Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-5917

AWS SDK returns extra fields not valid for KMS providers

    • 3
    • 0
    • Not Needed
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      What problem are you facing?

      The AWS SDK when fetching credentials returns an extra "expiration" field which is invalid to pass to libmongocrypt and also not defined in the spec. The only valid fields to pass are accessKeyId, secretAccessKey, and sessionToken.

      What driver and relevant dependency versions are you using?

      Latest

      Steps to reproduce?

      • Create a new ClientEncryption with empty aws: {} options for kmsProviders to allow the SDK to fetch the credentials.
      • Will fail with a MongoCryptError: Unexpected field: 'expiration'

      AC:

      • When loading the credentials from the SDK, if an expiration field is present then remove it.
      • Investigate if we need to do more around potential refresh cases.

        There are no Sub-Tasks for this issue.

            Assignee:
            bailey.pearson@mongodb.com Bailey Pearson
            Reporter:
            durran.jordan@mongodb.com Durran Jordan
            Votes:
            1 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: