Skip to content

GODRIVER-2147 remove session from context in internal CSFLE operations #762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 4, 2021
Merged

GODRIVER-2147 remove session from context in internal CSFLE operations #762

merged 7 commits into from
Oct 4, 2021

Conversation

kevinAlbs
Copy link
Contributor

@kevinAlbs kevinAlbs commented Sep 30, 2021
edited
Loading

Summary
Remove the explicit session from the passed context on the find, listCollections, and operations to mongocryptd.

Rejected ideas
I considered adding logic to support explicit sessions in keyRetriever and collInfoRetriever when Client and Client#keyVaultClientFLE refer to the same MongoDB cluster. That could be determined in client.configureKeyVaultClientFLE.

I see a plausible use case for supporting explicit sessions on the internal find and listCollections operations. I noted that as part of DRIVERS-1937.

But I chose not to. Removing the explicit session is behavior is consistent with other drivers.

If the outcome of the DRIVERS-1937 ticket is to support explicit sessions in find and listCollections, then I think we can make that change later without harming users.

@kevinAlbs kevinAlbs changed the title GODRIVER-2147 strip session from context used for auto encryption / decryption GODRIVER-2147 remove session from context in internal CSFLE operations Oct 1, 2021
kevinAlbs
kevinAlbs commented Oct 1, 2021
View reviewed changes
mongo/mongocryptd.go
// Remove the explicit session from the context if one is set.
// The explicit session will be from a different client.
// If an explicit session is set, it is applied after automatic encryption.
ctx = NewSessionContext(ctx, nil)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GODRIVER-2147 describes the error occurring in automatic decryption. The user configured their client with SetBypassAutoEncryption(true).

The mcryptClient.client was never the same as the parent Client.

Prior to the regression introduced, passing an explicit session to an operation undergoing automatic encryption resulted in a similar error.

@kevinAlbs kevinAlbs marked this pull request as ready for review October 1, 2021 01:00
benjirewis
benjirewis reviewed Oct 1, 2021
View reviewed changes
@kevinAlbs kevinAlbs requested a review from benjirewis October 1, 2021 17:33
matthewdale
matthewdale approved these changes Oct 4, 2021
View reviewed changes
Copy link
Collaborator

@matthewdale matthewdale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question, but otherwise looks good 👍 . Thanks for the detailed CSFLE tests!

mongo/integration/client_side_encryption_test.go

client, err := mongo.Connect(mtest.Background, clientOpts)
assert.Nil(mt, err, "Connect error: %v", err)
defer client.Disconnect(mtest.Background)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason to use mtest.Background instead of context.Background()?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No reason. This followed suit with tests in client_side_encryption_prose_test.go: https://github.com/mongodb/mongo-go-driver/blob/22266fc3c85143417f31fb860e9a0cb87ce18b0e/mongo/integration/client_side_encryption_prose_test.go#L139:L139

@kevinAlbs kevinAlbs merged commit 0bef69c into mongodb:master Oct 4, 2021
@kevinAlbs kevinAlbs deleted the flesessions.2147 branch October 4, 2021 22:19
kevinAlbs added a commit that referenced this pull request Oct 4, 2021
@kevinAlbs
GODRIVER-2147 remove session from context in internal CSFLE operations (
b178b28 
#762)
@kevinAlbs kevinAlbs restored the flesessions.2147 branch February 3, 2022 14:34
faem pushed a commit to kubedb/mongo-go-driver that referenced this pull request Mar 17, 2022
@kevinAlbs
GODRIVER-2147 remove session from context in internal CSFLE operations (
51a98f4 
mongodb#762)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewdale matthewdale matthewdale approved these changes

@benjirewis benjirewis benjirewis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kevinAlbs @matthewdale @benjirewis