DRIVERS-2888 Support QE with Client.bulkWrite #1770
Conversation
Co-authored-by: Kevin Albertson <[email protected]>
There was a problem hiding this comment.
I may be out of the loop on some of the context, are drivers changes needed to get these passing? Is there a specific libmongocrypt version needed?
There seems to be more unified test changes in the C driver than are here, are those just extra test sync(s) or are they new tests?
Node.js Test Failures
1) CRUD unified
client bulkWrite with queryable encryption
client bulkWrite QE replaceOne:
MongoBulkWriteError: Document failed validation
at LegacyOrderedBulkOperation.handleWriteError (src/bulk/common.ts:1224:13)
at executeCommands (src/bulk/common.ts:587:19)
at processTicksAndRejections (node:internal/process/task_queues:105:5)
at async BulkWriteShimOperation.execute (src/bulk/common.ts:882:12)
at async tryOperation (src/operations/execute_operation.ts:283:14)
at async executeOperation (src/operations/execute_operation.ts:115:12)
at async LegacyOrderedBulkOperation.execute (src/bulk/common.ts:1211:12)
at async BulkWriteOperation.execute (src/operations/bulk_write.ts:60:12)
at async InsertManyOperation.execute (src/operations/insert.ts:147:19)
at async tryOperation (src/operations/execute_operation.ts:283:14)
at async executeOperation (src/operations/execute_operation.ts:115:12)
at async Collection.insertMany (src/collection.ts:307:12)
at async insertMany (test/tools/unified-spec-runner/operations.ts:411:10)
at async executeOperationAndCheck (test/tools/unified-spec-runner/operations.ts:1039:14)
at async runUnifiedTest (test/tools/unified-spec-runner/runner.ts:226:9)
at async Context.<anonymous> (test/tools/unified-spec-runner/runner.ts:336:13)
2) CRUD unified
client bulkWrite with queryable encryption
client bulkWrite QE with multiple replace fails:
AssertionError: Operation clientBulkWrite succeeded but was not supposed to
at executeOperationAndCheck (test/tools/unified-spec-runner/operations.ts:1057:12)
at processTicksAndRejections (node:internal/process/task_queues:105:5)
at async runUnifiedTest (test/tools/unified-spec-runner/runner.ts:226:9)
at async Context.<anonymous> (test/tools/unified-spec-runner/runner.ts:336:13)
There was a problem hiding this comment.
Suggest updating this PR description to give an overview of needed changes. I expect implementors will refer to this PR (and the C driver PR).
C driver implementation
Suggest linking to the C driver PR (once created) rather than the Evergreen patch. The patch appears to include unrelated spec tests.
libmongocrypt 1.10 is required.
Description updated: the linked C driver changes in the description are bulkWrite-related only |
There was a problem hiding this comment.
Tests pass in Rust. Draft PR: mongodb/mongo-rust-driver#1445
There are some updates needed in the bulk write spec to account for the different command-building logic. Here's a commit with proposed changes: isabelatkinson@a060234
| runOnRequirements: | ||
| - minServerVersion: "8.0" | ||
| serverless: forbid # Serverless does not support bulkWrite: CLOUDP-256344. | ||
| csfle: true |
There was a problem hiding this comment.
Can we update the tests in this PR to specify the libmongocrypt version as a runOnRequirement?
There was a problem hiding this comment.
@mdb-ad I expect this can be specified with:
csfle:
minLibmongocryptVersion: 1.10.0And update schemaVersion to 1.25 to include the change for minLibmongocryptVersion.
See mongodb/mongo-c-driver#2069 for an implementation of minLibmongocryptVersion in the C driver.
|
@kevinAlbs @mdb-ad Is there any chance https://jira.mongodb.org/browse/DRIVERS-2859 can be completed before DRIVERS-2888? It makes much more sense to make the change in once place than making the changes in every driver. This is especially true because drivers supporting non-document sequences for client bulk write will be temporary until https://jira.mongodb.org/browse/DRIVERS-2859 is addressed. So making drivers implement the changes before https://jira.mongodb.org/browse/DRIVERS-2859 will cost extra work in every driver, extra work updating the spec to allow (or enforce) document sequences with bulk write after https://jira.mongodb.org/browse/DRIVERS-2859 is implemented, and then again extra work in drivers to support document sequencing for bulkWrite with QE. From a more selfish, Node-specific perspective - our bulkWrite implementation is tightly coupled to document sequences and making this change might be non-trivial. I'd rather not refactor our bulk write implementation unless absolutely necessary. |
The C driver only required a minor change to support QE with I propose: proceed with this PR to unblock some drivers with QE, but add a blurb suggesting drivers wait for DRIVERS-2859:
|
| runOnRequirements: | ||
| - minServerVersion: "8.0" | ||
| serverless: forbid # Serverless does not support bulkWrite: CLOUDP-256344. | ||
| csfle: true |
There was a problem hiding this comment.
@mdb-ad I expect this can be specified with:
csfle:
minLibmongocryptVersion: 1.10.0And update schemaVersion to 1.25 to include the change for minLibmongocryptVersion.
See mongodb/mongo-c-driver#2069 for an implementation of minLibmongocryptVersion in the C driver.
| @@ -563,10 +563,13 @@ First, perform the setup. | |||
| 2. Using `client`, drop and create the collection `db.coll` configured with the included JSON schema | |||
| [limits/limits-schema.json](../limits/limits-schema.json). | |||
|
|
|||
| 3. Using `client`, drop the collection `keyvault.datakeys`. Insert the document | |||
| 3. Using `client`, drop and create the collection `db.coll2` configured with the included encryptedFields | |||
There was a problem hiding this comment.
| 3. Using `client`, drop and create the collection `db.coll2` configured with the included encryptedFields | |
| 3. If using MongoDB 8.0+, use `client` to drop and create the collection `db.coll2` configured with the included encryptedFields |
This step requires at least QE server support (server 7.0+). Since the MongoCollection.bulkWrite cases can run on older servers, suggest conditioning this step on server 8.0+
|
|
||
| Expect this to fail since encryption results in a document exceeding the `maxBsonObjectSize` limit. | ||
|
|
||
| > [!NOTE] | ||
| > MongoDB 8.0+ is required for MongoClient.bulkWrite |
There was a problem hiding this comment.
mdformat appears to break on this blurb:
% pre-commit run --all-files --hook-stage manual mdformat
mdformat.................................................................Failed
- hook id: mdformat
- exit code: 1
Error: Could not format
"/Users/kevin.albertson/review/specifications-1770/source/client-side-encryption/tests/README.md".
Suggest removing this blurb, and instead changing steps 7 and 8 to be:
If using MongoDB 8.0+, use MongoClient.bulkWrite ...
|
|
||
| Auto-encryption does not currently support document sequences. This specification should be updated when | ||
| [DRIVERS-2859](https://jira.mongodb.org/browse/DRIVERS-2859) is completed to require use of document sequences for `ops` | ||
| and `nsInfo` when auto-encryption is enabled. |
There was a problem hiding this comment.
Suggest adding a blurb suggesting waiting for DRIVERS-2859 before implementing if using non-document-sequences is a significant change:
| and `nsInfo` when auto-encryption is enabled. | |
| and `nsInfo` when auto-encryption is enabled. | |
| Drivers requiring significant changes to pass a bulkWrite command to libmongocrypt are recommended to wait until | |
| [DRIVERS-2859](https://jira.mongodb.org/browse/DRIVERS-2859) is implemented before supporting automatic encryption. |
Motivated by this comment: #1770 (comment)
| @@ -645,13 +647,6 @@ write concern containing the following message: | |||
|
|
|||
| > Cannot request unacknowledged write concern and ordered writes | |||
|
|
|||
| ## Auto-Encryption | |||
|
|
|||
| If `MongoClient.bulkWrite` is called on a `MongoClient` configured with `AutoEncryptionOpts`, drivers MUST return an | |||
There was a problem hiding this comment.
Remove prose test 13 (expects an error) in the CRUD tests: https://github.com/mongodb/specifications/blob/0f4e11e78f50cf7f4dd167d5ba37a519dd8164f5/source/crud/tests/README.md#13-mongoclientbulkwrite-returns-an-error-if-auto-encryption-is-configured
Add spec test for client bulkWrite QE.
C driver implementation
libmongocrypt requirement: 1.10
Drivers changes required:
Please complete the following before merging:
clusters, and serverless). (Note: C driver doesn't currently test CSFLE with sharded)