Fix MongoClient leak in auto-encryption #1142
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When AutoEncryptionSettings#keyVaultMongoClientSettings is non-null and AutoEncryptionSettings#isBypassAutoEncryption is false, the second internal MongoClient is now closed when the containing MongoClient is closed. The bug is fixed in both the synchronous and reactive streams drivers. JAVA-4993
jyemin
commented
Jun 9, 2023
| @@ -227,8 +232,9 @@ public void close() { | |||
| //noinspection EmptyTryBlock | |||
| try (MongoCrypt ignored = this.mongoCrypt; | |||
| CommandMarker ignored1 = this.commandMarker; | |||
| MongoClient ignored2 = this.internalClient; | |||
| KeyManagementService ignored3 = this.keyManagementService | |||
| MongoClient ignored2 = this.collectionInfoRetrieverClient; | |||
There was a problem hiding this comment.
Depending on configuration, these two MongoClient instances may either
- both be null
- one null and the other non-null
- both be non-null and reference different instances
- both be non-null and reference the same instance
stIncMale
approved these changes
Jun 12, 2023
| KeyManagementService ignored3 = this.keyManagementService | ||
| MongoClient ignored2 = this.collectionInfoRetrieverClient; | ||
| MongoClient ignored3 = this.keyVaultClient; | ||
| KeyManagementService ignored4 = this.keyManagementService |
There was a problem hiding this comment.
This is not related to the PR changes, but it's not obvious why the async KeyManagementService uses TlsChannelStreamFactoryFactory (and needs to be closed), while its sync counterpart does not. Do you happen to know anything about it?
There was a problem hiding this comment.
I think it's because with async I/O you need a thread pool to handle the I/O completion, and for the library that we're using for async TLS there is no "system" (i.e. global) thread pool that is used (unlike with the JDK's AsynchrounousSocketChannel)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When AutoEncryptionSettings#keyVaultMongoClientSettings is non-null and AutoEncryptionSettings#isBypassAutoEncryption is false, the second internal MongoClient is now closed when the containing MongoClient is closed.
The bug is fixed in both the synchronous and reactive streams drivers.
JAVA-4993