Class: Mongo::Crypt::AutoEncrypter Private
- Inherits:
-
Object
- Object
- Mongo::Crypt::AutoEncrypter
- Defined in:
- build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
An AutoEcnrypter is an object that encapsulates the behavior of automatic encryption. It controls all resources associated with auto-encryption, including the libmongocrypt handle, key vault client object, mongocryptd client object, and encryption I/O.
The AutoEncrypter is kept as an instance on a Mongo::Client. Client objects with the same auto_encryption_options Hash may share AutoEncrypters.
Constant Summary collapse
- DEFAULT_EXTRA_OPTIONS =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
A Hash of default values for the :extra_options option
Options::Redacted.new({ mongocryptd_uri: 'mongodb://localhost:27020', mongocryptd_bypass_spawn: false, mongocryptd_spawn_path: 'mongocryptd', mongocryptd_spawn_args: ['--idleShutdownTimeoutSecs=60'], })
Instance Attribute Summary collapse
- #key_vault_client ⇒ Object readonly private
- #metadata_client ⇒ Object readonly private
- #mongocryptd_client ⇒ Object readonly private
- #options ⇒ Object readonly private
Instance Method Summary collapse
-
#close ⇒ true
private
Close the resources created by the AutoEncrypter.
-
#decrypt(command) ⇒ BSON::Document
private
Decrypt a database command.
-
#encrypt(database_name, command) ⇒ BSON::Document
private
Encrypt a database command.
-
#encrypt? ⇒ Boolean
private
Whether this encrypter should perform encryption (returns false if the :bypass_auto_encryption option is set to true).
-
#initialize(options) ⇒ AutoEncrypter
constructor
private
Set up encryption-related options and instance variables on the class that includes this module.
Constructor Details
#initialize(options) ⇒ AutoEncrypter
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set up encryption-related options and instance variables on the class that includes this module. Calls the same method on the Mongo::Crypt::Encrypter module.
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 93 def initialize() Crypt.validate_ffi! # Note that this call may eventually, via other method invocations, # create additional clients which have to be cleaned up. @options = ().freeze @crypt_handle = Crypt::Handle.new( Crypt::KMS::Credentials.new(@options[:kms_providers]), Crypt::KMS::Validations.(@options[:kms_tls_options]), schema_map: @options[:schema_map], schema_map_path: @options[:schema_map_path], encrypted_fields_map: @options[:encrypted_fields_map], bypass_query_analysis: @options[:bypass_query_analysis], crypt_shared_lib_path: @options[:extra_options][:crypt_shared_lib_path], crypt_shared_lib_required: @options[:extra_options][:crypt_shared_lib_required], ) @mongocryptd_options = @options[:extra_options].slice( :mongocryptd_uri, :mongocryptd_bypass_spawn, :mongocryptd_spawn_path, :mongocryptd_spawn_args ) @mongocryptd_options[:mongocryptd_bypass_spawn] = @options[:bypass_auto_encryption] || @options[:extra_options][:mongocryptd_bypass_spawn] || @crypt_handle.crypt_shared_lib_available? || @options[:extra_options][:crypt_shared_lib_required] unless @options[:extra_options][:crypt_shared_lib_required] || @crypt_handle.crypt_shared_lib_available? || @options[:bypass_query_analysis] # Set server selection timeout to 1 to prevent the client waiting for a # long timeout before spawning mongocryptd @mongocryptd_client = Client.new( @options[:extra_options][:mongocryptd_uri], monitoring_io: @options[:client].[:monitoring_io], populator_io: @options[:client].[:populator_io], server_selection_timeout: 10, database: @options[:client].[:database] ) end begin @encryption_io = EncryptionIO.new( client: @options[:client], mongocryptd_client: @mongocryptd_client, key_vault_namespace: @options[:key_vault_namespace], key_vault_client: @key_vault_client, metadata_client: @metadata_client, mongocryptd_options: @mongocryptd_options ) rescue begin @mongocryptd_client&.close rescue => e log_warn("Error closing mongocryptd client in auto encrypter's constructor: #{e.class}: #{e}") # Drop this exception so that the original exception is raised end raise end rescue if @key_vault_client && @key_vault_client != [:client] && @key_vault_client.cluster != [:client].cluster then begin @key_vault_client.close rescue => e log_warn("Error closing key vault client in auto encrypter's constructor: #{e.class}: #{e}") # Drop this exception so that the original exception is raised end end if @metadata_client && @metadata_client != [:client] && @metadata_client.cluster != [:client].cluster then begin @metadata_client.close rescue => e log_warn("Error closing metadata client in auto encrypter's constructor: #{e.class}: #{e}") # Drop this exception so that the original exception is raised end end raise end |
Instance Attribute Details
#key_vault_client ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
34 35 36 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 34 def key_vault_client @key_vault_client end |
#metadata_client ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
35 36 37 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 35 def @metadata_client end |
#mongocryptd_client ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
33 34 35 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 33 def mongocryptd_client @mongocryptd_client end |
#options ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
36 37 38 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 36 def @options end |
Instance Method Details
#close ⇒ true
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Close the resources created by the AutoEncrypter.
217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 217 def close @mongocryptd_client.close if @mongocryptd_client if @key_vault_client && @key_vault_client != [:client] && @key_vault_client.cluster != [:client].cluster then @key_vault_client.close end if @metadata_client && @metadata_client != [:client] && @metadata_client.cluster != [:client].cluster then @metadata_client.close end true end |
#decrypt(command) ⇒ BSON::Document
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Decrypt a database command.
206 207 208 209 210 211 212 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 206 def decrypt(command) AutoDecryptionContext.new( @crypt_handle, @encryption_io, command ).run_state_machine end |
#encrypt(database_name, command) ⇒ BSON::Document
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Encrypt a database command.
192 193 194 195 196 197 198 199 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 192 def encrypt(database_name, command) AutoEncryptionContext.new( @crypt_handle, @encryption_io, database_name, command ).run_state_machine end |
#encrypt? ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Whether this encrypter should perform encryption (returns false if the :bypass_auto_encryption option is set to true).
181 182 183 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/auto_encrypter.rb', line 181 def encrypt? !@options[:bypass_auto_encryption] end |