-
Type: Task
-
Resolution: Done
-
Priority: Major - P3
-
None
-
Component/s: Client Side Encryption
-
Needed
-
Summary
Remove use of example.com in Client Side Encryption prose tests.
Motivation
The Custom Endpoint Test prose test uses the domain "example.com". "example.com" is used to validate a the driver passes a custom endpoint to libmongocrypt. Tests assert that libmongocrypt returns an error including the string "parse error" from responses to example.com.
Recently (first observed on 02/06/2022), tests in the C driver evergreen observed HTTP 404 responses from example.com on some AWS signed requests. Here is a repro script run on an ubuntu1804-small spawn host:
# Run this script to reproduce an AWS request sent to example.com. curl \ --http1.1 \ --request POST \ --header 'Connection:close' \ --header 'Content-Length:233' \ --header 'Content-Type:application/x-amz-json-1.1' \ --header 'Host:example.com' \ --header 'X-Amz-Date:20220206T170714Z' \ --header 'X-Amz-Target:TrentService.Encrypt' \ --header 'Authorization: AWS4-HMAC-SHA256 Credential=AKIAYN7GMR6CAK6BMVGY/20220206/us-east-1/kms/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target, Signature=a13b685bd8fe0e044dc36553e315639d95652f0fa9e922a7863df037aed4ba2c' \ --data '{"Plaintext": "PVpTntxRrFSPDeMJ4zy2XLYz9WPE/FRS0YN4dEscWarsT9LwsTrP75tMXwK1o7wbqI6yoGEJUTntbXQLPqmiqw8RQAPkzYwbcsy/RSI+qGDn4ILK/+S8OeLHtyMNKGTX", "KeyId": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0"}' \ -o response.html \ --silent \ -w "%{http_code}\n" \ example.com # On 02/06/2022, after running on an ubuntu1804-small spawn host, this may print either 200 or 404. # (venv) ubuntu@ip-10-122-14-82:~/code/mongo-c-driver/.h$ ./repro.sh # 200 # (venv) ubuntu@ip-10-122-14-82:~/code/mongo-c-driver/.h$ ./repro.sh # 404
Who is the affected end user?
DBX engineers running tests with Client Side Encryption.
How does this affect the end user?
Tests may fail inconsistently.
How likely is it that this problem or use case will occur?
The C driver Client Side Encryption tests have been failing frequently as of 02/06/2022.
For example, this task run failed three times with this error.
If the problem does occur, what are the consequences and how severe are they?
Is this issue urgent?
Yes. This test failure was observed on 02/04/2022. This may affect all DBX teams.
Is this ticket required by a downstream team?
No.
Is this ticket only for tests?
Yes.
- is depended on by
-
CDRIVER-4285 /client_side_encryption/custom_endpoint fails with "does not contain [parse error]"
- Closed
- split to
-
CDRIVER-4286 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
CSHARP-4041 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
CXX-2445 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
GODRIVER-2300 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
MOTOR-885 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
NODE-3967 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
PHPLIB-784 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
PYTHON-3110 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
RUBY-2897 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
RUST-1172 Remove use of example.com in Client Side Encryption prose tests
- Closed
-
JAVA-4480 Remove use of example.com in Client Side Encryption prose tests
- Closed