123456789_123456789_123456789_123456789_123456789_

Class: Mongo::Crypt::KMS::Credentials Private

Relationships & Source Files
Inherits: Object
Defined in: lib/mongo/crypt/kms/credentials.rb

Overview

::Mongo::Crypt::KMS Credentials object contains credentials for using ::Mongo::Crypt::KMS providers.

Constant Summary

Class Method Summary

Instance Attribute Summary

  • #any_on_demand? ⇒ Boolean readonly Internal use only

    Returns true if any configured provider supports on-demand credential retrieval and has been configured with empty credentials.

  • #credentials_map readonly Internal use only

Instance Method Summary

Constructor Details

.new(kms_providers) ⇒ Credentials

Note:

There may be more than one ::Mongo::Crypt::KMS provider specified.

Creates a ::Mongo::Crypt::KMS credentials object from a parameters hash.

Parameters:

  • kms_providers (Hash)

    A hash that contains credentials for ::Mongo::Crypt::KMS providers. Keys may be provider types (:aws, :local, etc.) or named provider identifiers ("aws:name1", "local:name2", etc.). Values are hashes of credentials for the corresponding provider type.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 40

def initialize(kms_providers)
  raise ArgumentError.new('KMS providers options must not be nil') if kms_providers.nil?

  @credentials_map = {}

  kms_providers.each do |identifier, opts|
    identifier_str = identifier.to_s
    provider_type = KMS.provider_base_type(identifier_str)

    creds = case provider_type
            when 'aws' then AWS::Credentials.new(opts)
            when 'azure' then Azure::Credentials.new(opts)
            when 'gcp' then GCP::Credentials.new(opts)
            when 'kmip' then KMIP::Credentials.new(opts)
            when 'local' then Local::Credentials.new(opts)
            else
              raise ArgumentError.new(
                'KMS providers options must have one of the following keys: ' \
                ':aws, :azure, :gcp, :kmip, :local'
              )
            end

    @credentials_map[identifier_str] = creds
  end

  return unless @credentials_map.empty?

  raise ArgumentError.new(
    'KMS providers options must have one of the following keys: ' \
    ':aws, :azure, :gcp, :kmip, :local'
  )
end

Instance Attribute Details

#any_on_demand?Boolean (readonly)

Returns true if any configured provider supports on-demand credential retrieval and has been configured with empty credentials.

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 102

def any_on_demand?
  @credentials_map.any? do |identifier, creds|
    ON_DEMAND_PROVIDERS.include?(KMS.provider_base_type(identifier)) && creds.empty?
  end
end

#credentials_map (readonly)

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 27

attr_reader :credentials_map

Instance Method Details

#awsCredentials::AWS | nil

Returns:

  • (Credentials::AWS | nil)

    AWS KMS credentials (unnamed provider only).

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 74

def aws
  @credentials_map['aws']
end

#azureCredentials::Azure | nil

Returns:

  • (Credentials::Azure | nil)

    Azure KMS credentials (unnamed provider only).

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 79

def azure
  @credentials_map['azure']
end

#gcpCredentials::GCP | nil

Returns:

  • (Credentials::GCP | nil)

    GCP KMS credentials (unnamed provider only).

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 84

def gcp
  @credentials_map['gcp']
end

#kmipCredentials::KMIP | nil

Returns:

  • (Credentials::KMIP | nil)

    KMIP KMS credentials (unnamed provider only).

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 89

def kmip
  @credentials_map['kmip']
end

#localCredentials::Local | nil

Returns:

  • (Credentials::Local | nil)

    Local KMS credentials (unnamed provider only).

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 94

def local
  @credentials_map['local']
end

#to_documentBSON::Document

Convert credentials object to a BSON document in libmongocrypt format.

Returns:

  • (BSON::Document)

    Credentials as BSON document.

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/credentials.rb', line 111

def to_document
  BSON::Document.new.tap do |bson|
    @credentials_map.each do |identifier, creds|
      bson[identifier] = creds.to_document
    end
  end
end