-
Type: Improvement
-
Resolution: Fixed
-
Priority: Minor - P4
-
Affects Version/s: None
-
Component/s: None
-
None
-
Not Needed
Scope
- If mongocrypt_setopt_use_need_kms_credentials_state has not been called, reject an empty KMS provider (e.g. "aws: {}" or "local: {}") in mongocrypt_setopt_kms_providers.
Background & Motivation
MONGOCRYPT-382 and MONGOCRYPT-394 added support for supplying KMS providers on-demand. Drivers opt-in to this behavior with mongocrypt_setopt_use_need_kms_credentials_state. If mongocrypt_setopt_use_need_kms_credentials_state is not called, configuring an empty KMS provider has no hope at succeeding when used. It may be preferable to error earlier.