[MONGOCRYPT-180] Erroneous warning for automatic encryption Created: 19/Sep/19 Updated: 28/Oct/23 Resolved: 16/Oct/19 |
|
| Status: | Closed |
| Project: | Libmongocrypt |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.0.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Kenneth White | Assignee: | Kevin Albertson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | fle-ga | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Observed on Ubuntu and MacOS |
||
| Description |
|
When a new MongoClient is created with auto_encryption_options that include a valid local schema, users get a spurious message: "WARNING local schema used but does not have encryption specifiers". Subsequent insert & find operations work as expected (automatic encryption is in fact occurring). Reproducible test case from (
This warning should only display when a local schema was specified but lacked any encrypt properties in the json schema. |
| Comments |
| Comment by Githook User [ 16/Oct/19 ] | ||||||
|
Author: {'name': 'Kevin Albertson', 'username': 'kevinAlbs', 'email': 'kevin.albertson@mongodb.com'}Message: | ||||||
| Comment by Kenneth White [ 09/Oct/19 ] | ||||||
|
Consistently reproducing on Node as well. See output here (line 22 of the last file): https://gist.github.com/kennwhite/5bb40f40e1e1b80a62f7601a8d765658#file-sample_output-txt-L22 | ||||||
| Comment by Kevin Albertson [ 20/Sep/19 ] | ||||||
|
Agreed, I believe this is a problem in libmongocrypt. I believe this condition should be negated. I'm moving this to MONGOCRYPT. | ||||||
| Comment by Shane Harvey [ 20/Sep/19 ] | ||||||
|
Note I believe that pymongo is acting according to the spec and all drivers will have this same behavior. | ||||||
| Comment by Shane Harvey [ 20/Sep/19 ] | ||||||
|
This log line is being printed by libmongocrypt here: https://github.com/mongodb/libmongocrypt/blob/b34546630ed774cdc59aca2791d2ae6aa0e3aa7c/src/mongocrypt-ctx-encrypt.c#L217 The reason this line is reached even though the "demoFLE.peoplePy" collection has encryption specifiers is a bit convoluted. The first attempt to auto encrypt an operation on the "demoFLE.peoplePy" collection causes libmongocrypt to request a key document from the key vault collection "demoFLE.keystore2" (the MONGOCRYPT_CTX_NEED_MONGO_KEYS state). By default the key vault collection uses the same MongoClient on which auto-encryption is enabled so this find operation will also be auto-encrypted. It is when marking this "find" that libmongocrypt prints the message: "WARNING local schema used but does not have encryption specifiers" I also see this behavior in pymongo's tests and adding some extra logging confirms the above. Here we can see that the pymongo auto encrypts the key vault find operation:
To avoid seeing this error you can use an unencrypted mongo client for the key_vault_client. If we want to avoid this warning by default I think we'll need to change libmongocrypt to be more intelligent in this situation. Perhaps it can suppress this message when the collection being marked is a key vault operation? |