[SERVER-43884] Improve Error Formatting for mongocryptd-origin errors Created: 08/Oct/19 Updated: 29/Oct/23 Resolved: 06/Nov/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.1, 4.2.2 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Ravind Kumar (Inactive) | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | encryption | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Backport Requested: |
v4.2
|
||||||||
| Sprint: | Security 2019-11-04, Security 2019-11-18 | ||||||||
| Participants: | |||||||||
| Description |
|
Currently issuing an unsupported query or agg operator via an auto-encrypt enabled shell session returns errors that are *not* easily distinguished as mongocryptd-originating:
Queries have a very different error report string:
Since these errors do not include any indicator that they originated from mongocryptd, its not as clear to the user where mongocryptd's query validation is taking place. These look like any other syntax error, rather than a 'this behavior is blocked by mongocryptd' This might be a wider issue than just the shell, but I figure we can start talking about whether this makes sense to deal with here. |
| Comments |
| Comment by Githook User [ 16/Nov/19 ] | ||
|
Author: {'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit d25aab9daa3410f3ae3b25af3bd49f70b23cbe6e) | ||
| Comment by Githook User [ 06/Nov/19 ] | ||
|
Author: {'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto'}Message: | ||
| Comment by Ravind Kumar (Inactive) [ 25/Oct/19 ] | ||
|
I understand that this may only affect the shell - from my perspective, having errors that clearly denote the source of the error will be helpful for developers as they work through this feature. As far as your last graf, I was not aware of the relationship between the mongo shell and mongocryptd. Ideally mongocryptd would return errors such that the origin is obvious across all platforms. | ||
| Comment by Mark Benvenuto [ 25/Oct/19 ] | ||
|
Would it be more clear if all the FLE errors had a common prefix to denote its origin. We could preface all error messages with "Auto Encryption Error: " for instance or some other text of choosing. This would make it clear whether the error comes from the shell or from the server side. Also, depending on how I implement this change, it may only affect the shell and not other drivers. In the shell code, I could rewrap all errors from query analysis with the prefix but leave the actual driver interface to mongocryptd unchanged. This would mean in your example, the shell would not print
while the driver would continue to see
from mongocryptd itself.
Please note that mongocryptd is not actually a separate binary when the shell is used. It is simply "linked" into the shell. I am not sure if this was clear or you were simply describing the FLE query analysis library as mongocryptd for simplicity's safe. | ||
| Comment by Asya Kamsky [ 21/Oct/19 ] | ||
|
Is it important for the error to indicate mongocryptd as the source? It seems like an implementation detail and the important part of the error that must be there seems to already be present: "Encrypted field 'date' ... " |