module Mongo::Crypt::KMS::Validations
This module contains helper methods for validating KMS parameters.
@api private
Public Class Methods
Validate KMS TLS options.
@param [ Hash | nil ] options TLS options to connect to KMS
providers. Keys of the hash should be KSM provider names; values should be hashes of TLS connection options. The options are equivalent to TLS connection options of Mongo::Client.
@return [ Hash ] Provided TLS options if valid.
@raise [ ArgumentError ] If required options are missing or incorrectly
formatted.
# File lib/mongo/crypt/kms.rb, line 86 def validate_tls_options(options) opts = options || {} opts.each do |provider, provider_opts| if provider_opts[:ssl] == false || opts[:tls] == false raise ArgumentError.new( "Incorrect TLS options for #{provider}: TLS is required" ) end %i( ssl_verify_certificate ssl_verify_hostname ).each do |opt| if provider_opts[opt] == false raise ArgumentError.new( "Incorrect TLS options for #{provider}: " + 'Insecure TLS options prohibited, ' + "#{opt} cannot be set to false for KMS" ) end end end opts end
Public Instance Methods
Validate if a KMS parameter is valid.
@param [ Symbol ] key The parameter name. @param [ Hash ] opts Hash should contain the parameter under the key. @param [ Boolean ] required Whether the parameter is required or not.
Non-required parameters can be nil.
@return [ String | nil ] String parameter value or nil if a
non-required parameter is missing.
@raise [ ArgumentError ] If required options are missing or incorrectly
formatted.
# File lib/mongo/crypt/kms.rb, line 42 def validate_param(key, opts, format_hint, required: true) value = opts.fetch(key) return nil if value.nil? && !required if value.nil? raise ArgumentError.new( "The #{key} option must be a String with at least one character; " \ "currently have nil" ) end unless value.is_a?(String) raise ArgumentError.new( "The #{key} option must be a String with at least one character; " \ "currently have #{value}" ) end if value.empty? raise ArgumentError.new( "The #{key} option must be a String with at least one character; " \ "it is currently an empty string" ) end value rescue KeyError if required raise ArgumentError.new( "The specified KMS provider options are invalid: #{opts}. " + format_hint ) else nil end end
Private Instance Methods
Validate KMS TLS options.
@param [ Hash | nil ] options TLS options to connect to KMS
providers. Keys of the hash should be KSM provider names; values should be hashes of TLS connection options. The options are equivalent to TLS connection options of Mongo::Client.
@return [ Hash ] Provided TLS options if valid.
@raise [ ArgumentError ] If required options are missing or incorrectly
formatted.
# File lib/mongo/crypt/kms.rb, line 86 def validate_tls_options(options) opts = options || {} opts.each do |provider, provider_opts| if provider_opts[:ssl] == false || opts[:tls] == false raise ArgumentError.new( "Incorrect TLS options for #{provider}: TLS is required" ) end %i( ssl_verify_certificate ssl_verify_hostname ).each do |opt| if provider_opts[opt] == false raise ArgumentError.new( "Incorrect TLS options for #{provider}: " + 'Insecure TLS options prohibited, ' + "#{opt} cannot be set to false for KMS" ) end end end opts end