Add Encryption Code Probes for BlobGranule (#8779)

* add code probes * address pr comments * address pr comments * Trigger Build * fix
2022-11-16 06:13:55 -08:00 · 2022-11-16 06:13:55 -08:00 · a21f657429
parent 0af0079a62
commit a21f657429
4 changed files with 33 additions and 11 deletions
--- a/fdbclient/BlobGranuleFiles.cpp
+++ b/fdbclient/BlobGranuleFiles.cpp
@ -357,7 +357,7 @@ struct IndexBlockRef {
 			// Compressing indexBlock will need offset recalculation (circular depedency). IndexBlock size is bounded by
 			// number of chunks and sizeof(KeyPrefix), 'not' compressing IndexBlock shouldn't cause significant file
 			// size bloat.
-
+			CODE_PROBE(true, "encrypting index block");
 			ASSERT(cipherKeysCtx.present());
 			encrypt(cipherKeysCtx.get(), arena);
 		} else {
@ -497,6 +497,7 @@ struct IndexBlobGranuleFileChunkRef {
 		}

 		if (cipherKeysCtx.present()) {
+			CODE_PROBE(true, "encrypting granule chunk");
 			IndexBlobGranuleFileChunkRef::encrypt(cipherKeysCtx.get(), chunkRef, arena);
 		}

--- a/fdbclient/FileBackupAgent.actor.cpp
+++ b/fdbclient/FileBackupAgent.actor.cpp
@ -1152,7 +1152,7 @@ ACTOR Future<Standalone<VectorRef<KeyValueRef>>> decodeRangeFileBlock(Reference<
 			    wait(EncryptedRangeFileWriter::decrypt(cx.get(), header, dataPayloadStart, dataLen, &results.arena()));
 			reader = StringRefReader(decryptedData, restore_corrupted_data());
 			state Optional<Reference<TenantEntryCache<Void>>> tenantCache;
-			if (g_network && g_simulator->isSimulated()) {
+			if (g_network && g_network->isSimulated()) {
 				tenantCache = makeReference<TenantEntryCache<Void>>(cx.get(), TenantEntryCacheRefreshMode::WATCH);
 				wait(tenantCache.get()->init());
 			}
--- a/fdbserver/BlobWorker.actor.cpp
+++ b/fdbserver/BlobWorker.actor.cpp
@ -1281,9 +1281,14 @@ ACTOR Future<BlobFileIndex> compactFromBlob(Reference<BlobWorkerData> bwData,
 		ASSERT(snapshotVersion < version);

 		state Optional<BlobGranuleCipherKeysCtx> snapCipherKeysCtx;
+		if (g_network && g_network->isSimulated() &&
+		    isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) &&
+		    !snapshotF.cipherKeysMeta.present()) {
+			ASSERT(false);
+		}
 		if (snapshotF.cipherKeysMeta.present()) {
-			ASSERT(bwData->isEncryptionEnabled);
-
+			ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION));
+			CODE_PROBE(true, "fetching cipher keys for blob snapshot file");
 			BlobGranuleCipherKeysCtx keysCtx =
 			    wait(getGranuleCipherKeysFromKeysMeta(bwData, snapshotF.cipherKeysMeta.get(), &filenameArena));
 			snapCipherKeysCtx = std::move(keysCtx);
@ -1309,9 +1314,15 @@ ACTOR Future<BlobFileIndex> compactFromBlob(Reference<BlobWorkerData> bwData,

 			deltaF = files.deltaFiles[deltaIdx];

+			if (g_network && g_network->isSimulated() &&
+			    isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) &&
+			    !deltaF.cipherKeysMeta.present()) {
+				ASSERT(false);
+			}
+
 			if (deltaF.cipherKeysMeta.present()) {
 				ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION));
-
+				CODE_PROBE(true, "fetching cipher keys for delta file");
 				BlobGranuleCipherKeysCtx keysCtx =
 				    wait(getGranuleCipherKeysFromKeysMeta(bwData, deltaF.cipherKeysMeta.get(), &filenameArena));
 				deltaCipherKeysCtx = std::move(keysCtx);
@ -3768,10 +3779,14 @@ ACTOR Future<Void> doBlobGranuleFileRequest(Reference<BlobWorkerData> bwData, Bl
 							    .detail("Encrypted", encrypted);
 						}

+						if (g_network && g_network->isSimulated() &&
+						    isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) && !encrypted) {
+							ASSERT(false);
+						}
 						if (encrypted) {
-							ASSERT(bwData->isEncryptionEnabled);
+							ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION));
 							ASSERT(!chunk.snapshotFile.get().cipherKeysCtx.present());
-
+							CODE_PROBE(true, "fetching cipher keys from meta ref for snapshot file");
 							snapCipherKeysCtx = getGranuleCipherKeysFromKeysMetaRef(
 							    bwData, chunk.snapshotFile.get().cipherKeysMetaRef.get(), &rep.arena);
 						}
@ -3786,10 +3801,14 @@ ACTOR Future<Void> doBlobGranuleFileRequest(Reference<BlobWorkerData> bwData, Bl
 							    .detail("Encrypted", encrypted);
 						}

+						if (g_network && g_network->isSimulated() &&
+						    isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) && !encrypted) {
+							ASSERT(false);
+						}
 						if (encrypted) {
-							ASSERT(bwData->isEncryptionEnabled);
+							ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION));
 							ASSERT(!chunk.deltaFiles[deltaIdx].cipherKeysCtx.present());
-
+							CODE_PROBE(true, "fetching cipher keys from meta ref for delta files");
 							deltaCipherKeysCtxs.emplace(
 							    deltaIdx,
 							    getGranuleCipherKeysFromKeysMetaRef(
--- a/fdbserver/storageserver.actor.cpp
+++ b/fdbserver/storageserver.actor.cpp
@ -8836,7 +8836,8 @@ ACTOR Future<Void> update(StorageServer* data, bool* pReceivedUpdate) {
 				} else {
 					MutationRef msg;
 					cloneReader >> msg;
-					if (isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() &&
+					if (g_network && g_network->isSimulated() &&
+					    isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() &&
 					    !(isSingleKeyMutation((MutationRef::Type)msg.type) &&
 					      (backupLogKeys.contains(msg.param1) || (applyLogKeys.contains(msg.param1))))) {
 						ASSERT(false);
@ -8994,7 +8995,8 @@ ACTOR Future<Void> update(StorageServer* data, bool* pReceivedUpdate) {
 			} else {
 				MutationRef msg;
 				rd >> msg;
-				if (isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() &&
+				if (g_network && g_network->isSimulated() &&
+				    isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() &&
 				    !(isSingleKeyMutation((MutationRef::Type)msg.type) &&
 				      (backupLogKeys.contains(msg.param1) || (applyLogKeys.contains(msg.param1))))) {
 					ASSERT(false);