[DRIVERS-2339] Improve error messaging when incompatible crypt_shared options are set Created: 27/May/22  Updated: 07/Jul/22

Status: Backlog
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Improvement Priority: Unknown
Reporter: Matt Dale Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Driver Changes: Needed

 Description   

Summary

Setting either bypassAutoEncryption=true or bypassQueryAnalysis=true will prevent the crypt_shared library from being loaded. Setting cryptSharedLibRequired=true in the AutoEncryption extra options will cause Client creation to return an error if the crypt_shared library is not loaded. Both preventing and requiring the crypt_shared library will always result in a Client creation error.

Currently, the resulting error does not specify why the crypt_shared library was not loaded. For example, the resulting error from the C driver is:

Option 'cryptSharedLibRequired' is 'true', but we failed to load the crypt_shared libary

If a user doesn't realize that the problem is related to use of the "bypass" and "require" options together, they may assume the error is a failure to find the crypt_shared library in the provided path(s). To prevent confusion, require that drivers validate AutoEncryption options and return an error in the following case:

if bypassAutoEncryption and extraOptions.cryptSharedLibRequired:
    raise "bypassAutoEncryption and extraOptions.cryptSharedLibRequired cannot both be true"
if bypassQueryAnalysis and extraOptions.cryptSharedLibRequired:
    raise "bypassQueryAnalysis and extraOptions.cryptSharedLibRequired cannot both be true"

Motivation

Who is the affected end user?

End users trying to enable automatic decryption who mistakenly set extraOptions.cryptSharedLibRequired=true.

How does this affect the end user?

The user gets a confusing error message like

Option 'cryptSharedLibRequired' is 'true', but we failed to load the crypt_shared libary

How likely is it that this problem or use case will occur?

Somewhat unlikely. Users who set bypassAutoEncryption or bypassQueryAnalysis are likely trying to use automatic decryption only and do not have an enterprise license, so they probably won't try to load the crypt_shared library. A plausible use case is where someone does have an enterprise license and typically loads the crypt_shared library, but is writing an application that only needs automatic decryption, not automatic encryption.

If the problem does occur, what are the consequences and how severe are they?

Confusion about how to resolve the error, possibly leading to wasted time and/or having to contact MongoDB support or ask questions on a developer forum.

Is this issue urgent?

No.

Is this ticket required by a downstream team?

No.

Is this ticket only for tests?

No.



 Comments   
Comment by Dmitry Rybakov [ 07/Jul/22 ]

This is very valid request. It does not seem to be urgent, so we backlog it.

Generated at Thu Feb 08 08:25:19 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.