Example 11 with GridEncryptionManager
use of org.apache.ignite.internal.managers.encryption.GridEncryptionManager in project ignite by apache.
the class CacheGroupKeyChangeTest method testNodeJoinAfterRotation.
/**
* Ensures that node can join after rotation of encryption key.
*
* @throws Exception If failed.
*/
@Test
public void testNodeJoinAfterRotation() throws Exception {
backups = 1;
T2<IgniteEx, IgniteEx> nodes = startTestGrids(true);
createEncryptedCache(nodes.get1(), nodes.get2(), cacheName(), null);
forceCheckpoint();
stopGrid(GRID_1);
resetBaselineTopology();
nodes.get1().encryption().changeCacheGroupKey(Collections.singleton(cacheName())).get();
startGrid(GRID_1);
resetBaselineTopology();
awaitPartitionMapExchange();
int grpId = CU.cacheId(cacheName());
checkGroupKey(grpId, INITIAL_KEY_ID + 1, MAX_AWAIT_MILLIS);
checkEncryptedCaches(grid(GRID_0), grid(GRID_1));
GridEncryptionManager encrMgr0 = grid(GRID_0).context().encryption();
GridEncryptionManager encrMgr1 = grid(GRID_1).context().encryption();
long maxWalIdx = Math.max(nodes.get1().context().cache().context().wal().currentSegment(), nodes.get2().context().cache().context().wal().currentSegment());
for (long idx = 0; idx <= maxWalIdx; idx++) {
encrMgr0.onWalSegmentRemoved(maxWalIdx);
encrMgr1.onWalSegmentRemoved(maxWalIdx);
}
checkKeysCount(grid(GRID_1), grpId, 1, MAX_AWAIT_MILLIS);
checkKeysCount(grid(GRID_0), grpId, 1, MAX_AWAIT_MILLIS);
startGrid(GRID_2);
resetBaselineTopology();
awaitPartitionMapExchange();
checkGroupKey(grpId, INITIAL_KEY_ID + 1, MAX_AWAIT_MILLIS);
checkEncryptedCaches(grid(GRID_2), nodes.get1());
assertEquals(encrMgr0.groupKeyIds(grpId), grid(GRID_2).context().encryption().groupKeyIds(grpId));
}
Also used :
GridEncryptionManager(org.apache.ignite.internal.managers.encryption.GridEncryptionManager)
IgniteEx(org.apache.ignite.internal.IgniteEx)
Test(org.junit.Test)
Example 12 with GridEncryptionManager
use of org.apache.ignite.internal.managers.encryption.GridEncryptionManager in project ignite by apache.
the class CacheGroupKeyChangeTest method testBasicChangeWithConstantLoad.
/**
* @throws Exception If failed.
*/
@Test
public void testBasicChangeWithConstantLoad() throws Exception {
walSegments = 20;
startTestGrids(true);
IgniteEx node0 = grid(GRID_0);
IgniteEx node1 = grid(GRID_1);
GridEncryptionManager encrMgr0 = node0.context().encryption();
GridEncryptionManager encrMgr1 = node1.context().encryption();
createEncryptedCache(node0, node1, cacheName(), null);
forceCheckpoint();
int grpId = CU.cacheId(cacheName());
IgniteInternalFuture<?> loadFut = loadDataAsync(node0);
try {
IgniteCache<Object, Object> cache = node0.cache(cacheName());
boolean success = waitForCondition(() -> cache.size() > 2000, MAX_AWAIT_MILLIS);
assertTrue(success);
node0.encryption().changeCacheGroupKey(Collections.singleton(cacheName())).get(MAX_AWAIT_MILLIS);
awaitEncryption(G.allGrids(), grpId, MAX_AWAIT_MILLIS);
waitForCondition(() -> encrMgr0.groupKeyIds(grpId).size() == 1 && encrMgr1.groupKeyIds(grpId).size() == 1, MAX_AWAIT_MILLIS);
} finally {
loadFut.cancel();
}
checkGroupKey(grpId, INITIAL_KEY_ID + 1, MAX_AWAIT_MILLIS);
assertEquals(node0.cluster().localNode().id().toString(), 1, encrMgr0.groupKeyIds(grpId).size());
assertEquals(node1.cluster().localNode().id().toString(), 1, encrMgr1.groupKeyIds(grpId).size());
}
Also used :
GridEncryptionManager(org.apache.ignite.internal.managers.encryption.GridEncryptionManager)
IgniteEx(org.apache.ignite.internal.IgniteEx)
Test(org.junit.Test)
Example 13 with GridEncryptionManager
use of org.apache.ignite.internal.managers.encryption.GridEncryptionManager in project ignite by apache.
the class AbstractEncryptionTest method checkGroupKey.
/**
* Ensures that all pages of page store have expected encryption key identifier.
*
* @param grpId Cache group ID.
* @param expKeyId Encryption key ID.
* @param timeout Timeout to wait for encryption to complete.
* @throws Exception If failed.
*/
protected void checkGroupKey(int grpId, int expKeyId, long timeout) throws Exception {
awaitEncryption(G.allGrids(), grpId, timeout);
for (Ignite g : G.allGrids()) {
IgniteEx grid = (IgniteEx) g;
if (grid.context().clientNode())
continue;
info("Validating encryption key [node=" + g.cluster().localNode().id() + ", grp=" + grpId + "]");
CacheGroupContext grp = grid.context().cache().cacheGroup(grpId);
if (grp == null || !grp.affinityNode()) {
info("Context doesn't exits on " + grid.localNode().id());
continue;
}
GridEncryptionManager encryption = grid.context().encryption();
assertEquals(grid.localNode().id().toString(), (byte) expKeyId, encryption.getActiveKey(grpId).id());
IgniteInternalFuture<Void> fut = encryption.reencryptionFuture(grpId);
// The future will be completed after the checkpoint, forcecheckpoint does nothing
// if the checkpoint has already been scheduled.
GridTestUtils.waitForCondition(() -> {
if (fut.isDone())
return true;
try {
forceCheckpoint(g);
} catch (IgniteCheckedException e) {
throw new RuntimeException(e);
}
return fut.isDone();
}, timeout);
assertTrue(fut.isDone());
assertEquals(0, encryption.getBytesLeftForReencryption(grpId));
List<Integer> parts = IntStream.range(0, grp.shared().affinity().affinity(grpId).partitions()).boxed().collect(Collectors.toList());
parts.add(INDEX_PARTITION);
int realPageSize = grp.dataRegion().pageMemory().realPageSize(grpId);
int encryptionBlockSize = grp.shared().kernalContext().config().getEncryptionSpi().blockSize();
for (int p : parts) {
FilePageStore pageStore = (FilePageStore) ((FilePageStoreManager) grp.shared().pageStore()).getStore(grpId, p);
if (!pageStore.exists())
continue;
long state = grid.context().encryption().getEncryptionState(grpId, p);
String msg = String.format("p=%d, off=%d, total=%d", p, ReencryptStateUtils.pageIndex(state), ReencryptStateUtils.pageCount(state));
assertEquals(msg, 0, ReencryptStateUtils.pageCount(state));
assertEquals(msg, 0, ReencryptStateUtils.pageIndex(state));
long startPageId = PageIdUtils.pageId(p, PageIdAllocator.FLAG_DATA, 0);
int pagesCnt = pageStore.pages();
int pageSize = pageStore.getPageSize();
ByteBuffer pageBuf = ByteBuffer.allocate(pageSize);
Path path = new File(pageStore.getFileAbsolutePath()).toPath();
try (FileChannel ch = FileChannel.open(path, StandardOpenOption.READ)) {
for (int n = 0; n < pagesCnt; n++) {
long pageId = startPageId + n;
long pageOff = pageStore.pageOffset(pageId);
pageBuf.position(0);
ch.position(pageOff);
ch.read(pageBuf);
pageBuf.position(realPageSize + encryptionBlockSize);
int pageCrc = pageBuf.getInt();
int pageKeyId = pageBuf.get() & 0xff;
// If this page is empty we can skip it.
if (pageCrc == 0 && pageKeyId == 0) {
pageBuf.position(0);
boolean emptyPage = false;
while (pageBuf.hasRemaining() && !emptyPage) emptyPage = pageBuf.getLong() == 0;
if (emptyPage)
continue;
}
msg = String.format("File=%s, page=%d", pageStore.getFileAbsolutePath(), n);
assertEquals(msg, expKeyId, pageKeyId);
}
}
}
}
}
Also used :
Path(java.nio.file.Path)
GridEncryptionManager(org.apache.ignite.internal.managers.encryption.GridEncryptionManager)
FileChannel(java.nio.channels.FileChannel)
FilePageStore(org.apache.ignite.internal.processors.cache.persistence.file.FilePageStore)
ByteBuffer(java.nio.ByteBuffer)
IgniteCheckedException(org.apache.ignite.IgniteCheckedException)
IgniteEx(org.apache.ignite.internal.IgniteEx)
Ignite(org.apache.ignite.Ignite)
CacheGroupContext(org.apache.ignite.internal.processors.cache.CacheGroupContext)
File(java.io.File)
Example 14 with GridEncryptionManager
use of org.apache.ignite.internal.managers.encryption.GridEncryptionManager in project ignite by apache.
the class EncryptedCacheGroupCreateTest method testCreateEncryptedCacheGroup.
/**
* @throws Exception If failed.
*/
@Test
public void testCreateEncryptedCacheGroup() throws Exception {
KeystoreEncryptionKey key = createEncryptedCache(ENCRYPTED_CACHE, ENCRYPTED_GROUP);
CacheConfiguration<Long, String> ccfg = new CacheConfiguration<>(ENCRYPTED_CACHE + "2");
ccfg.setEncryptionEnabled(true);
ccfg.setGroupName(ENCRYPTED_GROUP);
IgniteEx grid = grid(0);
grid.createCache(ccfg);
IgniteInternalCache<Object, Object> encrypted2 = grid.cachex(ENCRYPTED_CACHE + "2");
GridEncryptionManager encMgr = encrypted2.context().kernalContext().encryption();
GroupKey grpKey2 = encMgr.getActiveKey(CU.cacheGroupId(ENCRYPTED_CACHE, ENCRYPTED_GROUP));
assertNotNull(grpKey2);
KeystoreEncryptionKey key2 = (KeystoreEncryptionKey) grpKey2.key();
assertNotNull(key2);
assertNotNull(key2.key());
assertEquals(key.key(), key2.key());
}
Also used :
GridEncryptionManager(org.apache.ignite.internal.managers.encryption.GridEncryptionManager)
KeystoreEncryptionKey(org.apache.ignite.spi.encryption.keystore.KeystoreEncryptionKey)
IgniteEx(org.apache.ignite.internal.IgniteEx)
GroupKey(org.apache.ignite.internal.managers.encryption.GroupKey)
CacheConfiguration(org.apache.ignite.configuration.CacheConfiguration)
Test(org.junit.Test)
Example 15 with GridEncryptionManager
use of org.apache.ignite.internal.managers.encryption.GridEncryptionManager in project ignite by apache.
the class IgnitePageMemReplaceDelayedWriteUnitTest method createPageMemory.
/**
* @param cfg configuration
* @param pageWriter writer for page replacement.
* @param pageSize page size
* @return implementation for test
*/
@NotNull
private PageMemoryImpl createPageMemory(IgniteConfiguration cfg, PageStoreWriter pageWriter, int pageSize) {
IgniteCacheDatabaseSharedManager db = mock(GridCacheDatabaseSharedManager.class);
when(db.checkpointLockIsHeldByThread()).thenReturn(true);
GridCacheSharedContext sctx = Mockito.mock(GridCacheSharedContext.class);
when(sctx.gridConfig()).thenReturn(cfg);
when(sctx.pageStore()).thenReturn(new NoOpPageStoreManager());
when(sctx.wal()).thenReturn(new NoOpWALManager());
when(sctx.database()).thenReturn(db);
when(sctx.logger(any(Class.class))).thenReturn(log);
GridKernalContext kernalCtx = mock(GridKernalContext.class);
when(kernalCtx.config()).thenReturn(cfg);
when(kernalCtx.log(any(Class.class))).thenReturn(log);
when(kernalCtx.internalSubscriptionProcessor()).thenAnswer(mock -> new GridInternalSubscriptionProcessor(kernalCtx));
when(kernalCtx.encryption()).thenAnswer(mock -> new GridEncryptionManager(kernalCtx));
when(kernalCtx.metric()).thenAnswer(mock -> new GridMetricManager(kernalCtx));
when(kernalCtx.performanceStatistics()).thenAnswer(mock -> new PerformanceStatisticsProcessor(kernalCtx));
when(sctx.kernalContext()).thenReturn(kernalCtx);
when(sctx.gridEvents()).thenAnswer(invocationOnMock -> new GridEventStorageManager(kernalCtx));
DataRegionConfiguration regCfg = cfg.getDataStorageConfiguration().getDefaultDataRegionConfiguration();
DataRegionMetricsImpl memMetrics = new DataRegionMetricsImpl(regCfg, kernalCtx);
long[] sizes = prepareSegmentSizes(regCfg.getMaxSize());
DirectMemoryProvider provider = new UnsafeMemoryProvider(log);
IgniteOutClosure<CheckpointProgress> clo = () -> Mockito.mock(CheckpointProgressImpl.class);
PageMemoryImpl memory = new PageMemoryImpl(provider, sizes, sctx, sctx.pageStore(), pageSize, pageWriter, null, () -> true, memMetrics, PageMemoryImpl.ThrottlingPolicy.DISABLED, clo);
memory.start();
return memory;
}
Also used :
GridEventStorageManager(org.apache.ignite.internal.managers.eventstorage.GridEventStorageManager)
GridEncryptionManager(org.apache.ignite.internal.managers.encryption.GridEncryptionManager)
CheckpointProgress(org.apache.ignite.internal.processors.cache.persistence.checkpoint.CheckpointProgress)
GridInternalSubscriptionProcessor(org.apache.ignite.internal.processors.subscription.GridInternalSubscriptionProcessor)
GridKernalContext(org.apache.ignite.internal.GridKernalContext)
GridCacheSharedContext(org.apache.ignite.internal.processors.cache.GridCacheSharedContext)
DataRegionMetricsImpl(org.apache.ignite.internal.processors.cache.persistence.DataRegionMetricsImpl)
PerformanceStatisticsProcessor(org.apache.ignite.internal.processors.performancestatistics.PerformanceStatisticsProcessor)
DataRegionConfiguration(org.apache.ignite.configuration.DataRegionConfiguration)
DirectMemoryProvider(org.apache.ignite.internal.mem.DirectMemoryProvider)
GridMetricManager(org.apache.ignite.internal.processors.metric.GridMetricManager)
UnsafeMemoryProvider(org.apache.ignite.internal.mem.unsafe.UnsafeMemoryProvider)
IgniteCacheDatabaseSharedManager(org.apache.ignite.internal.processors.cache.persistence.IgniteCacheDatabaseSharedManager)
NotNull(org.jetbrains.annotations.NotNull)
Aggregations
GridEncryptionManager (org.apache.ignite.internal.managers.encryption.GridEncryptionManager)15
GridMetricManager (org.apache.ignite.internal.processors.metric.GridMetricManager)7
PerformanceStatisticsProcessor (org.apache.ignite.internal.processors.performancestatistics.PerformanceStatisticsProcessor)7
GridInternalSubscriptionProcessor (org.apache.ignite.internal.processors.subscription.GridInternalSubscriptionProcessor)7
GridSystemViewManager (org.apache.ignite.internal.managers.systemview.GridSystemViewManager)6
DirectMemoryProvider (org.apache.ignite.internal.mem.DirectMemoryProvider)6
DataRegionConfiguration (org.apache.ignite.configuration.DataRegionConfiguration)5
DataStorageConfiguration (org.apache.ignite.configuration.DataStorageConfiguration)5
IgniteConfiguration (org.apache.ignite.configuration.IgniteConfiguration)5
IgniteEx (org.apache.ignite.internal.IgniteEx)5
JmxSystemViewExporterSpi (org.apache.ignite.internal.managers.systemview.JmxSystemViewExporterSpi)5
FullPageId (org.apache.ignite.internal.pagemem.FullPageId)5
GridCacheSharedContext (org.apache.ignite.internal.processors.cache.GridCacheSharedContext)5
DataRegionMetricsImpl (org.apache.ignite.internal.processors.cache.persistence.DataRegionMetricsImpl)5
IgniteCacheDatabaseSharedManager (org.apache.ignite.internal.processors.cache.persistence.IgniteCacheDatabaseSharedManager)5
CheckpointProgress (org.apache.ignite.internal.processors.cache.persistence.checkpoint.CheckpointProgress)5
IgnitePluginProcessor (org.apache.ignite.internal.processors.plugin.IgnitePluginProcessor)5
NoopEncryptionSpi (org.apache.ignite.spi.encryption.noop.NoopEncryptionSpi)5
NoopMetricExporterSpi (org.apache.ignite.spi.metric.noop.NoopMetricExporterSpi)5
GridTestKernalContext (org.apache.ignite.testframework.junits.GridTestKernalContext)5
