Details
-
Improvement
-
Resolution: Fixed
-
Major - P3
-
None
-
None
-
None
-
Not Needed
Description
Scope
- Return a clearer error if required KMS providers are not satisfied by mongocrypt_ctx_provide_kms_providers
Background & Motivation
The error observed in this patch build:
[2022/11/03 15:16:02.218] {"error":"invalid_request","error_description":"AADSTS900023: Specified tenant identifier '(null)' is neither a valid DNS name, nor a valid external domain.\r\nTrace ID: b80dba1a-e591-482a-9368-99f17eae6e00\r\nCorrelation ID: 7a7d0c34-a27c-463d-8bb1-02563e1e373b\r\nTimestamp: 2022-11-03 15:16:01Z","error_codes":[900023],"timestamp":"2022-11-03 15:16:01Z","trace_id":"b80dba1a-e591-482a-9368-99f17eae6e00","correlation_id":"7a7d0c34-a27c-463d-8bb1-02563e1e373b","error_uri":"https://login.microsoftonline.com/error?code=900023"}
|
[2022/11/03 15:16:02.218] at app//com.mongodb.crypt.capi.MongoKeyDecryptorImpl.throwExceptionFromStatus(MongoKeyDecryptorImpl.java:100)
|
[2022/11/03 15:16:02.218] at app//com.mongodb.crypt.capi.MongoKeyDecryptorImpl.feed(MongoKeyDecryptorImpl.java:92)
|
[2022/11/03 15:16:02.218] at app//com.mongodb.client.internal.Crypt.decryptKey(Crypt.java:357)
|
[2022/11/03 15:16:02.218] at app//com.mongodb.client.internal.Crypt.decryptKeys(Crypt.java:339)
|
This appears due the initial KMS providers being configured with:
{ "gcp": {} }
|
When creating a data key with the "azure" KMS provider.
Here is a repro in the C driver: https://spruce.mongodb.com/task/mongo_c_driver_testazurekms_variant_testazurekms_task_patch_a7cc359463dca30167f5ee8d149ba5b7ffb12dbc_6363eff63e8e865efa8c4ffe_22_11_03_16_44_39/logs?execution=1