Skip to content

fix(NODE-5053): enforce empty map for kmsProvider auto credentials #565

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 10, 2023
Merged

fix(NODE-5053): enforce empty map for kmsProvider auto credentials #565

merged 6 commits into from
Feb 10, 2023

Conversation

nbbeeken
Copy link
Contributor

@nbbeeken nbbeeken commented Feb 8, 2023
edited
Loading

Description

What is changing?

We strictly check for an existing object but with zero keys for a kmsProviders credentials before attempting auto fetching.

Is there new documentation needed for these changes?

Yes, this could be surprising to existing AWS users that were able to leave kmsProviders empty. They need to provide an 'aws' key set to {}

What is the motivation for this change?

The kmsProviders settings needs to have a key that exists but is set to an empty object in order to enable auto obtaining credentials. Otherwise future credential providers will both be obtained without actually requesting it.

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@nbbeeken nbbeeken marked this pull request as ready for review February 8, 2023 21:16
@durran durran self-assigned this Feb 8, 2023
addaleax
addaleax approved these changes Feb 9, 2023
View reviewed changes
bindings/node/lib/credentialsProvider.js
);
}

let awsCredentialProviders = null;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw, it is so nice that this package does dependency injection for the driver package – It might even be worth adapting that to this dependency as well … :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How come you think this is a beneficial pattern? The DI for the driver is something I've wanted to remove for a while

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, from a very practical point, it’s just a necessity in cases where the driver is bundled into something but this package isn’t (which would be common in bundling scenarios given that this package is a native addon package).

But also just philosophically (and I’m pretty sure you already know this), I think DI is a great design pattern that solves more issues than it creates 🙂

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to clarify, this thought is not directly related to the changes in this PR and should absolutely not block it :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should consider this though, using it for testing too could be 🔥

For GCP we don't plan to use an SDK (and likely not for azure either) so this would only be for AWS but still, valid use case even for one dep.

@nbbeeken nbbeeken added the javascript Pull requests that update Javascript code label Feb 9, 2023
durran
durran requested changes Feb 9, 2023
View reviewed changes
@nbbeeken nbbeeken requested a review from durran February 9, 2023 17:59
@dariakp dariakp added the js-team-review Needs final review from Node.js team label Feb 9, 2023
@durran durran merged commit e54af10 into master Feb 10, 2023
@durran durran deleted the NODE-5053-fix-aws-auto-provider branch February 10, 2023 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@addaleax addaleax addaleax approved these changes

@durran durran durran approved these changes

@baileympearson baileympearson Awaiting requested review from baileympearson

@dariakp dariakp Awaiting requested review from dariakp

Assignees

@durran durran

Labels
javascript Pull requests that update Javascript code js-team-review Needs final review from Node.js team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nbbeeken @durran @addaleax @baileympearson @dariakp