feat(NODE-7046): remove AWS uri/options support #4689
Conversation
durran
changed the title
dariakp
added
the
Primary Review
| if (isAws) { | ||
| const { username, password } = mongoOptions.credentials; | ||
| if (username || password) { | ||
| throw new MongoParseError( |
There was a problem hiding this comment.
Since we're trying to move away from using MongoParseError for options that we are able to read but that happen to be invalid (see NODE-4015), can we go with MongoAPIError for both of the new instances here?
| ); | ||
| } | ||
| if (mongoOptions.credentials.mechanismProperties.AWS_SESSION_TOKEN) { | ||
| throw new MongoParseError('AWS_SESSION_TOKEN cannot be provided when using MONGODB-AWS'); |
There was a problem hiding this comment.
can we update both of these messages to hint at the correct way to provide the credentials?
| } | ||
| } | ||
| }, | ||
| { |
There was a problem hiding this comment.
bookmark for corresponding spec update
| mechanism: MONGODB-AWS | ||
| mechanism_properties: | ||
| AWS_SESSION_TOKEN: token!@#$%^&*()_+ | ||
| - description: should throw an exception if username provided (MONGODB-AWS) |
There was a problem hiding this comment.
bookmark for corresponding spec update
| for (const test of suite.tests) { | ||
| it(`${test.description}`, function () { | ||
| if (SKIP.includes(test.description)) { | ||
| this.test.skipReason = `NODE-7046: ${test.description}`; |
There was a problem hiding this comment.
bookmark for the deletion ticket (once the DRIVERS ticket is filed, we can generate the language tickets and then add the NODE ticket reference here)
| import { executeUriValidationTest } from '../../tools/uri_spec_runner'; | ||
|
|
||
| const SKIP = [ | ||
| 'should throw an exception if username and no password (MONGODB-AWS)', |
There was a problem hiding this comment.
I suspect we can leave this one unskipped, since it should continue to fail (albeit for a different reason), but no strong preference since we should get the same coverage from the newly added test
Description
Removes the ability to provide credentials when using MONGODB-AWS authentication.
Summary of Changes
Notes for Reviewers
I made AWS_SESSION_TOKEN internal instead of removing it completely as we still use that object and property internally when fetching credentials.
What is the motivation for this change?
NODE-7046/DRIVERS-3131
Release Highlight
Explicitly Provided Credentials No Longer Accepted With MONGODB-AWS Authentication
AWS environments (such as AWS Lambda) do not have credentials that are permanent and expire within a set amount of time. Providing credentials in the URI or options would mandate that those credentials would be valid for the life of the
MongoClient, which is problematic. With this change, the installed required AWS SDK will now fetch credentials using the environment, endpoints, or a custom credential provider.This means that for AWS authentication, all client URIs MUST now be specified as:
Double check the following
npm run check:lint)type(NODE-xxxx)[!]: descriptionfeat(NODE-1234)!: rewriting everything in coffeescript