Skip to content

MONGOCRYPT-763 add in-place retry API #1011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

MONGOCRYPT-763 add in-place retry API #1011

wants to merge 13 commits into from

Conversation

mdb-ad
Copy link
Contributor

@mdb-ad mdb-ad commented May 17, 2025

Add in-place retry API to better support drivers that fan out KMS requests.

@mdb-ad mdb-ad requested a review from a team as a code owner May 17, 2025 23:39
@mdb-ad mdb-ad requested review from a user and kevinAlbs and removed request for a team May 17, 2025 23:39
addaleax
addaleax reviewed May 19, 2025
View reviewed changes
kevinAlbs
kevinAlbs reviewed May 20, 2025
View reviewed changes
@mdb-ad mdb-ad requested a review from kevinAlbs June 18, 2025 01:43
@mdb-ad mdb-ad requested a review from a team as a code owner June 18, 2025 03:13
@blink1073 blink1073 removed the request for review from a team June 18, 2025 12:36
kevinAlbs
kevinAlbs requested changes Jun 20, 2025
View reviewed changes
@mdb-ad mdb-ad requested a review from kevinAlbs July 3, 2025 18:53
kevinAlbs
kevinAlbs reviewed Jul 3, 2025
View reviewed changes
@mdb-ad mdb-ad requested a review from kevinAlbs August 14, 2025 05:46
kevinAlbs
kevinAlbs requested changes Aug 15, 2025
View reviewed changes
@mdb-ad mdb-ad requested a review from kevinAlbs August 21, 2025 06:35
kevinAlbs
kevinAlbs reviewed Aug 21, 2025
View reviewed changes
integrating.md
d. Feed the reply back with `mongocrypt_kms_ctx_feed`. Repeat
> until `mongocrypt_kms_ctx_bytes_needed` returns 0.
d. Feed the reply back with `mongocrypt_kms_ctx_feed` or `mongocrypt_kms_ctx_feed_with_retry`. Repeat
> until `mongocrypt_kms_ctx_bytes_needed` returns 0. If the `should_retry` outparam returns true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
> until `mongocrypt_kms_ctx_bytes_needed` returns 0. If the `should_retry` outparam returns true,
until `mongocrypt_kms_ctx_bytes_needed` returns 0. If the `should_retry` outparam returns true,

src/mongocrypt-kms-ctx.c
return true;
}

bool mongocrypt_kms_ctx_feed_with_retry(mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes, bool *should_retry) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
bool mongocrypt_kms_ctx_feed_with_retry(mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes, bool *should_retry) {
bool mongocrypt_kms_ctx_feed_with_retry(mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes, bool *should_retry) {
BSON_ASSERT_PARAM(kms);
BSON_ASSERT_PARAM(bytes);
BSON_ASSERT_PARAM(should_retry);

Suggest asserting required args are non-NULL to abort early. I expect the abort would only occur due to a driver bug (not during normal execution).

src/mongocrypt.h
@@ -1180,7 +1180,25 @@ MONGOCRYPT_EXPORT
bool mongocrypt_kms_ctx_feed(mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes);

/**
* Indicate a network-level failure.
* Feed bytes from the HTTP response.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Feed bytes from the HTTP response.
* Feed bytes from the KMS response.

Notably: KMIP is not HTTP. Suggest also updating the comment in mongocrypt_kms_ctx_feed to match.

test/test-mongocrypt-datakey.c
// Expect no sleep is requested before any error.
ASSERT_CMPINT64(mongocrypt_kms_ctx_usleep(kms_ctx), ==, 0);
// Feed a retryable HTTP error.
ASSERT_OK(mongocrypt_kms_ctx_feed_with_retry(kms_ctx, TEST_FILE("./test/data/rmd/kms-decrypt-reply-429.txt"), &should_retry), kms_ctx);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Run ./etc/format-all.sh to fix the check-format Evergreen task.

src/mongocrypt-kms-ctx.c
if (kms->should_retry) {
// This happens when a KMS context is reused in-place
kms->should_retry = false;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With mongocrypt_kms_ctx_feed_with_retry, I expect it would be a driver bug to call mongocrypt_kms_ctx_feed directly on a KMS context needing retry. Calling mongocrypt_kms_ctx_feed suggests the driver is not doing in-place retry.

Consider making this an error:

if (kms->should_retry) {
     CLIENT_ERR ("KMS context needs retry. Call mongocrypt_kms_ctx_feed_with_retry instead");
     return false;
}

And setting kms->should_retry to false in mongocrypt_kms_ctx_feed_with_retry.

integrating.md

If any step encounters a network error, call `mongocrypt_kms_ctx_fail`.
If `mongocrypt_kms_ctx_fail` returns true, continue to the next KMS context.
If `mongocrypt_kms_ctx_fail` returns true, retry the request by continuing to the next KMS context or by feeding the new response into the same context.
If `mongocrypt_kms_ctx_fail` returns false, abort and report an error. Consider wrapping the error reported in `mongocrypt_kms_ctx_status` to include the last network error.

Copy link
Contributor

@kevinAlbs kevinAlbs Aug 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The note below might be confusing, since it mentions fanning out requests with the older retry behavior:

Note, the driver MAY fan out KMS requests in parallel. More KMS requests may be added when processing responses to retry.

Consider adding a section describing retry and iteration. Idea:

Retry and Iteration

Retry behavior is enabled by calling mongocrypt_setopt_retry_kms.

There are two options for retry:

  • Lazy retry: After processing KMS contexts, iterate again by calling mongocrypt_ctx_next_kms_ctx. KMS contexts needing a retry will be returned.
  • In-place retry: If a KMS context indicates retry, retry the KMS request and feed to the response to the same KMS request. Use mongocrypt_kms_ctx_feed_with_retry and check the return of mongocrypt_kms_ctx_fail to check if a retry is indicated.

The driver MAY fan out KMS requests in parallel. It is not safe to iterate KMS contexts (i.e. call mongocrypt_ctx_next_kms_ctx) while operating on KMS contexts (e.g. calling mongocrypt_kms_ctx_feed). Drivers are recommended to do an in-place retry on KMS requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@addaleax addaleax addaleax left review comments

@kevinAlbs kevinAlbs kevinAlbs requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mdb-ad @addaleax @kevinAlbs