Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-749

KMS encrypt request for rewrapManyDataKey not retried

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed

      KMS encrypt requests are expected to be retried, but are not for the rewrapManyDataKey operation. See this branch for a failing test:

      ASSERT(mongocrypt_kms_ctx_fail(kms));             // Simulate driver-side network failure for an encrypt request.
ASSERT((kms = mongocrypt_ctx_next_kms_ctx(ctx))); // Assert fails. Expected KMS request to retry but did not.

      Calling mongocrypt_kms_ctx_fail returns true indicating retry is OK, but the KMS context is not returned again.

      Background

      Discovered when updating the C++ driver to use C driver 1.29.0 (PR). The error in the test "rewrap with invalid masterKey for Azure KMS provider" changed from" "Failed to resolve invalid-vault-csfle.vault.azure.net" to "key material not expected length" due to failing later.

       

            Assignee:
            Unassigned Unassigned
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: