Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(NODE-6391): Add timeoutMS support to explicit encryption #4269

Merged
merged 70 commits into from
Oct 29, 2024
Merged
Show file tree
Hide file tree
Changes from 57 commits
Commits
Show all changes
70 commits
Select commit Hold shift + click to select a range
8003163
feat(NODE-6090): Implement CSOT logic for connection checkout and ser…
W-A-James Apr 11, 2024
a216ae6
test(NODE-6120): Implement Unified test runner changes for CSOT (#4121)
W-A-James Jun 10, 2024
aca9661
refactor(NODE-6187): refactor to use TimeoutContext abstraction (#4131)
W-A-James Jun 21, 2024
3051def
refactor(NODE-6230): executeOperation to use iterative retry mechanis…
nbbeeken Jul 22, 2024
df025f4
feat(NODE-5682): set maxTimeMS on commands and preempt I/O (#4174)
nbbeeken Jul 26, 2024
83cd82b
feat(NODE-6231): Add CSOT behaviour for retryable reads and writes (#…
W-A-James Aug 1, 2024
c36dce5
feat(NODE-6312): add error transformation for server timeouts (#4192)
nbbeeken Aug 12, 2024
3fe3e01
feat(NODE-6313): add CSOT support to sessions and transactions (#4199)
nbbeeken Sep 9, 2024
7b4aa84
feat(NODE-6304): add CSOT support for non-tailable cursors (#4195)
W-A-James Sep 12, 2024
3045a34
fix(NODE-6374): MongoOperationTimeoutError inherits MongoRuntimeError…
nbbeeken Sep 12, 2024
11d059f
test: remove empty skipped context blocks (#4238)
W-A-James Sep 12, 2024
bfeeda9
feat(NODE-5844): add iscryptd to ServerDescription (#4239)
nbbeeken Sep 17, 2024
7a12914
chore: allow clientBulkWrite to use TimeoutContext (#4251)
W-A-James Sep 25, 2024
09f6d7d
feat(NODE-6274): add CSOT support to bulkWrite (#4250)
nbbeeken Oct 2, 2024
1a06868
feat(NODE-6275): Add CSOT support to GridFS (#4246)
W-A-James Oct 4, 2024
392599c
refactor(NODE-6411): AbstractCursor accepts an external timeout conte…
baileympearson Oct 4, 2024
9a1b2d0
feat(NODE-6305): Add CSOT support to tailable cursors (#4218)
W-A-James Oct 7, 2024
d26a588
feat(NODE-6389): add support for timeoutMS in StateMachine.execute() …
aditi-khare-mongoDB Oct 7, 2024
2206be1
src code change no tests
aditi-khare-mongoDB Oct 8, 2024
6330fd6
feat(NODE-6090): Implement CSOT logic for connection checkout and ser…
W-A-James Apr 11, 2024
a1206a0
test(NODE-6120): Implement Unified test runner changes for CSOT (#4121)
W-A-James Jun 10, 2024
a47e280
refactor(NODE-6187): refactor to use TimeoutContext abstraction (#4131)
W-A-James Jun 21, 2024
398066e
refactor(NODE-6230): executeOperation to use iterative retry mechanis…
nbbeeken Jul 22, 2024
c333723
feat(NODE-5682): set maxTimeMS on commands and preempt I/O (#4174)
nbbeeken Jul 26, 2024
256ca4e
feat(NODE-6231): Add CSOT behaviour for retryable reads and writes (#…
W-A-James Aug 1, 2024
8a416be
feat(NODE-6312): add error transformation for server timeouts (#4192)
nbbeeken Aug 12, 2024
52c2c9d
feat(NODE-6313): add CSOT support to sessions and transactions (#4199)
nbbeeken Sep 9, 2024
546366f
feat(NODE-6304): add CSOT support for non-tailable cursors (#4195)
W-A-James Sep 12, 2024
4f8e7c9
fix(NODE-6374): MongoOperationTimeoutError inherits MongoRuntimeError…
nbbeeken Sep 12, 2024
8b9eeef
test: remove empty skipped context blocks (#4238)
W-A-James Sep 12, 2024
1eb0b74
feat(NODE-5844): add iscryptd to ServerDescription (#4239)
nbbeeken Sep 17, 2024
580130d
chore: allow clientBulkWrite to use TimeoutContext (#4251)
W-A-James Sep 25, 2024
2e93ce7
feat(NODE-6274): add CSOT support to bulkWrite (#4250)
nbbeeken Oct 2, 2024
c637ea8
feat(NODE-6275): Add CSOT support to GridFS (#4246)
W-A-James Oct 4, 2024
c148f6b
refactor(NODE-6411): AbstractCursor accepts an external timeout conte…
baileympearson Oct 4, 2024
4488bab
feat(NODE-6305): Add CSOT support to tailable cursors (#4218)
W-A-James Oct 7, 2024
c28a365
feat(NODE-6389): add support for timeoutMS in StateMachine.execute() …
aditi-khare-mongoDB Oct 7, 2024
85d39ec
fix(NODE-6412): read stale response from previously timed out connect…
nbbeeken Oct 11, 2024
450b163
feat(NODE-6403): add CSOT support to client bulk write (#4261)
baileympearson Oct 14, 2024
35ee04c
test 1
aditi-khare-mongoDB Oct 15, 2024
7ee1fd2
tests implemented
aditi-khare-mongoDB Oct 15, 2024
dfe72c1
Merge branch 'NODE-6090' into NODE-6391/explicit-encryption
aditi-khare-mongoDB Oct 15, 2024
56c63c7
temp
aditi-khare-mongoDB Oct 15, 2024
fff7e0a
temp
aditi-khare-mongoDB Oct 15, 2024
751ecd1
temp
aditi-khare-mongoDB Oct 16, 2024
ea2089a
temp
aditi-khare-mongoDB Oct 17, 2024
fa05342
temp
aditi-khare-mongoDB Oct 17, 2024
cbb2a56
temp
aditi-khare-mongoDB Oct 17, 2024
313eaa0
feat(NODE-6403): add CSOT support to client bulk write (#4261)
baileympearson Oct 14, 2024
07cffc7
chore: fix a few flaky CSOT tests (#4278)
baileympearson Oct 17, 2024
c3f31da
feat(NODE-6421): add support for timeoutMS to explain helpers (#4268)
baileympearson Oct 21, 2024
95dd2a2
ready for review
aditi-khare-mongoDB Oct 21, 2024
cf606a0
Merge branch 'NODE-6090' into NODE-6391/explicit-encryption
aditi-khare-mongoDB Oct 21, 2024
3abd62b
remove extranous changes
aditi-khare-mongoDB Oct 21, 2024
c424c80
add back in tests from rebase
aditi-khare-mongoDB Oct 21, 2024
e78b127
Merge branch 'NODE-6090' into NODE-6391/explicit-encryption
aditi-khare-mongoDB Oct 21, 2024
19c314f
partial re-review
aditi-khare-mongoDB Oct 24, 2024
3587432
requested changes
aditi-khare-mongoDB Oct 24, 2024
abe248f
no concurrent timeoutContext
aditi-khare-mongoDB Oct 24, 2024
3fbcd2e
add in comments
aditi-khare-mongoDB Oct 24, 2024
ad8970a
typo
aditi-khare-mongoDB Oct 24, 2024
9201a08
Update src/client-side-encryption/client_encryption.ts
aditi-khare-mongoDB Oct 24, 2024
8287029
Update src/timeout.ts
aditi-khare-mongoDB Oct 24, 2024
cab26a2
bailey requested changes
aditi-khare-mongoDB Oct 28, 2024
cddad21
bailey requested changes
aditi-khare-mongoDB Oct 28, 2024
2fb01bc
fix merge conflict
aditi-khare-mongoDB Oct 28, 2024
171c766
Merge branch 'NODE-6090' into NODE-6391/explicit-encryption
aditi-khare-mongoDB Oct 28, 2024
7185be8
fixed failing tests
aditi-khare-mongoDB Oct 28, 2024
c777bb3
Merge branch 'NODE-6090' into NODE-6391/explicit-encryption
aditi-khare-mongoDB Oct 29, 2024
12333d1
lint fix
aditi-khare-mongoDB Oct 29, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 50 additions & 6 deletions src/client-side-encryption/client_encryption.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import { type MongoClient, type MongoClientOptions } from '../mongo_client';
import { type Filter, type WithId } from '../mongo_types';
import { type CreateCollectionOptions } from '../operations/create_collection';
import { type DeleteResult } from '../operations/delete';
import { CSOTTimeoutContext } from '../timeout';
import { MongoDBCollectionNamespace } from '../utils';
import * as cryptoCallbacks from './crypto_callbacks';
import {
Expand Down Expand Up @@ -74,6 +75,8 @@ export class ClientEncryption {
_tlsOptions: CSFLEKMSTlsOptions;
/** @internal */
_kmsProviders: KMSProviders;
/** @internal */
_timeoutMS?: number;

/** @internal */
_mongoCrypt: MongoCrypt;
Expand Down Expand Up @@ -120,6 +123,7 @@ export class ClientEncryption {
this._proxyOptions = options.proxyOptions ?? {};
this._tlsOptions = options.tlsOptions ?? {};
this._kmsProviders = options.kmsProviders || {};
this._timeoutMS = options.timeoutMS ?? client.options.timeoutMS;

if (options.keyVaultNamespace == null) {
throw new MongoCryptInvalidArgumentError('Missing required option `keyVaultNamespace`');
Expand Down Expand Up @@ -215,7 +219,17 @@ export class ClientEncryption {
socketOptions: autoSelectSocketOptions(this._client.options)
});

const dataKey = deserialize(await stateMachine.execute(this, context)) as DataKey;
const timeoutContext = options?.timeoutContext
baileympearson marked this conversation as resolved.
Show resolved Hide resolved
? options?.timeoutContext
: this._timeoutMS
? new CSOTTimeoutContext({
timeoutMS: this._timeoutMS,
serverSelectionTimeoutMS: this._client.options.serverSelectionTimeoutMS
})
: undefined;
const dataKey = deserialize(
await stateMachine.execute(this, context, timeoutContext)
) as DataKey;

const { db: dbName, collection: collectionName } = MongoDBCollectionNamespace.fromString(
this._keyVaultNamespace
Expand All @@ -224,7 +238,10 @@ export class ClientEncryption {
const { insertedId } = await this._keyVaultClient
.db(dbName)
.collection<DataKey>(collectionName)
.insertOne(dataKey, { writeConcern: { w: 'majority' } });
.insertOne(dataKey, {
writeConcern: { w: 'majority' },
timeoutMS: timeoutContext?.csotEnabled() ? timeoutContext?.getRemainingTimeMSOrThrow() : undefined
});

return insertedId;
}
Expand Down Expand Up @@ -498,6 +515,7 @@ export class ClientEncryption {
}
}
];

const value = await this._keyVaultClient
.db(dbName)
.collection<DataKey>(collectionName)
Expand Down Expand Up @@ -541,13 +559,20 @@ export class ClientEncryption {
}
} = options;

const timeoutContext = this._timeoutMS
baileympearson marked this conversation as resolved.
Show resolved Hide resolved
? new CSOTTimeoutContext({
timeoutMS: this._timeoutMS,
serverSelectionTimeoutMS: this._client.options.serverSelectionTimeoutMS
})
: undefined;

if (Array.isArray(encryptedFields.fields)) {
const createDataKeyPromises = encryptedFields.fields.map(async field =>
field == null || typeof field !== 'object' || field.keyId != null
? field
: {
...field,
keyId: await this.createDataKey(provider, { masterKey })
keyId: await this.createDataKey(provider, { masterKey, timeoutContext })
W-A-James marked this conversation as resolved.
Show resolved Hide resolved
}
);

Expand All @@ -568,7 +593,8 @@ export class ClientEncryption {
try {
const collection = await db.createCollection<TSchema>(name, {
...createCollectionOptions,
encryptedFields
encryptedFields,
timeoutMS: timeoutContext?.getRemainingTimeMSOrThrow()
});
return { collection, encryptedFields };
} catch (cause) {
Expand Down Expand Up @@ -653,7 +679,13 @@ export class ClientEncryption {
socketOptions: autoSelectSocketOptions(this._client.options)
});

const { v } = deserialize(await stateMachine.execute(this, context));
const timeoutContext = this._timeoutMS
? new CSOTTimeoutContext({
timeoutMS: this._timeoutMS,
serverSelectionTimeoutMS: this._client.options.serverSelectionTimeoutMS
})
: undefined;
W-A-James marked this conversation as resolved.
Show resolved Hide resolved
const { v } = deserialize(await stateMachine.execute(this, context, timeoutContext));

return v;
}
Expand Down Expand Up @@ -733,7 +765,13 @@ export class ClientEncryption {
});
const context = this._mongoCrypt.makeExplicitEncryptionContext(valueBuffer, contextOptions);

const { v } = deserialize(await stateMachine.execute(this, context));
const timeoutContext = this._timeoutMS
? new CSOTTimeoutContext({
timeoutMS: this._timeoutMS,
serverSelectionTimeoutMS: this._client.options.serverSelectionTimeoutMS
})
: undefined;
const { v } = deserialize(await stateMachine.execute(this, context, timeoutContext));
return v;
}
}
Expand Down Expand Up @@ -818,6 +856,9 @@ export interface ClientEncryptionOptions {
* TLS options for kms providers to use.
*/
tlsOptions?: CSFLEKMSTlsOptions;

/** @internal TODO(NODE-5688): make this public */
timeoutMS?: number;
}

/**
Expand Down Expand Up @@ -946,6 +987,9 @@ export interface ClientEncryptionCreateDataKeyProviderOptions {

/** @experimental */
keyMaterial?: Buffer | Binary;

/** @internal */
timeoutContext?: CSOTTimeoutContext;
}

/**
Expand Down
91 changes: 89 additions & 2 deletions test/integration/client-side-encryption/driver.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,14 @@ import * as crypto from 'crypto';

// eslint-disable-next-line @typescript-eslint/no-restricted-imports
import { ClientEncryption } from '../../../src/client-side-encryption/client_encryption';
import { type Collection, type CommandStartedEvent, type MongoClient } from '../../mongodb';
import {
type Collection,
type CommandStartedEvent,
type MongoClient,
MongoCryptCreateEncryptedCollectionError
} from '../../mongodb';
import * as BSON from '../../mongodb';
import { getEncryptExtraOptions } from '../../tools/utils';
import { type FailPoint, getEncryptExtraOptions } from '../../tools/utils';

const metadata = {
requires: {
Expand Down Expand Up @@ -471,3 +476,85 @@ describe('Range Explicit Encryption with JS native types', function () {
});
});
});

describe('CSOT', function () {
describe('Explicit Encryption', function () {
describe('#createEncryptedCollection', function () {
let keyVaultClient: MongoClient;
let internalClient: MongoClient;
let clientEncryption: ClientEncryption;
const LOCAL_KEY = Buffer.from(
baileympearson marked this conversation as resolved.
Show resolved Hide resolved
'Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk',
'base64'
);

beforeEach(async function () {
internalClient = this.configuration.newClient();
await internalClient.connect();
await internalClient.db('keyvault').createCollection('datakeys');
keyVaultClient = this.configuration.newClient({ timeoutMS: 100 });
clientEncryption = new ClientEncryption(keyVaultClient, {
keyVaultNamespace: 'keyvault.datakeys',
kmsProviders: { local: { key: LOCAL_KEY } }
});
await internalClient
.db()
.admin()
.command({
configureFailPoint: 'failCommand',
mode: {
times: 1
},
data: {
failCommands: ['create'],
blockConnection: true,
blockTimeMS: 1000
}
} as FailPoint);
});

afterEach(async function () {
await internalClient
.db()
.admin()
.command({
configureFailPoint: 'failCommand',
mode: 'off'
} as FailPoint);
await internalClient.db('db').collection('newnew').drop().catch(() => null);
await internalClient.close();
await keyVaultClient.close();
});

it(
'times out due to timeoutMS',
{
requires: {
clientSideEncryption: true,
mongodb: '>=7.0.0',
topology: '!single'
}
},
async function () {
const createCollectionOptions = {
baileympearson marked this conversation as resolved.
Show resolved Hide resolved
encryptedFields: { fields: [{ path: 'ssn', bsonType: 'string', keyId: null }] }
};

const db = internalClient.db('db');
const err = await clientEncryption
.createEncryptedCollection(db, 'newnew', {
provider: 'local',
createCollectionOptions,
masterKey: null
})
.catch(err => err);

expect(err).to.be.instanceOf(MongoCryptCreateEncryptedCollectionError);
expect(err.message).to.contain(
W-A-James marked this conversation as resolved.
Show resolved Hide resolved
'Unable to create collection: Timed out during socket read'
);
}
);
});
});
});
Loading