You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by ni...@apache.org on 2020/12/02 12:54:47 UTC
[ignite] branch master updated: IGNITE-13520 Skip generating
encryption keys on the client node. (#8317)
This is an automated email from the ASF dual-hosted git repository.
nizhikov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new bd4fb3c IGNITE-13520 Skip generating encryption keys on the client node. (#8317)
bd4fb3c is described below
commit bd4fb3c162e17601fa65d108d553937366bb1ea7
Author: Pavel Pereslegin <xx...@gmail.com>
AuthorDate: Wed Dec 2 15:54:13 2020 +0300
IGNITE-13520 Skip generating encryption keys on the client node. (#8317)
---
.../managers/encryption/GridEncryptionManager.java | 2 +-
.../processors/cache/ClusterCachesInfo.java | 18 +++-
.../processors/cache/GridCacheProcessor.java | 2 +-
.../encryption/EncryptedCacheNodeJoinTest.java | 118 ++++++++++++++++++++-
.../src/test/config/enc/enc-cache-client.xml | 2 +-
5 files changed, 136 insertions(+), 6 deletions(-)
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java
index 3683313..2c31dcd 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java
@@ -501,7 +501,7 @@ public class GridEncryptionManager extends GridManagerAdapter<EncryptionSpi> imp
/** {@inheritDoc} */
@Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) {
- if (dataBag.isJoiningNodeClient())
+ if (ctx.clientNode())
return;
Set<Integer> grpIds = grpKeys.groupIds();
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java
index 88a9fde..96ca007 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/ClusterCachesInfo.java
@@ -1864,9 +1864,10 @@ public class ClusterCachesInfo {
/**
* @param data Joining node data.
+ * @param joiningNodeClient Joining node is client flag.
* @return Message with error or null if everything was OK.
*/
- public String validateJoiningNodeData(DiscoveryDataBag.JoiningNodeDiscoveryData data) {
+ public String validateJoiningNodeData(DiscoveryDataBag.JoiningNodeDiscoveryData data, boolean joiningNodeClient) {
if (data.hasJoiningNodeData()) {
Serializable joiningNodeData = data.joiningNodeData();
@@ -1874,6 +1875,7 @@ public class ClusterCachesInfo {
CacheJoinNodeDiscoveryData joinData = (CacheJoinNodeDiscoveryData)joiningNodeData;
Set<String> problemCaches = null;
+ Set<String> encClientCaches = null;
for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : joinData.caches().values()) {
CacheConfiguration<?, ?> cfg = cacheInfo.cacheData().config();
@@ -1895,6 +1897,12 @@ public class ClusterCachesInfo {
problemCaches.add(cfg.getName());
}
+ else if (joiningNodeClient && cfg.isEncryptionEnabled()) {
+ if (encClientCaches == null)
+ encClientCaches = new HashSet<>();
+
+ encClientCaches.add(cfg.getName());
+ }
}
}
@@ -1903,6 +1911,14 @@ public class ClusterCachesInfo {
"Joining node has caches with data which are not presented on cluster, " +
"it could mean that they were already destroyed, to add the node to cluster - " +
"remove directories with the caches[", "]"));
+
+ if (!F.isEmpty(encClientCaches)) {
+ return encClientCaches.stream().collect(Collectors.joining(", ",
+ "Joining node has encrypted caches which are not presented on the cluster, " +
+ "encrypted caches configured on client node cannot be started when such node joins " +
+ "the cluster, these caches can be started manually (dynamically) after node joined" +
+ "[caches=", "]"));
+ }
}
}
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java
index 01124fb..4a1aceb 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java
@@ -3107,7 +3107,7 @@ public class GridCacheProcessor extends GridProcessorAdapter {
if (!cachesInfo.isMergeConfigSupports(node))
return null;
- String validationRes = cachesInfo.validateJoiningNodeData(discoData);
+ String validationRes = cachesInfo.validateJoiningNodeData(discoData, node.isClient());
if (validationRes != null)
return new IgniteNodeValidationResult(node.id(), validationRes, validationRes);
diff --git a/modules/core/src/test/java/org/apache/ignite/internal/encryption/EncryptedCacheNodeJoinTest.java b/modules/core/src/test/java/org/apache/ignite/internal/encryption/EncryptedCacheNodeJoinTest.java
index cdf802b..2391bdb 100644
--- a/modules/core/src/test/java/org/apache/ignite/internal/encryption/EncryptedCacheNodeJoinTest.java
+++ b/modules/core/src/test/java/org/apache/ignite/internal/encryption/EncryptedCacheNodeJoinTest.java
@@ -17,12 +17,16 @@
package org.apache.ignite.internal.encryption;
+import org.apache.ignite.IgniteCache;
import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.cluster.ClusterState;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.util.IgniteUtils;
+import org.apache.ignite.spi.IgniteSpiException;
import org.apache.ignite.spi.encryption.keystore.KeystoreEncryptionSpi;
+import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Test;
import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause;
@@ -43,6 +47,12 @@ public class EncryptedCacheNodeJoinTest extends AbstractEncryptionTest {
private static final String GRID_5 = "grid-5";
/** */
+ private static final String GRID_6 = "grid-6";
+
+ /** */
+ private static final String GRID_7 = "grid-7";
+
+ /** */
public static final String CLIENT = "client";
/** */
@@ -76,7 +86,9 @@ public class EncryptedCacheNodeJoinTest extends AbstractEncryptionTest {
grid.equals(GRID_2) ||
grid.equals(GRID_3) ||
grid.equals(GRID_4) ||
- grid.equals(GRID_5)) {
+ grid.equals(GRID_5) ||
+ grid.equals(GRID_6) ||
+ grid.equals(GRID_7)) {
KeystoreEncryptionSpi encSpi = new KeystoreEncryptionSpi();
encSpi.setKeyStorePath(grid.equals(GRID_2) ? KEYSTORE_PATH_2 : KEYSTORE_PATH);
@@ -98,7 +110,12 @@ public class EncryptedCacheNodeJoinTest extends AbstractEncryptionTest {
CacheConfiguration ccfg = defaultCacheConfiguration();
ccfg.setName(cacheName());
- ccfg.setEncryptionEnabled(gridName.equals(GRID_0));
+
+ if (gridName.startsWith(CLIENT) ||
+ gridName.equals(GRID_0) ||
+ gridName.equals(GRID_6) ||
+ gridName.equals(GRID_7))
+ ccfg.setEncryptionEnabled(true);
return ccfg;
}
@@ -206,6 +223,103 @@ public class EncryptedCacheNodeJoinTest extends AbstractEncryptionTest {
/** */
@Test
+ public void testClientNodeJoinActiveClusterWithNewStaticCacheConfig() throws Exception {
+ checkNodeJoinWithStaticCacheConfig(true, true, true);
+ }
+
+ /** */
+ @Test
+ public void testClientNodeJoinActiveClusterWithExistingStaticCacheConfig() throws Exception {
+ checkNodeJoinWithStaticCacheConfig(true, true, false);
+ }
+
+ /** */
+ @Test
+ public void testClientNodeJoinInactiveClusterWithNewStaticCacheConfig() throws Exception {
+ checkNodeJoinWithStaticCacheConfig(true, false, true);
+ }
+
+ /** */
+ @Test
+ public void testClientNodeJoinInactiveClusterWithExistingStaticCacheConfig() throws Exception {
+ checkNodeJoinWithStaticCacheConfig(true, false, false);
+ }
+
+ /** */
+ @Test
+ public void testServerNodeJoinActiveClusterWithNewStaticCacheConfig() throws Exception {
+ checkNodeJoinWithStaticCacheConfig(false, true, true);
+ }
+
+ /** */
+ @Test
+ public void testServerNodeJoinInactiveClusterWithNewStaticCacheConfig() throws Exception {
+ checkNodeJoinWithStaticCacheConfig(false, false, true);
+ }
+
+ /**
+ * @param client {@code True} to test client node join, {@code False} to test server node join.
+ * @param activateBeforeJoin {@code True} to activate the server before joining the client node.
+ * @param newCfg {@code True} to configure cache on the last joined node. {@code False} to configure on all nodes.
+ */
+ private void checkNodeJoinWithStaticCacheConfig(
+ boolean client,
+ boolean activateBeforeJoin,
+ boolean newCfg
+ ) throws Exception {
+ if (!newCfg)
+ configureCache = true;
+
+ startGrid(GRID_0);
+ startGrid(GRID_6);
+
+ IgniteEx client1 = startClientGrid("client1");
+
+ if (newCfg)
+ configureCache = true;
+
+ if (activateBeforeJoin)
+ grid(GRID_0).cluster().state(ClusterState.ACTIVE);
+
+ if (client && newCfg) {
+ String expErrMsg = "Joining node has encrypted caches which are not presented on the cluster, " +
+ "encrypted caches configured on client node cannot be started when such node joins " +
+ "the cluster, these caches can be started manually (dynamically) after node is joined " +
+ "[caches=" + cacheName() + ']';
+
+ GridTestUtils.assertThrowsAnyCause(log, () -> startClientGrid(CLIENT), IgniteSpiException.class, expErrMsg);
+
+ return;
+ }
+
+ IgniteEx node = client ? startClientGrid(CLIENT) : startGrid(GRID_7);
+
+ if (!activateBeforeJoin)
+ grid(GRID_0).cluster().state(ClusterState.ACTIVE);
+
+ awaitPartitionMapExchange();
+
+ IgniteCache<Object, Object> cache = node.cache(cacheName());
+
+ assertNotNull(cache);
+
+ for (long i = 0; i < 100; i++)
+ cache.put(i, String.valueOf(i));
+
+ checkEncryptedCaches(grid(GRID_0), grid(GRID_6));
+ checkEncryptedCaches(grid(GRID_0), client1);
+ checkData(client1);
+
+ if (client) {
+ checkEncryptedCaches(grid(GRID_0), grid(CLIENT));
+ checkData(grid(CLIENT));
+ }
+ else
+ checkEncryptedCaches(grid(GRID_7), grid(GRID_0));
+ }
+
+ /** */
+ @Test
public void testNodeCantJoinWithSameNameButNotEncCache() throws Exception {
configureCache = true;
diff --git a/modules/spring/src/test/config/enc/enc-cache-client.xml b/modules/spring/src/test/config/enc/enc-cache-client.xml
index ba4068a..6ebef07 100644
--- a/modules/spring/src/test/config/enc/enc-cache-client.xml
+++ b/modules/spring/src/test/config/enc/enc-cache-client.xml
@@ -23,7 +23,7 @@
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="cache.cfg" class="org.apache.ignite.configuration.CacheConfiguration">
- <property name="name" value="encrypted-client"/>
+ <property name="name" value="encrypted"/>
<property name="encryptionEnabled" value="true"/>
</bean>