Uploaded image for project: 'Ruby Driver'
  1. Ruby Driver
  2. RUBY-3032

Raise KmsError directly when communicating to KMS fails via LMC

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 2.18.0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Fully Compatible

      Currently the crypto code in the driver can raise CryptError or KmsError. The decision is based on whether the error, as retrieved from libmongocrypt, is marked to be a client error or a kms error.

      In some situations where the driver is communicating with the kms, lmc labels the error as a client error and this error produces originally a CryptError exception which then gets wrapped into a KmsError as follows:

           Failure/Error: raise Error::KmsError, "Error when connecting to KMS provider: #{e.class}: #{e.message}"
     
     Mongo::Error::KmsError:
       Error when connecting to KMS provider: Mongo::Error::CryptError: Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: XI9VcvUEWJkAW16cPn0mGq0gaGhNXP3Q7ME75YT1JvnWGOX72UbKoN7ost3OqGoNNRSKHQSY3V961DA7fuuQsDGdT7mh4AO4 (libmongocrypt error code 1)
     Shared Example Group: "it respect KMS TLS options" called from ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:390
     # ./lib/mongo/crypt/encryption_io.rb:271:in `rescue in with_ssl_socket'
     # ./lib/mongo/crypt/encryption_io.rb:270:in `with_ssl_socket'
     # ./lib/mongo/crypt/encryption_io.rb:140:in `feed_kms'
     # ./lib/mongo/crypt/context.rb:109:in `run_state_machine'
     # ./lib/mongo/crypt/explicit_encrypter.rb:64:in `create_and_insert_data_key'
     # ./lib/mongo/client_encryption.rb:80:in `create_data_key'
     # ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:296:in `block (5 levels) in <top (required)>'
     # ./spec/lite_spec_helper.rb:138:in `block (3 levels) in <top (required)>'
     # ./spec/lite_spec_helper.rb:137:in `block (2 levels) in <top (required)>'
     # ./spec/lite_spec_helper.rb:117:in `block (2 levels) in <top (required)>'
     # ./spec/support/background_thread_registry.rb:65:in `block (2 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # Mongo::Error::CryptError:
     #   Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: XI9VcvUEWJkAW16cPn0mGq0gaGhNXP3Q7ME75YT1JvnWGOX72UbKoN7ost3OqGoNNRSKHQSY3V961DA7fuuQsDGdT7mh4AO4 (libmongocrypt error code 1)
     #   ./lib/mongo/crypt/status.rb:130:in `raise_crypt_error'

      The wrapping is confusing and I believe is incorrect. I think we should directly raise KmsError when we know we are performing a KMS operation.

      Desired report:

           Failure/Error: raise Error::KmsError, "Error when connecting to KMS provider: #{e.class}: #{e.message}"
     
     Mongo::Error::KmsError:
       Error when connecting to KMS provider: Mongo::Error::KmsError: Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: vJNjasZok56lKGpZugpPB0T2rHuv366SxVOLuwFG4XMXGjyIsXsczrTmK5e0Mw2YnOrd1jZod2pMCVxNHNiKyID3N92qSlEA (libmongocrypt error code 1)
     Shared Example Group: "it respect KMS TLS options" called from ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:390
     # ./lib/mongo/crypt/encryption_io.rb:271:in `rescue in with_ssl_socket'
     # ./lib/mongo/crypt/encryption_io.rb:270:in `with_ssl_socket'
     # ./lib/mongo/crypt/encryption_io.rb:140:in `feed_kms'
     # ./lib/mongo/crypt/context.rb:109:in `run_state_machine'
     # ./lib/mongo/crypt/explicit_encrypter.rb:64:in `create_and_insert_data_key'
     # ./lib/mongo/client_encryption.rb:80:in `create_data_key'
     # ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:296:in `block (5 levels) in <top (required)>'
     # ./spec/lite_spec_helper.rb:138:in `block (3 levels) in <top (required)>'
     # ./spec/lite_spec_helper.rb:137:in `block (2 levels) in <top (required)>'
     # ./spec/lite_spec_helper.rb:117:in `block (2 levels) in <top (required)>'
     # ./spec/support/background_thread_registry.rb:65:in `block (2 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # Mongo::Error::KmsError:
     #   Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: vJNjasZok56lKGpZugpPB0T2rHuv366SxVOLuwFG4XMXGjyIsXsczrTmK5e0Mw2YnOrd1jZod2pMCVxNHNiKyID3N92qSlEA (libmongocrypt error code 1)
     #   ./lib/mongo/crypt/status.rb:136:in `raise_crypt_error'

            Assignee:
            oleg.pudeyev@mongodb.com Oleg Pudeyev (Inactive)
            Reporter:
            oleg.pudeyev@mongodb.com Oleg Pudeyev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: