PYTHON-3466 Test crypt_shared with older server versions #1133
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ShaneHarvey
reviewed
Jan 11, 2023
There was a problem hiding this comment.
Any idea why test_via_loading_shared_library is failing on various platforms?
[2023/01/11 01:24:21.646] ERROR: test_via_loading_shared_library (test.test_encryption.TestBypassSpawningMongocryptdProse)
[2023/01/11 01:24:21.646] ----------------------------------------------------------------------
[2023/01/11 01:24:21.646] Traceback (most recent call last):
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/encryption.py", line 77, in _wrap_encryption_errors
[2023/01/11 01:24:21.646] yield
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/encryption.py", line 365, in encrypt
[2023/01/11 01:24:21.646] encrypted_cmd = self._auto_encrypter.encrypt(database, encoded_cmd)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/venv-encryption/lib/python3.9/site-packages/pymongocrypt/auto_encrypter.py", line 44, in encrypt
[2023/01/11 01:24:21.646] return run_state_machine(ctx, self.callback)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/venv-encryption/lib/python3.9/site-packages/pymongocrypt/state_machine.py", line 146, in run_state_machine
[2023/01/11 01:24:21.646] ctx.complete_mongo_operation()
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/venv-encryption/lib/python3.9/site-packages/pymongocrypt/mongocrypt.py", line 450, in complete_mongo_operation
[2023/01/11 01:24:21.646] self._raise_from_status()
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/venv-encryption/lib/python3.9/site-packages/pymongocrypt/mongocrypt.py", line 428, in _raise_from_status
[2023/01/11 01:24:21.646] raise exc
[2023/01/11 01:24:21.646] pymongocrypt.errors.MongoCryptError: not all keys requested were satisfied
[2023/01/11 01:24:21.646] During handling of the above exception, another exception occurred:
[2023/01/11 01:24:21.646] Traceback (most recent call last):
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/test/test_encryption.py", line 1936, in test_via_loading_shared_library
[2023/01/11 01:24:21.646] client_encrypted.db.coll.insert_one({"encrypted": "test"})
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/collection.py", line 626, in insert_one
[2023/01/11 01:24:21.646] self._insert_one(
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/collection.py", line 567, in _insert_one
[2023/01/11 01:24:21.646] self.__database.client._retryable_write(acknowledged, _insert_command, session)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/mongo_client.py", line 1482, in _retryable_write
[2023/01/11 01:24:21.646] return self._retry_with_session(retryable, func, s, None)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/mongo_client.py", line 1349, in _retry_with_session
[2023/01/11 01:24:21.646] return self._retry_internal(retryable, func, session, bulk)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/_csot.py", line 105, in csot_wrapper
[2023/01/11 01:24:21.646] return func(self, *args, **kwargs)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/mongo_client.py", line 1390, in _retry_internal
[2023/01/11 01:24:21.646] return func(session, sock_info, retryable)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/collection.py", line 555, in _insert_command
[2023/01/11 01:24:21.646] result = sock_info.command(
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/pool.py", line 795, in command
[2023/01/11 01:24:21.646] self._raise_connection_failure(error)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/pool.py", line 767, in command
[2023/01/11 01:24:21.646] return command(
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/network.py", line 117, in command
[2023/01/11 01:24:21.646] spec = orig = client._encrypter.encrypt(dbname, spec, codec_options)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/encryption.py", line 368, in encrypt
[2023/01/11 01:24:21.646] return encrypt_cmd
[2023/01/11 01:24:21.646] File "/usr/local/Cellar/python@3.9/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/contextlib.py", line 137, in __exit__
[2023/01/11 01:24:21.646] self.gen.throw(typ, value, traceback)
[2023/01/11 01:24:21.646] File "/System/Volumes/Data/data/mci/61a81ae5a14ebf93687fcf6d919fec61/src/pymongo/encryption.py", line 83, in _wrap_encryption_errors
[2023/01/11 01:24:21.646] raise EncryptionError(exc)
[2023/01/11 01:24:21.646] pymongo.errors.EncryptionError: not all keys requested were satisfied
|
Ah I see you already opened https://jira.mongodb.org/browse/PYTHON-3559 |
ShaneHarvey
requested changes
Jan 11, 2023
.evergreen/config.yml
Outdated
| test_encryption: true | ||
| test_crypt_shared: true | ||
| test_crypt_shared_latest: true | ||
| batchtime: 10080 # 7 days |
There was a problem hiding this comment.
What do you think about testing this combination (test_crypt_shared_latest with <6.0 servers) in the encryption_crypt_shared axis instead of adding new variants? This would reduce the visual noise in the EVG UI. It might be as simple as removing the "rules" for removing these server versions for encryption: [ "encryption_crypt_shared" ]:
mongo-python-driver/.evergreen/config.yml
Lines 2856 to 2868 in a43f320
There was a problem hiding this comment.
I initially was going to do that, but the spec states that we must use the latest version of crypt shared for older server versions. Simply removing those excluded server versions attempts to download the version of crypt shared corresponding to that server version, which fails when <6.0. I thought this would be more clear than adding specific logic in run-tests.sh to use latest with older server versions.
There was a problem hiding this comment.
I think it's still worthwhile in the long run so that we can avoid duplicating the "Encryption shared lib" variants.
There was a problem hiding this comment.
That is fair. I will add a note in config.yml explaining that it has this new behavior.
|
The new behavior can be seen here (4.4 server version): |
blink1073
reviewed
Jan 11, 2023
.evergreen/config.yml
Outdated
| @@ -2500,21 +2497,15 @@ axes: | |||
| variables: | |||
| test_encryption: true | |||
| batchtime: 10080 # 7 days | |||
| # For server >6.0, use corresponding version shared lib. | |||
There was a problem hiding this comment.
Good catch, it should be >=. I will change the phrasing to make it more sensical.
ShaneHarvey
requested changes
Jan 11, 2023
.evergreen/run-tests.sh
Outdated
| @@ -159,10 +159,10 @@ if [ -n "$TEST_ENCRYPTION" ]; then | |||
|
|
|||
| if [ -n "$TEST_CRYPT_SHARED" ]; then | |||
| REAL_VERSION=$(mongod --version | head -n1 | cut -d v -f3 | tr -d "\r") | |||
| if [ "$MONGODB_VERSION" = "latest" ]; then | |||
| if [ "$MONGODB_VERSION" = "latest" ] || [ "$(echo "$MONGODB_VERSION" | cut -c1-1)" -lt "6" ]; then | |||
There was a problem hiding this comment.
The drivers ticket says:
For server versions < 6.0, drivers MUST test with the latest major release of crypt_shared_ (currently 6.0).
Looking at the test logs, the drivers-evergreen-tools (DET) script already downloads the correct version:
[2023/01/11 21:30:50.692] Downloading crypt_shared package from http://downloads.10gen.com/osx/mongo_crypt_shared_v1-macos-x86_64-enterprise-6.0.2.tgz
[2023/01/11 21:30:50.987] CRYPT_SHARED_LIB_PATH: /System/Volumes/Data/data/mci/3aa8d8033082dd76d7134b5b89612189/mongo_crypt_v1.dylib
Then we manually go and download the wrong version:
[2023/01/11 21:31:18.054] Testing CSFLE with crypt_shared lib version latest
[2023/01/11 21:31:18.054] Download crypt_shared latest-enterprise for macos-x86_64
[2023/01/11 21:31:18.054] Extract from: [mongo_crypt_shared_v1-macos-x86_64-enterprise-6.2.0-rc4.tgz]
Is there any way to use the version downloaded by DET?
|
Lovely cleanup:
|
blink1073
approved these changes
Jan 11, 2023
blink1073
approved these changes
Jan 11, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I opened https://jira.mongodb.org/browse/PYTHON-3559 to address the intermittent test failures.