[DRIVERS-2671] clarify CSOT behavior for FLE APIs Created: 13/Jul/23  Updated: 18/Jul/23

Status: Backlog
Project: Drivers
Component/s: Client Side Encryption, CSOT
Fix Version/s: None

Type: Task Priority: Minor - P4
Reporter: Bailey Pearson Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to PYTHON-3621 On demand KMS credential lookups do n... Closed
Driver Changes: Needed

 Description   

Summary

Some parts of FLE should be subject to `timeoutMS` but the specs (CSOT and client-side-encryption) don't mention these APIs.  These APIs are:{}

  • fetching kms credentials on demand
  • the key management API

Motivation

Drivers that implement CSOT should implement it properly for all relevant APIs.

Who is the affected end user?

Driver engineers and potentially users.

How does this affect the end user?

Users might be surprised that certain APIs don't support CSOT, or might find that operations timeout without respecting timeoutMS.

How likely is it that this problem or use case will occur?

Unlikely, for initializing kms credentials.  Unknown for the key management API.

If the problem does occur, what are the consequences and how severe are they?

Minor annoyance.

Is this issue urgent?

No.

Is this ticket required by a downstream team?

No.

Is this ticket only for tests?

No.

Acceptance Criteria

  • Review the client-side-encryption spec for any additional APIs (or asynchronous operations used internally in FLE) that should be subject to timeoutMS.
  • Clarify the CSOT and FLE spec to mention that these APIs should be subject to timeoutMS.
  • Testing
    • Add unified tests demonstrating that the key management API respects timeoutMS.
    • Testing for other parts of FLE (including fetching kms credentials on demand) is tbd.

Generated at Thu Feb 08 08:26:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.