Skip to content

Commit f8b02e5

Browse files
timofey-barmintimofey-barmin
committed
MB-61292: Trigger recalc of dek info when deks change
Normally we recalculate the dek info every minute, but when we are modifying deks, it makes sense to recalculate the dek info immediately, so all APIs can use updated new dek info. Change-Id: I85bd3b5b5f4155ed2de4ef352b5ab91648ebb614 Reviewed-on: https://review.couchbase.org/c/ns_server/+/223509 Tested-by: Build Bot <[email protected]> Well-Formed: Build Bot <[email protected]> Reviewed-by: Navdeep S Boparai <[email protected]> Tested-by: Timofey Barmin <[email protected]>
1 parent 0bbdd4d commit f8b02e5

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

apps/ns_server/src/cb_cluster_secrets.erl

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -921,6 +921,7 @@ handle_info({dek_drop_complete, Kind} = Msg,
921921
#state{proc_type = ?NODE_PROC} = State) ->
922922
?log_debug("Dek drop complete: ~p", [Kind]),
923923
misc:flush(Msg),
924+
self() ! calculate_dek_info,
924925
{noreply, add_and_run_jobs([{garbage_collect_deks, Kind}], State)};
925926

926927
handle_info({timer, rotate_deks} = Msg, #state{proc_type = ?NODE_PROC,
@@ -955,6 +956,12 @@ handle_info({timer, remove_retired_keys} = Msg,
955956
encryption_service:cleanup_retired_keys(),
956957
{noreply, restart_remove_retired_timer(State)};
957958

959+
handle_info(calculate_dek_info, #state{proc_type = ?NODE_PROC} = State) ->
960+
?log_debug("DEK info update"),
961+
misc:flush(calculate_dek_info),
962+
{_Res, NewState} = calculate_dek_info(State),
963+
{noreply, NewState};
964+
958965
handle_info(Info, State) ->
959966
?log_warning("Unhandled info: ~p", [Info]),
960967
{noreply, State}.
@@ -1424,6 +1431,7 @@ maybe_update_deks(Kind, #state{deks = CurDeks} = OldState) ->
14241431
NewState = set_active(Kind, DekId, true, State),
14251432
ok = maybe_rotate_integrity_tokens(Kind, DekId,
14261433
NewState),
1434+
self() ! calculate_dek_info,
14271435
call_set_active_cb(Kind, NewState);
14281436
%% Too many DEKs and encryption is being enabled
14291437
%% We could not create new DEK, but should still
@@ -1605,6 +1613,7 @@ retire_unused_deks(Kind, DekIdsInUse, #state{deks = DeksInfo} = State) ->
16051613
%% It doesn't make sense to fail this job if file removal fails
16061614
%% because when retried the job will do nothing anyway (because
16071615
%% state doesn't have those deks)
1616+
self() ! calculate_dek_info,
16081617
encryption_service:garbage_collect_keys(Kind, NewDekIdsInUse),
16091618
{ok, _} = cb_crypto:reset_dek_cache(Kind, cleanup),
16101619
on_deks_update(Kind, NewState)
@@ -1856,6 +1865,7 @@ new_dek_info(Kind, ActiveId, Keys, IsEnabled) ->
18561865
destroy_dek_info(Kind, #state{deks = DeksInfo} = State) ->
18571866
NewState = State#state{deks = maps:remove(Kind, DeksInfo)},
18581867
write_deks_cfg_file(NewState),
1868+
self() ! calculate_dek_info,
18591869
delete_kind_stats(Kind),
18601870
encryption_service:garbage_collect_keys(Kind, []),
18611871
functools:chain(NewState,

0 commit comments

Comments
 (0)