NSAmelchev commented on a change in pull request #7941:
URL: https://github.com/apache/ignite/pull/7941#discussion_r455029915
##########
File path:
modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java
##########
@@ -627,10 +820,83 @@ public void groupKey(int grpId, byte[] encGrpKey) {
return withMasterKeyChangeReadLock(() -> getSpi().getMasterKeyName());
}
+ /** {@inheritDoc} */
+ @Override public IgniteFuture<Void> changeCacheGroupKey(Collection<String>
cacheOrGrpNames) {
+ A.notEmpty(cacheOrGrpNames, "cacheOrGrpNames");
+
+ if (ctx.clientNode())
+ throw new UnsupportedOperationException("Client and daemon nodes
can not perform this operation.");
+
+ if (!IgniteFeatures.allNodesSupports(ctx.grid().cluster().nodes(),
CACHE_GROUP_KEY_CHANGE))
+ throw new IllegalStateException("Not all nodes in the cluster
support this operation.");
+
+ if (!ctx.state().clusterState().active())
+ throw new IgniteException("Operation was rejected. The cluster is
inactive.");
+
+ DiscoCache discoCache = ctx.discovery().discoCache();
+
+ int bltSize = discoCache.baselineNodes().size();
+ int bltOnline = discoCache.aliveBaselineNodes().size();
+
+ if (bltSize != bltOnline)
+ throw new IgniteException("Not all baseline nodes online [total="
+ bltSize + ", online=" + bltOnline + "]");
+
+ int[] grpIds = new int[cacheOrGrpNames.size()];
+ byte[] keyIds = new byte[grpIds.length];
+ byte[][] keys = new byte[grpIds.length][];
+
+ int n = 0;
+
+ for (String cacheOrGroupName : cacheOrGrpNames) {
+ CacheGroupContext grp =
ctx.cache().cacheGroup(CU.cacheId(cacheOrGroupName));
+
+ if (grp == null) {
+ IgniteInternalCache cache =
ctx.cache().cache(cacheOrGroupName);
+
+ if (cache == null)
+ throw new IgniteException("Cache or group \"" +
cacheOrGroupName + "\" doesn't exists");
+
+ grp = cache.context().group();
+
+ if (grp.sharedGroup()) {
+ throw new IgniteException("Cache or group \"" +
cacheOrGroupName + "\" is a part of group " +
+ grp.name() + ". Provide group name instead of cache
name for shared groups.");
+ }
+ }
+
+ if (!grp.config().isEncryptionEnabled())
+ throw new IgniteException("Cache or group \"" +
cacheOrGroupName + "\" is not encrypted.");
+
+ if (reencryptGroups.containsKey(grp.groupId()))
+ throw new IgniteException("Reencryption is in progress [grp="
+ cacheOrGroupName + "]");
+
+ grpIds[n] = grp.groupId();
+ keyIds[n] = (byte)(groupKey(grp.groupId()).unsignedId() + 1);
+ keys[n] = getSpi().encryptKey(getSpi().create());
Review comment:
Must be under master key change read lock
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
