[COMPASS-5930] Connection with in-use encryption enabled but no KMS provider hangs Compass window Created: 05/Jul/22  Updated: 29/Oct/23  Resolved: 24/Aug/22

Status: Closed
Project: Compass
Component/s: Field Level Encryption
Affects Version/s: None
Fix Version/s: 1.33.1

Type: Bug Priority: Major - P3
Reporter: Sergey Petushkov Assignee: Anna Henningsen
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Documentation Changes: Not Needed
Sprint: Iteration Fish, Iteration Grouper, Iteration Herring, Iteration Isopod

 Description   

Problem Statement/Rationale

If you connect to a cluster with in-use connection without storing the provider key (the recommended and default behavior) and then re use the saved connection (either from recents or favorited connection), you'll be able to connect with in-use encryption being in a weird state, leading to any attempt at fetching documents for a collection that has encryption hanging Compass window forever.

See this thread for some additional context

Steps to Reproduce

  • Start a replicaset with mongodb 6
  • Create a collection with in-use encryption applied
  • Connect to cluster in Compass and add a document to the collection
  • Disconnect / open "New connection" window
  • Connect to the same cluster using "Recent" connection
  • Open collection with the document

Expected Results

  • You see the document

Actual Results

  • Window will hang "forever"

Additional Notes

Seems like validation for the KMS providers kicks in only when you start editing the fields, maybe that's true for other fields too? We probably want the validation to not be coupled just to editing fields in the form



 Comments   
Comment by Githook User [ 28/Sep/22 ]

Author:

{'name': 'Anna Henningsen', 'email': 'anna.henningsen@mongodb.com', 'username': 'addaleax'}

Message: fix(data-service): fully remove empty KMS provider options COMPASS-5930 (#3381)

Fully remove KMS providers from the list of providers if their
set of options is empty after extracting secrets, since leaving
an existent-but-empty object and passing it to libmongocrypt
puts it in a state that Compass does not support (namely, providing
credentials on demand after connecting).
Branch: update-compass-shell-to-shared-config
https://github.com/mongodb-js/compass/commit/26d2bdec5092ee90ad1ce37d12d2d17d348dd001

Comment by Githook User [ 31/Aug/22 ]

Author:

{'name': 'Anna Henningsen', 'email': 'anna.henningsen@mongodb.com', 'username': 'addaleax'}

Message: fix(data-service): fully remove empty KMS provider options COMPASS-5930 (#3381)

Fully remove KMS providers from the list of providers if their
set of options is empty after extracting secrets, since leaving
an existent-but-empty object and passing it to libmongocrypt
puts it in a state that Compass does not support (namely, providing
credentials on demand after connecting).
Branch: 1.33-releases
https://github.com/mongodb-js/compass/commit/26d2bdec5092ee90ad1ce37d12d2d17d348dd001

Comment by Githook User [ 30/Aug/22 ]

Author:

{'name': 'Anna Henningsen', 'email': 'anna.henningsen@mongodb.com', 'username': 'addaleax'}

Message: fix(data-service): fully remove empty KMS provider options COMPASS-5930 (#3381)

Fully remove KMS providers from the list of providers if their
set of options is empty after extracting secrets, since leaving
an existent-but-empty object and passing it to libmongocrypt
puts it in a state that Compass does not support (namely, providing
credentials on demand after connecting).
Branch: compass-settings
https://github.com/mongodb-js/compass/commit/26d2bdec5092ee90ad1ce37d12d2d17d348dd001

Comment by Githook User [ 29/Aug/22 ]

Author:

{'name': 'Anna Henningsen', 'email': 'anna.henningsen@mongodb.com', 'username': 'addaleax'}

Message: fix(data-service): fully remove empty KMS provider options COMPASS-5930 (#3381)

Fully remove KMS providers from the list of providers if their
set of options is empty after extracting secrets, since leaving
an existent-but-empty object and passing it to libmongocrypt
puts it in a state that Compass does not support (namely, providing
credentials on demand after connecting).
Branch: COMPASS-5971-fix-import-deep-json
https://github.com/mongodb-js/compass/commit/26d2bdec5092ee90ad1ce37d12d2d17d348dd001

Comment by Githook User [ 26/Aug/22 ]

Author:

{'name': 'Anna Henningsen', 'email': 'anna.henningsen@mongodb.com', 'username': 'addaleax'}

Message: fix(data-service): fully remove empty KMS provider options COMPASS-5930 (#3381)

Fully remove KMS providers from the list of providers if their
set of options is empty after extracting secrets, since leaving
an existent-but-empty object and passing it to libmongocrypt
puts it in a state that Compass does not support (namely, providing
credentials on demand after connecting).
Branch: connection-info-modal
https://github.com/mongodb-js/compass/commit/26d2bdec5092ee90ad1ce37d12d2d17d348dd001

Comment by Githook User [ 24/Aug/22 ]

Author:

{'name': 'Anna Henningsen', 'email': 'anna.henningsen@mongodb.com', 'username': 'addaleax'}

Message: fix(data-service): fully remove empty KMS provider options COMPASS-5930 (#3381)

Fully remove KMS providers from the list of providers if their
set of options is empty after extracting secrets, since leaving
an existent-but-empty object and passing it to libmongocrypt
puts it in a state that Compass does not support (namely, providing
credentials on demand after connecting).
Branch: COMPASS-5941-refresh-indexes
https://github.com/mongodb-js/compass/commit/26d2bdec5092ee90ad1ce37d12d2d17d348dd001

Comment by Githook User [ 23/Aug/22 ]

Author:

{'name': 'Anna Henningsen', 'email': 'anna@addaleax.net', 'username': 'addaleax'}

Message: fix(data-service): fully remove empty KMS provider options COMPASS-5930

Fully remove KMS providers from the list of providers if their
set of options is empty after extracting secrets, since leaving
an existent-but-empty object and passing it to libmongocrypt
puts it in a state that Compass does not support (namely, providing
credentials on demand after connecting).
Branch: 5930-dev
https://github.com/mongodb-js/compass/commit/7b3aff5c18bce04ed88c3df89edbb537f53a7d65

Comment by Anna Henningsen [ 23/Aug/22 ]

First note while looking into this: This only reproduced for me with a Local KMS, not AWS.

Generated at Wed Feb 07 22:41:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.