-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Not Needed
Scope
- Return a clearer error if required KMS providers are not satisfied by mongocrypt_ctx_provide_kms_providers
Background & Motivation
The error observed in this patch build:
[2022/11/03 15:16:02.218] {"error":"invalid_request","error_description":"AADSTS900023: Specified tenant identifier '(null)' is neither a valid DNS name, nor a valid external domain.\r\nTrace ID: b80dba1a-e591-482a-9368-99f17eae6e00\r\nCorrelation ID: 7a7d0c34-a27c-463d-8bb1-02563e1e373b\r\nTimestamp: 2022-11-03 15:16:01Z","error_codes":[900023],"timestamp":"2022-11-03 15:16:01Z","trace_id":"b80dba1a-e591-482a-9368-99f17eae6e00","correlation_id":"7a7d0c34-a27c-463d-8bb1-02563e1e373b","error_uri":"https://login.microsoftonline.com/error?code=900023"}
[2022/11/03 15:16:02.218] at app//com.mongodb.crypt.capi.MongoKeyDecryptorImpl.throwExceptionFromStatus(MongoKeyDecryptorImpl.java:100)
[2022/11/03 15:16:02.218] at app//com.mongodb.crypt.capi.MongoKeyDecryptorImpl.feed(MongoKeyDecryptorImpl.java:92)
[2022/11/03 15:16:02.218] at app//com.mongodb.client.internal.Crypt.decryptKey(Crypt.java:357)
[2022/11/03 15:16:02.218] at app//com.mongodb.client.internal.Crypt.decryptKeys(Crypt.java:339)
This appears due the initial KMS providers being configured with:
{ "gcp": {} }
When creating a data key with the "azure" KMS provider.
Here is a repro in the C driver: https://spruce.mongodb.com/task/mongo_c_driver_testazurekms_variant_testazurekms_task_patch_a7cc359463dca30167f5ee8d149ba5b7ffb12dbc_6363eff63e8e865efa8c4ffe_22_11_03_16_44_39/logs?execution=1