sensu-plugins-mongodb-mrtrotl 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +1 -0
- data/LICENSE +22 -0
- data/README.md +27 -0
- data/bin/check-mongodb-metric.rb +144 -0
- data/bin/check-mongodb-query-count.rb +267 -0
- data/bin/check-mongodb.py +1644 -0
- data/bin/check-mongodb.rb +5 -0
- data/bin/metrics-mongodb-replication.rb +254 -0
- data/bin/metrics-mongodb.rb +133 -0
- data/lib/bson/__init__.py +1347 -0
- data/lib/bson/__pycache__/__init__.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/_helpers.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/binary.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/code.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/codec_options.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/dbref.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/decimal128.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/errors.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/int64.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/json_util.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/max_key.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/min_key.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/objectid.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/raw_bson.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/regex.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/son.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/timestamp.cpython-310.pyc +0 -0
- data/lib/bson/__pycache__/tz_util.cpython-310.pyc +0 -0
- data/lib/bson/_cbson.cpython-310-x86_64-linux-gnu.so +0 -0
- data/lib/bson/_helpers.py +41 -0
- data/lib/bson/binary.py +364 -0
- data/lib/bson/code.py +101 -0
- data/lib/bson/codec_options.py +414 -0
- data/lib/bson/codec_options.pyi +100 -0
- data/lib/bson/dbref.py +133 -0
- data/lib/bson/decimal128.py +314 -0
- data/lib/bson/errors.py +35 -0
- data/lib/bson/int64.py +39 -0
- data/lib/bson/json_util.py +874 -0
- data/lib/bson/max_key.py +55 -0
- data/lib/bson/min_key.py +55 -0
- data/lib/bson/objectid.py +286 -0
- data/lib/bson/py.typed +2 -0
- data/lib/bson/raw_bson.py +175 -0
- data/lib/bson/regex.py +135 -0
- data/lib/bson/son.py +208 -0
- data/lib/bson/timestamp.py +124 -0
- data/lib/bson/tz_util.py +52 -0
- data/lib/gridfs/__init__.py +1015 -0
- data/lib/gridfs/__pycache__/__init__.cpython-310.pyc +0 -0
- data/lib/gridfs/__pycache__/errors.cpython-310.pyc +0 -0
- data/lib/gridfs/__pycache__/grid_file.cpython-310.pyc +0 -0
- data/lib/gridfs/errors.py +33 -0
- data/lib/gridfs/grid_file.py +907 -0
- data/lib/gridfs/py.typed +2 -0
- data/lib/pymongo/__init__.py +185 -0
- data/lib/pymongo/__pycache__/__init__.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/_csot.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/aggregation.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/auth.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/auth_aws.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/bulk.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/change_stream.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/client_options.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/client_session.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/collation.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/collection.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/command_cursor.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/common.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/compression_support.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/cursor.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/daemon.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/database.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/driver_info.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/encryption.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/encryption_options.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/errors.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/event_loggers.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/hello.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/helpers.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/max_staleness_selectors.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/message.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/mongo_client.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/monitor.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/monitoring.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/network.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/ocsp_cache.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/ocsp_support.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/operations.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/periodic_executor.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/pool.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/pyopenssl_context.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/read_concern.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/read_preferences.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/response.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/results.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/saslprep.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/server.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/server_api.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/server_description.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/server_selectors.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/server_type.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/settings.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/socket_checker.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/srv_resolver.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/ssl_context.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/ssl_support.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/topology.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/topology_description.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/typings.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/uri_parser.cpython-310.pyc +0 -0
- data/lib/pymongo/__pycache__/write_concern.cpython-310.pyc +0 -0
- data/lib/pymongo/_cmessage.cpython-310-x86_64-linux-gnu.so +0 -0
- data/lib/pymongo/_csot.py +118 -0
- data/lib/pymongo/aggregation.py +229 -0
- data/lib/pymongo/auth.py +549 -0
- data/lib/pymongo/auth_aws.py +94 -0
- data/lib/pymongo/bulk.py +513 -0
- data/lib/pymongo/change_stream.py +457 -0
- data/lib/pymongo/client_options.py +302 -0
- data/lib/pymongo/client_session.py +1112 -0
- data/lib/pymongo/collation.py +224 -0
- data/lib/pymongo/collection.py +3204 -0
- data/lib/pymongo/command_cursor.py +353 -0
- data/lib/pymongo/common.py +984 -0
- data/lib/pymongo/compression_support.py +149 -0
- data/lib/pymongo/cursor.py +1345 -0
- data/lib/pymongo/daemon.py +141 -0
- data/lib/pymongo/database.py +1202 -0
- data/lib/pymongo/driver_info.py +42 -0
- data/lib/pymongo/encryption.py +884 -0
- data/lib/pymongo/encryption_options.py +221 -0
- data/lib/pymongo/errors.py +365 -0
- data/lib/pymongo/event_loggers.py +221 -0
- data/lib/pymongo/hello.py +219 -0
- data/lib/pymongo/helpers.py +259 -0
- data/lib/pymongo/max_staleness_selectors.py +114 -0
- data/lib/pymongo/message.py +1440 -0
- data/lib/pymongo/mongo_client.py +2144 -0
- data/lib/pymongo/monitor.py +440 -0
- data/lib/pymongo/monitoring.py +1801 -0
- data/lib/pymongo/network.py +311 -0
- data/lib/pymongo/ocsp_cache.py +87 -0
- data/lib/pymongo/ocsp_support.py +372 -0
- data/lib/pymongo/operations.py +507 -0
- data/lib/pymongo/periodic_executor.py +183 -0
- data/lib/pymongo/pool.py +1660 -0
- data/lib/pymongo/py.typed +2 -0
- data/lib/pymongo/pyopenssl_context.py +383 -0
- data/lib/pymongo/read_concern.py +75 -0
- data/lib/pymongo/read_preferences.py +609 -0
- data/lib/pymongo/response.py +109 -0
- data/lib/pymongo/results.py +217 -0
- data/lib/pymongo/saslprep.py +113 -0
- data/lib/pymongo/server.py +247 -0
- data/lib/pymongo/server_api.py +170 -0
- data/lib/pymongo/server_description.py +285 -0
- data/lib/pymongo/server_selectors.py +153 -0
- data/lib/pymongo/server_type.py +32 -0
- data/lib/pymongo/settings.py +159 -0
- data/lib/pymongo/socket_checker.py +104 -0
- data/lib/pymongo/srv_resolver.py +126 -0
- data/lib/pymongo/ssl_context.py +39 -0
- data/lib/pymongo/ssl_support.py +99 -0
- data/lib/pymongo/topology.py +890 -0
- data/lib/pymongo/topology_description.py +639 -0
- data/lib/pymongo/typings.py +39 -0
- data/lib/pymongo/uri_parser.py +624 -0
- data/lib/pymongo/write_concern.py +129 -0
- data/lib/pymongo-4.2.0.dist-info/INSTALLER +1 -0
- data/lib/pymongo-4.2.0.dist-info/LICENSE +201 -0
- data/lib/pymongo-4.2.0.dist-info/METADATA +250 -0
- data/lib/pymongo-4.2.0.dist-info/RECORD +167 -0
- data/lib/pymongo-4.2.0.dist-info/REQUESTED +0 -0
- data/lib/pymongo-4.2.0.dist-info/WHEEL +6 -0
- data/lib/pymongo-4.2.0.dist-info/top_level.txt +3 -0
- data/lib/sensu-plugins-mongodb/metrics.rb +391 -0
- data/lib/sensu-plugins-mongodb/version.rb +9 -0
- data/lib/sensu-plugins-mongodb.rb +1 -0
- metadata +407 -0
@@ -0,0 +1,221 @@
|
|
1
|
+
# Copyright 2019-present MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
"""Support for automatic client-side field level encryption."""
|
16
|
+
|
17
|
+
from typing import TYPE_CHECKING, Any, List, Mapping, Optional
|
18
|
+
|
19
|
+
try:
|
20
|
+
import pymongocrypt # noqa: F401
|
21
|
+
|
22
|
+
_HAVE_PYMONGOCRYPT = True
|
23
|
+
except ImportError:
|
24
|
+
_HAVE_PYMONGOCRYPT = False
|
25
|
+
|
26
|
+
from pymongo.common import validate_is_mapping
|
27
|
+
from pymongo.errors import ConfigurationError
|
28
|
+
from pymongo.uri_parser import _parse_kms_tls_options
|
29
|
+
|
30
|
+
if TYPE_CHECKING:
|
31
|
+
from pymongo.mongo_client import MongoClient
|
32
|
+
|
33
|
+
|
34
|
+
class AutoEncryptionOpts(object):
|
35
|
+
"""Options to configure automatic client-side field level encryption."""
|
36
|
+
|
37
|
+
def __init__(
|
38
|
+
self,
|
39
|
+
kms_providers: Mapping[str, Any],
|
40
|
+
key_vault_namespace: str,
|
41
|
+
key_vault_client: Optional["MongoClient"] = None,
|
42
|
+
schema_map: Optional[Mapping[str, Any]] = None,
|
43
|
+
bypass_auto_encryption: bool = False,
|
44
|
+
mongocryptd_uri: str = "mongodb://localhost:27020",
|
45
|
+
mongocryptd_bypass_spawn: bool = False,
|
46
|
+
mongocryptd_spawn_path: str = "mongocryptd",
|
47
|
+
mongocryptd_spawn_args: Optional[List[str]] = None,
|
48
|
+
kms_tls_options: Optional[Mapping[str, Any]] = None,
|
49
|
+
crypt_shared_lib_path: Optional[str] = None,
|
50
|
+
crypt_shared_lib_required: bool = False,
|
51
|
+
bypass_query_analysis: bool = False,
|
52
|
+
encrypted_fields_map: Optional[Mapping] = None,
|
53
|
+
) -> None:
|
54
|
+
"""Options to configure automatic client-side field level encryption.
|
55
|
+
|
56
|
+
Automatic client-side field level encryption requires MongoDB 4.2
|
57
|
+
enterprise or a MongoDB 4.2 Atlas cluster. Automatic encryption is not
|
58
|
+
supported for operations on a database or view and will result in
|
59
|
+
error.
|
60
|
+
|
61
|
+
Although automatic encryption requires MongoDB 4.2 enterprise or a
|
62
|
+
MongoDB 4.2 Atlas cluster, automatic *decryption* is supported for all
|
63
|
+
users. To configure automatic *decryption* without automatic
|
64
|
+
*encryption* set ``bypass_auto_encryption=True``. Explicit
|
65
|
+
encryption and explicit decryption is also supported for all users
|
66
|
+
with the :class:`~pymongo.encryption.ClientEncryption` class.
|
67
|
+
|
68
|
+
See :ref:`automatic-client-side-encryption` for an example.
|
69
|
+
|
70
|
+
:Parameters:
|
71
|
+
- `kms_providers`: Map of KMS provider options. The `kms_providers`
|
72
|
+
map values differ by provider:
|
73
|
+
|
74
|
+
- `aws`: Map with "accessKeyId" and "secretAccessKey" as strings.
|
75
|
+
These are the AWS access key ID and AWS secret access key used
|
76
|
+
to generate KMS messages. An optional "sessionToken" may be
|
77
|
+
included to support temporary AWS credentials.
|
78
|
+
- `azure`: Map with "tenantId", "clientId", and "clientSecret" as
|
79
|
+
strings. Additionally, "identityPlatformEndpoint" may also be
|
80
|
+
specified as a string (defaults to 'login.microsoftonline.com').
|
81
|
+
These are the Azure Active Directory credentials used to
|
82
|
+
generate Azure Key Vault messages.
|
83
|
+
- `gcp`: Map with "email" as a string and "privateKey"
|
84
|
+
as `bytes` or a base64 encoded string.
|
85
|
+
Additionally, "endpoint" may also be specified as a string
|
86
|
+
(defaults to 'oauth2.googleapis.com'). These are the
|
87
|
+
credentials used to generate Google Cloud KMS messages.
|
88
|
+
- `kmip`: Map with "endpoint" as a host with required port.
|
89
|
+
For example: ``{"endpoint": "example.com:443"}``.
|
90
|
+
- `local`: Map with "key" as `bytes` (96 bytes in length) or
|
91
|
+
a base64 encoded string which decodes
|
92
|
+
to 96 bytes. "key" is the master key used to encrypt/decrypt
|
93
|
+
data keys. This key should be generated and stored as securely
|
94
|
+
as possible.
|
95
|
+
|
96
|
+
- `key_vault_namespace`: The namespace for the key vault collection.
|
97
|
+
The key vault collection contains all data keys used for encryption
|
98
|
+
and decryption. Data keys are stored as documents in this MongoDB
|
99
|
+
collection. Data keys are protected with encryption by a KMS
|
100
|
+
provider.
|
101
|
+
- `key_vault_client` (optional): By default the key vault collection
|
102
|
+
is assumed to reside in the same MongoDB cluster as the encrypted
|
103
|
+
MongoClient. Use this option to route data key queries to a
|
104
|
+
separate MongoDB cluster.
|
105
|
+
- `schema_map` (optional): Map of collection namespace ("db.coll") to
|
106
|
+
JSON Schema. By default, a collection's JSONSchema is periodically
|
107
|
+
polled with the listCollections command. But a JSONSchema may be
|
108
|
+
specified locally with the schemaMap option.
|
109
|
+
|
110
|
+
**Supplying a `schema_map` provides more security than relying on
|
111
|
+
JSON Schemas obtained from the server. It protects against a
|
112
|
+
malicious server advertising a false JSON Schema, which could trick
|
113
|
+
the client into sending unencrypted data that should be
|
114
|
+
encrypted.**
|
115
|
+
|
116
|
+
Schemas supplied in the schemaMap only apply to configuring
|
117
|
+
automatic encryption for client side encryption. Other validation
|
118
|
+
rules in the JSON schema will not be enforced by the driver and
|
119
|
+
will result in an error.
|
120
|
+
- `bypass_auto_encryption` (optional): If ``True``, automatic
|
121
|
+
encryption will be disabled but automatic decryption will still be
|
122
|
+
enabled. Defaults to ``False``.
|
123
|
+
- `mongocryptd_uri` (optional): The MongoDB URI used to connect
|
124
|
+
to the *local* mongocryptd process. Defaults to
|
125
|
+
``'mongodb://localhost:27020'``.
|
126
|
+
- `mongocryptd_bypass_spawn` (optional): If ``True``, the encrypted
|
127
|
+
MongoClient will not attempt to spawn the mongocryptd process.
|
128
|
+
Defaults to ``False``.
|
129
|
+
- `mongocryptd_spawn_path` (optional): Used for spawning the
|
130
|
+
mongocryptd process. Defaults to ``'mongocryptd'`` and spawns
|
131
|
+
mongocryptd from the system path.
|
132
|
+
- `mongocryptd_spawn_args` (optional): A list of string arguments to
|
133
|
+
use when spawning the mongocryptd process. Defaults to
|
134
|
+
``['--idleShutdownTimeoutSecs=60']``. If the list does not include
|
135
|
+
the ``idleShutdownTimeoutSecs`` option then
|
136
|
+
``'--idleShutdownTimeoutSecs=60'`` will be added.
|
137
|
+
- `kms_tls_options` (optional): A map of KMS provider names to TLS
|
138
|
+
options to use when creating secure connections to KMS providers.
|
139
|
+
Accepts the same TLS options as
|
140
|
+
:class:`pymongo.mongo_client.MongoClient`. For example, to
|
141
|
+
override the system default CA file::
|
142
|
+
|
143
|
+
kms_tls_options={'kmip': {'tlsCAFile': certifi.where()}}
|
144
|
+
|
145
|
+
Or to supply a client certificate::
|
146
|
+
|
147
|
+
kms_tls_options={'kmip': {'tlsCertificateKeyFile': 'client.pem'}}
|
148
|
+
- `crypt_shared_lib_path` (optional): Override the path to load the crypt_shared library.
|
149
|
+
- `crypt_shared_lib_required` (optional): If True, raise an error if libmongocrypt is
|
150
|
+
unable to load the crypt_shared library.
|
151
|
+
- `bypass_query_analysis` (optional): **(BETA)** If ``True``, disable automatic analysis
|
152
|
+
of outgoing commands. Set `bypass_query_analysis` to use explicit
|
153
|
+
encryption on indexed fields without the MongoDB Enterprise Advanced
|
154
|
+
licensed crypt_shared library.
|
155
|
+
- `encrypted_fields_map`: **(BETA)** Map of collection namespace ("db.coll") to documents
|
156
|
+
that described the encrypted fields for Queryable Encryption. For example::
|
157
|
+
|
158
|
+
{
|
159
|
+
"db.encryptedCollection": {
|
160
|
+
"escCollection": "enxcol_.encryptedCollection.esc",
|
161
|
+
"eccCollection": "enxcol_.encryptedCollection.ecc",
|
162
|
+
"ecocCollection": "enxcol_.encryptedCollection.ecoc",
|
163
|
+
"fields": [
|
164
|
+
{
|
165
|
+
"path": "firstName",
|
166
|
+
"keyId": Binary.from_uuid(UUID('00000000-0000-0000-0000-000000000000')),
|
167
|
+
"bsonType": "string",
|
168
|
+
"queries": {"queryType": "equality"}
|
169
|
+
},
|
170
|
+
{
|
171
|
+
"path": "ssn",
|
172
|
+
"keyId": Binary.from_uuid(UUID('04104104-1041-0410-4104-104104104104')),
|
173
|
+
"bsonType": "string"
|
174
|
+
}
|
175
|
+
]
|
176
|
+
}
|
177
|
+
}
|
178
|
+
|
179
|
+
.. note:: `bypass_query_analysis` and `encrypted_fields_map` are part of the
|
180
|
+
Queryable Encryption beta. Backwards-breaking changes may be made before the
|
181
|
+
final release.
|
182
|
+
|
183
|
+
.. versionchanged:: 4.2
|
184
|
+
Added `encrypted_fields_map` `crypt_shared_lib_path`, `crypt_shared_lib_required`,
|
185
|
+
and `bypass_query_analysis` parameters.
|
186
|
+
|
187
|
+
.. versionchanged:: 4.0
|
188
|
+
Added the `kms_tls_options` parameter and the "kmip" KMS provider.
|
189
|
+
|
190
|
+
.. versionadded:: 3.9
|
191
|
+
"""
|
192
|
+
if not _HAVE_PYMONGOCRYPT:
|
193
|
+
raise ConfigurationError(
|
194
|
+
"client side encryption requires the pymongocrypt library: "
|
195
|
+
"install a compatible version with: "
|
196
|
+
"python -m pip install 'pymongo[encryption]'"
|
197
|
+
)
|
198
|
+
if encrypted_fields_map:
|
199
|
+
validate_is_mapping("encrypted_fields_map", encrypted_fields_map)
|
200
|
+
self._encrypted_fields_map = encrypted_fields_map
|
201
|
+
self._bypass_query_analysis = bypass_query_analysis
|
202
|
+
self._crypt_shared_lib_path = crypt_shared_lib_path
|
203
|
+
self._crypt_shared_lib_required = crypt_shared_lib_required
|
204
|
+
self._kms_providers = kms_providers
|
205
|
+
self._key_vault_namespace = key_vault_namespace
|
206
|
+
self._key_vault_client = key_vault_client
|
207
|
+
self._schema_map = schema_map
|
208
|
+
self._bypass_auto_encryption = bypass_auto_encryption
|
209
|
+
self._mongocryptd_uri = mongocryptd_uri
|
210
|
+
self._mongocryptd_bypass_spawn = mongocryptd_bypass_spawn
|
211
|
+
self._mongocryptd_spawn_path = mongocryptd_spawn_path
|
212
|
+
if mongocryptd_spawn_args is None:
|
213
|
+
mongocryptd_spawn_args = ["--idleShutdownTimeoutSecs=60"]
|
214
|
+
self._mongocryptd_spawn_args = mongocryptd_spawn_args
|
215
|
+
if not isinstance(self._mongocryptd_spawn_args, list):
|
216
|
+
raise TypeError("mongocryptd_spawn_args must be a list")
|
217
|
+
if not any("idleShutdownTimeoutSecs" in s for s in self._mongocryptd_spawn_args):
|
218
|
+
self._mongocryptd_spawn_args.append("--idleShutdownTimeoutSecs=60")
|
219
|
+
# Maps KMS provider name to a SSLContext.
|
220
|
+
self._kms_ssl_contexts = _parse_kms_tls_options(kms_tls_options)
|
221
|
+
self._bypass_query_analysis = bypass_query_analysis
|
@@ -0,0 +1,365 @@
|
|
1
|
+
# Copyright 2009-present MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
"""Exceptions raised by PyMongo."""
|
16
|
+
from typing import Any, Iterable, List, Mapping, Optional, Sequence, Tuple, Union
|
17
|
+
|
18
|
+
from bson.errors import InvalidDocument
|
19
|
+
|
20
|
+
try:
|
21
|
+
# CPython 3.7+
|
22
|
+
from ssl import SSLCertVerificationError as _CertificateError
|
23
|
+
except ImportError:
|
24
|
+
try:
|
25
|
+
from ssl import CertificateError as _CertificateError
|
26
|
+
except ImportError:
|
27
|
+
|
28
|
+
class _CertificateError(ValueError): # type: ignore
|
29
|
+
pass
|
30
|
+
|
31
|
+
|
32
|
+
class PyMongoError(Exception):
|
33
|
+
"""Base class for all PyMongo exceptions."""
|
34
|
+
|
35
|
+
def __init__(self, message: str = "", error_labels: Optional[Iterable[str]] = None) -> None:
|
36
|
+
super(PyMongoError, self).__init__(message)
|
37
|
+
self._message = message
|
38
|
+
self._error_labels = set(error_labels or [])
|
39
|
+
|
40
|
+
def has_error_label(self, label: str) -> bool:
|
41
|
+
"""Return True if this error contains the given label.
|
42
|
+
|
43
|
+
.. versionadded:: 3.7
|
44
|
+
"""
|
45
|
+
return label in self._error_labels
|
46
|
+
|
47
|
+
def _add_error_label(self, label):
|
48
|
+
"""Add the given label to this error."""
|
49
|
+
self._error_labels.add(label)
|
50
|
+
|
51
|
+
def _remove_error_label(self, label):
|
52
|
+
"""Remove the given label from this error."""
|
53
|
+
self._error_labels.discard(label)
|
54
|
+
|
55
|
+
@property
|
56
|
+
def timeout(self) -> bool:
|
57
|
+
"""True if this error was caused by a timeout.
|
58
|
+
|
59
|
+
.. versionadded:: 4.2
|
60
|
+
"""
|
61
|
+
return False
|
62
|
+
|
63
|
+
|
64
|
+
class ProtocolError(PyMongoError):
|
65
|
+
"""Raised for failures related to the wire protocol."""
|
66
|
+
|
67
|
+
|
68
|
+
class ConnectionFailure(PyMongoError):
|
69
|
+
"""Raised when a connection to the database cannot be made or is lost."""
|
70
|
+
|
71
|
+
|
72
|
+
class WaitQueueTimeoutError(ConnectionFailure):
|
73
|
+
"""Raised when an operation times out waiting to checkout a connection from the pool.
|
74
|
+
|
75
|
+
Subclass of :exc:`~pymongo.errors.ConnectionFailure`.
|
76
|
+
|
77
|
+
.. versionadded:: 4.2
|
78
|
+
"""
|
79
|
+
|
80
|
+
@property
|
81
|
+
def timeout(self) -> bool:
|
82
|
+
return True
|
83
|
+
|
84
|
+
|
85
|
+
class AutoReconnect(ConnectionFailure):
|
86
|
+
"""Raised when a connection to the database is lost and an attempt to
|
87
|
+
auto-reconnect will be made.
|
88
|
+
|
89
|
+
In order to auto-reconnect you must handle this exception, recognizing that
|
90
|
+
the operation which caused it has not necessarily succeeded. Future
|
91
|
+
operations will attempt to open a new connection to the database (and
|
92
|
+
will continue to raise this exception until the first successful
|
93
|
+
connection is made).
|
94
|
+
|
95
|
+
Subclass of :exc:`~pymongo.errors.ConnectionFailure`.
|
96
|
+
"""
|
97
|
+
|
98
|
+
errors: Union[Mapping[str, Any], Sequence]
|
99
|
+
details: Union[Mapping[str, Any], Sequence]
|
100
|
+
|
101
|
+
def __init__(
|
102
|
+
self, message: str = "", errors: Optional[Union[Mapping[str, Any], Sequence]] = None
|
103
|
+
) -> None:
|
104
|
+
error_labels = None
|
105
|
+
if errors is not None:
|
106
|
+
if isinstance(errors, dict):
|
107
|
+
error_labels = errors.get("errorLabels")
|
108
|
+
super(AutoReconnect, self).__init__(message, error_labels)
|
109
|
+
self.errors = self.details = errors or []
|
110
|
+
|
111
|
+
|
112
|
+
class NetworkTimeout(AutoReconnect):
|
113
|
+
"""An operation on an open connection exceeded socketTimeoutMS.
|
114
|
+
|
115
|
+
The remaining connections in the pool stay open. In the case of a write
|
116
|
+
operation, you cannot know whether it succeeded or failed.
|
117
|
+
|
118
|
+
Subclass of :exc:`~pymongo.errors.AutoReconnect`.
|
119
|
+
"""
|
120
|
+
|
121
|
+
@property
|
122
|
+
def timeout(self) -> bool:
|
123
|
+
return True
|
124
|
+
|
125
|
+
|
126
|
+
def _format_detailed_error(message, details):
|
127
|
+
if details is not None:
|
128
|
+
message = "%s, full error: %s" % (message, details)
|
129
|
+
return message
|
130
|
+
|
131
|
+
|
132
|
+
class NotPrimaryError(AutoReconnect):
|
133
|
+
"""The server responded "not primary" or "node is recovering".
|
134
|
+
|
135
|
+
These errors result from a query, write, or command. The operation failed
|
136
|
+
because the client thought it was using the primary but the primary has
|
137
|
+
stepped down, or the client thought it was using a healthy secondary but
|
138
|
+
the secondary is stale and trying to recover.
|
139
|
+
|
140
|
+
The client launches a refresh operation on a background thread, to update
|
141
|
+
its view of the server as soon as possible after throwing this exception.
|
142
|
+
|
143
|
+
Subclass of :exc:`~pymongo.errors.AutoReconnect`.
|
144
|
+
|
145
|
+
.. versionadded:: 3.12
|
146
|
+
"""
|
147
|
+
|
148
|
+
def __init__(
|
149
|
+
self, message: str = "", errors: Optional[Union[Mapping[str, Any], List]] = None
|
150
|
+
) -> None:
|
151
|
+
super(NotPrimaryError, self).__init__(
|
152
|
+
_format_detailed_error(message, errors), errors=errors
|
153
|
+
)
|
154
|
+
|
155
|
+
|
156
|
+
class ServerSelectionTimeoutError(AutoReconnect):
|
157
|
+
"""Thrown when no MongoDB server is available for an operation
|
158
|
+
|
159
|
+
If there is no suitable server for an operation PyMongo tries for
|
160
|
+
``serverSelectionTimeoutMS`` (default 30 seconds) to find one, then
|
161
|
+
throws this exception. For example, it is thrown after attempting an
|
162
|
+
operation when PyMongo cannot connect to any server, or if you attempt
|
163
|
+
an insert into a replica set that has no primary and does not elect one
|
164
|
+
within the timeout window, or if you attempt to query with a Read
|
165
|
+
Preference that the replica set cannot satisfy.
|
166
|
+
"""
|
167
|
+
|
168
|
+
@property
|
169
|
+
def timeout(self) -> bool:
|
170
|
+
return True
|
171
|
+
|
172
|
+
|
173
|
+
class ConfigurationError(PyMongoError):
|
174
|
+
"""Raised when something is incorrectly configured."""
|
175
|
+
|
176
|
+
|
177
|
+
class OperationFailure(PyMongoError):
|
178
|
+
"""Raised when a database operation fails.
|
179
|
+
|
180
|
+
.. versionadded:: 2.7
|
181
|
+
The :attr:`details` attribute.
|
182
|
+
"""
|
183
|
+
|
184
|
+
def __init__(
|
185
|
+
self,
|
186
|
+
error: str,
|
187
|
+
code: Optional[int] = None,
|
188
|
+
details: Optional[Mapping[str, Any]] = None,
|
189
|
+
max_wire_version: Optional[int] = None,
|
190
|
+
) -> None:
|
191
|
+
error_labels = None
|
192
|
+
if details is not None:
|
193
|
+
error_labels = details.get("errorLabels")
|
194
|
+
super(OperationFailure, self).__init__(
|
195
|
+
_format_detailed_error(error, details), error_labels=error_labels
|
196
|
+
)
|
197
|
+
self.__code = code
|
198
|
+
self.__details = details
|
199
|
+
self.__max_wire_version = max_wire_version
|
200
|
+
|
201
|
+
@property
|
202
|
+
def _max_wire_version(self):
|
203
|
+
return self.__max_wire_version
|
204
|
+
|
205
|
+
@property
|
206
|
+
def code(self) -> Optional[int]:
|
207
|
+
"""The error code returned by the server, if any."""
|
208
|
+
return self.__code
|
209
|
+
|
210
|
+
@property
|
211
|
+
def details(self) -> Optional[Mapping[str, Any]]:
|
212
|
+
"""The complete error document returned by the server.
|
213
|
+
|
214
|
+
Depending on the error that occurred, the error document
|
215
|
+
may include useful information beyond just the error
|
216
|
+
message. When connected to a mongos the error document
|
217
|
+
may contain one or more subdocuments if errors occurred
|
218
|
+
on multiple shards.
|
219
|
+
"""
|
220
|
+
return self.__details
|
221
|
+
|
222
|
+
@property
|
223
|
+
def timeout(self) -> bool:
|
224
|
+
return self.__code in (50,)
|
225
|
+
|
226
|
+
|
227
|
+
class CursorNotFound(OperationFailure):
|
228
|
+
"""Raised while iterating query results if the cursor is
|
229
|
+
invalidated on the server.
|
230
|
+
|
231
|
+
.. versionadded:: 2.7
|
232
|
+
"""
|
233
|
+
|
234
|
+
|
235
|
+
class ExecutionTimeout(OperationFailure):
|
236
|
+
"""Raised when a database operation times out, exceeding the $maxTimeMS
|
237
|
+
set in the query or command option.
|
238
|
+
|
239
|
+
.. note:: Requires server version **>= 2.6.0**
|
240
|
+
|
241
|
+
.. versionadded:: 2.7
|
242
|
+
"""
|
243
|
+
|
244
|
+
@property
|
245
|
+
def timeout(self) -> bool:
|
246
|
+
return True
|
247
|
+
|
248
|
+
|
249
|
+
class WriteConcernError(OperationFailure):
|
250
|
+
"""Base exception type for errors raised due to write concern.
|
251
|
+
|
252
|
+
.. versionadded:: 3.0
|
253
|
+
"""
|
254
|
+
|
255
|
+
|
256
|
+
class WriteError(OperationFailure):
|
257
|
+
"""Base exception type for errors raised during write operations.
|
258
|
+
|
259
|
+
.. versionadded:: 3.0
|
260
|
+
"""
|
261
|
+
|
262
|
+
|
263
|
+
class WTimeoutError(WriteConcernError):
|
264
|
+
"""Raised when a database operation times out (i.e. wtimeout expires)
|
265
|
+
before replication completes.
|
266
|
+
|
267
|
+
With newer versions of MongoDB the `details` attribute may include
|
268
|
+
write concern fields like 'n', 'updatedExisting', or 'writtenTo'.
|
269
|
+
|
270
|
+
.. versionadded:: 2.7
|
271
|
+
"""
|
272
|
+
|
273
|
+
@property
|
274
|
+
def timeout(self) -> bool:
|
275
|
+
return True
|
276
|
+
|
277
|
+
|
278
|
+
class DuplicateKeyError(WriteError):
|
279
|
+
"""Raised when an insert or update fails due to a duplicate key error."""
|
280
|
+
|
281
|
+
|
282
|
+
def _wtimeout_error(error: Any) -> bool:
|
283
|
+
"""Return True if this writeConcernError doc is a caused by a timeout."""
|
284
|
+
return error.get("code") == 50 or ("errInfo" in error and error["errInfo"].get("wtimeout"))
|
285
|
+
|
286
|
+
|
287
|
+
class BulkWriteError(OperationFailure):
|
288
|
+
"""Exception class for bulk write errors.
|
289
|
+
|
290
|
+
.. versionadded:: 2.7
|
291
|
+
"""
|
292
|
+
|
293
|
+
details: Mapping[str, Any]
|
294
|
+
|
295
|
+
def __init__(self, results: Mapping[str, Any]) -> None:
|
296
|
+
super(BulkWriteError, self).__init__("batch op errors occurred", 65, results)
|
297
|
+
|
298
|
+
def __reduce__(self) -> Tuple[Any, Any]:
|
299
|
+
return self.__class__, (self.details,)
|
300
|
+
|
301
|
+
@property
|
302
|
+
def timeout(self) -> bool:
|
303
|
+
# Check the last writeConcernError and last writeError to determine if this
|
304
|
+
# BulkWriteError was caused by a timeout.
|
305
|
+
wces = self.details.get("writeConcernErrors", [])
|
306
|
+
if wces and _wtimeout_error(wces[-1]):
|
307
|
+
return True
|
308
|
+
|
309
|
+
werrs = self.details.get("writeErrors", [])
|
310
|
+
if werrs and werrs[-1].get("code") == 50:
|
311
|
+
return True
|
312
|
+
return False
|
313
|
+
|
314
|
+
|
315
|
+
class InvalidOperation(PyMongoError):
|
316
|
+
"""Raised when a client attempts to perform an invalid operation."""
|
317
|
+
|
318
|
+
|
319
|
+
class InvalidName(PyMongoError):
|
320
|
+
"""Raised when an invalid name is used."""
|
321
|
+
|
322
|
+
|
323
|
+
class CollectionInvalid(PyMongoError):
|
324
|
+
"""Raised when collection validation fails."""
|
325
|
+
|
326
|
+
|
327
|
+
class InvalidURI(ConfigurationError):
|
328
|
+
"""Raised when trying to parse an invalid mongodb URI."""
|
329
|
+
|
330
|
+
|
331
|
+
class DocumentTooLarge(InvalidDocument):
|
332
|
+
"""Raised when an encoded document is too large for the connected server."""
|
333
|
+
|
334
|
+
pass
|
335
|
+
|
336
|
+
|
337
|
+
class EncryptionError(PyMongoError):
|
338
|
+
"""Raised when encryption or decryption fails.
|
339
|
+
|
340
|
+
This error always wraps another exception which can be retrieved via the
|
341
|
+
:attr:`cause` property.
|
342
|
+
|
343
|
+
.. versionadded:: 3.9
|
344
|
+
"""
|
345
|
+
|
346
|
+
def __init__(self, cause: Exception) -> None:
|
347
|
+
super(EncryptionError, self).__init__(str(cause))
|
348
|
+
self.__cause = cause
|
349
|
+
|
350
|
+
@property
|
351
|
+
def cause(self) -> Exception:
|
352
|
+
"""The exception that caused this encryption or decryption error."""
|
353
|
+
return self.__cause
|
354
|
+
|
355
|
+
@property
|
356
|
+
def timeout(self) -> bool:
|
357
|
+
if isinstance(self.__cause, PyMongoError):
|
358
|
+
return self.__cause.timeout
|
359
|
+
return False
|
360
|
+
|
361
|
+
|
362
|
+
class _OperationCancelled(AutoReconnect):
|
363
|
+
"""Internal error raised when a socket operation is cancelled."""
|
364
|
+
|
365
|
+
pass
|