You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ignite.apache.org by GitBox <gi...@apache.org> on 2020/10/05 13:50:26 UTC

[GitHub] [ignite] xtern opened a new pull request #8317: IGNITE-13520 Skip generating encryption keys on the client node.

xtern opened a new pull request #8317:
URL: https://github.com/apache/ignite/pull/8317


   Thank you for submitting the pull request to the Apache Ignite.
   
   In order to streamline the review of the contribution 
   we ask you to ensure the following steps have been taken:
   
   ### The Contribution Checklist
   - [ ] There is a single JIRA ticket related to the pull request. 
   - [ ] The web-link to the pull request is attached to the JIRA ticket.
   - [ ] The JIRA ticket has the _Patch Available_ state.
   - [ ] The pull request body describes changes that have been made. 
   The description explains _WHAT_ and _WHY_ was made instead of _HOW_.
   - [ ] The pull request title is treated as the final commit message. 
   The following pattern must be used: `IGNITE-XXXX Change summary` where `XXXX` - number of JIRA issue.
   - [ ] A reviewer has been mentioned through the JIRA comments 
   (see [the Maintainers list](https://cwiki.apache.org/confluence/display/IGNITE/How+to+Contribute#HowtoContribute-ReviewProcessandMaintainers)) 
   - [ ] The pull request has been checked by the Teamcity Bot and 
   the `green visa` attached to the JIRA ticket (see [TC.Bot: Check PR](https://mtcga.gridgain.com/prs.html))
   
   ### Notes
   - [How to Contribute](https://cwiki.apache.org/confluence/display/IGNITE/How+to+Contribute)
   - [Coding abbreviation rules](https://cwiki.apache.org/confluence/display/IGNITE/Abbreviation+Rules)
   - [Coding Guidelines](https://cwiki.apache.org/confluence/display/IGNITE/Coding+Guidelines)
   - [Apache Ignite Teamcity Bot](https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+Teamcity+Bot)
   
   If you need any help, please email dev@ignite.apache.org or ask anу advice on http://asf.slack.com _#ignite_ channel.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] NSAmelchev commented on a change in pull request #8317: IGNITE-13520 Skip generating encryption keys on the client node.

Posted by GitBox <gi...@apache.org>.

NSAmelchev commented on a change in pull request #8317:
URL: https://github.com/apache/ignite/pull/8317#discussion_r501682068



##########
File path: modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java
##########
@@ -2003,6 +2003,12 @@ private String processJoiningNode(CacheJoinNodeDiscoveryData joinData, UUID node
             if (!registeredCaches.containsKey(cfg.getName())) {
                 String conflictErr = checkCacheConflict(cfg);
 
+                if (conflictErr == null && cfg.isEncryptionEnabled() && !locJoin &&
+                    ctx.encryption().groupKey(CU.cacheGroupId(cfg.getName(), cfg.getGroupName())) == null) {
+                    conflictErr = "Encryption key has not been generated. " +
+                        "The client node must dynamically start this cache [cacheName=" + cfg.getName() + "]";

Review comment:
       I think we should to write that cache *will be* started dynamically 

##########
File path: modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java
##########
@@ -2003,6 +2003,12 @@ private String processJoiningNode(CacheJoinNodeDiscoveryData joinData, UUID node
             if (!registeredCaches.containsKey(cfg.getName())) {
                 String conflictErr = checkCacheConflict(cfg);
 
+                if (conflictErr == null && cfg.isEncryptionEnabled() && !locJoin &&
+                    ctx.encryption().groupKey(CU.cacheGroupId(cfg.getName(), cfg.getGroupName())) == null) {
+                    conflictErr = "Encryption key has not been generated. " +
+                        "The client node must dynamically start this cache [cacheName=" + cfg.getName() + "]";

Review comment:
       I think we should to write that cache **will be** started dynamically 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] nizhikov merged pull request #8317: IGNITE-13520 Skip generating encryption keys on the client node.

Posted by GitBox <gi...@apache.org>.

nizhikov merged pull request #8317:
URL: https://github.com/apache/ignite/pull/8317


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] NSAmelchev commented on a change in pull request #8317: IGNITE-13520 Skip generating encryption keys on the client node.

Posted by GitBox <gi...@apache.org>.

NSAmelchev commented on a change in pull request #8317:
URL: https://github.com/apache/ignite/pull/8317#discussion_r510729162



##########
File path: modules/core/src/test/java/org/apache/ignite/internal/encryption/EncryptedCacheNodeJoinTest.java
##########
@@ -204,6 +221,106 @@ public void testClientNodeJoin() throws Exception {
         createEncryptedCache(client, grid0, cacheName(), null);
     }
 
+    /** */
+    @Test
+    public void testClientNodeJoinActiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, true, true);
+    }
+
+    /** */
+    @Test
+    public void testClientNodeJoinActiveClusterWithExistingStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, true, false);
+    }
+
+    /** */
+    @Test
+    public void testClientNodeJoinInactiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, false, true);
+    }
+
+    /** */
+    @Test
+    public void testClientNodeJoinInactiveClusterWithExistingStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, false, false);
+    }
+
+    /** */
+    @Test
+    public void testServerNodeJoinActiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(false, true, true);
+    }
+
+    /** */
+    @Test
+    public void testServerNodeJoinInactiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(false, false, true);
+    }
+
+    /**
+     * @param client {@code True} to test client node join, {@code False} to test server node join.
+     * @param activateBeforeJoin {@code True} to activate the server before joining the client node.
+     * @param newCfg {@code True} to configure cache on the last joined node. {@code False} to configure on all nodes.
+     */
+    public void checkNodeJoinWithStaticCacheConfig(
+        boolean client,
+        boolean activateBeforeJoin,
+        boolean newCfg
+    ) throws Exception {
+        if (!newCfg)
+            configureCache = true;
+
+        startGrid(GRID_0);
+        startGrid(GRID_6);
+
+        IgniteEx client1 = startClientGrid("client1");
+
+        if (newCfg)
+            configureCache = true;
+
+        if (activateBeforeJoin)
+            grid(GRID_0).cluster().state(ClusterState.ACTIVE);
+
+        if (client && newCfg) {
+

Review comment:
       Unnecessary line break




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] xtern commented on a change in pull request #8317: IGNITE-13520 Skip generating encryption keys on the client node.

Posted by GitBox <gi...@apache.org>.

xtern commented on a change in pull request #8317:
URL: https://github.com/apache/ignite/pull/8317#discussion_r510734137



##########
File path: modules/core/src/test/java/org/apache/ignite/internal/encryption/EncryptedCacheNodeJoinTest.java
##########
@@ -204,6 +221,106 @@ public void testClientNodeJoin() throws Exception {
         createEncryptedCache(client, grid0, cacheName(), null);
     }
 
+    /** */
+    @Test
+    public void testClientNodeJoinActiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, true, true);
+    }
+
+    /** */
+    @Test
+    public void testClientNodeJoinActiveClusterWithExistingStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, true, false);
+    }
+
+    /** */
+    @Test
+    public void testClientNodeJoinInactiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, false, true);
+    }
+
+    /** */
+    @Test
+    public void testClientNodeJoinInactiveClusterWithExistingStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(true, false, false);
+    }
+
+    /** */
+    @Test
+    public void testServerNodeJoinActiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(false, true, true);
+    }
+
+    /** */
+    @Test
+    public void testServerNodeJoinInactiveClusterWithNewStaticCacheConfig() throws Exception {
+        checkNodeJoinWithStaticCacheConfig(false, false, true);
+    }
+
+    /**
+     * @param client {@code True} to test client node join, {@code False} to test server node join.
+     * @param activateBeforeJoin {@code True} to activate the server before joining the client node.
+     * @param newCfg {@code True} to configure cache on the last joined node. {@code False} to configure on all nodes.
+     */
+    public void checkNodeJoinWithStaticCacheConfig(
+        boolean client,
+        boolean activateBeforeJoin,
+        boolean newCfg
+    ) throws Exception {
+        if (!newCfg)
+            configureCache = true;
+
+        startGrid(GRID_0);
+        startGrid(GRID_6);
+
+        IgniteEx client1 = startClientGrid("client1");
+
+        if (newCfg)
+            configureCache = true;
+
+        if (activateBeforeJoin)
+            grid(GRID_0).cluster().state(ClusterState.ACTIVE);
+
+        if (client && newCfg) {
+

Review comment:
       Done, thanks




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] NSAmelchev commented on a change in pull request #8317: IGNITE-13520 Skip generating encryption keys on the client node.

Posted by GitBox <gi...@apache.org>.

NSAmelchev commented on a change in pull request #8317:
URL: https://github.com/apache/ignite/pull/8317#discussion_r501682068



##########
File path: modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java
##########
@@ -2003,6 +2003,12 @@ private String processJoiningNode(CacheJoinNodeDiscoveryData joinData, UUID node
             if (!registeredCaches.containsKey(cfg.getName())) {
                 String conflictErr = checkCacheConflict(cfg);
 
+                if (conflictErr == null && cfg.isEncryptionEnabled() && !locJoin &&
+                    ctx.encryption().groupKey(CU.cacheGroupId(cfg.getName(), cfg.getGroupName())) == null) {
+                    conflictErr = "Encryption key has not been generated. " +
+                        "The client node must dynamically start this cache [cacheName=" + cfg.getName() + "]";

Review comment:
       I think we should to write that cache **will be** started dynamically 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] NSAmelchev commented on a change in pull request #8317: IGNITE-13520 Skip generating encryption keys on the client node.

Posted by GitBox <gi...@apache.org>.

NSAmelchev commented on a change in pull request #8317:
URL: https://github.com/apache/ignite/pull/8317#discussion_r501682068



##########
File path: modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java
##########
@@ -2003,6 +2003,12 @@ private String processJoiningNode(CacheJoinNodeDiscoveryData joinData, UUID node
             if (!registeredCaches.containsKey(cfg.getName())) {
                 String conflictErr = checkCacheConflict(cfg);
 
+                if (conflictErr == null && cfg.isEncryptionEnabled() && !locJoin &&
+                    ctx.encryption().groupKey(CU.cacheGroupId(cfg.getName(), cfg.getGroupName())) == null) {
+                    conflictErr = "Encryption key has not been generated. " +
+                        "The client node must dynamically start this cache [cacheName=" + cfg.getName() + "]";

Review comment:
       I think we should to write that cache *will be* started dynamically 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org