[SERVER-43884] Improve Error Formatting for mongocryptd-origin errors Created: 08/Oct/19  Updated: 29/Oct/23  Resolved: 06/Nov/19

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: None
Fix Version/s: 4.3.1, 4.2.2

Type: Improvement Priority: Major - P3
Reporter: Ravind Kumar (Inactive) Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: encryption
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.2
Sprint: Security 2019-11-04, Security 2019-11-18
Participants:

 Description   

Currently issuing an unsupported query or agg operator via an auto-encrypt enabled shell session returns errors that are *not* easily distinguished as mongocryptd-originating:

>  coll.aggregate([{$project : {"date" : {$dateToParts : {"date" : "$date"}}}}])
2019-10-08T11:18:47.872-0400 E  QUERY    [js] Error: Encrypted field 'date' is not allowed to be evaluated by date to parts function :
runClientFunctionWithRetries@src/mongo/shell/session.js:366:27
runCommand@src/mongo/shell/session.js:460:25
DB.prototype._runCommandImpl@src/mongo/shell/db.js:147:12
DB.prototype.runCommand@src/mongo/shell/db.js:162:16
DB.prototype.runReadCommand@src/mongo/shell/db.js:141:12
DB.prototype._runAggregate/doAgg<@src/mongo/shell/db.js:245:60
DB.prototype._runAggregate@src/mongo/shell/db.js:248:17
DBCollection.prototype.aggregate@src/mongo/shell/collection.js:1012:12
@(shell):1:1

Queries have a very different error report string:

> coll.find({"date" : {$gt : Date("2019-01-01")}})
Error: Invalid match expression operator on encrypted field 'date': { date: { $gt: "Tue Oct 08 2019 11:23:57 GMT-0400 (EDT)" } }

Since these errors do not include any indicator that they originated from mongocryptd, its not as clear to the user where mongocryptd's query validation is taking place. These look like any other syntax error, rather than a 'this behavior is blocked by mongocryptd'

This might be a wider issue than just the shell, but I figure we can start talking about whether this makes sense to deal with here.



 Comments   
Comment by Githook User [ 16/Nov/19 ]

Author:

{'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-43884 Improve Error Formatting for client side fle errors

(cherry picked from commit d25aab9daa3410f3ae3b25af3bd49f70b23cbe6e)
Branch: v4.2
https://github.com/10gen/mongo-enterprise-modules/commit/4827c8606b4d611447c3cbe4911c33cb1039aff6

Comment by Githook User [ 06/Nov/19 ]

Author:

{'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto'}

Message: SERVER-43884 Improve Error Formatting for client side fle errors
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/d25aab9daa3410f3ae3b25af3bd49f70b23cbe6e

Comment by Ravind Kumar (Inactive) [ 25/Oct/19 ]

I understand that this may only affect the shell - from my perspective, having errors that clearly denote the source of the error will be helpful for developers as they work through this feature.

As far as your last graf, I was not aware of the relationship between the mongo shell and mongocryptd. Ideally mongocryptd would return errors such that the origin is obvious across all platforms.

Comment by Mark Benvenuto [ 25/Oct/19 ]

Would it be more clear if all the FLE errors had a common prefix to denote its origin. We could preface all error messages with "Auto Encryption Error: " for instance or some other text of choosing. This would make it clear whether the error comes from the shell or from the server side.

Also, depending on how I implement this change, it may only affect the shell and not other drivers. In the shell code, I could rewrap all errors from query analysis with the prefix but leave the actual driver interface to mongocryptd unchanged.

This would mean in your example, the shell would not print

Auto Encryption Error: Encrypted field 'date' is not allowed to be evaluated by date to parts function 

while the driver would continue to see 

Encrypted field 'date' is not allowed to be evaluated by date to parts function 

from mongocryptd itself.

 

Please note that mongocryptd is not actually a separate binary when the shell is used. It is simply "linked" into the shell. I am not sure if this was clear or you were simply describing the FLE query analysis library as mongocryptd for simplicity's safe.

Comment by Asya Kamsky [ 21/Oct/19 ]

Is it important for the error to indicate mongocryptd as the source? It seems like an implementation detail and the important part of the error that must be there seems to already be present:

"Encrypted field 'date' ... "

Generated at Thu Feb 08 05:04:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.