-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Unknown
-
Affects Version/s: None
-
Component/s: None
-
Fully Compatible
Currently the crypto code in the driver can raise CryptError or KmsError. The decision is based on whether the error, as retrieved from libmongocrypt, is marked to be a client error or a kms error.
In some situations where the driver is communicating with the kms, lmc labels the error as a client error and this error produces originally a CryptError exception which then gets wrapped into a KmsError as follows:
Failure/Error: raise Error::KmsError, "Error when connecting to KMS provider: #{e.class}: #{e.message}"
Mongo::Error::KmsError:
Error when connecting to KMS provider: Mongo::Error::CryptError: Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: XI9VcvUEWJkAW16cPn0mGq0gaGhNXP3Q7ME75YT1JvnWGOX72UbKoN7ost3OqGoNNRSKHQSY3V961DA7fuuQsDGdT7mh4AO4 (libmongocrypt error code 1)
Shared Example Group: "it respect KMS TLS options" called from ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:390
# ./lib/mongo/crypt/encryption_io.rb:271:in `rescue in with_ssl_socket'
# ./lib/mongo/crypt/encryption_io.rb:270:in `with_ssl_socket'
# ./lib/mongo/crypt/encryption_io.rb:140:in `feed_kms'
# ./lib/mongo/crypt/context.rb:109:in `run_state_machine'
# ./lib/mongo/crypt/explicit_encrypter.rb:64:in `create_and_insert_data_key'
# ./lib/mongo/client_encryption.rb:80:in `create_data_key'
# ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:296:in `block (5 levels) in <top (required)>'
# ./spec/lite_spec_helper.rb:138:in `block (3 levels) in <top (required)>'
# ./spec/lite_spec_helper.rb:137:in `block (2 levels) in <top (required)>'
# ./spec/lite_spec_helper.rb:117:in `block (2 levels) in <top (required)>'
# ./spec/support/background_thread_registry.rb:65:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# Mongo::Error::CryptError:
# Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: XI9VcvUEWJkAW16cPn0mGq0gaGhNXP3Q7ME75YT1JvnWGOX72UbKoN7ost3OqGoNNRSKHQSY3V961DA7fuuQsDGdT7mh4AO4 (libmongocrypt error code 1)
# ./lib/mongo/crypt/status.rb:130:in `raise_crypt_error'
The wrapping is confusing and I believe is incorrect. I think we should directly raise KmsError when we know we are performing a KMS operation.
Desired report:
Failure/Error: raise Error::KmsError, "Error when connecting to KMS provider: #{e.class}: #{e.message}"
Mongo::Error::KmsError:
Error when connecting to KMS provider: Mongo::Error::KmsError: Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: vJNjasZok56lKGpZugpPB0T2rHuv366SxVOLuwFG4XMXGjyIsXsczrTmK5e0Mw2YnOrd1jZod2pMCVxNHNiKyID3N92qSlEA (libmongocrypt error code 1)
Shared Example Group: "it respect KMS TLS options" called from ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:390
# ./lib/mongo/crypt/encryption_io.rb:271:in `rescue in with_ssl_socket'
# ./lib/mongo/crypt/encryption_io.rb:270:in `with_ssl_socket'
# ./lib/mongo/crypt/encryption_io.rb:140:in `feed_kms'
# ./lib/mongo/crypt/context.rb:109:in `run_state_machine'
# ./lib/mongo/crypt/explicit_encrypter.rb:64:in `create_and_insert_data_key'
# ./lib/mongo/client_encryption.rb:80:in `create_data_key'
# ./spec/integration/client_side_encryption/kms_tls_options_spec.rb:296:in `block (5 levels) in <top (required)>'
# ./spec/lite_spec_helper.rb:138:in `block (3 levels) in <top (required)>'
# ./spec/lite_spec_helper.rb:137:in `block (2 levels) in <top (required)>'
# ./spec/lite_spec_helper.rb:117:in `block (2 levels) in <top (required)>'
# ./spec/support/background_thread_registry.rb:65:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# Mongo::Error::KmsError:
# Error getting SecretData from KMIP Get response: KMIP response error. Result Status (1): Operation Failed. Result Reason (1): Item Not Found. Result Message: Could not locate object: vJNjasZok56lKGpZugpPB0T2rHuv366SxVOLuwFG4XMXGjyIsXsczrTmK5e0Mw2YnOrd1jZod2pMCVxNHNiKyID3N92qSlEA (libmongocrypt error code 1)
# ./lib/mongo/crypt/status.rb:136:in `raise_crypt_error'