Skip to content

Commit 363e0b2

Browse files
authored
PYTHON-2818 Add documentation and changelog (#1115)
1 parent 79aa5e6 commit 363e0b2

File tree

2 files changed

+26
-3
lines changed

2 files changed

+26
-3
lines changed

doc/changelog.rst

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,20 @@ Changelog
44
Changes in Version 4.3.3
55
------------------------
66

7-
Version 4.3.3 documents support for :ref:`CSFLE on-demand credentials` for cloud KMS providers, and fixes the following bugs:
7+
Version 4.3.3 documents support for the following:
88

9+
- :ref:`CSFLE on-demand credentials` for cloud KMS providers.
10+
- Authentication support for :ref:`EKS Clusters`.
11+
- Added the :ref:`timeout-example` example page to improve the documentation
12+
for :func:`pymongo.timeout`.
13+
14+
Bug Fixes
15+
.........
916
- Fixed a performance regression in :meth:`~gridfs.GridFSBucket.download_to_stream`
1017
and :meth:`~gridfs.GridFSBucket.download_to_stream_by_name` by reading in chunks
1118
instead of line by line (`PYTHON-3502`_).
1219
- Improved performance of :meth:`gridfs.grid_file.GridOut.read` and
1320
:meth:`gridfs.grid_file.GridOut.readline` (`PYTHON-3508`_).
14-
- Added the :ref:`timeout-example` example page to improve the documentation
15-
for :func:`pymongo.timeout`.
1621

1722
Issues Resolved
1823
...............

doc/examples/authentication.rst

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -311,6 +311,7 @@ A sample URI would be::
311311
.. note:: The access_key_id, secret_access_key, and session_token passed into
312312
the URI MUST be `percent escaped`_.
313313

314+
314315
AWS Lambda (Environment Variables)
315316
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
316317

@@ -331,6 +332,23 @@ for the access key ID, secret access key, and session token, respectively::
331332
PyMongo will use credentials set via the environment variables.
332333
These environment variables MUST NOT be `percent escaped`_.
333334

335+
336+
.. _EKS Clusters:
337+
338+
EKS Clusters
339+
~~~~~~~~~~~~
340+
341+
Applications using the `Authenticating users for your cluster from an OpenID Connect identity provider <https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html>`_ capability on EKS can now
342+
use the provided credentials, by giving the associated IAM User
343+
`sts:AssumeRoleWithWebIdentity <https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html>`_
344+
permission.
345+
346+
When the username and password are not provided, the MONGODB-AWS mechanism
347+
is set, and ``AWS_WEB_IDENTITY_TOKEN_FILE``, ``AWS_ROLE_ARN``, and
348+
optional ``AWS_ROLE_SESSION_NAME`` are available, the driver will use
349+
an ``AssumeRoleWithWebIdentity`` call to retrieve temporary credentials.
350+
The application must be using ``pymongo_auth_aws`` >= 1.1.0 for EKS support.
351+
334352
ECS Container
335353
~~~~~~~~~~~~~
336354

0 commit comments

Comments
 (0)