storageconfig: use time.Duration for rotation period

Epic: none
Release note: None

Author: RaduBerinde

pkg/ccl/storageccl/engineccl/encrypted_fs.go

@@ -8,6 +8,7 @@ package engineccl
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/cockroachdb/cockroach/pkg/storage/enginepb"
 	"github.com/cockroachdb/cockroach/pkg/storage/fs"
@@ -319,7 +320,7 @@ func newEncryptedEnv(
 	dataKeyManager := &DataKeyManager{
 		fs:             storeFS,
 		dbDir:          dbDir,
-		rotationPeriod: options.DataKeyRotationPeriod,
+		rotationPeriod: int64((options.RotationPeriod + time.Second - 1) / time.Second),
 		readOnly:       readOnly,
 	}
 	if err := dataKeyManager.Load(context.TODO()); err != nil {

pkg/ccl/storageccl/engineccl/encrypted_fs_test.go

@@ -16,6 +16,7 @@ import (
 	"strconv"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/cockroachdb/cockroach/pkg/base"
 	"github.com/cockroachdb/cockroach/pkg/roachpb"
@@ -242,7 +243,7 @@ func TestPebbleEncryption(t *testing.T) {
 			CurrentKey: "16.key",
 			OldKey:     "plain",
 		},
-		DataKeyRotationPeriod: 1000, // arbitrary seconds
+		RotationPeriod: time.Hour,
 	}
 
 	func() {
@@ -385,7 +386,7 @@ func TestPebbleEncryption2(t *testing.T) {
 				CurrentKey: encKeyFile,
 				OldKey:     oldEncFileKey,
 			},
-			DataKeyRotationPeriod: 1000,
+			RotationPeriod: time.Hour,
 		}
 
 		// Initialize the filesystem env.
@@ -580,7 +581,7 @@ func makeEncryptedTestFS(t *testing.T, errorProb float64, errorRand *rand.Rand)
 	//
 	// TODO(sumeer): Do deterministic data key rotation. Inject kmTimeNow and
 	// operations that advance time.
-	encOptions.DataKeyRotationPeriod = 100000
+	encOptions.RotationPeriod = 100000 * time.Second
 	etfs := &encryptedTestFS{
 		mem:        mem,
 		encOptions: &encOptions,

pkg/cli/flags_test.go

@@ -1774,35 +1774,35 @@ func TestParseEncryptionSpec(t *testing.T) {
 			"path=/data,key=/new.key,old-key=/old.key", "",
 			storeEncryptionSpec{Path: "/data",
 				Options: storageconfig.EncryptionOptions{
-					KeyFiles:              &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
-					DataKeyRotationPeriod: int64(storageconfig.DefaultRotationPeriod / time.Second),
+					KeyFiles:       &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
+					RotationPeriod: storageconfig.DefaultRotationPeriod,
 				},
 			},
 		},
 		{
 			"path=/data,key=/new.key,old-key=/old.key,rotation-period=1h", "",
 			storeEncryptionSpec{Path: "/data",
 				Options: storageconfig.EncryptionOptions{
-					KeyFiles:              &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
-					DataKeyRotationPeriod: int64(time.Hour / time.Second),
+					KeyFiles:       &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
+					RotationPeriod: time.Hour,
 				},
 			},
 		},
 		{
 			"path=/data,key=plain,old-key=/old.key,rotation-period=1h", "",
 			storeEncryptionSpec{Path: "/data",
 				Options: storageconfig.EncryptionOptions{
-					KeyFiles:              &storageconfig.EncryptionKeyFiles{CurrentKey: "plain", OldKey: "/old.key"},
-					DataKeyRotationPeriod: int64(time.Hour / time.Second),
+					KeyFiles:       &storageconfig.EncryptionKeyFiles{CurrentKey: "plain", OldKey: "/old.key"},
+					RotationPeriod: time.Hour,
 				},
 			},
 		},
 		{
 			"path=/data,key=/new.key,old-key=plain,rotation-period=1h", "",
 			storeEncryptionSpec{Path: "/data",
 				Options: storageconfig.EncryptionOptions{
-					KeyFiles:              &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "plain"},
-					DataKeyRotationPeriod: int64(time.Hour / time.Second),
+					KeyFiles:       &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "plain"},
+					RotationPeriod: time.Hour,
 				},
 			},
 		},
@@ -1812,8 +1812,8 @@ func TestParseEncryptionSpec(t *testing.T) {
 			"path=data,key=/new.key,old-key=/old.key", "",
 			storeEncryptionSpec{Path: absDataPath,
 				Options: storageconfig.EncryptionOptions{
-					KeyFiles:              &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
-					DataKeyRotationPeriod: int64(storageconfig.DefaultRotationPeriod / time.Second),
+					KeyFiles:       &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
+					RotationPeriod: storageconfig.DefaultRotationPeriod,
 				},
 			},
 		},
@@ -1823,8 +1823,8 @@ func TestParseEncryptionSpec(t *testing.T) {
 			"path=*,key=/new.key,old-key=/old.key", "",
 			storeEncryptionSpec{Path: "*",
 				Options: storageconfig.EncryptionOptions{
-					KeyFiles:              &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
-					DataKeyRotationPeriod: int64(storageconfig.DefaultRotationPeriod / time.Second),
+					KeyFiles:       &storageconfig.EncryptionKeyFiles{CurrentKey: "/new.key", OldKey: "/old.key"},
+					RotationPeriod: storageconfig.DefaultRotationPeriod,
 				},
 			},
 		},

pkg/cli/flags_util.go

@@ -521,15 +521,10 @@ type storeEncryptionSpec struct {
 func (es storeEncryptionSpec) String() string {
 	// All fields are set.
 	return fmt.Sprintf("path=%s,key=%s,old-key=%s,rotation-period=%s",
-		es.Path, es.Options.KeyFiles.CurrentKey, es.Options.KeyFiles.OldKey, es.RotationPeriod(),
+		es.Path, es.Options.KeyFiles.CurrentKey, es.Options.KeyFiles.OldKey, es.Options.RotationPeriod,
 	)
 }
 
-// RotationPeriod returns the rotation period as a duration.
-func (es storeEncryptionSpec) RotationPeriod() time.Duration {
-	return time.Duration(es.Options.DataKeyRotationPeriod) * time.Second
-}
-
 // PathMatches returns true if this storeEncryptionSpec matches the given store path.
 func (es storeEncryptionSpec) PathMatches(path string) bool {
 	return es.Path == path || es.Path == "*"
@@ -546,9 +541,9 @@ func parseStoreEncryptionSpec(value string) (storeEncryptionSpec, error) {
 	es := storeEncryptionSpec{
 		Path: "",
 		Options: storageconfig.EncryptionOptions{
-			KeySource:             storageconfig.EncryptionKeyFromFiles,
-			KeyFiles:              &storageconfig.EncryptionKeyFiles{},
-			DataKeyRotationPeriod: int64(storageconfig.DefaultRotationPeriod / time.Second),
+			KeySource:      storageconfig.EncryptionKeyFromFiles,
+			KeyFiles:       &storageconfig.EncryptionKeyFiles{},
+			RotationPeriod: storageconfig.DefaultRotationPeriod,
 		},
 	}
 
@@ -611,7 +606,7 @@ func parseStoreEncryptionSpec(value string) (storeEncryptionSpec, error) {
 			if err != nil {
 				return storeEncryptionSpec{}, errors.Wrapf(err, "could not parse rotation-duration value: %s", value)
 			}
-			es.Options.DataKeyRotationPeriod = int64(dur / time.Second)
+			es.Options.RotationPeriod = dur
 		default:
 			return storeEncryptionSpec{}, fmt.Errorf("%s is not a valid enterprise-encryption field", field)
 		}

pkg/storage/storageconfig/encryption_spec.go

@@ -13,8 +13,8 @@ type EncryptionOptions struct {
 	KeySource EncryptionKeySource
 	// Set if key_source == KeyFiles.
 	KeyFiles *EncryptionKeyFiles
-	// Default data key rotation in seconds.
-	DataKeyRotationPeriod int64
+	// Data key rotation period.
+	RotationPeriod time.Duration
 }
 
 // EncryptionKeyFiles is used when plain key files are passed.