Module: Mongo::Crypt::KMS::Validations Private

Included in:
AWS::Credentials, AWS::MasterKeyDocument, Azure::Credentials, Azure::MasterKeyDocument, GCP::Credentials, GCP::MasterKeyDocument, KMIP::Credentials, KMIP::MasterKeyDocument, Local::Credentials
Defined in:
lib/mongo/crypt/kms.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

This module contains helper methods for validating KMS parameters.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.validate_tls_options(options) ⇒ Hash

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Validate KMS TLS options.

Parameters:

  • options (Hash | nil)

    TLS options to connect to KMS providers. Keys of the hash should be KSM provider names; values should be hashes of TLS connection options. The options are equivalent to TLS connection options of Mongo::Client.

Returns:

  • (Hash)

    Provided TLS options if valid.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'lib/mongo/crypt/kms.rb', line 87

def validate_tls_options(options)
  opts = options || {}
  opts.each do |provider, provider_opts|
    if provider_opts[:ssl] == false || opts[:tls] == false
      raise ArgumentError.new(
        "Incorrect TLS options for #{provider}: TLS is required"
      )
    end
    %i(
      ssl_verify_certificate
      ssl_verify_hostname
    ).each do |opt|
      if provider_opts[opt] == false
        raise ArgumentError.new(
          "Incorrect TLS options for #{provider}: " +
          'Insecure TLS options prohibited, ' +
          "#{opt} cannot be set to false for KMS"
        )
      end
    end
  end
  opts
end

Instance Method Details

#validate_param(key, opts, format_hint, required: true) ⇒ String | nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Validate if a KMS parameter is valid.

Parameters:

  • key (Symbol)

    The parameter name.

  • opts (Hash)

    Hash should contain the parameter under the key.

  • required (Boolean) (defaults to: true)

    Whether the parameter is required or not. Non-required parameters can be nil.

Returns:

  • (String | nil)

    String parameter value or nil if a non-required parameter is missing.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/mongo/crypt/kms.rb', line 43

def validate_param(key, opts, format_hint, required: true)
  value = opts.fetch(key)
  return nil if value.nil? && !required
  if value.nil?
    raise ArgumentError.new(
      "The #{key} option must be a String with at least one character; " \
      "currently have nil"
    )
  end
  unless value.is_a?(String)
    raise ArgumentError.new(
      "The #{key} option must be a String with at least one character; " \
      "currently have #{value}"
    )
  end
  if value.empty?
    raise ArgumentError.new(
      "The #{key} option must be a String with at least one character; " \
      "it is currently an empty string"
    )
  end
  value
rescue KeyError
  if required
    raise ArgumentError.new(
      "The specified KMS provider options are invalid: #{opts}. " +
      format_hint
    )
  else
    nil
  end
end