From 7dacaed98368ec0790c9e18a63dfa0035a31fcff Mon Sep 17 00:00:00 2001
From: Nim Wijetunga <nim.wijetunga@snowflake.com>
Date: Fri, 21 Oct 2022 17:24:27 -0700
Subject: [PATCH] add domain name asserts (#8534)

---
 .../include/fdbclient/GetEncryptCipherKeys.actor.h |  7 ++++++-
 fdbserver/EncryptKeyProxy.actor.cpp                | 14 ++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/fdbclient/include/fdbclient/GetEncryptCipherKeys.actor.h b/fdbclient/include/fdbclient/GetEncryptCipherKeys.actor.h
index 257aeea723..6f82b3bba1 100644
--- a/fdbclient/include/fdbclient/GetEncryptCipherKeys.actor.h
+++ b/fdbclient/include/fdbclient/GetEncryptCipherKeys.actor.h
@@ -104,6 +104,11 @@ Future<std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>> getL
 
 	// Collect cached cipher keys.
 	for (auto& domain : domains) {
+		if (domain.first == FDB_DEFAULT_ENCRYPT_DOMAIN_ID) {
+			ASSERT(domain.second == FDB_DEFAULT_ENCRYPT_DOMAIN_NAME);
+		} else if (domain.first == SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID) {
+			ASSERT(domain.second == FDB_SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_NAME);
+		}
 		Reference<BlobCipherKey> cachedCipherKey = cipherKeyCache->getLatestCipherKey(domain.first /*domainId*/);
 		if (cachedCipherKey.isValid()) {
 			cipherKeys[domain.first] = cachedCipherKey;
@@ -301,7 +306,7 @@ template <class T>
 Future<TextAndHeaderCipherKeys> getLatestSystemEncryptCipherKeys(const Reference<AsyncVar<T> const>& db,
                                                                  BlobCipherMetrics::UsageType usageType) {
 	return getLatestEncryptCipherKeysForDomain(
-	    db, SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID, FDB_DEFAULT_ENCRYPT_DOMAIN_NAME, usageType);
+	    db, SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID, FDB_SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_NAME, usageType);
 }
 
 ACTOR template <class T>
diff --git a/fdbserver/EncryptKeyProxy.actor.cpp b/fdbserver/EncryptKeyProxy.actor.cpp
index 9556c86fdc..095f3fb386 100644
--- a/fdbserver/EncryptKeyProxy.actor.cpp
+++ b/fdbserver/EncryptKeyProxy.actor.cpp
@@ -388,6 +388,15 @@ ACTOR Future<Void> getCipherKeysByBaseCipherKeyIds(Reference<EncryptKeyProxyData
 		try {
 			KmsConnLookupEKsByKeyIdsReq keysByIdsReq;
 			for (const auto& item : lookupCipherInfoMap) {
+				// TODO: Currently getEncryptCipherKeys does not pass the domain name, once that is fixed we can remove
+				// the check on the empty domain name
+				if (!item.second.domainName.empty()) {
+					if (item.second.domainId == FDB_DEFAULT_ENCRYPT_DOMAIN_ID) {
+						ASSERT(item.second.domainName == FDB_DEFAULT_ENCRYPT_DOMAIN_NAME);
+					} else if (item.second.domainId == SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID) {
+						ASSERT(item.second.domainName == FDB_SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_NAME);
+					}
+				}
 				keysByIdsReq.encryptKeyInfos.emplace_back_deep(
 				    keysByIdsReq.arena, item.second.domainId, item.second.baseCipherId, item.second.domainName);
 			}
@@ -527,6 +536,11 @@ ACTOR Future<Void> getLatestCipherKeys(Reference<EncryptKeyProxyData> ekpProxyDa
 		try {
 			KmsConnLookupEKsByDomainIdsReq keysByDomainIdReq;
 			for (const auto& item : lookupCipherDomains) {
+				if (item.second.domainId == FDB_DEFAULT_ENCRYPT_DOMAIN_ID) {
+					ASSERT(item.second.domainName == FDB_DEFAULT_ENCRYPT_DOMAIN_NAME);
+				} else if (item.second.domainId == SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID) {
+					ASSERT(item.second.domainName == FDB_SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_NAME);
+				}
 				keysByDomainIdReq.encryptDomainInfos.emplace_back_deep(
 				    keysByDomainIdReq.arena, item.second.domainId, item.second.domainName);
 			}