mirror of
https://github.com/apple/foundationdb.git
synced 2025-05-17 03:12:21 +08:00
* EncryptKeyProxy server APIs for simulation runs. Description diff-2: FlowSingleton util class Bug fixes diff-1: Expected errors returned to the caller Major changes proposed are: 1. EncryptKeyProxy server APIs: 1.1. Lookup Cipher details via BaseCipherId 1.2. Lookup latest Cipher details via encryption domainId. 2. EncyrptKeyProxy implements caches indexed by: baseCipherId & encyrptDomainId 3. Periodic task to refresh domainId indexed cache to support 'limiting cipher lifetime' abilities if supported by external KMS solutions. Testing EncyrptKeyProxyTest workload to validate the newly added code.
280 lines
9.8 KiB
C++
280 lines
9.8 KiB
C++
/*
|
|
* EncryptKeyProxyTest.actor.cpp
|
|
*
|
|
* This source file is part of the FoundationDB open source project
|
|
*
|
|
* Copyright 2013-2022 Apple Inc. and the FoundationDB project authors
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include "fdbrpc/Locality.h"
|
|
#include "fdbserver/EncryptKeyProxyInterface.h"
|
|
#include "fdbserver/Knobs.h"
|
|
#include "fdbserver/ServerDBInfo.actor.h"
|
|
#include "fdbserver/WorkerInterface.actor.h"
|
|
#include "fdbserver/workloads/workloads.actor.h"
|
|
#include "flow/Error.h"
|
|
#include "flow/FastRef.h"
|
|
#include "flow/Trace.h"
|
|
#include "flow/IRandom.h"
|
|
#include "flow/flow.h"
|
|
#include "flow/xxhash.h"
|
|
|
|
#include <atomic>
|
|
#include <boost/range/const_iterator.hpp>
|
|
|
|
#include "flow/actorcompiler.h" // This must be the last #include.
|
|
|
|
struct EncryptKeyProxyTestWorkload : TestWorkload {
|
|
EncryptKeyProxyInterface ekpInf;
|
|
Reference<AsyncVar<struct ServerDBInfo> const> dbInfo;
|
|
Arena arena;
|
|
uint64_t minDomainId;
|
|
uint64_t maxDomainId;
|
|
std::unordered_map<uint64_t, StringRef> cipherIdMap;
|
|
std::vector<uint64_t> cipherIds;
|
|
int numDomains;
|
|
std::vector<uint64_t> domainIds;
|
|
static std::atomic<int> seed;
|
|
bool enableTest;
|
|
|
|
EncryptKeyProxyTestWorkload(WorkloadContext const& wcx) : TestWorkload(wcx), dbInfo(wcx.dbInfo), enableTest(false) {
|
|
if (wcx.clientId == 0) {
|
|
enableTest = true;
|
|
minDomainId = 1000 + (++seed * 30) + 1;
|
|
maxDomainId = deterministicRandom()->randomInt(minDomainId, minDomainId + 50) + 5;
|
|
TraceEvent("EKPTest_Init").detail("MinDomainId", minDomainId).detail("MaxDomainId", maxDomainId);
|
|
}
|
|
}
|
|
|
|
std::string description() const override { return "EncryptKeyProxyTest"; }
|
|
|
|
Future<Void> setup(Database const& ctx) override { return Void(); }
|
|
|
|
ACTOR Future<Void> simEmptyDomainIdCache(EncryptKeyProxyTestWorkload* self) {
|
|
TraceEvent("SimEmptyDomainIdCache_Start").log();
|
|
|
|
for (int i = 0; i < self->numDomains / 2; i++) {
|
|
self->domainIds.emplace_back(self->minDomainId + i);
|
|
}
|
|
|
|
state int nAttempts = 0;
|
|
loop {
|
|
EKPGetLatestBaseCipherKeysRequest req(deterministicRandom()->randomUniqueID(), self->domainIds);
|
|
ErrorOr<EKPGetLatestBaseCipherKeysReply> rep = wait(self->ekpInf.getLatestBaseCipherKeys.tryGetReply(req));
|
|
if (rep.present()) {
|
|
|
|
ASSERT(!rep.get().error.present());
|
|
ASSERT_EQ(rep.get().baseCipherDetailMap.size(), self->domainIds.size());
|
|
|
|
for (const uint64_t id : self->domainIds) {
|
|
ASSERT(rep.get().baseCipherDetailMap.find(id) != rep.get().baseCipherDetailMap.end());
|
|
}
|
|
|
|
// Ensure no hits reported by the cache.
|
|
if (nAttempts == 0) {
|
|
ASSERT_EQ(rep.get().numHits, 0);
|
|
} else {
|
|
ASSERT_GE(rep.get().numHits, 0);
|
|
}
|
|
break;
|
|
} else {
|
|
nAttempts++;
|
|
wait(delay(0.0));
|
|
}
|
|
}
|
|
|
|
TraceEvent("SimEmptyDomainIdCache_Done").log();
|
|
return Void();
|
|
}
|
|
|
|
ACTOR Future<Void> simPartialDomainIdCache(EncryptKeyProxyTestWorkload* self) {
|
|
state int expectedHits;
|
|
state int expectedMisses;
|
|
|
|
TraceEvent("SimPartialDomainIdCache_Start").log();
|
|
|
|
self->domainIds.clear();
|
|
|
|
expectedHits = deterministicRandom()->randomInt(1, self->numDomains / 2);
|
|
for (int i = 0; i < expectedHits; i++) {
|
|
self->domainIds.emplace_back(self->minDomainId + i);
|
|
}
|
|
|
|
expectedMisses = deterministicRandom()->randomInt(1, self->numDomains / 2);
|
|
for (int i = 0; i < expectedMisses; i++) {
|
|
self->domainIds.emplace_back(self->minDomainId + i + self->numDomains / 2 + 1);
|
|
}
|
|
|
|
state int nAttempts = 0;
|
|
loop {
|
|
// Test case given is measuring correctness for cache hit/miss scenarios is designed to have strict
|
|
// assertions. However, in simulation runs, RPCs can be force failed to inject retries, hence, code leverage
|
|
// tryGetReply to ensure at-most once delivery of message, further, assertions are relaxed to account of
|
|
// cache warm-up due to retries.
|
|
EKPGetLatestBaseCipherKeysRequest req(deterministicRandom()->randomUniqueID(), self->domainIds);
|
|
ErrorOr<EKPGetLatestBaseCipherKeysReply> rep = wait(self->ekpInf.getLatestBaseCipherKeys.tryGetReply(req));
|
|
if (rep.present()) {
|
|
ASSERT(!rep.get().error.present());
|
|
ASSERT_EQ(rep.get().baseCipherDetailMap.size(), self->domainIds.size());
|
|
|
|
for (const uint64_t id : self->domainIds) {
|
|
ASSERT(rep.get().baseCipherDetailMap.find(id) != rep.get().baseCipherDetailMap.end());
|
|
}
|
|
|
|
// Ensure desired cache-hit counts
|
|
if (nAttempts == 0) {
|
|
ASSERT_EQ(rep.get().numHits, expectedHits);
|
|
} else {
|
|
ASSERT_GE(rep.get().numHits, expectedHits);
|
|
}
|
|
break;
|
|
} else {
|
|
nAttempts++;
|
|
wait(delay(0.0));
|
|
}
|
|
}
|
|
self->domainIds.clear();
|
|
|
|
TraceEvent("SimPartialDomainIdCache_Done").log();
|
|
return Void();
|
|
}
|
|
|
|
ACTOR Future<Void> simRandomBaseCipherIdCache(EncryptKeyProxyTestWorkload* self) {
|
|
state int expectedHits;
|
|
|
|
TraceEvent("SimRandomDomainIdCache_Start").log();
|
|
|
|
self->domainIds.clear();
|
|
for (int i = 0; i < self->numDomains; i++) {
|
|
self->domainIds.emplace_back(self->minDomainId + i);
|
|
}
|
|
|
|
EKPGetLatestBaseCipherKeysRequest req(deterministicRandom()->randomUniqueID(), self->domainIds);
|
|
EKPGetLatestBaseCipherKeysReply rep = wait(self->ekpInf.getLatestBaseCipherKeys.getReply(req));
|
|
|
|
ASSERT(!rep.error.present());
|
|
ASSERT_EQ(rep.baseCipherDetailMap.size(), self->domainIds.size());
|
|
for (const uint64_t id : self->domainIds) {
|
|
ASSERT(rep.baseCipherDetailMap.find(id) != rep.baseCipherDetailMap.end());
|
|
}
|
|
|
|
self->cipherIdMap.clear();
|
|
self->cipherIds.clear();
|
|
for (auto& item : rep.baseCipherDetailMap) {
|
|
self->cipherIdMap.emplace(item.second.baseCipherId, StringRef(self->arena, item.second.baseCipherKey));
|
|
self->cipherIds.emplace_back(item.second.baseCipherId);
|
|
}
|
|
|
|
state int numIterations = deterministicRandom()->randomInt(512, 786);
|
|
for (; numIterations > 0; numIterations--) {
|
|
int idx = deterministicRandom()->randomInt(1, self->cipherIds.size());
|
|
int nIds = deterministicRandom()->randomInt(1, self->cipherIds.size());
|
|
|
|
EKPGetBaseCipherKeysByIdsRequest req;
|
|
for (int i = idx; i < nIds && i < self->cipherIds.size(); i++) {
|
|
req.baseCipherIds.emplace_back(self->cipherIds[i]);
|
|
}
|
|
expectedHits = req.baseCipherIds.size();
|
|
EKPGetBaseCipherKeysByIdsReply rep = wait(self->ekpInf.getBaseCipherKeysByIds.getReply(req));
|
|
|
|
ASSERT(!rep.error.present());
|
|
ASSERT_EQ(rep.baseCipherMap.size(), expectedHits);
|
|
ASSERT_EQ(rep.numHits, expectedHits);
|
|
// Valdiate the 'cipherKey' content against the one read while querying by domainIds
|
|
for (auto& item : rep.baseCipherMap) {
|
|
const auto itr = self->cipherIdMap.find(item.first);
|
|
ASSERT(itr != self->cipherIdMap.end());
|
|
Standalone<StringRef> toCompare = self->cipherIdMap[item.first];
|
|
if (toCompare.compare(item.second) != 0) {
|
|
TraceEvent("Mismatch")
|
|
.detail("Id", item.first)
|
|
.detail("CipherMapDataHash", XXH3_64bits(toCompare.begin(), toCompare.size()))
|
|
.detail("CipherMapSize", toCompare.size())
|
|
.detail("CipherMapValue", toCompare.toString())
|
|
.detail("ReadDataHash", XXH3_64bits(item.second.begin(), item.second.size()))
|
|
.detail("ReadValue", item.second.toString())
|
|
.detail("ReadDataSize", item.second.size());
|
|
ASSERT(false);
|
|
}
|
|
}
|
|
}
|
|
|
|
TraceEvent("SimRandomDomainIdCache_Done").log();
|
|
return Void();
|
|
}
|
|
|
|
ACTOR Future<Void> simLookupInvalidKeyId(EncryptKeyProxyTestWorkload* self) {
|
|
TraceEvent("SimLookupInvalidKeyId_Start").log();
|
|
|
|
// Prepare a lookup with valid and invalid keyIds - SimEncryptKmsProxy should throw encrypt_key_not_found()
|
|
std::vector<uint64_t> baseCipherIds(self->cipherIds);
|
|
baseCipherIds.emplace_back(SERVER_KNOBS->SIM_KMS_MAX_KEYS + 10);
|
|
EKPGetBaseCipherKeysByIdsRequest req(deterministicRandom()->randomUniqueID(), baseCipherIds);
|
|
EKPGetBaseCipherKeysByIdsReply rep = wait(self->ekpInf.getBaseCipherKeysByIds.getReply(req));
|
|
|
|
ASSERT_EQ(rep.baseCipherMap.size(), 0);
|
|
ASSERT(rep.error.present());
|
|
ASSERT_EQ(rep.error.get().code(), error_code_encrypt_key_not_found);
|
|
|
|
TraceEvent("SimLookupInvalidKeyId_Done").log();
|
|
return Void();
|
|
}
|
|
|
|
// Following test cases are covered:
|
|
// 1. Simulate an empty domainIdCache.
|
|
// 2. Simulate an mixed lookup (partial cache-hit) for domainIdCache.
|
|
// 3. Simulate a lookup on all domainIdCache keys and validate lookup by baseCipherKeyIds.
|
|
// 4. Simulate lookup for an invalid baseCipherKeyId.
|
|
|
|
ACTOR Future<Void> testWorkload(Reference<AsyncVar<ServerDBInfo> const> dbInfo, EncryptKeyProxyTestWorkload* self) {
|
|
// Ensure EncryptKeyProxy role is recruited (a singleton role)
|
|
while (!dbInfo->get().encryptKeyProxy.present()) {
|
|
wait(delay(.1));
|
|
}
|
|
|
|
self->ekpInf = dbInfo->get().encryptKeyProxy.get();
|
|
self->numDomains = self->maxDomainId - self->minDomainId;
|
|
|
|
// Simulate empty cache access
|
|
wait(self->simEmptyDomainIdCache(self));
|
|
|
|
// Simulate partial cache-hit usecase
|
|
wait(self->simPartialDomainIdCache(self));
|
|
|
|
// Warm up cached with all domain Ids and randomly access known baseCipherIds
|
|
wait(self->simRandomBaseCipherIdCache(self));
|
|
|
|
// Simulate lookup BaseCipherIds which aren't yet cached
|
|
wait(self->simLookupInvalidKeyId(self));
|
|
|
|
return Void();
|
|
}
|
|
|
|
Future<Void> start(Database const& cx) override {
|
|
TEST(true); // Testing
|
|
if (!enableTest) {
|
|
return Void();
|
|
}
|
|
return testWorkload(dbInfo, this);
|
|
}
|
|
|
|
Future<bool> check(Database const& cx) override { return true; }
|
|
|
|
void getMetrics(std::vector<PerfMetric>& m) override {}
|
|
};
|
|
|
|
std::atomic<int> EncryptKeyProxyTestWorkload::seed = 0;
|
|
|
|
WorkloadFactory<EncryptKeyProxyTestWorkload> EncryptKeyProxyTestWorkloadFactory("EncryptKeyProxyTest"); |