xtern commented on a change in pull request #7941:
URL: https://github.com/apache/ignite/pull/7941#discussion_r478322819
##########
File path:
modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java
##########
@@ -627,22 +716,104 @@ public void groupKey(int grpId, byte[] encGrpKey) {
return withMasterKeyChangeReadLock(() -> getSpi().getMasterKeyName());
}
+ /** {@inheritDoc} */
+ @Override public IgniteFuture<Void> changeCacheGroupKey(Collection<String>
cacheOrGrpNames) {
+ A.notEmpty(cacheOrGrpNames, "cacheOrGrpNames");
+
+ synchronized (opsMux) {
+ if (stopped) {
+ return new IgniteFinishedFutureImpl<>(new
IgniteException("Cache group key change was rejected. " +
+ "Node is stopping."));
+ }
+
+ if (masterKeyChangeFut != null && !masterKeyChangeFut.isDone()) {
+ return new IgniteFinishedFutureImpl<>(new
IgniteException("Cache group key change was rejected. " +
+ "The master key change is in progress."));
+ }
+
+ return grpKeyChangeProc.start(cacheOrGrpNames);
+ }
+ }
+
+ /**
+ * @param grpIds Cache group IDs.
+ * @param keyIds Encryption key IDs.
+ * @param keys Encryption keys.
+ * @throws IgniteCheckedException If failed.
+ */
+ protected void changeCacheGroupKeyLocal(int[] grpIds, byte[] keyIds,
byte[][] keys) throws IgniteCheckedException {
+ Map<Integer, Byte> encryptionStatus = U.newHashMap(grpIds.length);
+
+ for (int i = 0; i < grpIds.length; i++)
+ encryptionStatus.put(grpIds[i], keyIds[i]);
+
+ WALPointer ptr = ctx.cache().context().wal().log(new
ReencryptionStatusRecord(encryptionStatus));
+
+ if (ptr != null)
+ ctx.cache().context().wal().flush(ptr, false);
+
+ for (int i = 0; i < grpIds.length; i++) {
+ int grpId = grpIds[i];
+
+ CacheGroupContext grp = ctx.cache().cacheGroup(grpId);
+
+ if (grp == null)
+ continue;
+
+ GroupKeyEncrypted key = new GroupKeyEncrypted(keyIds[i] & 0xff,
keys[i]);
+
+ synchronized (metaStorageMux) {
+ // Store new key as inactive for recovery.
+ grpKeys.addKey(grpId, key);
+
+ writeToMetaStore(grpId, true, false);
+
+ // Set new key as key for writing.
+ GroupKey prevGrpKey = grpKeys.changeActiveKey(grpId, key);
+
+ assert prevGrpKey != null && prevGrpKey.id() != key.id() :
"prev=" + prevGrpKey + ", currId=" + key.id();
+
+ grpKeys.reserveWalKey(grpId, prevGrpKey.unsignedId(),
ctx.cache().context().wal().currentSegment());
+
+ writeToMetaStore(grpId, true, true);
+ }
+
+ reencryptGroups.put(grpId, pageScanner.pagesCount(grp));
+
+ if (log.isInfoEnabled())
+ log.info("New encryption key for group was added [grpId=" +
grpId + ", keyId=" + key.id() + "]");
+ }
+
+ startReencryption(encryptionStatus.keySet());
+ }
+
+ /**
+ * @param grpId Cache group ID.
+ * @return Future that will be completed when reencryption of the
specified group is finished.
+ */
+ public IgniteInternalFuture<Void> reencryptionFuture(int grpId) {
+ if (pageScanner.disabled() && reencryptGroups.containsKey(grpId))
+ return new GridFutureAdapter<>();
Review comment:
Changed to throw an exception
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
