Merge branch 'main' of https://github.com/apple/foundationdb into feature/main/tenantCheck
This commit is contained in:
Xiaoxi Wang
commit
5dadd7addd
|
|
@ -18,6 +18,8 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "fdbclient/DatabaseConfiguration.h"
|
||||
#include "fmt/format.h"
|
||||
#include "fdbclient/BackupAgent.actor.h"
|
||||
#include "fdbclient/BackupContainer.h"
|
||||
#include "fdbclient/BlobCipher.h"
|
||||
|
|
@ -35,14 +37,7 @@
|
|||
#include "fdbclient/SystemData.h"
|
||||
#include "fdbclient/TaskBucket.h"
|
||||
#include "fdbclient/Tenant.h"
|
||||
#include "fdbclient/TenantEntryCache.actor.h"
|
||||
#include "flow/Arena.h"
|
||||
#include "flow/CodeProbe.h"
|
||||
#include "flow/EncryptUtils.h"
|
||||
#include "flow/network.h"
|
||||
#include "flow/ObjectSerializer.h"
|
||||
#include "flow/ProtocolVersion.h"
|
||||
#include "flow/serialize.h"
|
||||
#include "flow/Trace.h"
|
||||
|
||||
#include <cinttypes>
|
||||
|
|
@ -563,11 +558,11 @@ struct EncryptedRangeFileWriter : public IRangeFileWriter {
|
|||
|
||||
EncryptedRangeFileWriter(Database cx,
|
||||
Arena* arena,
|
||||
Reference<TenantEntryCache<Void>> tenantCache,
|
||||
EncryptionAtRestMode encryptMode,
|
||||
Reference<IBackupFile> file = Reference<IBackupFile>(),
|
||||
int blockSize = 0,
|
||||
Options options = Options())
|
||||
: cx(cx), arena(arena), tenantCache(tenantCache), file(file), blockSize(blockSize), blockEnd(0),
|
||||
: cx(cx), arena(arena), file(file), encryptMode(encryptMode), blockSize(blockSize), blockEnd(0),
|
||||
fileVersion(BACKUP_AGENT_ENCRYPTED_SNAPSHOT_FILE_VERSION), options(options) {
|
||||
buffer = makeString(blockSize);
|
||||
wPtr = mutateString(buffer);
|
||||
|
|
@ -664,7 +659,7 @@ struct EncryptedRangeFileWriter : public IRangeFileWriter {
|
|||
}
|
||||
|
||||
ACTOR static Future<Void> updateEncryptionKeysCtx(EncryptedRangeFileWriter* self, KeyRef key) {
|
||||
state EncryptCipherDomainId curDomainId = wait(getEncryptionDomainDetails(key, self->tenantCache));
|
||||
state EncryptCipherDomainId curDomainId = wait(getEncryptionDomainDetails(key, self->encryptMode));
|
||||
state Reference<AsyncVar<ClientDBInfo> const> dbInfo = self->cx->clientInfo;
|
||||
|
||||
// Get text and header cipher key
|
||||
|
|
@ -705,27 +700,21 @@ struct EncryptedRangeFileWriter : public IRangeFileWriter {
|
|||
|
||||
static bool isSystemKey(KeyRef key) { return key.size() && key[0] == systemKeys.begin[0]; }
|
||||
|
||||
ACTOR static Future<EncryptCipherDomainId> getEncryptionDomainDetailsImpl(
|
||||
KeyRef key,
|
||||
Reference<TenantEntryCache<Void>> tenantCache) {
|
||||
ACTOR static Future<EncryptCipherDomainId> getEncryptionDomainDetailsImpl(KeyRef key,
|
||||
EncryptionAtRestMode encryptMode) {
|
||||
if (isSystemKey(key)) {
|
||||
return SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID;
|
||||
}
|
||||
if (key.size() < TenantAPI::PREFIX_SIZE) {
|
||||
if (key.size() < TenantAPI::PREFIX_SIZE || encryptMode.mode == EncryptionAtRestMode::CLUSTER_AWARE) {
|
||||
return FDB_DEFAULT_ENCRYPT_DOMAIN_ID;
|
||||
}
|
||||
// dealing with domain aware encryption so all keys should belong to a tenant
|
||||
KeyRef tenantPrefix = KeyRef(key.begin(), TenantAPI::PREFIX_SIZE);
|
||||
state int64_t tenantId = TenantAPI::prefixToId(tenantPrefix);
|
||||
Optional<TenantEntryCachePayload<Void>> payload = wait(tenantCache->getById(tenantId));
|
||||
if (payload.present()) {
|
||||
return tenantId;
|
||||
}
|
||||
return FDB_DEFAULT_ENCRYPT_DOMAIN_ID;
|
||||
return TenantAPI::prefixToId(tenantPrefix);
|
||||
}
|
||||
|
||||
static Future<EncryptCipherDomainId> getEncryptionDomainDetails(KeyRef key,
|
||||
Reference<TenantEntryCache<Void>> tenantCache) {
|
||||
return getEncryptionDomainDetailsImpl(key, tenantCache);
|
||||
static Future<EncryptCipherDomainId> getEncryptionDomainDetails(KeyRef key, EncryptionAtRestMode encryptMode) {
|
||||
return getEncryptionDomainDetailsImpl(key, encryptMode);
|
||||
}
|
||||
|
||||
// Handles the first block and internal blocks. Ends current block if needed.
|
||||
|
|
@ -835,9 +824,9 @@ struct EncryptedRangeFileWriter : public IRangeFileWriter {
|
|||
if (self->lastKey.size() == 0 || k.size() == 0) {
|
||||
return false;
|
||||
}
|
||||
state EncryptCipherDomainId curKeyDomainId = wait(getEncryptionDomainDetails(k, self->tenantCache));
|
||||
state EncryptCipherDomainId curKeyDomainId = wait(getEncryptionDomainDetails(k, self->encryptMode));
|
||||
state EncryptCipherDomainId prevKeyDomainId =
|
||||
wait(getEncryptionDomainDetails(self->lastKey, self->tenantCache));
|
||||
wait(getEncryptionDomainDetails(self->lastKey, self->encryptMode));
|
||||
if (curKeyDomainId != prevKeyDomainId) {
|
||||
CODE_PROBE(true, "crossed tenant boundaries");
|
||||
wait(handleTenantBondary(self, k, v, writeValue, curKeyDomainId));
|
||||
|
|
@ -901,7 +890,7 @@ struct EncryptedRangeFileWriter : public IRangeFileWriter {
|
|||
|
||||
Database cx;
|
||||
Arena* arena;
|
||||
Reference<TenantEntryCache<Void>> tenantCache;
|
||||
EncryptionAtRestMode encryptMode;
|
||||
Reference<IBackupFile> file;
|
||||
int blockSize;
|
||||
|
||||
|
|
@ -1044,7 +1033,7 @@ private:
|
|||
ACTOR static Future<Void> decodeKVPairs(StringRefReader* reader,
|
||||
Standalone<VectorRef<KeyValueRef>>* results,
|
||||
bool encryptedBlock,
|
||||
Optional<Reference<TenantEntryCache<Void>>> tenantCache,
|
||||
Optional<EncryptionAtRestMode> encryptMode,
|
||||
Optional<BlobCipherEncryptHeader> encryptHeader) {
|
||||
// Read begin key, if this fails then block was invalid.
|
||||
state uint32_t kLen = reader->consumeNetworkUInt32();
|
||||
|
|
@ -1063,16 +1052,16 @@ ACTOR static Future<Void> decodeKVPairs(StringRefReader* reader,
|
|||
// make sure that all keys in a block belong to exactly one tenant,
|
||||
// unless its the last key in which case it can be a truncated (different) tenant prefix
|
||||
if (encryptedBlock && g_network && g_network->isSimulated()) {
|
||||
ASSERT(tenantCache.present());
|
||||
ASSERT(encryptMode.present());
|
||||
ASSERT(encryptHeader.present());
|
||||
state KeyRef curKey = KeyRef(k, kLen);
|
||||
if (!prevDomainId.present()) {
|
||||
EncryptCipherDomainId domainId =
|
||||
wait(EncryptedRangeFileWriter::getEncryptionDomainDetails(prevKey, tenantCache.get()));
|
||||
wait(EncryptedRangeFileWriter::getEncryptionDomainDetails(prevKey, encryptMode.get()));
|
||||
prevDomainId = domainId;
|
||||
}
|
||||
EncryptCipherDomainId curDomainId =
|
||||
wait(EncryptedRangeFileWriter::getEncryptionDomainDetails(curKey, tenantCache.get()));
|
||||
wait(EncryptedRangeFileWriter::getEncryptionDomainDetails(curKey, encryptMode.get()));
|
||||
if (!curKey.empty() && !prevKey.empty() && prevDomainId.get() != curDomainId) {
|
||||
ASSERT(!done);
|
||||
if (curDomainId != SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID && curDomainId != FDB_DEFAULT_ENCRYPT_DOMAIN_ID) {
|
||||
|
|
@ -1132,11 +1121,8 @@ ACTOR Future<Standalone<VectorRef<KeyValueRef>>> decodeRangeFileBlock(Reference<
|
|||
// BACKUP_AGENT_ENCRYPTED_SNAPSHOT_FILE_VERSION
|
||||
int32_t file_version = reader.consume<int32_t>();
|
||||
if (file_version == BACKUP_AGENT_SNAPSHOT_FILE_VERSION) {
|
||||
wait(decodeKVPairs(&reader,
|
||||
&results,
|
||||
false,
|
||||
Optional<Reference<TenantEntryCache<Void>>>(),
|
||||
Optional<BlobCipherEncryptHeader>()));
|
||||
wait(decodeKVPairs(
|
||||
&reader, &results, false, Optional<EncryptionAtRestMode>(), Optional<BlobCipherEncryptHeader>()));
|
||||
} else if (file_version == BACKUP_AGENT_ENCRYPTED_SNAPSHOT_FILE_VERSION) {
|
||||
CODE_PROBE(true, "decoding encrypted block");
|
||||
ASSERT(cx.present());
|
||||
|
|
@ -1160,12 +1146,13 @@ ACTOR Future<Standalone<VectorRef<KeyValueRef>>> decodeRangeFileBlock(Reference<
|
|||
StringRef decryptedData =
|
||||
wait(EncryptedRangeFileWriter::decrypt(cx.get(), header, dataPayloadStart, dataLen, &results.arena()));
|
||||
reader = StringRefReader(decryptedData, restore_corrupted_data());
|
||||
state Optional<Reference<TenantEntryCache<Void>>> tenantCache;
|
||||
state Optional<EncryptionAtRestMode> encryptMode;
|
||||
if (g_network && g_network->isSimulated()) {
|
||||
tenantCache = makeReference<TenantEntryCache<Void>>(cx.get(), TenantEntryCacheRefreshMode::WATCH);
|
||||
wait(tenantCache.get()->init());
|
||||
// The encyption mode is only used during simulation for a sanity check
|
||||
DatabaseConfiguration config = wait(getDatabaseConfiguration(cx.get()));
|
||||
encryptMode = config.encryptionAtRestMode;
|
||||
}
|
||||
wait(decodeKVPairs(&reader, &results, true, tenantCache, header));
|
||||
wait(decodeKVPairs(&reader, &results, true, encryptMode, header));
|
||||
} else {
|
||||
throw restore_unsupported_file_version();
|
||||
}
|
||||
|
|
@ -1748,7 +1735,6 @@ struct BackupRangeTaskFunc : BackupTaskFuncBase {
|
|||
state std::unique_ptr<IRangeFileWriter> rangeFile;
|
||||
state BackupConfig backup(task);
|
||||
state Arena arena;
|
||||
state Reference<TenantEntryCache<Void>> tenantCache;
|
||||
|
||||
// Don't need to check keepRunning(task) here because we will do that while finishing each output file, but
|
||||
// if bc is false then clearly the backup is no longer in progress
|
||||
|
|
@ -1817,6 +1803,8 @@ struct BackupRangeTaskFunc : BackupTaskFuncBase {
|
|||
state Version snapshotBeginVersion;
|
||||
state int64_t snapshotRangeFileCount;
|
||||
|
||||
DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
|
||||
state EncryptionAtRestMode encryptMode = config.encryptionAtRestMode;
|
||||
state Reference<ReadYourWritesTransaction> tr(new ReadYourWritesTransaction(cx));
|
||||
loop {
|
||||
try {
|
||||
|
|
@ -1838,16 +1826,14 @@ struct BackupRangeTaskFunc : BackupTaskFuncBase {
|
|||
wait(bc->writeRangeFile(snapshotBeginVersion, snapshotRangeFileCount, outVersion, blockSize));
|
||||
outFile = f;
|
||||
|
||||
const bool encrypted =
|
||||
encryptionEnabled.present() && encryptionEnabled.get() && cx->clientInfo->get().isEncryptionEnabled;
|
||||
if (!encryptionEnabled.present() || !encryptionEnabled.get()) {
|
||||
encryptMode = EncryptionAtRestMode::DISABLED;
|
||||
}
|
||||
TraceEvent(SevDebug, "EncryptionMode").detail("EncryptMode", encryptMode.toString());
|
||||
// Initialize range file writer and write begin key
|
||||
if (encrypted) {
|
||||
if (encryptMode.mode != EncryptionAtRestMode::DISABLED) {
|
||||
CODE_PROBE(true, "using encrypted snapshot file writer");
|
||||
if (!tenantCache.isValid()) {
|
||||
tenantCache = makeReference<TenantEntryCache<Void>>(cx, TenantEntryCacheRefreshMode::WATCH);
|
||||
wait(tenantCache->init());
|
||||
}
|
||||
rangeFile = std::make_unique<EncryptedRangeFileWriter>(cx, &arena, tenantCache, outFile, blockSize);
|
||||
rangeFile = std::make_unique<EncryptedRangeFileWriter>(cx, &arena, encryptMode, outFile, blockSize);
|
||||
} else {
|
||||
rangeFile = std::make_unique<RangeFileWriter>(outFile, blockSize);
|
||||
}
|
||||
|
|
@ -6063,6 +6049,7 @@ public:
|
|||
state Reference<ReadYourWritesTransaction> ryw_tr =
|
||||
Reference<ReadYourWritesTransaction>(new ReadYourWritesTransaction(cx));
|
||||
state BackupConfig backupConfig;
|
||||
state DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
|
||||
loop {
|
||||
try {
|
||||
ryw_tr->setOption(FDBTransactionOptions::ACCESS_SYSTEM_KEYS);
|
||||
|
|
@ -6181,9 +6168,8 @@ public:
|
|||
TraceEvent("AS_StartRestore").log();
|
||||
state Standalone<VectorRef<KeyRangeRef>> restoreRange;
|
||||
state Standalone<VectorRef<KeyRangeRef>> systemRestoreRange;
|
||||
bool encryptionEnabled = cx->clientInfo->get().isEncryptionEnabled;
|
||||
for (auto r : ranges) {
|
||||
if (!encryptionEnabled || !r.intersects(getSystemBackupRanges())) {
|
||||
if (!config.encryptionAtRestMode.isEncryptionEnabled() || !r.intersects(getSystemBackupRanges())) {
|
||||
restoreRange.push_back_deep(restoreRange.arena(), r);
|
||||
} else {
|
||||
KeyRangeRef normalKeyRange = r & normalKeys;
|
||||
|
|
|
|||
|
|
@ -6186,7 +6186,7 @@ private:
|
|||
// If BTree encryption is enabled, pages read must be encrypted using the desired encryption type
|
||||
if (self->m_enforceEncodingType && (page->getEncodingType() != self->m_encodingType)) {
|
||||
Error e = unexpected_encoding_type();
|
||||
TraceEvent(SevError, "RedwoodBTreeUnexpectedNodeEncoding")
|
||||
TraceEvent(SevWarnAlways, "RedwoodBTreeUnexpectedNodeEncoding")
|
||||
.error(e)
|
||||
.detail("PhysicalPageID", page->getPhysicalPageID())
|
||||
.detail("IsEncrypted", page->isEncrypted())
|
||||
|
|
|
|||
|
|
@ -96,7 +96,6 @@ struct AtomicRestoreWorkload : TestWorkload {
|
|||
TraceEvent("AtomicRestore_Start").detail("UsePartitionedLog", self->usePartitionedLogs);
|
||||
|
||||
state std::string backupContainer = "file://simfdb/backups/";
|
||||
state DatabaseConfiguration conf = wait(getDatabaseConfiguration(cx));
|
||||
try {
|
||||
wait(backupAgent.submitBackup(cx,
|
||||
StringRef(backupContainer),
|
||||
|
|
@ -105,8 +104,7 @@ struct AtomicRestoreWorkload : TestWorkload {
|
|||
deterministicRandom()->randomInt(0, 100),
|
||||
BackupAgentBase::getDefaultTagName(),
|
||||
self->backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
conf.tenantMode != TenantMode::OPTIONAL_TENANT,
|
||||
true,
|
||||
StopWhenDone::False,
|
||||
self->usePartitionedLogs));
|
||||
} catch (Error& e) {
|
||||
|
|
|
|||
|
|
@ -215,7 +215,6 @@ struct BackupAndParallelRestoreCorrectnessWorkload : TestWorkload {
|
|||
|
||||
state std::string backupContainer = "file://simfdb/backups/";
|
||||
state Future<Void> status = statusLoop(cx, tag.toString());
|
||||
state DatabaseConfiguration configuration = wait(getDatabaseConfiguration(cx));
|
||||
try {
|
||||
wait(backupAgent->submitBackup(cx,
|
||||
StringRef(backupContainer),
|
||||
|
|
@ -224,8 +223,7 @@ struct BackupAndParallelRestoreCorrectnessWorkload : TestWorkload {
|
|||
deterministicRandom()->randomInt(0, 100),
|
||||
tag.toString(),
|
||||
backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
configuration.tenantMode != TenantMode::OPTIONAL_TENANT,
|
||||
true,
|
||||
StopWhenDone{ !stopDifferentialDelay },
|
||||
self->usePartitionedLogs));
|
||||
} catch (Error& e) {
|
||||
|
|
@ -475,7 +473,6 @@ struct BackupAndParallelRestoreCorrectnessWorkload : TestWorkload {
|
|||
// Occasionally start yet another backup that might still be running when we restore
|
||||
if (!self->locked && BUGGIFY) {
|
||||
TraceEvent("BARW_SubmitBackup2", randomID).detail("Tag", printable(self->backupTag));
|
||||
state DatabaseConfiguration configuration = wait(getDatabaseConfiguration(cx));
|
||||
try {
|
||||
// Note the "partitionedLog" must be false, because we change
|
||||
// the configuration to disable backup workers before restore.
|
||||
|
|
@ -486,8 +483,7 @@ struct BackupAndParallelRestoreCorrectnessWorkload : TestWorkload {
|
|||
deterministicRandom()->randomInt(0, 100),
|
||||
self->backupTag.toString(),
|
||||
self->backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
configuration.tenantMode != TenantMode::OPTIONAL_TENANT,
|
||||
true,
|
||||
StopWhenDone::True,
|
||||
UsePartitionedLog::False);
|
||||
} catch (Error& e) {
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "fdbclient/DatabaseConfiguration.h"
|
||||
#include "fdbclient/ManagementAPI.actor.h"
|
||||
#include "fdbclient/ReadYourWrites.h"
|
||||
#include "fdbrpc/simulator.h"
|
||||
|
|
@ -332,7 +333,6 @@ struct BackupAndRestoreCorrectnessWorkload : TestWorkload {
|
|||
|
||||
state std::string backupContainer = "file://simfdb/backups/";
|
||||
state Future<Void> status = statusLoop(cx, tag.toString());
|
||||
state DatabaseConfiguration configuration = wait(getDatabaseConfiguration(cx));
|
||||
try {
|
||||
wait(backupAgent->submitBackup(cx,
|
||||
StringRef(backupContainer),
|
||||
|
|
@ -341,8 +341,7 @@ struct BackupAndRestoreCorrectnessWorkload : TestWorkload {
|
|||
deterministicRandom()->randomInt(0, 2000),
|
||||
tag.toString(),
|
||||
backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
configuration.tenantMode != TenantMode::OPTIONAL_TENANT,
|
||||
true,
|
||||
StopWhenDone{ !stopDifferentialDelay },
|
||||
UsePartitionedLog::False,
|
||||
IncrementalBackupOnly::False,
|
||||
|
|
@ -557,6 +556,7 @@ struct BackupAndRestoreCorrectnessWorkload : TestWorkload {
|
|||
state FileBackupAgent backupAgent;
|
||||
state Future<Void> extraBackup;
|
||||
state bool extraTasks = false;
|
||||
state DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
|
||||
TraceEvent("BARW_Arguments")
|
||||
.detail("BackupTag", printable(self->backupTag))
|
||||
.detail("PerformRestore", self->performRestore)
|
||||
|
|
@ -631,7 +631,6 @@ struct BackupAndRestoreCorrectnessWorkload : TestWorkload {
|
|||
// Occasionally start yet another backup that might still be running when we restore
|
||||
if (!self->locked && BUGGIFY) {
|
||||
TraceEvent("BARW_SubmitBackup2", randomID).detail("Tag", printable(self->backupTag));
|
||||
state DatabaseConfiguration configuration = wait(getDatabaseConfiguration(cx));
|
||||
try {
|
||||
extraBackup = backupAgent.submitBackup(cx,
|
||||
"file://simfdb/backups/"_sr,
|
||||
|
|
@ -640,8 +639,7 @@ struct BackupAndRestoreCorrectnessWorkload : TestWorkload {
|
|||
deterministicRandom()->randomInt(0, 100),
|
||||
self->backupTag.toString(),
|
||||
self->backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
configuration.tenantMode != TenantMode::OPTIONAL_TENANT,
|
||||
true,
|
||||
StopWhenDone::True);
|
||||
} catch (Error& e) {
|
||||
TraceEvent("BARW_SubmitBackup2Exception", randomID)
|
||||
|
|
@ -701,7 +699,7 @@ struct BackupAndRestoreCorrectnessWorkload : TestWorkload {
|
|||
Standalone<VectorRef<KeyRangeRef>> modifiedRestoreRanges;
|
||||
Standalone<VectorRef<KeyRangeRef>> systemRestoreRanges;
|
||||
for (int i = 0; i < self->restoreRanges.size(); ++i) {
|
||||
if (!SERVER_KNOBS->ENABLE_ENCRYPTION ||
|
||||
if (!config.encryptionAtRestMode.isEncryptionEnabled() ||
|
||||
!self->restoreRanges[i].intersects(getSystemBackupRanges())) {
|
||||
modifiedRestoreRanges.push_back_deep(modifiedRestoreRanges.arena(), self->restoreRanges[i]);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -58,7 +58,6 @@ struct BackupToBlobWorkload : TestWorkload {
|
|||
addDefaultBackupRanges(backupRanges);
|
||||
|
||||
wait(delay(self->backupAfter));
|
||||
state DatabaseConfiguration configuration = wait(getDatabaseConfiguration(cx));
|
||||
wait(backupAgent.submitBackup(cx,
|
||||
self->backupURL,
|
||||
{},
|
||||
|
|
@ -66,8 +65,7 @@ struct BackupToBlobWorkload : TestWorkload {
|
|||
self->snapshotInterval,
|
||||
self->backupTag.toString(),
|
||||
backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
configuration.tenantMode != TenantMode::OPTIONAL_TENANT));
|
||||
true));
|
||||
EBackupState backupStatus = wait(backupAgent.waitBackup(cx, self->backupTag.toString(), StopWhenDone::True));
|
||||
TraceEvent("BackupToBlob_BackupStatus").detail("Status", BackupAgentBase::getStateText(backupStatus));
|
||||
return Void();
|
||||
|
|
|
|||
|
|
@ -18,6 +18,8 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "fdbclient/DatabaseConfiguration.h"
|
||||
#include "fdbclient/ManagementAPI.actor.h"
|
||||
#include "fdbrpc/simulator.h"
|
||||
#include "fdbclient/BackupAgent.actor.h"
|
||||
#include "fdbclient/ClusterConnectionMemoryRecord.h"
|
||||
|
|
@ -580,6 +582,7 @@ struct BackupToDBCorrectnessWorkload : TestWorkload {
|
|||
state DatabaseBackupAgent restoreTool(self->extraDB);
|
||||
state Future<Void> extraBackup;
|
||||
state bool extraTasks = false;
|
||||
state DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
|
||||
TraceEvent("BARW_Arguments")
|
||||
.detail("BackupTag", printable(self->backupTag))
|
||||
.detail("BackupAfter", self->backupAfter)
|
||||
|
|
@ -670,7 +673,7 @@ struct BackupToDBCorrectnessWorkload : TestWorkload {
|
|||
state Standalone<VectorRef<KeyRangeRef>> restoreRange;
|
||||
state Standalone<VectorRef<KeyRangeRef>> systemRestoreRange;
|
||||
for (auto r : self->backupRanges) {
|
||||
if (!SERVER_KNOBS->ENABLE_ENCRYPTION || !r.intersects(getSystemBackupRanges())) {
|
||||
if (!config.encryptionAtRestMode.isEncryptionEnabled() || !r.intersects(getSystemBackupRanges())) {
|
||||
restoreRange.push_back_deep(
|
||||
restoreRange.arena(),
|
||||
KeyRangeRef(r.begin.withPrefix(self->backupPrefix), r.end.withPrefix(self->backupPrefix)));
|
||||
|
|
|
|||
|
|
@ -1565,7 +1565,7 @@ struct ConsistencyCheckWorkload : TestWorkload {
|
|||
}
|
||||
|
||||
// Check EncryptKeyProxy
|
||||
if (SERVER_KNOBS->ENABLE_ENCRYPTION && db.encryptKeyProxy.present() &&
|
||||
if (config.encryptionAtRestMode.isEncryptionEnabled() && db.encryptKeyProxy.present() &&
|
||||
(!nonExcludedWorkerProcessMap.count(db.encryptKeyProxy.get().address()) ||
|
||||
nonExcludedWorkerProcessMap[db.encryptKeyProxy.get().address()].processClass.machineClassFitness(
|
||||
ProcessClass::EncryptKeyProxy) > fitnessLowerBound)) {
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "fdbclient/DatabaseConfiguration.h"
|
||||
#include "fdbclient/FDBTypes.h"
|
||||
#include "fdbclient/Knobs.h"
|
||||
#include "fdbclient/ManagementAPI.actor.h"
|
||||
|
|
@ -147,11 +148,11 @@ struct IncrementalBackupWorkload : TestWorkload {
|
|||
|
||||
ACTOR static Future<Void> _start(Database cx, IncrementalBackupWorkload* self) {
|
||||
state Standalone<VectorRef<KeyRangeRef>> backupRanges;
|
||||
state DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
|
||||
addDefaultBackupRanges(backupRanges);
|
||||
|
||||
if (self->submitOnly) {
|
||||
TraceEvent("IBackupSubmitAttempt").log();
|
||||
state DatabaseConfiguration configuration = wait(getDatabaseConfiguration(cx));
|
||||
try {
|
||||
wait(self->backupAgent.submitBackup(cx,
|
||||
self->backupDir,
|
||||
|
|
@ -160,8 +161,7 @@ struct IncrementalBackupWorkload : TestWorkload {
|
|||
1e8,
|
||||
self->tag.toString(),
|
||||
backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
configuration.tenantMode != TenantMode::OPTIONAL_TENANT,
|
||||
true,
|
||||
StopWhenDone::False,
|
||||
UsePartitionedLog::False,
|
||||
IncrementalBackupOnly::True));
|
||||
|
|
@ -234,7 +234,7 @@ struct IncrementalBackupWorkload : TestWorkload {
|
|||
state Standalone<VectorRef<KeyRangeRef>> restoreRange;
|
||||
state Standalone<VectorRef<KeyRangeRef>> systemRestoreRange;
|
||||
for (auto r : backupRanges) {
|
||||
if (!SERVER_KNOBS->ENABLE_ENCRYPTION || !r.intersects(getSystemBackupRanges())) {
|
||||
if (!config.encryptionAtRestMode.isEncryptionEnabled() || !r.intersects(getSystemBackupRanges())) {
|
||||
restoreRange.push_back_deep(restoreRange.arena(), r);
|
||||
} else {
|
||||
KeyRangeRef normalKeyRange = r & normalKeys;
|
||||
|
|
|
|||
|
|
@ -18,7 +18,9 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "fdbclient/DatabaseConfiguration.h"
|
||||
#include "fdbclient/FDBTypes.h"
|
||||
#include "fdbclient/ManagementAPI.actor.h"
|
||||
#include "fdbclient/ReadYourWrites.h"
|
||||
#include "fdbclient/SystemData.h"
|
||||
#include "fdbrpc/simulator.h"
|
||||
|
|
@ -111,10 +113,12 @@ struct RestoreBackupWorkload : TestWorkload {
|
|||
}
|
||||
|
||||
ACTOR static Future<Void> _start(RestoreBackupWorkload* self, Database cx) {
|
||||
state DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
|
||||
wait(delay(self->delayFor));
|
||||
wait(waitOnBackup(self, cx));
|
||||
wait(clearDatabase(cx));
|
||||
if (SERVER_KNOBS->ENABLE_ENCRYPTION) {
|
||||
|
||||
if (config.encryptionAtRestMode.isEncryptionEnabled()) {
|
||||
// restore system keys
|
||||
VectorRef<KeyRangeRef> systemBackupRanges = getSystemBackupRanges();
|
||||
state std::vector<Future<Version>> restores;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "fdbclient/ManagementAPI.actor.h"
|
||||
#include "fdbclient/SystemData.h"
|
||||
#include "fdbrpc/simulator.h"
|
||||
#include "fdbclient/BackupAgent.actor.h"
|
||||
|
|
@ -54,9 +55,10 @@ struct RestoreFromBlobWorkload : TestWorkload {
|
|||
|
||||
ACTOR static Future<Void> _start(Database cx, RestoreFromBlobWorkload* self) {
|
||||
state FileBackupAgent backupAgent;
|
||||
state DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
|
||||
|
||||
wait(delay(self->restoreAfter));
|
||||
if (SERVER_KNOBS->ENABLE_ENCRYPTION) {
|
||||
if (config.encryptionAtRestMode.isEncryptionEnabled()) {
|
||||
// restore system keys followed by user keys
|
||||
wait(success(backupAgent.restore(
|
||||
cx, {}, self->backupTag, self->backupURL, {}, getSystemBackupRanges(), self->waitForComplete)));
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ struct SubmitBackupWorkload : TestWorkload {
|
|||
wait(delay(self->delayFor));
|
||||
state Standalone<VectorRef<KeyRangeRef>> backupRanges;
|
||||
addDefaultBackupRanges(backupRanges);
|
||||
state DatabaseConfiguration configuration = wait(getDatabaseConfiguration(cx));
|
||||
try {
|
||||
wait(self->backupAgent.submitBackup(cx,
|
||||
self->backupDir,
|
||||
|
|
@ -64,8 +63,7 @@ struct SubmitBackupWorkload : TestWorkload {
|
|||
self->snapshotInterval,
|
||||
self->tag.toString(),
|
||||
backupRanges,
|
||||
SERVER_KNOBS->ENABLE_ENCRYPTION &&
|
||||
configuration.tenantMode != TenantMode::OPTIONAL_TENANT,
|
||||
true,
|
||||
self->stopWhenDone,
|
||||
UsePartitionedLog::False,
|
||||
self->incremental));
|
||||
|
|
|
|||
Loading…
Reference in New Issue