MOTOR-689: Add async wrapper for pymongo.encryption.ClientEncryption

doc/api-asyncio/asyncio_motor_client_encryption.rst

@@ -0,0 +1,7 @@
+:class:`~motor.motor_asyncio.AsyncIOMotorClientEncryption`
+==========================================================
+
+.. currentmodule:: motor.motor_asyncio
+
+.. autoclass:: AsyncIOMotorClientEncryption
+  :members:

doc/api-asyncio/index.rst

@@ -8,6 +8,7 @@ Motor asyncio API
     asyncio_motor_database
     asyncio_motor_collection
     asyncio_motor_change_stream
+    asyncio_motor_client_encryption
     cursors
     asyncio_gridfs
     aiohttp

doc/api-tornado/index.rst

@@ -8,6 +8,7 @@ Motor Tornado API
     motor_database
     motor_collection
     motor_change_stream
+    motor_client_encryption
     cursors
     gridfs
     web

doc/api-tornado/motor_client_encryption.rst

@@ -0,0 +1,7 @@
+:class:`~motor.motor_tornado.MotorClientEncryption`
+===================================================
+
+.. currentmodule:: motor.motor_tornado
+
+.. autoclass:: MotorClientEncryption
+  :members:

motor/core.py

@@ -34,6 +34,7 @@
 from pymongo.cursor import Cursor, RawBatchCursor, _QUERY_OPTIONS
 from pymongo.database import Database
 from pymongo.driver_info import DriverInfo
+from pymongo.encryption import ClientEncryption
 
 from . import version as motor_version
 from .metaprogramming import (AsyncCommand,
@@ -1795,3 +1796,41 @@ def __enter__(self):
 
     def __exit__(self, exc_type, exc_val, exc_tb):
         pass
+
+class AgnosticClientEncryption(AgnosticBase):
+    __motor_class_name__ = 'MotorClientEncryption'
+    __delegate_class__ = ClientEncryption
+
+    create_data_key = AsyncCommand(doc=create_data_key_doc)
+    encrypt = AsyncCommand()
+    decrypt = AsyncCommand()
+
+    _close = AsyncCommand(attr_name='close')
+
+    def __init__(self, kms_providers, key_vault_namespace, key_vault_client, codec_options, io_loop=None):
+        """Explicit client-side field level encryption.
+
+        Takes the same constructor arguments as
+        :class:`pymongo.encryption.ClientEncryption`, as well as:
+
+        :Parameters:
+          - `io_loop` (optional): Special event loop
+            instance to use instead of default
+        """
+        if io_loop:
+            self._framework.check_event_loop(io_loop)
+        else:
+            io_loop = self._framework.get_event_loop()
+        delegate = self.__delegate_class__(kms_providers, key_vault_namespace, key_vault_client, codec_options)
+        super().__init__(delegate)
+        self.io_loop = io_loop
+
+    def get_io_loop(self):
+        return self.io_loop
+
+    async def __aenter__(self):
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        if self.delegate:
+            await self._close()

motor/docstrings.py

@@ -1268,3 +1268,59 @@ async def coro():
 .. _$expr: https://docs.mongodb.com/manual/reference/operator/query/expr/
 .. _$where: https://docs.mongodb.com/manual/reference/operator/query/where/
 """
+
+create_data_key_doc = """Create and insert a new data key into the key vault collection.
+
+:Parameters:
+  - `kms_provider`: The KMS provider to use. Supported values are
+    "aws" and "local".
+  - `master_key`: Identifies a KMS-specific key used to encrypt the
+    new data key. If the kmsProvider is "local" the `master_key` is
+    not applicable and may be omitted.
+
+    If the `kms_provider` is "aws" it is required and has the
+    following fields::
+
+      - `region` (string): Required. The AWS region, e.g. "us-east-1".
+      - `key` (string): Required. The Amazon Resource Name (ARN) to
+         the AWS customer.
+      - `endpoint` (string): Optional. An alternate host to send KMS
+        requests to. May include port number, e.g.
+        "kms.us-east-1.amazonaws.com:443".
+
+    If the `kms_provider` is "azure" it is required and has the
+    following fields::
+
+      - `keyVaultEndpoint` (string): Required. Host with optional
+         port, e.g. "example.vault.azure.net".
+      - `keyName` (string): Required. Key name in the key vault.
+      - `keyVersion` (string): Optional. Version of the key to use.
+
+    If the `kms_provider` is "gcp" it is required and has the
+    following fields::
+
+      - `projectId` (string): Required. The Google cloud project ID.
+      - `location` (string): Required. The GCP location, e.g. "us-east1".
+      - `keyRing` (string): Required. Name of the key ring that contains
+        the key to use.
+      - `keyName` (string): Required. Name of the key to use.
+      - `keyVersion` (string): Optional. Version of the key to use.
+      - `endpoint` (string): Optional. Host with optional port.
+        Defaults to "cloudkms.googleapis.com".
+
+  - `key_alt_names` (optional): An optional list of string alternate
+    names used to reference a key. If a key is created with alternate
+    names, then encryption may refer to the key by the unique alternate
+    name instead of by ``key_id``. The following example shows creating
+    and referring to a data key by alternate name::
+
+      await client_encryption.create_data_key("local", keyAltNames=["name1"])
+      # reference the key with the alternate name
+      await client_encryption.encrypt("457-55-5462", keyAltName="name1",
+                                algorithm=Algorithm.Random)
+
+:Returns:
+  The ``_id`` of the created data key document as a
+  :class:`~bson.binary.Binary` with subtype
+  :data:`~bson.binary.UUID_SUBTYPE`.
+"""

motor/motor_asyncio.py

@@ -18,7 +18,7 @@
 from .frameworks import asyncio as asyncio_framework
 from .metaprogramming import create_class_with_framework
 
-__all__ = ['AsyncIOMotorClient']
+__all__ = ['AsyncIOMotorClient','AsyncIOMotorClientEncryption']
 
 
 def create_asyncio_class(cls):
@@ -70,3 +70,7 @@ def create_asyncio_class(cls):
 
 AsyncIOMotorGridOutCursor = create_asyncio_class(
     motor_gridfs.AgnosticGridOutCursor)
+
+
+AsyncIOMotorClientEncryption = create_asyncio_class(
+    core.AgnosticClientEncryption)

motor/motor_tornado.py

@@ -18,7 +18,7 @@
 from .frameworks import tornado as tornado_framework
 from .metaprogramming import create_class_with_framework
 
-__all__ = ['MotorClient']
+__all__ = ['MotorClient', 'MotorClientEncryption']
 
 
 def create_motor_class(cls):
@@ -60,3 +60,6 @@ def create_motor_class(cls):
 
 
 MotorGridOutCursor = create_motor_class(motor_gridfs.AgnosticGridOutCursor)
+
+
+MotorClientEncryption = create_motor_class(core.AgnosticClientEncryption)