123456789_123456789_123456789_123456789_123456789_

Module: Mongo::Crypt::KMS::Validations Private

Do not use. This module is for internal use only.

Overview

This module contains helper methods for validating ::Mongo::Crypt::KMS parameters.

Class Method Summary

Instance Method Summary

Class Method Details

.validate_tls_options(options) ⇒ Hash (mod_func)

Validate KMS TLS options.

Parameters:

  • options (Hash | nil)

    TLS options to connect to ::Mongo::Crypt::KMS providers. Keys of the hash should be KSM provider names; values should be hashes of TLS connection options. The options are equivalent to TLS connection options of ::Mongo::Client.

Returns:

  • (Hash)

    Provided TLS options if valid.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.

[ GitHub ] 

  


# File 'lib/mongo/crypt/kms.rb', line 87



def validate_tls_options(options)
  opts = options || {}
  opts.each do |provider, provider_opts|
    if provider_opts[:ssl] == false || opts[:tls] == false
      raise ArgumentError.new(
        "Incorrect TLS options for #{provider}: TLS is required"
      )
    end
    %i(
      ssl_verify_certificate
      ssl_verify_hostname
    ).each do |opt|
      if provider_opts[opt] == false
        raise ArgumentError.new(
          "Incorrect TLS options for #{provider}: " +
          'Insecure TLS options prohibited, ' +
          "#{opt} cannot be set to false for KMS"
        )
      end
    end
  end
  opts
end


  







Instance Method Details



  

    #validate_param(key, opts, format_hint, required: true)  ⇒ String | nil 
  



  

    

Validate if a ::Mongo::Crypt::KMS parameter is valid.


  





  
Parameters:


    
  
  • 
    key
    (Symbol)
    

    The parameter name.
    

    
  
    • 
  
  • 
    opts
    (Hash)
    

    Hash should contain the parameter under the key.
    

    
  
    • 
  
  • 
    required
    (Boolean)
    

    Whether the parameter is required or not. Non-required parameters can be nil.
    

    
  
    • 



Returns:


    
  
  • 
    (String | nil)
    

    String parameter value or nil if a non-required parameter is missing.
    

    
  
    • 



Raises:


    
  
  • 
    (ArgumentError)
    

    If required options are missing or incorrectly formatted.
    

    
  
    • 





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/kms.rb', line 43



def validate_param(key, opts, format_hint, required: true)
  value = opts.fetch(key)
  return nil if value.nil? && !required
  if value.nil?
    raise ArgumentError.new(
      "The #{key} option must be a String with at least one character; " \
      "currently have nil"
    )
  end
  unless value.is_a?(String)
    raise ArgumentError.new(
      "The #{key} option must be a String with at least one character; " \
      "currently have #{value}"
    )
  end
  if value.empty?
    raise ArgumentError.new(
      "The #{key} option must be a String with at least one character; " \
      "it is currently an empty string"
    )
  end
  value
rescue KeyError
  if required
    raise ArgumentError.new(
      "The specified KMS provider options are invalid: #{opts}. " +
      format_hint
    )
  else
    nil
  end
end