Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-4875

[Build Failure] test_encryption.TestKmsTLSOptions failures

XMLWordPrintableJSON

    • Type: Icon: Build Failure Build Failure
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • Python Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Name of Failure:

      test.asynchronous.test_encryption.TestKmsTLSOptions.*

      Link to task:

      https://spruce.mongodb.com/task/mongo_python_driver_tests_python_version_rhel8_test_encryption__platform~rhel8_auth_ssl~noauth_nossl_python_version~pypy3.10_encryption~encryption_pyopenssl_test_latest_replica_set_6f4258c1cdb95f6fe624a66760a66423048b6884_24_10_16_21_41_14/tests?execution=0&sortBy=STATUS&sortDir=ASC

      Context of when and why the failure occurred:

      PYTHON-4700, only happens with PyPy.

      Stack trace:

       [2024/10/16 19:11:00.151] FAILURE: AssertionError: "IP address mismatch|wronghost|IPAddressMismatch|Certificate" does not match "SSL handshake failed: 127.0.0.1:9001: timed out (configured timeouts: socketTimeoutMS: 20000.0ms, connectTimeoutMS: 20000.0ms)" ()
 [2024/10/16 19:11:00.151] address = ('127.0.0.1', 9001)
 [2024/10/16 19:11:00.151] options = <pymongo.pool_options.PoolOptions object at 0x0000000012bd6cd0>
 [2024/10/16 19:11:00.151]     async def _configured_socket(
 [2024/10/16 19:11:00.151]         address: _Address, options: PoolOptions
 [2024/10/16 19:11:00.151]     ) -> Union[socket.socket, _sslConn]:
 [2024/10/16 19:11:00.151]         """Given (host, port) and PoolOptions, return a configured socket.
 [2024/10/16 19:11:00.151]     
 [2024/10/16 19:11:00.151]         Can raise socket.error, ConnectionFailure, or _CertificateError.
 [2024/10/16 19:11:00.151]     
 [2024/10/16 19:11:00.151]         Sets socket's SSL and timeout options.
 [2024/10/16 19:11:00.151]         """
 [2024/10/16 19:11:00.151]         sock = _create_connection(address, options)
 [2024/10/16 19:11:00.151]         ssl_context = options._ssl_context
 [2024/10/16 19:11:00.151]     
 [2024/10/16 19:11:00.151]         if ssl_context is None:
 [2024/10/16 19:11:00.151]             sock.settimeout(options.socket_timeout)
 [2024/10/16 19:11:00.151]             return sock
 [2024/10/16 19:11:00.151]     
 [2024/10/16 19:11:00.151]         host = address[0]
 [2024/10/16 19:11:00.151]         try:
 [2024/10/16 19:11:00.151]             # We have to pass hostname / ip address to wrap_socket
 [2024/10/16 19:11:00.151]             # to use SSLContext.check_hostname.
 [2024/10/16 19:11:00.151]             if HAS_SNI:
 [2024/10/16 19:11:00.151]                 if _IS_SYNC:
 [2024/10/16 19:11:00.151]                     ssl_sock = ssl_context.wrap_socket(sock, server_hostname=host)
 [2024/10/16 19:11:00.151]                 else:
 [2024/10/16 19:11:00.151]                     if hasattr(ssl_context, "a_wrap_socket"):
 [2024/10/16 19:11:00.151] >                       ssl_sock = await ssl_context.a_wrap_socket(sock, server_hostname=host)  # type: ignore[assignment, misc]
 [2024/10/16 19:11:00.151] pymongo/asynchronous/pool.py:882: 
 [2024/10/16 19:11:00.151] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 [2024/10/16 19:11:00.151] pymongo/pyopenssl_context.py:415: in a_wrap_socket
 [2024/10/16 19:11:00.151]     await loop.run_in_executor(None, ssl_conn.do_handshake)
 [2024/10/16 19:11:00.151] /opt/python/pypy3.10/lib/pypy3.10/asyncio/futures.py:285: in __await__
 [2024/10/16 19:11:00.151]     yield self  # This tells Task to wait for completion.
 [2024/10/16 19:11:00.151] /opt/python/pypy3.10/lib/pypy3.10/asyncio/tasks.py:304: in __wakeup
 [2024/10/16 19:11:00.151]     future.result()
 [2024/10/16 19:11:00.151] /opt/python/pypy3.10/lib/pypy3.10/asyncio/futures.py:201: in result
 [2024/10/16 19:11:00.151]     raise self._exception.with_traceback(self._exception_tb)
 [2024/10/16 19:11:00.151] /opt/python/pypy3.10/lib/pypy3.10/concurrent/futures/thread.py:58: in run
 [2024/10/16 19:11:00.151]     result = self.fn(*self.args, **self.kwargs)
 [2024/10/16 19:11:00.151] pymongo/pyopenssl_context.py:151: in do_handshake
 [2024/10/16 19:11:00.151]     return self._call(super().do_handshake, *args, **kwargs)
 [2024/10/16 19:11:00.151] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 [2024/10/16 19:11:00.151] self = <pymongo.pyopenssl_context._sslConn object at 0x0000000012bd6720>
 [2024/10/16 19:11:00.151] call = <bound method Connection.do_handshake of <pymongo.pyopenssl_context._sslConn object at 0x0000000012bd6720>>
 [2024/10/16 19:11:00.151] args = (), kwargs = {}, is_async = False, timeout = 20.0, start = 8576.719451348
 [2024/10/16 19:11:00.151] want_read = True, want_write = False
 [2024/10/16 19:11:00.151]     def _call(self, call: Callable[..., _T], *args: Any, **kwargs: Any) -> _T:
 [2024/10/16 19:11:00.151]         is_async = kwargs.pop("allow_async", True) and self._is_async
 [2024/10/16 19:11:00.151]         timeout = self.gettimeout()
 [2024/10/16 19:11:00.151]         if timeout:
 [2024/10/16 19:11:00.151]             start = _time.monotonic()
 [2024/10/16 19:11:00.151]         while True:
 [2024/10/16 19:11:00.151]             try:
 [2024/10/16 19:11:00.151]                 return call(*args, **kwargs)
 [2024/10/16 19:11:00.151]             except BLOCKING_IO_ERRORS as exc:
 [2024/10/16 19:11:00.151]                 if is_async:
 [2024/10/16 19:11:00.151]                     raise exc
 [2024/10/16 19:11:00.151]                 # Check for closed socket.
 [2024/10/16 19:11:00.151]                 if self.fileno() == -1:
 [2024/10/16 19:11:00.151]                     if timeout and _time.monotonic() - start > timeout:
 [2024/10/16 19:11:00.151]                         raise _socket.timeout("timed out") from None
 [2024/10/16 19:11:00.151]                     raise SSLError("Underlying socket has been closed") from None
 [2024/10/16 19:11:00.151]                 if isinstance(exc, _SSL.WantReadError):
 [2024/10/16 19:11:00.151]                     want_read = True
 [2024/10/16 19:11:00.151]                     want_write = False
 [2024/10/16 19:11:00.151]                 elif isinstance(exc, _SSL.WantWriteError):
 [2024/10/16 19:11:00.151]                     want_read = False
 [2024/10/16 19:11:00.151]                     want_write = True
 [2024/10/16 19:11:00.151]                 else:
 [2024/10/16 19:11:00.151]                     want_read = True
 [2024/10/16 19:11:00.151]                     want_write = True
 [2024/10/16 19:11:00.151]                 self.socket_checker.select(self, want_read, want_write, timeout)
 [2024/10/16 19:11:00.151]                 if timeout and _time.monotonic() - start > timeout:
 [2024/10/16 19:11:00.151] >                   raise _socket.timeout("timed out") from None
 [2024/10/16 19:11:00.151] E                   TimeoutError: timed out
 [2024/10/16 19:11:00.151] pymongo/pyopenssl_context.py:146: TimeoutError
 [2024/10/16 19:11:00.151] The above exception was the direct cause of the following exception:
 [2024/10/16 19:11:00.151]     @contextlib.contextmanager
 [2024/10/16 19:11:00.151]     def _wrap_encryption_errors() -> Iterator[None]:
 [2024/10/16 19:11:00.151]         """Context manager to wrap encryption related errors."""
 [2024/10/16 19:11:00.151]         try:
 [2024/10/16 19:11:00.151] >           yield
 [2024/10/16 19:11:00.151] pymongo/asynchronous/encryption.py:109: 
 [2024/10/16 19:11:00.151] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 [2024/10/16 19:11:00.151] pymongo/asynchronous/encryption.py:811: in create_data_key
 [2024/10/16 19:11:00.151]     await self._encryption.create_data_key(
 [2024/10/16 19:11:00.151] .hatch/data/env/virtual/test/lib/pypy3.10/site-packages/pymongocrypt/asynchronous/explicit_encrypter.py:67: in create_data_key
 [2024/10/16 19:11:00.151]     key = await run_state_machine(ctx, self.callback)
 [2024/10/16 19:11:00.151] .hatch/data/env/virtual/test/lib/pypy3.10/site-packages/pymongocrypt/asynchronous/state_machine.py:143: in run_state_machine
 [2024/10/16 19:11:00.151]     await callback.kms_request(kms_ctx)
 [2024/10/16 19:11:00.151] pymongo/asynchronous/encryption.py:177: in kms_request
 [2024/10/16 19:11:00.151]     conn = await _configured_socket((host, port), opts)
 [2024/10/16 19:11:00.151] pymongo/asynchronous/pool.py:909: in _configured_socket
 [2024/10/16 19:11:00.151]     _raise_connection_failure(address, exc, "SSL handshake failed: ", timeout_details=details)
 [2024/10/16 19:11:00.151] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 [2024/10/16 19:11:00.151] address = ('127.0.0.1', 9001), error = TimeoutError('timed out')
 [2024/10/16 19:11:00.151] msg_prefix = 'SSL handshake failed: '
 [2024/10/16 19:11:00.151] timeout_details = {'connectTimeoutMS': 20000.0, 'socketTimeoutMS': 20000.0}
 [2024/10/16 19:11:00.151]     def _raise_connection_failure(
 [2024/10/16 19:11:00.151]         address: Any,
 [2024/10/16 19:11:00.151]         error: Exception,
 [2024/10/16 19:11:00.151]         msg_prefix: Optional[str] = None,
 [2024/10/16 19:11:00.151]         timeout_details: Optional[dict[str, float]] = None,
 [2024/10/16 19:11:00.151]     ) -> NoReturn:
 [2024/10/16 19:11:00.151]         """Convert a socket.error to ConnectionFailure and raise it."""
 [2024/10/16 19:11:00.151]         host, port = address
 [2024/10/16 19:11:00.151]         # If connecting to a Unix socket, port will be None.
 [2024/10/16 19:11:00.151]         if port is not None:
 [2024/10/16 19:11:00.151]             msg = "%s:%d: %s" % (host, port, error)
 [2024/10/16 19:11:00.151]         else:
 [2024/10/16 19:11:00.151]             msg = f"{host}: {error}"
 [2024/10/16 19:11:00.151]         if msg_prefix:
 [2024/10/16 19:11:00.151]             msg = msg_prefix + msg
 [2024/10/16 19:11:00.151]         if "configured timeouts" not in msg:
 [2024/10/16 19:11:00.151]             msg += format_timeout_details(timeout_details)
 [2024/10/16 19:11:00.151]         if isinstance(error, socket.timeout):
 [2024/10/16 19:11:00.151] >           raise NetworkTimeout(msg) from error
 [2024/10/16 19:11:00.151] E           pymongo.errors.NetworkTimeout: SSL handshake failed: 127.0.0.1:9001: timed out (configured timeouts: socketTimeoutMS: 20000.0ms, connectTimeoutMS: 20000.0ms)
 [2024/10/16 19:11:00.151] pymongo/asynchronous/pool.py:200: NetworkTimeout
 [2024/10/16 19:11:00.151] The above exception was the direct cause of the following exception:
 [2024/10/16 19:11:00.151] self = <test.asynchronous.test_encryption.TestKmsTLSOptions testMethod=test_01_aws>
 [2024/10/16 19:11:00.151]     async def test_01_aws(self):
 [2024/10/16 19:11:00.151]         key = {
 [2024/10/16 19:11:00.151]             "region": "us-east-1",
 [2024/10/16 19:11:00.151]             "key": "arn:aws:kms:...",
 [2024/10/16 19:11:00.151]             "endpoint": "127.0.0.1:9002",
 [2024/10/16 19:11:00.151]         }
 [2024/10/16 19:11:00.151]         with self.assertRaisesRegex(EncryptionError, self.cert_error):
 [2024/10/16 19:11:00.151]             await self.client_encryption_no_client_cert.create_data_key("aws", key)
 [2024/10/16 19:11:00.151]         # "parse error" here means that the TLS handshake succeeded.
 [2024/10/16 19:11:00.151]         with self.assertRaisesRegex(EncryptionError, "parse error"):
 [2024/10/16 19:11:00.151]             await self.client_encryption_with_tls.create_data_key("aws", key)
 [2024/10/16 19:11:00.151]         # Some examples:
 [2024/10/16 19:11:00.151]         # certificate verify failed: certificate has expired (_ssl.c:1129)
 [2024/10/16 19:11:00.151]         # amazon1-2018 Python 3.6: certificate verify failed (_ssl.c:852)
 [2024/10/16 19:11:00.151]         key["endpoint"] = "127.0.0.1:9000"
 [2024/10/16 19:11:00.151]         with self.assertRaisesRegex(EncryptionError, "expired|certificate verify failed"):
 [2024/10/16 19:11:00.151]             await self.client_encryption_expired.create_data_key("aws", key)
 [2024/10/16 19:11:00.151]         # Some examples:
 [2024/10/16 19:11:00.151]         # certificate verify failed: IP address mismatch, certificate is not valid for '127.0.0.1'. (_ssl.c:1129)"
 [2024/10/16 19:11:00.151]         # hostname '127.0.0.1' doesn't match 'wronghost.com'
 [2024/10/16 19:11:00.151]         # 127.0.0.1:9001: ('Certificate does not contain any `subjectAltName`s.',)
 [2024/10/16 19:11:00.151]         key["endpoint"] = "127.0.0.1:9001"
 [2024/10/16 19:11:00.151]         with self.assertRaisesRegex(
 [2024/10/16 19:11:00.151]             EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
 [2024/10/16 19:11:00.151]         ):
 [2024/10/16 19:11:00.151] >           await self.client_encryption_invalid_hostname.create_data_key("aws", key)
 [2024/10/16 19:11:00.151] test/asynchronous/test_encryption.py:2176: 
 [2024/10/16 19:11:00.151] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 [2024/10/16 19:11:00.151] pymongo/asynchronous/encryption.py:808: in create_data_key
 [2024/10/16 19:11:00.151]     with _wrap_encryption_errors():
 [2024/10/16 19:11:00.151] /opt/python/pypy3.10/lib/pypy3.10/contextlib.py:153: in __exit__
 [2024/10/16 19:11:00.151]     self.gen.throw(typ, value, traceback)
 [2024/10/16 19:11:00.151] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 [2024/10/16 19:11:00.151]     @contextlib.contextmanager
 [2024/10/16 19:11:00.151]     def _wrap_encryption_errors() -> Iterator[None]:
 [2024/10/16 19:11:00.151]         """Context manager to wrap encryption related errors."""
 [2024/10/16 19:11:00.151]         try:
 [2024/10/16 19:11:00.151]             yield
 [2024/10/16 19:11:00.151]         except BSONError:
 [2024/10/16 19:11:00.151]             # BSON encoding/decoding errors are unrelated to encryption so
 [2024/10/16 19:11:00.151]             # we should propagate them unchanged.
 [2024/10/16 19:11:00.151]             raise
 [2024/10/16 19:11:00.151]         except Exception as exc:
 [2024/10/16 19:11:00.151] >           raise EncryptionError(exc) from exc
 [2024/10/16 19:11:00.151] E           pymongo.errors.EncryptionError: SSL handshake failed: 127.0.0.1:9001: timed out (configured timeouts: socketTimeoutMS: 20000.0ms, connectTimeoutMS: 20000.0ms)
 [2024/10/16 19:11:00.151] pymongo/asynchronous/encryption.py:115: EncryptionError
 [2024/10/16 19:11:00.151] During handling of the above exception, another exception occurred:
 [2024/10/16 19:11:00.151] self = <test.asynchronous.test_encryption.TestKmsTLSOptions testMethod=test_01_aws>
 [2024/10/16 19:11:00.151]     async def test_01_aws(self):
 [2024/10/16 19:11:00.151]         key = {
 [2024/10/16 19:11:00.151]             "region": "us-east-1",
 [2024/10/16 19:11:00.151]             "key": "arn:aws:kms:...",
 [2024/10/16 19:11:00.151]             "endpoint": "127.0.0.1:9002",
 [2024/10/16 19:11:00.151]         }
 [2024/10/16 19:11:00.151]         with self.assertRaisesRegex(EncryptionError, self.cert_error):
 [2024/10/16 19:11:00.151]             await self.client_encryption_no_client_cert.create_data_key("aws", key)
 [2024/10/16 19:11:00.151]         # "parse error" here means that the TLS handshake succeeded.
 [2024/10/16 19:11:00.151]         with self.assertRaisesRegex(EncryptionError, "parse error"):
 [2024/10/16 19:11:00.151]             await self.client_encryption_with_tls.create_data_key("aws", key)
 [2024/10/16 19:11:00.151]         # Some examples:
 [2024/10/16 19:11:00.151]         # certificate verify failed: certificate has expired (_ssl.c:1129)
 [2024/10/16 19:11:00.151]         # amazon1-2018 Python 3.6: certificate verify failed (_ssl.c:852)
 [2024/10/16 19:11:00.151]         key["endpoint"] = "127.0.0.1:9000"
 [2024/10/16 19:11:00.151]         with self.assertRaisesRegex(EncryptionError, "expired|certificate verify failed"):
 [2024/10/16 19:11:00.151]             await self.client_encryption_expired.create_data_key("aws", key)
 [2024/10/16 19:11:00.151]         # Some examples:
 [2024/10/16 19:11:00.151]         # certificate verify failed: IP address mismatch, certificate is not valid for '127.0.0.1'. (_ssl.c:1129)"
 [2024/10/16 19:11:00.151]         # hostname '127.0.0.1' doesn't match 'wronghost.com'
 [2024/10/16 19:11:00.151]         # 127.0.0.1:9001: ('Certificate does not contain any `subjectAltName`s.',)
 [2024/10/16 19:11:00.151]         key["endpoint"] = "127.0.0.1:9001"
 [2024/10/16 19:11:00.151] >       with self.assertRaisesRegex(
 [2024/10/16 19:11:00.151]             EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
 [2024/10/16 19:11:00.151]         ):
 [2024/10/16 19:11:00.151] E       AssertionError: "IP address mismatch|wronghost|IPAddressMismatch|Certificate" does not match "SSL handshake failed: 127.0.0.1:9001: timed out (configured timeouts: socketTimeoutMS: 20000.0ms, connectTimeoutMS: 20000.0ms)"
 [2024/10/16 19:11:00.151] test/asynchronous/test_encryption.py:2173: AssertionError

            Assignee:
            noah.stapp@mongodb.com Noah Stapp
            Reporter:
            steve.silvester@mongodb.com Steve Silvester
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: