GODRIVER-3289 Add option to configure DEK cache lifetime. #1922
Conversation
API Change Report./v2/mongo/optionscompatible changes(*AutoEncryptionOptions).SetKeyExpiration: added ./v2/x/mongo/driver/mongocrypt/optionscompatible changes(*MongoCryptOptions).SetKeyExpiration: added |
qingyang-hu
force-pushed
the
godriver3289
branch
7 times, most recently
from
50eee42 to
6319ce0
Compare
qingyang-hu
force-pushed
the
godriver3289
branch
from
6319ce0 to
32e7246
Compare
| @@ -164,3 +166,10 @@ func (a *AutoEncryptionOptions) SetBypassQueryAnalysis(bypass bool) *AutoEncrypt | |||
|
|
|||
| return a | |||
| } | |||
|
|
|||
| // SetKeyExpiration specifies duration for the key expiration. 0 or negative value means "never expire". | |||
There was a problem hiding this comment.
Are negative values interpreted by libmongocrypt as "never expire" or are we enforcing that behavior in the Go Driver? I can't find documentation on the negative case. The C and Rust implementations use uint64.
There was a problem hiding this comment.
Negative values are handled in x/mongo/driver/mongocrypt/mongocrypt.go by passing 0 to libmongocrypt. I'm open to using uint64 to align the API with other drivers.
| @@ -193,7 +193,7 @@ func newClient(opts ...*options.ClientOptions) (*Client, error) { | |||
| } | |||
| // AutoEncryptionOptions | |||
| if clientOpts.AutoEncryptionOptions != nil { | |||
| if err := client.configureAutoEncryption(clientOpts); err != nil { | |||
| if err = client.configureAutoEncryption(clientOpts); err != nil { | |||
There was a problem hiding this comment.
Was there a particular scoping or style reason for migrating from the variable declaration to assignment?
| kr := keyRetriever{coll: c.keyVaultCollFLE} | ||
| var cir collInfoRetriever | ||
| bypass := aeOpts.BypassAutoEncryption != nil && *aeOpts.BypassAutoEncryption | ||
| if !bypass { | ||
| if args.MaxPoolSize != nil && *args.MaxPoolSize == 0 { | ||
| c.metadataClientFLE = c | ||
| } else { | ||
| c.metadataClientFLE, err = c.getOrCreateInternalClient(args) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| } | ||
| cir.client = c.metadataClientFLE | ||
| } | ||
|
|
||
| c.cryptFLE = driver.NewCrypt(&driver.CryptOptions{ | ||
| MongoCrypt: mc, | ||
| CollInfoFn: cir.cryptCollInfo, | ||
| KeyFn: kr.cryptKeys, | ||
| MarkFn: c.mongocryptdFLE.markCommand, | ||
| TLSConfig: aeOpts.TLSConfig, | ||
| BypassAutoEncryption: bypass, | ||
| }) |
There was a problem hiding this comment.
This refactor seems unrelated to DEK cache lifetime. I think this should be reverted to avoid confusing the scope of this PR.
| keyExpirationMs = uint64(expirationMs) | ||
| } | ||
| } | ||
| C.mongocrypt_setopt_key_expiration(crypt.wrapped, C.uint64_t(keyExpirationMs)) |
There was a problem hiding this comment.
Should we expose this type as a uint64 instead of a time.Duration in the options API? That is the convention for both C and Rust:
Rust: https://github.com/mongodb/libmongocrypt-rust/pull/38/files
C: mongodb/mongo-c-driver@b0edf30#diff-782e2ab0e9ed19e1fc3e8e7bb5587e57805d5c816b85ab4b606da41de292bc77R137
There was a problem hiding this comment.
IMO, time.Duration is more expressive. We also use it for duration values in other option structs. However, I'm open to using uint64 if it simplifies the API and improves consistency with other drivers.
GODRIVER-3289
Summary
keyExpirationMSanddecryptin the spec tests.Background & Motivation
Add an option to configure DEK cache lifetime.
Specs updates: