From c492f83bf4754faaf146c5100a2970b9651e3bba Mon Sep 17 00:00:00 2001
From: Ata E Husain Bohra <ata.husain@snowflake.com>
Date: Thu, 16 Mar 2023 22:52:51 -0700
Subject: [PATCH] EaR: Avoid appending `tls` to the URL (#9734)

Description

Patch proposes two changes:

1. Avoid appending tls as part of URI for secure connections
2. RefreshEKs recurring task can be skipped if there are no keys to be refreshed

Testing

EncryptionOps.toml
EncryptKeyProxyTest.toml
devRunCorrectness
devRunCorrectnessFiltered 'Encrypt*'
---
 fdbclient/RESTUtils.actor.cpp       | 3 +--
 fdbserver/EncryptKeyProxy.actor.cpp | 8 +++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/fdbclient/RESTUtils.actor.cpp b/fdbclient/RESTUtils.actor.cpp
index 4255135372..3bf296547c 100644
--- a/fdbclient/RESTUtils.actor.cpp
+++ b/fdbclient/RESTUtils.actor.cpp
@@ -143,8 +143,7 @@ ACTOR Future<RESTConnectionPool::ReusableConnection> connect_impl(Reference<REST
 	ASSERT(poolItr == connectionPool->connectionPoolMap.end() || poolItr->second.empty());
 
 	// No valid connection exists, create a new one
-	state Reference<IConnection> conn =
-	    wait(INetworkConnections::net()->connect(connectKey.first, connectKey.second, isSecure));
+	state Reference<IConnection> conn = wait(INetworkConnections::net()->connect(connectKey.first, connectKey.second));
 	wait(conn->connectHandshake());
 
 	TraceEvent("RESTTUilCreateNewConn")
diff --git a/fdbserver/EncryptKeyProxy.actor.cpp b/fdbserver/EncryptKeyProxy.actor.cpp
index b92b0c92e0..eea30aa47d 100644
--- a/fdbserver/EncryptKeyProxy.actor.cpp
+++ b/fdbserver/EncryptKeyProxy.actor.cpp
@@ -639,7 +639,7 @@ ACTOR Future<Void> refreshEncryptionKeysImpl(Reference<EncryptKeyProxyData> ekpP
 		     itr != ekpProxyData->baseCipherDomainIdCache.end();) {
 			if (isCipherKeyEligibleForRefresh(itr->second, currTS)) {
 				TraceEvent("RefreshEKs").detail("Id", itr->first);
-				req.encryptDomainIds.emplace_back(itr->first);
+				req.encryptDomainIds.push_back(itr->first);
 			}
 
 			// Garbage collect expired cached CipherKeys
@@ -650,6 +650,12 @@ ACTOR Future<Void> refreshEncryptionKeysImpl(Reference<EncryptKeyProxyData> ekpP
 			}
 		}
 
+		if (req.encryptDomainIds.empty()) {
+			// Nothing to refresh
+			TraceEvent(SevDebug, "RefreshEKsEmptyRefresh");
+			return Void();
+		}
+
 		state double startTime = now();
 		std::function<Future<KmsConnLookupEKsByDomainIdsRep>()> repF = [&]() {
 			return kmsConnectorInf.ekLookupByDomainIds.getReply(req);