update NeedKms logic

qingyang-hu · qingyang-hu · commit 06a8e6925694 · 2024-11-20T15:42:17.000-05:00
diff --git a/Taskfile.yml b/Taskfile.yml
@@ -142,7 +142,7 @@ tasks:
     - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration -run TestClientSideEncryptionProse/kms_tls_tests >> test.suite
 
   evg-test-retry-kms-requests:
-    - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration -run TestClientSideEncryptionProse/kms_retry_tests >> test.suite
+    - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout 300s ./internal/integration -run TestClientSideEncryptionProse/kms_retry_tests >> test.suite
 
   evg-test-load-balancers:
     # Load balancer should be tested with all unified tests as well as tests in the following
diff --git a/etc/install-libmongocrypt.sh b/etc/install-libmongocrypt.sh
@@ -3,7 +3,7 @@
 # This script installs libmongocrypt into an "install" directory.
 set -eux
 
-LIBMONGOCRYPT_TAG="1.11.0"
+LIBMONGOCRYPT_TAG="1.12.0"
 
 # Install libmongocrypt based on OS.
 if [ "Windows_NT" = "${OS:-}" ]; then
diff --git a/mongo/client_encryption.go b/mongo/client_encryption.go
@@ -188,12 +188,14 @@ func (ce *ClientEncryption) CreateDataKey(
 	}
 
 	// create data key document
+	fmt.Println("CreateDataKey")
 	dataKeyDoc, err := ce.crypt.CreateDataKey(ctx, kmsProvider, co)
 	if err != nil {
 		return bson.Binary{}, err
 	}
 
 	// insert key into key vault
+	fmt.Println("InsertOne")
 	_, err = ce.keyVaultColl.InsertOne(ctx, dataKeyDoc)
 	if err != nil {
 		return bson.Binary{}, err
diff --git a/x/mongo/driver/crypt.go b/x/mongo/driver/crypt.go
@@ -260,6 +260,7 @@ func (c *crypt) executeStateMachine(ctx context.Context, cryptCtx *mongocrypt.Co
 	var err error
 	for {
 		state := cryptCtx.State()
+		fmt.Println("state", state)
 		switch state {
 		case mongocrypt.NeedMongoCollInfo:
 			err = c.collectionInfo(ctx, cryptCtx, db)
@@ -341,6 +342,7 @@ func (c *crypt) retrieveKeys(ctx context.Context, cryptCtx *mongocrypt.Context)
 }
 
 func (c *crypt) decryptKeys(cryptCtx *mongocrypt.Context) error {
+	c.mongoCrypt.EnableRetry()
 	for {
 		kmsCtx := cryptCtx.NextKmsContext()
 		if kmsCtx == nil {
@@ -376,8 +378,10 @@ func (c *crypt) decryptKey(kmsCtx *mongocrypt.KmsContext) error {
 	if tlsCfg == nil {
 		tlsCfg = &tls.Config{MinVersion: tls.VersionTLS12}
 	}
+	fmt.Println("dial", addr)
 	conn, err := tls.Dial("tcp", addr, tlsCfg)
 	if err != nil {
+		fmt.Println("dial error", err)
 		return err
 	}
 	defer func() {
@@ -388,6 +392,7 @@ func (c *crypt) decryptKey(kmsCtx *mongocrypt.KmsContext) error {
 		return err
 	}
 	if _, err = conn.Write(msg); err != nil {
+		fmt.Println("conn write", err)
 		return err
 	}
 
@@ -400,6 +405,11 @@ func (c *crypt) decryptKey(kmsCtx *mongocrypt.KmsContext) error {
 		res := make([]byte, bytesNeeded)
 		bytesRead, err := conn.Read(res)
 		if err != nil && !errors.Is(err, io.EOF) {
+			fail := kmsCtx.Fail()
+			fmt.Println("conn read", err, fail)
+			if fail {
+				continue
+			}
 			return err
 		}
 
diff --git a/x/mongo/driver/mongocrypt/mongocrypt.go b/x/mongo/driver/mongocrypt/mongocrypt.go
@@ -522,3 +522,8 @@ func (m *MongoCrypt) GetKmsProviders(ctx context.Context) (bsoncore.Document, er
 	}
 	return builder.Build(), nil
 }
+
+// EnableRetry enables retry.
+func (m *MongoCrypt) EnableRetry() {
+	_ = C.mongocrypt_setopt_retry_kms(m.wrapped, true)
+}
diff --git a/x/mongo/driver/mongocrypt/mongocrypt_kms_context.go b/x/mongo/driver/mongocrypt/mongocrypt_kms_context.go
@@ -11,6 +11,7 @@ package mongocrypt
 
 // #include <mongocrypt.h>
 import "C"
+import "time"
 
 // KmsContext represents a mongocrypt_kms_ctx_t handle.
 type KmsContext struct {
@@ -41,6 +42,8 @@ func (kc *KmsContext) KMSProvider() string {
 
 // Message returns the message to send to the KMS.
 func (kc *KmsContext) Message() ([]byte, error) {
+	time.Sleep(time.Duration(C.mongocrypt_kms_ctx_usleep(kc.wrapped)) * time.Microsecond)
+
 	msgBinary := newBinary()
 	defer msgBinary.close()
 
@@ -74,3 +77,8 @@ func (kc *KmsContext) createErrorFromStatus() error {
 	C.mongocrypt_kms_ctx_status(kc.wrapped, status)
 	return errorFromStatus(status)
 }
+
+// Fail returns a boolean indicating whether the failed request may be retried.
+func (kc *KmsContext) Fail() bool {
+	return bool(C.mongocrypt_kms_ctx_fail(kc.wrapped))
+}
diff --git a/x/mongo/driver/mongocrypt/mongocrypt_kms_context_not_enabled.go b/x/mongo/driver/mongocrypt/mongocrypt_kms_context_not_enabled.go
@@ -37,3 +37,8 @@ func (kc *KmsContext) BytesNeeded() int32 {
 func (kc *KmsContext) FeedResponse([]byte) error {
 	panic(cseNotSupportedMsg)
 }
+
+// Fail returns a boolean indicating whether the failed request may be retried.
+func (kc *KmsContext) Fail() bool {
+	panic(cseNotSupportedMsg)
+}
diff --git a/x/mongo/driver/mongocrypt/mongocrypt_not_enabled.go b/x/mongo/driver/mongocrypt/mongocrypt_not_enabled.go
@@ -95,3 +95,8 @@ func (m *MongoCrypt) Close() {
 func (m *MongoCrypt) GetKmsProviders(context.Context) (bsoncore.Document, error) {
 	panic(cseNotSupportedMsg)
 }
+
+// EnableRetry enables retry.
+func (m *MongoCrypt) EnableRetry() {
+	panic(cseNotSupportedMsg)
+}

Original file line number	Diff line number	Diff line change
`@@ -188,12 +188,14 @@ func (ce *ClientEncryption) CreateDataKey(`
`188`	`188`	`}`
`189`	`189`
`190`	`190`	`// create data key document`
	`191`	`+ fmt.Println("CreateDataKey")`
`191`	`192`	`dataKeyDoc, err := ce.crypt.CreateDataKey(ctx, kmsProvider, co)`
`192`	`193`	`if err != nil {`
`193`	`194`	`return bson.Binary{}, err`
`194`	`195`	`}`
`195`	`196`
`196`	`197`	`// insert key into key vault`
	`198`	`+ fmt.Println("InsertOne")`
`197`	`199`	`_, err = ce.keyVaultColl.InsertOne(ctx, dataKeyDoc)`
`198`	`200`	`if err != nil {`
`199`	`201`	`return bson.Binary{}, err`
Original file line number	Diff line number	Diff line change
`@@ -522,3 +522,8 @@ func (m *MongoCrypt) GetKmsProviders(ctx context.Context) (bsoncore.Document, er`
`522`	`522`	`}`
`523`	`523`	`return builder.Build(), nil`
`524`	`524`	`}`
	`525`	`+`
	`526`	`+// EnableRetry enables retry.`
	`527`	`+func (m *MongoCrypt) EnableRetry() {`
	`528`	`+ _ = C.mongocrypt_setopt_retry_kms(m.wrapped, true)`
	`529`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -37,3 +37,8 @@ func (kc *KmsContext) BytesNeeded() int32 {`
`37`	`37`	`func (kc *KmsContext) FeedResponse([]byte) error {`
`38`	`38`	`panic(cseNotSupportedMsg)`
`39`	`39`	`}`
	`40`	`+`
	`41`	`+// Fail returns a boolean indicating whether the failed request may be retried.`
	`42`	`+func (kc *KmsContext) Fail() bool {`
	`43`	`+ panic(cseNotSupportedMsg)`
	`44`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -95,3 +95,8 @@ func (m *MongoCrypt) Close() {`
`95`	`95`	`func (m *MongoCrypt) GetKmsProviders(context.Context) (bsoncore.Document, error) {`
`96`	`96`	`panic(cseNotSupportedMsg)`
`97`	`97`	`}`
	`98`	`+`
	`99`	`+// EnableRetry enables retry.`
	`100`	`+func (m *MongoCrypt) EnableRetry() {`
	`101`	`+ panic(cseNotSupportedMsg)`
	`102`	`+}`