[GitHub] [ignite] Vladsz83 commented on a change in pull request #9313: IGNITE-14999v3

Tue, 07 Sep 2021 04:27:55 -0700 


Vladsz83 commented on a change in pull request #9313:
URL: https://github.com/apache/ignite/pull/9313#discussion_r703425485



##########
File path: 
modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/snapshot/IgniteSnapshotManager.java
##########
@@ -1065,24 +1080,46 @@ public void cancelLocalSnapshotTask(String name) {
 
         GridKernalContext kctx0 = cctx.kernalContext();
 
-        Collection<ClusterNode> bltNodes = 
F.view(cctx.discovery().serverNodes(AffinityTopologyVersion.NONE),
-            (node) -> CU.baselineNode(node, kctx0.state().clusterState()));
-
-        kctx0.task().setThreadContext(TC_SKIP_AUTH, true);
-        kctx0.task().setThreadContext(TC_SUBGRID, bltNodes);
-
         kctx0.task().execute(SnapshotMetadataCollectorTask.class, 
name).listen(f0 -> {
             if (f0.error() == null) {
                 Map<ClusterNode, List<SnapshotMetadata>> metas = f0.result();
 
                 Map<Integer, String> grpIds = grps == null ? 
Collections.emptyMap() :
                     grps.stream().collect(Collectors.toMap(CU::cacheId, v -> 
v));
 
+                byte[] currentMasterKeyDigest = 
kctx0.config().getEncryptionSpi().masterKeyDigest();
+
                 for (List<SnapshotMetadata> nodeMetas : metas.values()) {
-                    for (SnapshotMetadata meta : nodeMetas)
+                    for (SnapshotMetadata meta : nodeMetas) {
+                        if (meta.masterKeyDigest() == null)
+                            continue;
+
+                        if (currentMasterKeyDigest == null) {
+                            res.onDone(new 
SnapshotPartitionsVerifyTaskResult(metas, new IdleVerifyResultV2(
+                                Collections.singletonMap(cctx.localNode(), new 
IllegalArgumentException("Snapshot '" + meta.snapshotName() +
+                                    "' has encrypted caches while encryption 
is disabled. No keys exist to decrypt data to validate.")))));
+
+                            return;
+                        }
+
+                        if (!Arrays.equals(meta.masterKeyDigest(), 
currentMasterKeyDigest)) {
+                            res.onDone(new 
SnapshotPartitionsVerifyTaskResult(metas, new IdleVerifyResultV2(
+                                Collections.singletonMap(cctx.localNode(), new 
IllegalArgumentException("Snapshot '" + meta.snapshotName() +
+                                    "' has different signature of the master 
key. Unable to decrypt data to validate.")))));
+
+                            return;
+                        }
+
                         grpIds.keySet().removeAll(meta.partitions().keySet());
+                    }
                 }
 
+                Collection<ClusterNode> bltNodes = 
F.view(cctx.discovery().serverNodes(AffinityTopologyVersion.NONE),
+                    (node) -> CU.baselineNode(node, 
kctx0.state().clusterState()));
+
+                kctx0.task().setThreadContext(TC_SKIP_AUTH, true);

Review comment:
       Fixed




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to