RUST-1442 On-demand Azure KMS credentials #872
Conversation
abr-egn
force-pushed
the
RUST-1442/azure-kms
branch
from
ed874e7 to
342a09e
Compare
| @@ -65,6 +65,9 @@ bson-uuid-1 = ["bson/uuid-1"] | |||
| # This can only be used with the tokio-runtime feature flag. | |||
| aws-auth = ["reqwest"] | |||
|
|
|||
| # Enable support for on-demand Azure KMS credentials. | |||
There was a problem hiding this comment.
Can we add a note here that this can only be used with tokio (similar to above)? It's a bummer that we need to add a new feature flag here; I'll also need to do so for the GCP KMS work. We should try to consolidate these in 3.0.0; we could unify them under the reqwest feature created by the optional dependency, or possibly make them simpler if we remove support for tokio.
There was a problem hiding this comment.
Good call, done. And yeah, agreed that it's not a great situation w.r.t. features and dependencies.
| &format!("invalid `expires_in` response field: {}", e), | ||
| ) | ||
| })?; | ||
| #[allow(clippy::redundant_clone)] |
There was a problem hiding this comment.
why is a redundant clone needed here?
There was a problem hiding this comment.
The #[cfg(test)] line below needs server_response, but without the clone this line is a partial move.
RUST-1442
This adds support for fetching on-demand csfle credentials from the Azure IMDS service. Notably, this requires an HTTP fetch, so this updates the internal
HttpClientto not be aws auth only; this also means that azure auth has the same restriction as aws auth (i.e. tokio), and is behind a feature flag.This PR includes the unit tests; integration tests to come in a follow-up PR.