Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
mongodb-client-encryption
Advanced tools
mongodb-client-encryption - npm Package Compare versions
Comparing version 2.5.0 to 2.6.0-alpha.0
@@ -5,2 +5,4 @@ # Changelog | ||
| ## [2.6.0-alpha.0](https://github.com/mongodb/libmongocrypt/compare/node-v2.5.0...node-v2.6.0-alpha.0) (2023-02-16) | ||
| ## [2.5.0](https://github.com/mongodb/libmongocrypt/compare/node-v2.4.0...node-v2.5.0) (2023-02-06) | ||
@@ -7,0 +9,0 @@ |
135
index.d.ts
@@ -106,19 +106,21 @@ import type { | ||
| */ | ||
| aws?: { | ||
| /** | ||
| * The access key used for the AWS KMS provider | ||
| */ | ||
| accessKeyId: string; | ||
| aws?: | ||
| | { | ||
| /** | ||
| * The access key used for the AWS KMS provider | ||
| */ | ||
| accessKeyId: string; | ||
| /** | ||
| * The secret access key used for the AWS KMS provider | ||
| */ | ||
| secretAccessKey: string; | ||
| /** | ||
| * The secret access key used for the AWS KMS provider | ||
| */ | ||
| secretAccessKey: string; | ||
| /** | ||
| * An optional AWS session token that will be used as the | ||
| * X-Amz-Security-Token header for AWS requests. | ||
| */ | ||
| sessionToken?: string; | ||
| }; | ||
| /** | ||
| * An optional AWS session token that will be used as the | ||
| * X-Amz-Security-Token header for AWS requests. | ||
| */ | ||
| sessionToken?: string; | ||
| } | ||
| | Record<string, never>; | ||
@@ -151,26 +153,33 @@ /** | ||
| */ | ||
| azure?: { | ||
| /** | ||
| * The tenant ID identifies the organization for the account | ||
| */ | ||
| tenantId: string; | ||
| azure?: | ||
| | { | ||
| /** | ||
| * The tenant ID identifies the organization for the account | ||
| */ | ||
| tenantId: string; | ||
| /** | ||
| * The client ID to authenticate a registered application | ||
| */ | ||
| clientId: string; | ||
| /** | ||
| * The client ID to authenticate a registered application | ||
| */ | ||
| clientId: string; | ||
| /** | ||
| * The client secret to authenticate a registered application | ||
| */ | ||
| clientSecret: string; | ||
| /** | ||
| * The client secret to authenticate a registered application | ||
| */ | ||
| clientSecret: string; | ||
| /** | ||
| * If present, a host with optional port. E.g. "example.com" or "example.com:443". | ||
| * This is optional, and only needed if customer is using a non-commercial Azure instance | ||
| * (e.g. a government or China account, which use different URLs). | ||
| * Defaults to "login.microsoftonline.com" | ||
| */ | ||
| identityPlatformEndpoint?: string | undefined; | ||
| }; | ||
| /** | ||
| * If present, a host with optional port. E.g. "example.com" or "example.com:443". | ||
| * This is optional, and only needed if customer is using a non-commercial Azure instance | ||
| * (e.g. a government or China account, which use different URLs). | ||
| * Defaults to "login.microsoftonline.com" | ||
| */ | ||
| identityPlatformEndpoint?: string | undefined; | ||
| } | ||
| | { | ||
| /** | ||
| * If present, an access token to authenticate with Azure. | ||
| */ | ||
| accessToken: string; | ||
| }; | ||
@@ -180,19 +189,27 @@ /** | ||
| */ | ||
| gcp?: { | ||
| /** | ||
| * The service account email to authenticate | ||
| */ | ||
| email: string; | ||
| gcp?: | ||
| | { | ||
| /** | ||
| * The service account email to authenticate | ||
| */ | ||
| email: string; | ||
| /** | ||
| * A PKCS#8 encrypted key. This can either be a base64 string or a binary representation | ||
| */ | ||
| privateKey: string | Buffer; | ||
| /** | ||
| * A PKCS#8 encrypted key. This can either be a base64 string or a binary representation | ||
| */ | ||
| privateKey: string | Buffer; | ||
| /** | ||
| * If present, a host with optional port. E.g. "example.com" or "example.com:443". | ||
| * Defaults to "oauth2.googleapis.com" | ||
| */ | ||
| endpoint?: string | undefined; | ||
| }; | ||
| /** | ||
| * If present, a host with optional port. E.g. "example.com" or "example.com:443". | ||
| * Defaults to "oauth2.googleapis.com" | ||
| */ | ||
| endpoint?: string | undefined; | ||
| } | ||
| | { | ||
| /** | ||
| * If present, an access token to authenticate with GCP. | ||
| */ | ||
| accessToken: string; | ||
| } | ||
| | Record<string, never>; | ||
| } | ||
@@ -550,7 +567,13 @@ | ||
| */ | ||
| createEncryptedCollection<TSchema extends Document = Document>(db: Db, name: string, options: { | ||
| provider: ClientEncryptionDataKeyProvider; | ||
| createCollectionOptions: Omit<CreateCollectionOptions, 'encryptedFields'> & { encryptedFields: Document }; | ||
| masterKey?: AWSEncryptionKeyOptions | AzureEncryptionKeyOptions | GCPEncryptionKeyOptions; | ||
| }): Promise<{ collection: Collection<TSchema>, encryptedFields: Document }>; | ||
| createEncryptedCollection<TSchema extends Document = Document>( | ||
| db: Db, | ||
| name: string, | ||
| options: { | ||
| provider: ClientEncryptionDataKeyProvider; | ||
| createCollectionOptions: Omit<CreateCollectionOptions, 'encryptedFields'> & { | ||
| encryptedFields: Document; | ||
| }; | ||
| masterKey?: AWSEncryptionKeyOptions | AzureEncryptionKeyOptions | GCPEncryptionKeyOptions; | ||
| } | ||
| ): Promise<{ collection: Collection<TSchema>; encryptedFields: Document }>; | ||
@@ -557,0 +580,0 @@ /** |
| 'use strict'; | ||
| let awsCredentialProviders = null; | ||
| /** | ||
| * Load cloud provider credentials for the user provided KMS providers. | ||
| * Credentials will only attempt to get loaded if they do not exist | ||
| * and no existing credentials will get overwritten. | ||
| * @ignore | ||
| * Auto credential fetching should only occur when the provider is defined on the kmsProviders map | ||
| * and the settings are an empty object. | ||
| * | ||
| * @param {Object} kmsProviders - The user provided KMS providers. | ||
| * @returns {Promise} The new kms providers. | ||
| * This is distinct from a nullish provider key. | ||
| * | ||
| * @ignore | ||
| * @param {string} provider | ||
| * @param {object} kmsProviders | ||
| */ | ||
| async function loadCredentials(kmsProviders) { | ||
| function isEmptyCredentials(provider, kmsProviders) { | ||
| return ( | ||
| provider in kmsProviders && | ||
| kmsProviders[provider] != null && | ||
| typeof kmsProviders[provider] === 'object' && | ||
| Object.keys(kmsProviders[provider]).length === 0 | ||
| ); | ||
| } | ||
| let awsCredentialProviders = null; | ||
| /** @ignore */ | ||
| async function loadAWSCredentials(kmsProviders) { | ||
| if (awsCredentialProviders == null) { | ||
@@ -25,11 +34,8 @@ try { | ||
| if (awsCredentialProviders != null) { | ||
| const aws = kmsProviders.aws; | ||
| if (!aws || Object.keys(aws).length === 0) { | ||
| const { fromNodeProviderChain } = awsCredentialProviders; | ||
| const provider = fromNodeProviderChain(); | ||
| // The state machine is the only place calling this so it will | ||
| // catch if there is a rejection here. | ||
| const awsCreds = await provider(); | ||
| return { ...kmsProviders, aws: awsCreds }; | ||
| } | ||
| const { fromNodeProviderChain } = awsCredentialProviders; | ||
| const provider = fromNodeProviderChain(); | ||
| // The state machine is the only place calling this so it will | ||
| // catch if there is a rejection here. | ||
| const aws = await provider(); | ||
| return { ...kmsProviders, aws }; | ||
| } | ||
@@ -40,2 +46,47 @@ | ||
| module.exports = { loadCredentials }; | ||
| let gcpMetadata = null; | ||
| /** @ignore */ | ||
| async function loadGCPCredentials(kmsProviders) { | ||
| if (gcpMetadata == null) { | ||
| try { | ||
| // Ensure you always wrap an optional require in the try block NODE-3199 | ||
| gcpMetadata = require('gcp-metadata'); | ||
| // eslint-disable-next-line no-empty | ||
| } catch {} | ||
| } | ||
| if (gcpMetadata != null) { | ||
| const { access_token: accessToken } = await gcpMetadata.instance({ | ||
| property: 'service-accounts/default/token' | ||
| }); | ||
| return { ...kmsProviders, gcp: { accessToken } }; | ||
| } | ||
| return kmsProviders; | ||
| } | ||
| /** | ||
| * Load cloud provider credentials for the user provided KMS providers. | ||
| * Credentials will only attempt to get loaded if they do not exist | ||
| * and no existing credentials will get overwritten. | ||
| * | ||
| * @param {object} kmsProviders - The user provided KMS providers. | ||
| * @returns {Promise} The new kms providers. | ||
| * | ||
| * @ignore | ||
| */ | ||
| async function loadCredentials(kmsProviders) { | ||
| let finalKMSProviders = kmsProviders; | ||
| if (isEmptyCredentials('aws', kmsProviders)) { | ||
| finalKMSProviders = await loadAWSCredentials(finalKMSProviders); | ||
| } | ||
| if (isEmptyCredentials('gcp', kmsProviders)) { | ||
| finalKMSProviders = await loadGCPCredentials(finalKMSProviders); | ||
| } | ||
| return finalKMSProviders; | ||
| } | ||
| module.exports = { loadCredentials, isEmptyCredentials }; |
| { | ||
| "name": "mongodb-client-encryption", | ||
| "version": "2.5.0", | ||
| "version": "2.6.0-alpha.0", | ||
| "description": "Official client encryption module for the MongoDB Node.js driver", | ||
@@ -67,2 +67,3 @@ "main": "lib/index.js", | ||
| "@aws-sdk/credential-providers": "^3.186.0", | ||
| "gcp-metadata": "^5.2.0", | ||
| "mongodb": ">=3.4.0" | ||
@@ -73,2 +74,5 @@ }, | ||
| "optional": true | ||
| }, | ||
| "gcp-metadata": { | ||
| "optional": true | ||
| } | ||
@@ -75,0 +79,0 @@ }, |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.08%
201318
- Lines of code
- increased by2.63%
2612
Worsened metrics
- Dependency count
- increased by16.67%
7
- Number of low quality alerts
- increased by100%
2
No dependency changes