Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2671

clarify CSOT behavior for FLE APIs

    • Needed
    • Hide

      Summary of necessary driver changes

      •  

      Commits for syncing spec/prose tests
      (and/or refer to an existing language POC if needed)

      •  

      Context for other referenced/linked tickets

      •  
      Show
      Summary of necessary driver changes   Commits for syncing spec/prose tests (and/or refer to an existing language POC if needed)   Context for other referenced/linked tickets  

      Summary

      Some parts of FLE should be subject to `timeoutMS` but the specs (CSOT and client-side-encryption) don't mention these APIs.  These APIs are:{}

      • fetching kms credentials on demand
      • the key management API

      Motivation

      Drivers that implement CSOT should implement it properly for all relevant APIs.

      Who is the affected end user?

      Driver engineers and potentially users.

      How does this affect the end user?

      Users might be surprised that certain APIs don't support CSOT, or might find that operations timeout without respecting timeoutMS.

      How likely is it that this problem or use case will occur?

      Unlikely, for initializing kms credentials.  Unknown for the key management API.

      If the problem does occur, what are the consequences and how severe are they?

      Minor annoyance.

      Is this issue urgent?

      No.

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

      Acceptance Criteria

      • Review the client-side-encryption spec for any additional APIs (or asynchronous operations used internally in FLE) that should be subject to timeoutMS.
      • Clarify the CSOT and FLE spec to mention that these APIs should be subject to timeoutMS.
      • Testing
        • Add unified tests demonstrating that the key management API respects timeoutMS.
        • Testing for other parts of FLE (including fetching kms credentials on demand) is tbd.

            Assignee:
            Unassigned Unassigned
            Reporter:
            bailey.pearson@mongodb.com Bailey Pearson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: