Class: Mongo::Crypt::KMS::Credentials Private
| Relationships & Source Files | |
| Inherits: | Object |
| Defined in: | lib/mongo/crypt/kms/credentials.rb |
Overview
::Mongo::Crypt::KMS Credentials object contains credentials for using ::Mongo::Crypt::KMS providers.
Constant Summary
-
ON_DEMAND_PROVIDERS =
# File 'lib/mongo/crypt/kms/credentials.rb', line 25
::Mongo::Crypt::KMSprovider types that support on-demand credential retrieval.%w[aws gcp azure].freeze
Class Method Summary
-
.new(kms_providers) ⇒ Credentials
constructor
Internal use only
Creates a
::Mongo::Crypt::KMScredentials object from a parameters hash.
Instance Attribute Summary
-
#any_on_demand? ⇒ Boolean
readonly
Internal use only
Returns true if any configured provider supports on-demand credential retrieval and has been configured with empty credentials.
- #credentials_map readonly Internal use only
Instance Method Summary
- #aws ⇒ Credentials::AWS | nil Internal use only
- #azure ⇒ Credentials::Azure | nil Internal use only
- #gcp ⇒ Credentials::GCP | nil Internal use only
- #kmip ⇒ Credentials::KMIP | nil Internal use only
- #local ⇒ Credentials::Local | nil Internal use only
-
#to_document ⇒ BSON::Document
Internal use only
Convert credentials object to a BSON document in libmongocrypt format.
Constructor Details
.new(kms_providers) ⇒ Credentials
There may be more than one ::Mongo::Crypt::KMS provider specified.
Creates a ::Mongo::Crypt::KMS credentials object from a parameters hash.
# File 'lib/mongo/crypt/kms/credentials.rb', line 40
def initialize(kms_providers) raise ArgumentError.new('KMS providers options must not be nil') if kms_providers.nil? @credentials_map = {} kms_providers.each do |identifier, opts| identifier_str = identifier.to_s provider_type = KMS.provider_base_type(identifier_str) creds = case provider_type when 'aws' then AWS::Credentials.new(opts) when 'azure' then Azure::Credentials.new(opts) when 'gcp' then GCP::Credentials.new(opts) when 'kmip' then KMIP::Credentials.new(opts) when 'local' then Local::Credentials.new(opts) else raise ArgumentError.new( 'KMS providers options must have one of the following keys: ' \ ':aws, :azure, :gcp, :kmip, :local' ) end @credentials_map[identifier_str] = creds end return unless @credentials_map.empty? raise ArgumentError.new( 'KMS providers options must have one of the following keys: ' \ ':aws, :azure, :gcp, :kmip, :local' ) end
Instance Attribute Details
#any_on_demand? ⇒ Boolean (readonly)
Returns true if any configured provider supports on-demand credential retrieval and has been configured with empty credentials.
# File 'lib/mongo/crypt/kms/credentials.rb', line 102
def any_on_demand? @credentials_map.any? do |identifier, creds| ON_DEMAND_PROVIDERS.include?(KMS.provider_base_type(identifier)) && creds.empty? end end
#credentials_map (readonly)
[ GitHub ]# File 'lib/mongo/crypt/kms/credentials.rb', line 27
attr_reader :credentials_map
Instance Method Details
#aws ⇒ Credentials::AWS | nil
# File 'lib/mongo/crypt/kms/credentials.rb', line 74
def aws @credentials_map['aws'] end
#azure ⇒ Credentials::Azure | nil
# File 'lib/mongo/crypt/kms/credentials.rb', line 79
def azure @credentials_map['azure'] end
#gcp ⇒ Credentials::GCP | nil
# File 'lib/mongo/crypt/kms/credentials.rb', line 84
def gcp @credentials_map['gcp'] end
#kmip ⇒ Credentials::KMIP | nil
# File 'lib/mongo/crypt/kms/credentials.rb', line 89
def kmip @credentials_map['kmip'] end
#local ⇒ Credentials::Local | nil
# File 'lib/mongo/crypt/kms/credentials.rb', line 94
def local @credentials_map['local'] end
#to_document ⇒ BSON::Document
Convert credentials object to a BSON document in libmongocrypt format.
# File 'lib/mongo/crypt/kms/credentials.rb', line 111
def to_document BSON::Document.new.tap do |bson| @credentials_map.each do |identifier, creds| bson[identifier] = creds.to_document end end end