* Update main branch to 7.4
* Update API version to 740
* Makes fdb_c_client_config_tests.py passing after API version update
* Remove from_7.3.0_until_7.4.0 and add from_7.3.0
* Update tests in fdb_c_client_config_tests.py
* Test watch cleanup on cancel
* Fix clearing the database in Java integration tests
* Always cancel the futures wrapped by MVC abortable futures
* More tests for watch cleanup
* Fix clear database database in some Java integration tests
* Add networkoption to disable non-TLS connections
* add disable plaintext connection to fdbserver
* python doc
* Formatting
* Add tls disable plaintext connection to client api test
* review
* fix negative test
* formatting
* add TLS support to c client config tests
Adds support for TLS in the client and server separately
* add tests for disable_plaintext_connections
Test TLS and Plaintext Clusters and Clients
* Fix documentation
* Rename option to indicate it is client-only
* clearer formatting
* default to allowing plaintext connections
* add SetTLSDisablePlaintextConnection to go bindings
Fix `RangeResult.readThrough` misuses:
1. KeyValueStores do not need to set readThrough, as it will not be
serialized and return. Also setting it to the last key of the result
is not right, it should at least be the keyAfter of the last key;
2. Fix NativeAPI doesn't set `RangeResult.more` in a few places;
3. Avoid `tryGetRange()` setting `readThrough` when `more` is false,
which was a workaround for the above item 2;
4. `tryGetRangeFromBlob()` doesn't set `more` but set `readThrough` to
indicate it is end, which was following the same above workaround I
think. Fixed that.
5. `getRangeStream()` is going to set `more` to true and then let the
`readThrough` be it's boundary.
Also added readThrough getter/setter function to validate it's usage.
* EaR: Implement Key Check Value semantics
Description
Key Check Value (KCV) is a checksum of cryptographic encryption key
used to validate encryption keys's integrity. FDB Encryption at-rest
relies on external KMS to supply encryption keys.
Patch proposes following major changes:
1. Implement Sha256 based KCV implementation to protect against
'baseCipher' corruption in two possible scenarios:
a) potential corruption external to FDB
b) potential corruption within FDB processes.
2. Scheme persists computed KCV token in block encryption header,
which then gets validated as part of header validation during
decryption.
3. FDB Encryption key derivation uses HMAC_SHA256 digest generation
scheme, which allows max 64 bytes of 'cipher buffer', patch add
required check to ensure 'baseCipher' length are within bounds.
OpenSSL HMAC underlying call ignores extra length if supplied, however,
it weakens the security guarantees, hence, disallowed.
Testing
devRunCorrectness - multiple 500K runs
Valgrind & Asan - BlobCipherUnit, RESTKMSUnit, BlobGranuleCorrectness*,
EncryptionOps, EncryptKeyProxyTest
* Api Tester: Specify knobs in the toml file; Test loop profiler
* Gracefully stop the loop profiler thread
* Protect loop profiler thread by mutex
* Create loop profiler thread only if is not stopped
The ruby bindings are not currently installable. We can reproduce this
with a build from source:
```
foundationdb/tmp on main [$?] via △ v3.25.2
zsh ❯ gem install ./bindings/ruby/fdb-7.3.0.gem
ERROR: While executing gem ... (Gem::Package::PathError)
installing into parent path /Users/andrew/projects/foundationdb/LICENSE of /Users/andrew/.rbenv/versions/3.2.1/lib/ruby/gems/3.2.0/gems/fdb-7.3.0 is not allowed
```
The problem is that the gemspec is interpolating the source directory
into the `files` array - and while this allows the gem to build, it
prevents it from actually being installed.
To fix it, we borrow similar code from the python bindings to copy the
necessary files and license into the build directory before building the
gem. This allows the gem to be installed:
```
foundationdb/tmp on main [!?] via △ v3.25.2
zsh ❯ gem install ./bindings/ruby/fdb-7.3.0.gem
Successfully installed fdb-7.3.0
Parsing documentation for fdb-7.3.0
Installing ri documentation for fdb-7.3.0
Done installing documentation for fdb after 0 seconds
1 gem installed
```
While fixing the gem build, I noticed that the gem will not run on arm64
machines, like the new spiffy M1/M2 MacBooks. On a whim, I tried just
removing that restriction... and it does seem to work:
```
foundationdb/bindings/ruby/lib on ahayworth/fix-ruby-binding-build [?] via 💎 v3.2.1 took 2s
zsh ❯ pry
[1] pry(main)> require 'fdb'
=> true
[2] pry(main)> FDB.api_version 720
LoadError: FoundationDB API only supported on x86_64 (not arm64)
from /Users/andrew/.rbenv/versions/3.2.1/lib/ruby/gems/3.2.0/gems/fdb-7.3.0/lib/fdbimpl.rb:40:in `<module:FDBC>'
[3] pry(main)>
```
* Disable client trace check test on older version
Older version doesn't guarantee trace flush upon network::stop()
Comment it out for the time being
* Black-reformat authz and client config tester scripts
Zhe Wu