Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(nemesis): flush system_schema before doing encryption check #7036

Merged
merged 3 commits into from
Jan 2, 2024
Merged

fix(nemesis): flush system_schema before doing encryption check #7036

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8ae9645
fix(nemesis): flush system_schema before doing encryption check
fruch Dec 31, 2023
89e2ba1
fix(is_sstable_encrypted): create json with `strict=False`
fruch Jan 1, 2024
1aa751b
fix(nemesis): `_enable_disable_table_encryption` fix clear check
fruch Jan 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 25 additions & 17 deletions sdcm/nemesis.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4099,6 +4099,9 @@ def upgrade_sstables(nodes):
self.log.info("Upgradesstables on the '%s' node for the new encrypted table", node.name)
# NOTE: 'flush' is needed in case there are no sstables yet
node.remoter.run(f'nodetool flush -- {keyspace_name} {table_name}', verbose=True)
# NOTE: 'flush' is needed for system_schema, to make sure the new table info
# is on disk, `scylla sstable` reads only from disk
node.remoter.run('nodetool flush -- system_schema', verbose=True)
time.sleep(2)
node.remoter.run(f'nodetool upgradesstables -a -- {keyspace_name} {table_name}', verbose=True)

Expand Down Expand Up @@ -4151,27 +4154,32 @@ def run_write_scylla_bench_load(write_cmd):
sstable_util = SstableUtils(db_node=self.target_node, ks_cf=f"{keyspace_name}.{table_name}")
check_encryption_fact(sstable_util, True)

# Disable encryption for the encrypted table
self.log.info("Disable encryption for the '%s.%s' table", keyspace_name, table_name)
with self.cluster.cql_connection_patient(self.target_node, keyspace=keyspace_name) as session:
query = f"ALTER TABLE {table_name} WITH scylla_encryption_options = {{'key_provider': 'none'}};"
session.execute(query)
upgrade_sstables(self.cluster.nodes)
with self.target_node.remote_scylla_yaml() as scylla_yaml:
user_info_encryption_enabled = scylla_yaml.user_info_encryption.get('enabled', False)

# if encryption is enabled by default, we currently can't disable it
if not user_info_encryption_enabled:
# Disable encryption for the encrypted table
self.log.info("Disable encryption for the '%s.%s' table", keyspace_name, table_name)
with self.cluster.cql_connection_patient(self.target_node, keyspace=keyspace_name) as session:
query = f"ALTER TABLE {table_name} WITH scylla_encryption_options = {{'key_provider': 'none'}};"
session.execute(query)
upgrade_sstables(self.cluster.nodes)

# ReRead data
read_thread2 = self.tester.run_stress_thread(stress_cmd=read_cmd, stop_test_on_failure=False)
self.tester.verify_stress_thread(read_thread2)
# ReRead data
read_thread2 = self.tester.run_stress_thread(stress_cmd=read_cmd, stop_test_on_failure=False)
self.tester.verify_stress_thread(read_thread2)

# ReWrite data making the sstables be rewritten
run_write_scylla_bench_load(write_cmd)
upgrade_sstables(self.cluster.nodes)
# ReWrite data making the sstables be rewritten
run_write_scylla_bench_load(write_cmd)
upgrade_sstables(self.cluster.nodes)

# ReRead data
read_thread3 = self.tester.run_stress_thread(stress_cmd=read_cmd, stop_test_on_failure=False)
self.tester.verify_stress_thread(read_thread3)
# ReRead data
read_thread3 = self.tester.run_stress_thread(stress_cmd=read_cmd, stop_test_on_failure=False)
self.tester.verify_stress_thread(read_thread3)

# Check that sstables of that table are not encrypted anymore
check_encryption_fact(sstable_util, False)
# Check that sstables of that table are not encrypted anymore
check_encryption_fact(sstable_util, False)
finally:
# Delete table
self.log.info("Delete '%s.%s' table with server encryption", keyspace_name, table_name)
Expand Down
2 changes: 1 addition & 1 deletion sdcm/utils/sstable/sstable_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ def is_sstable_encrypted(self, sstables=None) -> list: # pylint: disable=too-ma
if dump_cmd == 'sstabledump':
sstables_encrypted_mapping[sstable] = False
else:
scylla_metadata = json.loads(sstables_res.stdout)['sstables']
scylla_metadata = json.loads(sstables_res.stdout, strict=False)['sstables']
sstables_encrypted_mapping[sstable] = all('scylla_encryption_options' in metadata.get('extension_attributes', {})
for table, metadata in scylla_metadata.items())
# NOTE: case when sstable exists and it is encrypted:
Expand Down