[GODRIVER-2147] Automatic FLE decryption does not work with session Created: 03/Sep/21 Updated: 28/Oct/23 Resolved: 04/Oct/21 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.7.3 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Elena Flat | Assignee: | Kevin Albertson |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Description |
|
We are using manual mongo field level encryption with automatic decryption. Starting in go mongo driver 1.5.1 we get this error on decryption: "key vault communication error: session was not created by this client" To reproduce, I have taken the go mongo driver example Test_Example_explictEncryptionWithAutomaticDecryption and modified it to use a session (instead of empty context):
This throws error "key vault communication error: session was not created by this client". When going back to driver 1.5.0-beta1, things work because if SetKeyVaultClientOptions are not provided as part of AutoEncryption options on client creation, client is re-used for key vault communication. When going to driver 1.5.1 (also checked 1.7.2), we get this error.
|
| Comments |
| Comment by Githook User [ 04/Oct/21 ] | ||||
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: | ||||
| Comment by Githook User [ 04/Oct/21 ] | ||||
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: | ||||
| Comment by Kevin Albertson [ 01/Oct/21 ] | ||||
| Comment by Kevin Albertson [ 16/Sep/21 ] | ||||
|
Hi eflat@league.com, I was able to reproduce the error using the example provided. This is a regression caused by the changes in The cause of the regression is that a separate internal mongo.Client is created for key vault operations when there is a limited connection pool size on the mongo.Client configured for automatic encryption. The mongo.Client configured with automatic encryption is reused when there is no maximum connection pool size. We should have fix for this as soon as possible. A possible workaround is to override the default maximum connection pool size (100) to be unlimited:
That may be undesirable depending on your use case. But we will have a fix applied as soon as possible. | ||||
| Comment by Kevin Albertson [ 07/Sep/21 ] | ||||
|
Hi eflat@league.com, thank you for the detailed report and code snippet. We will look into this soon. |