Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-473

Recognize Azure Automatic KMS Requests

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Unknown Unknown
    • 1.6.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed

      Summary

      A new special form of kmsProviders.azure can be used to indicate a request for automatic credentials based on a VM's managed identity.

      Motivation

      Who is the affected end user?

      libmongocrypt consumers

      How does this affect the end user?

      Support for disambiguating between a VM with multiple managed identities requires that parameters be given to the automatic KMS credentials request.

      How likely is it that this problem or use case will occur?

      Only Azure users that use multiple assigned managed identities on an Azure VM will need to disambiguate the KMS request. By default, a VM only has a single unambiguous managed identity.

      If the problem does occur, what are the consequences and how severe are they?

      The disambiguation parameters are requires by the Azure metadata server if the VM has more than one managed identity. If these are omitted, the accessToken will fail to generate and automatic KMS credentials will fail.

      Is this issue urgent?

      TBD

      Is this ticket required by a downstream team?

      No

      Is this ticket only for tests?

      No

            Assignee:
            colby.pike@mongodb.com Colby Pike
            Reporter:
            colby.pike@mongodb.com Colby Pike
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: