Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(NODE-3118): keyAltNames option not serialized #176

Merged
merged 13 commits into from
Jun 22, 2021
Merged

Conversation

nbbeeken
Copy link
Contributor

@nbbeeken nbbeeken commented Jun 8, 2021

  • Reintroduce options argument to makeDataKeyContext that accepts one key, keyAltNames
  • Skip error message checking tests
    Also,
  • added clang-format as a dev dependency as its used in a format script

A number of the tests in this CI are skipped as they need to run against an actual mongodb. There is an accompanying PR I'll put up to the driver that will run these tests. (mongodb/node-mongodb-native#2833)

@nbbeeken nbbeeken force-pushed the NODE-3118/options branch from 9a7b738 to cd4f48b Compare June 11, 2021 17:49
@nbbeeken nbbeeken requested review from mbroadst and dariakp June 17, 2021 16:03
@nbbeeken
Copy link
Contributor Author

@addaleax Can't request your review directly but please feel free to take a look and advise here, thanks! 😃

@dariakp dariakp self-assigned this Jun 17, 2021
bindings/node/lib/cryptoCallbacks.js Outdated Show resolved Hide resolved
bindings/node/test/clientEncryption.test.js Outdated Show resolved Hide resolved
Copy link
Contributor

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

bindings/node/src/mongocrypt.cc Outdated Show resolved Hide resolved
bindings/node/src/mongocrypt.cc Outdated Show resolved Hide resolved
bindings/node/lib/clientEncryption.js Outdated Show resolved Hide resolved
bindings/node/lib/clientEncryption.js Outdated Show resolved Hide resolved
Copy link
Member

@mbroadst mbroadst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dang, this is a really subtle bug sorry to see it slipped through. In libmongocrypt 1.x we introduced mongocrypt_ctx_setopt_key_encryption_key which was meant to supersede all of the other setopt methods. It's not clear to me why keyAltNames was omitted from that list, and I think an argument could be made that it should support it.

@@ -202,12 +165,39 @@ module.exports = function(modules) {
* });
*/
createDataKey(provider, options, callback) {
if (typeof options === 'function') (callback = options), (options = {});
if (typeof options === 'function') {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the majority of the changes in this file are whitespace/style changes, and it made it really confusing to review. It looks like you could make a one-line change on the original L210 to:

const context = this._mongoCrypt.makeDataKeyContext(dataKeyBson, options);

and with your C++ changes the keyAltNames would be applied. Is that correct?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed the changes could've been less than what's here. I standby the decision to make things easier to read/debug for the next engineer. Is there something specific that you think is less optimal here?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I won't comment on whether these changes subjectively improve readability/debugability for future developers, but I can say for sure that changing it this way makes it harder to review and easier to introduce new bugs.

I anchored this comment to splitting the one-liner into a few lines, but I was more concerned about sanitizeDataKeyOptions. It seems like you copied the contents into this function with some subtle changes (for-loop => map I think was one change). I read it a few times, but I couldn't tell you for sure whether there's a new bug there or not, or that the bug that I see in the old code is gone for sure.

If you're confident that it's a net improvement in code quality that's fine, but I'd ask that you consider the implications in future changes

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the insight, I do agree that when addressing a bug fix it would be ideal to have just what is necessary to represent the fix in isolation from any refactor. Unfortunately this fix also required orchestrating new CI tasks/scripts to prove the code changes were, in fact, effective which required some debugging. Making the sanitization more functional was helpful as opposed to the key deletion and new array creating that then overwrote the old one logic.
We do have tests covering this usage here which tests for the proper errors as well.

bindings/node/src/mongocrypt.cc Outdated Show resolved Hide resolved
@dariakp dariakp marked this pull request as ready for review June 22, 2021 18:17
@dariakp dariakp requested review from durran and emadum as code owners June 22, 2021 18:17
@nbbeeken nbbeeken requested a review from mbroadst June 22, 2021 18:19
@dariakp dariakp merged commit be492d4 into master Jun 22, 2021
@dariakp dariakp deleted the NODE-3118/options branch June 22, 2021 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants