Skip to content

Commit b572600

Browse files
ShaneHarveyShaneHarvey
authored
PYTHON-2012 FLE GA changes (#427)
Silence mongocryptd output, users should provide logging options via mongocryptd_spawn_args instead. Document 'endpoint' support in create_data_key. Document that create_data_key returns a Binary with UUID subtype. Add custom endpoint prose test. Resync encryption spec tests. Check command started events in Data key and double encryption prose test.
1 parent f62c53f commit b572600

25 files changed

+257
-112
lines changed

pymongo/encryption.py

Lines changed: 21 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
"""
2020

2121
import contextlib
22+
import os
2223
import subprocess
2324
import uuid
2425
import weakref
@@ -56,6 +57,7 @@
5657
from pymongo.pool import _configured_socket, PoolOptions
5758
from pymongo.read_concern import ReadConcern
5859
from pymongo.ssl_support import get_ssl_context
60+
from pymongo.uri_parser import parse_host
5961
from pymongo.write_concern import WriteConcern
6062

6163

@@ -110,11 +112,12 @@ def kms_request(self, kms_context):
110112
"""
111113
endpoint = kms_context.endpoint
112114
message = kms_context.message
115+
host, port = parse_host(endpoint, _HTTPS_PORT)
113116
ctx = get_ssl_context(None, None, None, None, None, None, True)
114117
opts = PoolOptions(connect_timeout=_KMS_CONNECT_TIMEOUT,
115118
socket_timeout=_KMS_CONNECT_TIMEOUT,
116119
ssl_context=ctx)
117-
conn = _configured_socket((endpoint, _HTTPS_PORT), opts)
120+
conn = _configured_socket((host, port), opts)
118121
try:
119122
conn.sendall(message)
120123
while kms_context.bytes_needed > 0:
@@ -150,7 +153,9 @@ def spawn(self):
150153
self._spawned = True
151154
args = [self.opts._mongocryptd_spawn_path or 'mongocryptd']
152155
args.extend(self.opts._mongocryptd_spawn_args)
153-
subprocess.Popen(args)
156+
# Silence mongocryptd output, users should pass --logpath.
157+
with open(os.devnull, 'wb') as devnull:
158+
subprocess.Popen(args, stdout=devnull, stderr=devnull)
154159

155160
def mark_command(self, database, cmd):
156161
"""Mark a command for encryption.
@@ -412,15 +417,17 @@ def create_data_key(self, kms_provider, master_key=None,
412417
:Parameters:
413418
- `kms_provider`: The KMS provider to use. Supported values are
414419
"aws" and "local".
415-
- `master_key`: The `master_key` identifies a KMS-specific key used
416-
to encrypt the new data key. If the kmsProvider is "local" the
417-
`master_key` is not applicable and may be omitted.
418-
If the `kms_provider` is "aws", `master_key` is required and must
419-
have the following fields:
420-
421-
- `region` (string): The AWS region as a string.
422-
- `key` (string): The Amazon Resource Name (ARN) to the AWS
423-
customer master key (CMK).
420+
- `master_key`: Identifies a KMS-specific key used to encrypt the
421+
new data key. If the kmsProvider is "local" the `master_key` is
422+
not applicable and may be omitted. If the `kms_provider` is "aws"
423+
it is required and has the following fields::
424+
425+
- `region` (string): Required. The AWS region, e.g. "us-east-1".
426+
- `key` (string): Required. The Amazon Resource Name (ARN) to
427+
the AWS customer.
428+
- `endpoint` (string): Optional. An alternate host to send KMS
429+
requests to. May include port number, e.g.
430+
"kms.us-east-1.amazonaws.com:443".
424431
425432
- `key_alt_names` (optional): An optional list of string alternate
426433
names used to reference a key. If a key is created with alternate
@@ -434,7 +441,9 @@ def create_data_key(self, kms_provider, master_key=None,
434441
algorithm=Algorithm.Random)
435442
436443
:Returns:
437-
The ``_id`` of the created data key document.
444+
The ``_id`` of the created data key document as a
445+
:class:`~bson.binary.Binary` with subtype
446+
:data:`~bson.binary.UUID_SUBTYPE`.
438447
"""
439448
self._check_closed()
440449
with _wrap_encryption_errors():

test/client-side-encryption/spec/aggregate.json

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,6 @@
143143
"command_started_event": {
144144
"command": {
145145
"listCollections": 1,
146-
"cursor": {},
147146
"filter": {
148147
"name": "default"
149148
}
@@ -155,7 +154,6 @@
155154
"command_started_event": {
156155
"command": {
157156
"listCollections": 1,
158-
"cursor": {},
159157
"filter": {
160158
"name": "datakeys"
161159
},
@@ -189,7 +187,10 @@
189187
}
190188
]
191189
},
192-
"$db": "admin"
190+
"$db": "admin",
191+
"readConcern": {
192+
"level": "majority"
193+
}
193194
},
194195
"command_name": "find"
195196
}
@@ -255,7 +256,6 @@
255256
"command_started_event": {
256257
"command": {
257258
"listCollections": 1,
258-
"cursor": {},
259259
"filter": {
260260
"name": "default"
261261
}
@@ -277,7 +277,6 @@
277277
"command_started_event": {
278278
"command": {
279279
"listCollections": 1,
280-
"cursor": {},
281280
"filter": {
282281
"name": "datakeys"
283282
},
@@ -311,7 +310,10 @@
311310
}
312311
]
313312
},
314-
"$db": "admin"
313+
"$db": "admin",
314+
"readConcern": {
315+
"level": "majority"
316+
}
315317
},
316318
"command_name": "find"
317319
}

test/client-side-encryption/spec/basic.json

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,6 @@
137137
"command_started_event": {
138138
"command": {
139139
"listCollections": 1,
140-
"cursor": {},
141140
"filter": {
142141
"name": "default"
143142
}
@@ -149,7 +148,6 @@
149148
"command_started_event": {
150149
"command": {
151150
"listCollections": 1,
152-
"cursor": {},
153151
"filter": {
154152
"name": "datakeys"
155153
},
@@ -183,7 +181,10 @@
183181
}
184182
]
185183
},
186-
"$db": "admin"
184+
"$db": "admin",
185+
"readConcern": {
186+
"level": "majority"
187+
}
187188
},
188189
"command_name": "find"
189190
}
@@ -275,7 +276,6 @@
275276
"command_started_event": {
276277
"command": {
277278
"listCollections": 1,
278-
"cursor": {},
279279
"filter": {
280280
"name": "default"
281281
}
@@ -287,7 +287,6 @@
287287
"command_started_event": {
288288
"command": {
289289
"listCollections": 1,
290-
"cursor": {},
291290
"filter": {
292291
"name": "datakeys"
293292
},
@@ -321,7 +320,10 @@
321320
}
322321
]
323322
},
324-
"$db": "admin"
323+
"$db": "admin",
324+
"readConcern": {
325+
"level": "majority"
326+
}
325327
},
326328
"command_name": "find"
327329
}

test/client-side-encryption/spec/bulk.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -171,7 +171,6 @@
171171
"command_started_event": {
172172
"command": {
173173
"listCollections": 1,
174-
"cursor": {},
175174
"filter": {
176175
"name": "default"
177176
}
@@ -183,7 +182,6 @@
183182
"command_started_event": {
184183
"command": {
185184
"listCollections": 1,
186-
"cursor": {},
187185
"filter": {
188186
"name": "datakeys"
189187
},
@@ -217,7 +215,10 @@
217215
}
218216
]
219217
},
220-
"$db": "admin"
218+
"$db": "admin",
219+
"readConcern": {
220+
"level": "majority"
221+
}
221222
},
222223
"command_name": "find"
223224
}

test/client-side-encryption/spec/bypassAutoEncryption.json

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,10 @@
196196
}
197197
]
198198
},
199-
"$db": "admin"
199+
"$db": "admin",
200+
"readConcern": {
201+
"level": "majority"
202+
}
200203
},
201204
"command_name": "find"
202205
}
@@ -366,7 +369,10 @@
366369
}
367370
]
368371
},
369-
"$db": "admin"
372+
"$db": "admin",
373+
"readConcern": {
374+
"level": "majority"
375+
}
370376
},
371377
"command_name": "find"
372378
}

test/client-side-encryption/spec/count.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,6 @@
142142
"command_started_event": {
143143
"command": {
144144
"listCollections": 1,
145-
"cursor": {},
146145
"filter": {
147146
"name": "default"
148147
}
@@ -154,7 +153,6 @@
154153
"command_started_event": {
155154
"command": {
156155
"listCollections": 1,
157-
"cursor": {},
158156
"filter": {
159157
"name": "datakeys"
160158
},
@@ -188,7 +186,10 @@
188186
}
189187
]
190188
},
191-
"$db": "admin"
189+
"$db": "admin",
190+
"readConcern": {
191+
"level": "majority"
192+
}
192193
},
193194
"command_name": "find"
194195
}

test/client-side-encryption/spec/countDocuments.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,6 @@
143143
"command_started_event": {
144144
"command": {
145145
"listCollections": 1,
146-
"cursor": {},
147146
"filter": {
148147
"name": "default"
149148
}
@@ -155,7 +154,6 @@
155154
"command_started_event": {
156155
"command": {
157156
"listCollections": 1,
158-
"cursor": {},
159157
"filter": {
160158
"name": "datakeys"
161159
},
@@ -189,7 +187,10 @@
189187
}
190188
]
191189
},
192-
"$db": "admin"
190+
"$db": "admin",
191+
"readConcern": {
192+
"level": "majority"
193+
}
193194
},
194195
"command_name": "find"
195196
}

test/client-side-encryption/spec/delete.json

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -144,7 +144,6 @@
144144
"command_started_event": {
145145
"command": {
146146
"listCollections": 1,
147-
"cursor": {},
148147
"filter": {
149148
"name": "default"
150149
}
@@ -156,7 +155,6 @@
156155
"command_started_event": {
157156
"command": {
158157
"listCollections": 1,
159-
"cursor": {},
160158
"filter": {
161159
"name": "datakeys"
162160
},
@@ -190,7 +188,10 @@
190188
}
191189
]
192190
},
193-
"$db": "admin"
191+
"$db": "admin",
192+
"readConcern": {
193+
"level": "majority"
194+
}
194195
},
195196
"command_name": "find"
196197
}
@@ -268,7 +269,6 @@
268269
"command_started_event": {
269270
"command": {
270271
"listCollections": 1,
271-
"cursor": {},
272272
"filter": {
273273
"name": "default"
274274
}
@@ -280,7 +280,6 @@
280280
"command_started_event": {
281281
"command": {
282282
"listCollections": 1,
283-
"cursor": {},
284283
"filter": {
285284
"name": "datakeys"
286285
},
@@ -314,7 +313,10 @@
314313
}
315314
]
316315
},
317-
"$db": "admin"
316+
"$db": "admin",
317+
"readConcern": {
318+
"level": "majority"
319+
}
318320
},
319321
"command_name": "find"
320322
}

test/client-side-encryption/spec/distinct.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,6 @@
154154
"command_started_event": {
155155
"command": {
156156
"listCollections": 1,
157-
"cursor": {},
158157
"filter": {
159158
"name": "default"
160159
}
@@ -166,7 +165,6 @@
166165
"command_started_event": {
167166
"command": {
168167
"listCollections": 1,
169-
"cursor": {},
170168
"filter": {
171169
"name": "datakeys"
172170
},
@@ -200,7 +198,10 @@
200198
}
201199
]
202200
},
203-
"$db": "admin"
201+
"$db": "admin",
202+
"readConcern": {
203+
"level": "majority"
204+
}
204205
},
205206
"command_name": "find"
206207
}

0 commit comments

Comments
 (0)