[DRIVERS-2191] Remove use of example.com in Client Side Encryption prose tests Created: 06/Feb/22  Updated: 30/Sep/22  Resolved: 30/Sep/22

Status: Closed
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Done Votes: 0
Labels: prose-test
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by CDRIVER-4285 /client_side_encryption/custom_endpoi... Closed
Issue split
split to CDRIVER-4286 Remove use of example.com in Client S... Closed
split to CSHARP-4041 Remove use of example.com in Client S... Closed
split to CXX-2445 Remove use of example.com in Client S... Closed
split to GODRIVER-2300 Remove use of example.com in Client S... Closed
split to MOTOR-885 Remove use of example.com in Client S... Closed
split to NODE-3967 Remove use of example.com in Client S... Closed
split to PHPLIB-784 Remove use of example.com in Client S... Closed
split to PYTHON-3110 Remove use of example.com in Client S... Closed
split to RUBY-2897 Remove use of example.com in Client S... Closed
split to RUST-1172 Remove use of example.com in Client S... Closed
split to JAVA-4480 Remove use of example.com in Client S... Closed
Driver Changes: Needed
Downstream Changes Summary:

Replaces "example.com" with "doesnotexist.invalid" in Client Side Encryption prose tests. This resolves inconsistent test failures observed on ubuntu1804 hosts in the C driver. This may be low priority if teams are not observing test failures.

Relevant test changes are in mongodb/specifications@2d52481.

Driver Compliance:
Key Status/Resolution FixVersion
CDRIVER-4286 Duplicate
CXX-2445 Fixed 3.7.0
CSHARP-4041 Fixed 2.16.0
GODRIVER-2300 Fixed 1.9.0
JAVA-4480 Fixed 4.4.2
NODE-3967 Fixed 4.4.0
MOTOR-885 Works as Designed
PYTHON-3110 Fixed 3.13, 4.1, 4.0.2
PHPLIB-784 Fixed 1.12.0
RUBY-2897 Fixed 2.19.0
RUST-1172 Won't Do
SWIFT-1482 Won't Do

 Description   

Summary

Remove use of example.com in Client Side Encryption prose tests.

Motivation

The Custom Endpoint Test prose test uses the domain "example.com". "example.com" is used to validate a the driver passes a custom endpoint to libmongocrypt. Tests assert that libmongocrypt returns an error including the string "parse error" from responses to example.com.

Recently (first observed on 02/06/2022), tests in the C driver evergreen observed HTTP 404 responses from example.com on some AWS signed requests. Here is a repro script run on an ubuntu1804-small spawn host:

# Run this script to reproduce an AWS request sent to example.com.
curl \
     --http1.1 \
     --request POST \
     --header 'Connection:close' \
     --header 'Content-Length:233' \
     --header 'Content-Type:application/x-amz-json-1.1' \
     --header 'Host:example.com' \
     --header 'X-Amz-Date:20220206T170714Z' \
     --header 'X-Amz-Target:TrentService.Encrypt' \
     --header 'Authorization: AWS4-HMAC-SHA256 Credential=AKIAYN7GMR6CAK6BMVGY/20220206/us-east-1/kms/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target, Signature=a13b685bd8fe0e044dc36553e315639d95652f0fa9e922a7863df037aed4ba2c' \
     --data '{"Plaintext": "PVpTntxRrFSPDeMJ4zy2XLYz9WPE/FRS0YN4dEscWarsT9LwsTrP75tMXwK1o7wbqI6yoGEJUTntbXQLPqmiqw8RQAPkzYwbcsy/RSI+qGDn4ILK/+S8OeLHtyMNKGTX", "KeyId": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0"}' \
     -o response.html \
     --silent \
     -w "%{http_code}\n" \
     example.com
# On 02/06/2022, after running on an ubuntu1804-small spawn host, this may print either 200 or 404.
# (venv) ubuntu@ip-10-122-14-82:~/code/mongo-c-driver/.h$ ./repro.sh
# 200
# (venv) ubuntu@ip-10-122-14-82:~/code/mongo-c-driver/.h$ ./repro.sh
# 404

Who is the affected end user?

DBX engineers running tests with Client Side Encryption.

How does this affect the end user?

Tests may fail inconsistently.

How likely is it that this problem or use case will occur?

The C driver Client Side Encryption tests have been failing frequently as of 02/06/2022.
For example, this task run failed three times with this error.

If the problem does occur, what are the consequences and how severe are they?

Is this issue urgent?

Yes. This test failure was observed on 02/04/2022. This may affect all DBX teams.

Is this ticket required by a downstream team?

No.

Is this ticket only for tests?

Yes.



 Comments   
Comment by Githook User [ 07/Feb/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: DRIVERS-2191 Remove use of example.com in Client Side Encryption prose tests (#1136)

Updates test cases 6, 7, 8, and 9
Branch: master
https://github.com/mongodb/specifications/commit/2d52481c73c7774034a765027d27e381d7dad4a2

Comment by Kevin Albertson [ 06/Feb/22 ]

PR: https://github.com/mongodb/specifications/pull/1136

Generated at Thu Feb 08 08:24:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.