timeout_holder) ⇒ BSON::Document readonly Internal use only

Encrypt a database command.
#internal_client(client) ⇒ Mongo::Client private Internal use only

Creates or return already created internal client to be used for auto encryption.
#set_default_options(options) private Internal use only

Returns a new set of options with the following changes: - sets default values for all extra_options - adds –idleShtudownTimeoutSecs=60 to extra_options.
#set_or_create_clients(options) private Internal use only

Create additional clients for auto encryption, if necessary.

Instance Attribute Details

#encrypt? ⇒ `Boolean` (readonly)

Whether this encrypter should perform encryption (returns false if the :bypass_auto_encryption option is set to true).

Returns:

(Boolean) —

Whether to perform encryption.

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 179


def encrypt?
  !@options[:bypass_auto_encryption]
end

#key_vault_client (readonly)

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 34


attr_reader :key_vault_client

#metadata_client (readonly)

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 35


attr_reader :metadata_client

#mongocryptd_client (readonly)

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 33


attr_reader :mongocryptd_client

#options (readonly)

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 36


attr_reader :options

Instance Method Details

#close ⇒ `true`

Close the resources created by the AutoEncrypter.

Returns:

(true) —

Always true.

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 215


def close
  @mongocryptd_client.close if @mongocryptd_client

  if @key_vault_client && @key_vault_client != options[:client] &&
    @key_vault_client.cluster != options[:client].cluster
  then
    @key_vault_client.close
  end

  if @metadata_client && @metadata_client != options[:client] &&
    @metadata_client.cluster != options[:client].cluster
  then
    @metadata_client.close
  end

  true
end

#decrypt(command, timeout_holder) ⇒ `BSON::Document`

Decrypt a database command.

Parameters:

command (Hash) —

The command with encrypted fields.

Returns:

(BSON::Document) —

The decrypted command.

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 204


def decrypt(command, timeout_holder)
  AutoDecryptionContext.new(
    @crypt_handle,
    @encryption_io,
    command
  ).run_state_machine(timeout_holder)
end

#encrypt(database_name, command, timeout_holder) ⇒ `BSON::Document` (readonly)

Encrypt a database command.

Parameters:

database_name (String) —

The name of the database on which the command is being run.
command (Hash) —

The command to be encrypted.

Returns:

(BSON::Document) —

The encrypted command.

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 190


def encrypt(database_name, command, timeout_holder)
  AutoEncryptionContext.new(
    @crypt_handle,
    @encryption_io,
    database_name,
    command
  ).run_state_machine(timeout_holder)
end

#internal_client(client) ⇒ Mongo::Client (private)

Creates or return already created internal client to be used for auto encryption.

auto encryption.

Parameters:

client (Mongo::Client) —

A client connected to the encrypted collection.

Returns:

(Mongo::Client) —

::Mongo::Client to be used as internal client for

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 295


def internal_client(client)
  @internal_client ||= client.with(
    auto_encryption_options: nil,
    min_pool_size: 0,
    monitoring: client.send(:monitoring),
  )
end

#set_default_options(options) (private)

Returns a new set of options with the following changes:

sets default values for all extra_options
adds –idleShtudownTimeoutSecs=60 to extra_options if not already present
sets bypass_auto_encryption to false
sets default key vault client

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 241


def set_default_options(options)
  opts = options.dup

  extra_options = opts.delete(:extra_options) || Options::Redacted.new
  extra_options = DEFAULT_EXTRA_OPTIONS.merge(extra_options)

  has_timeout_string_arg = extra_options[:mongocryptd_spawn_args].any? do |elem|
    elem.is_a?(String) && elem.match(/\A--idleShutdownTimeoutSecs=\d+\z/)
  end

  timeout_int_arg_idx = extra_options[:mongocryptd_spawn_args].index('--idleShutdownTimeoutSecs')
  has_timeout_int_arg = timeout_int_arg_idx && extra_options[:mongocryptd_spawn_args][timeout_int_arg_idx + 1].is_a?(Integer)

  unless has_timeout_string_arg || has_timeout_int_arg
    extra_options[:mongocryptd_spawn_args] << '--idleShutdownTimeoutSecs=60'
  end

  opts[:bypass_auto_encryption] ||= false
  set_or_create_clients(opts)
  opts[:key_vault_client] = @key_vault_client

  Options::Redacted.new(opts).merge(extra_options: extra_options)
end

#set_or_create_clients(options) (private)

Create additional clients for auto encryption, if necessary

Parameters:

options (Hash) —

Auto encryption options.

[ GitHub ]

# File 'lib/mongo/crypt/auto_encrypter.rb', line 268


def set_or_create_clients(options)
  client = options[:client]
  @key_vault_client = if options[:key_vault_client]
    options[:key_vault_client]
  elsif client.options[:max_pool_size] == 0
    client
  else
    internal_client(client)
  end

  @metadata_client = if options[:bypass_auto_encryption]
    nil
  elsif client.options[:max_pool_size] == 0
    client
  else
    internal_client(client)
  end
end

Class: Mongo::Crypt::AutoEncrypter Private

Overview

Constant Summary

Class Method Summary

Instance Attribute Summary

Instance Method Summary

Instance Attribute Details

#encrypt? ⇒ Boolean (readonly)

#key_vault_client (readonly)

#metadata_client (readonly)

#mongocryptd_client (readonly)

#options (readonly)

Instance Method Details

#close ⇒ true

#decrypt(command, timeout_holder) ⇒ BSON::Document

#encrypt(database_name, command, timeout_holder) ⇒ BSON::Document (readonly)

#internal_client(client) ⇒ Mongo::Client (private)

#set_default_options(options) (private)

#set_or_create_clients(options) (private)

#encrypt? ⇒ `Boolean` (readonly)

#close ⇒ `true`

#decrypt(command, timeout_holder) ⇒ `BSON::Document`

#encrypt(database_name, command, timeout_holder) ⇒ `BSON::Document` (readonly)