Module: Mongo::Crypt::KMS::Validations Private

Included in:: AWS::Credentials, AWS::MasterKeyDocument, Azure::Credentials, Azure::MasterKeyDocument, GCP::Credentials, GCP::MasterKeyDocument, KMIP::Credentials, KMIP::MasterKeyDocument, Local::Credentials

Defined in:: lib/mongo/crypt/kms.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

This module contains helper methods for validating KMS parameters.

Class Method Summary collapse

.validate_tls_options(options) ⇒ Hash private

Validate KMS TLS options.

Instance Method Summary collapse

#validate_param(key, opts, format_hint, required: true) ⇒ String | nil private

Validate if a KMS parameter is valid.

Class Method Details

.validate_tls_options(options) ⇒ `Hash`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Validate KMS TLS options.

Raises:

(ArgumentError) —

If required options are missing or incorrectly formatted.

# File 'lib/mongo/crypt/kms.rb', line 87

def validate_tls_options(options)
  opts = options || {}
  opts.each do |provider, provider_opts|
    if provider_opts[:ssl] == false || opts[:tls] == false
      raise ArgumentError.new(
        "Incorrect TLS options for #{provider}: TLS is required"
      )
    end
    %i(
      ssl_verify_certificate
      ssl_verify_hostname
    ).each do |opt|
      if provider_opts[opt] == false
        raise ArgumentError.new(
          "Incorrect TLS options for #{provider}: " +
          'Insecure TLS options prohibited, ' +
          "#{opt} cannot be set to false for KMS"
        )
      end
    end
  end
  opts
end

Instance Method Details

#validate_param(key, opts, format_hint, required: true) ⇒ `String | nil`