Ything-RepoMirrors/apple-foundationdb
1
0
Fork 0
mirror of https://github.com/apple/foundationdb.git synced 2026-01-25 04:18:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

SimulationConfig::setEncryptionAtRestMode: always use DISABLED; also disable EncryptKeyProxyTest.toml

Browse Source
This commit is contained in:
Gideon Glass
2025-10-04 09:26:30 -07:00
parent c438afa792
commit 692df86494
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
fdbserver/SimulatedCluster.actor.cpp
View File

@@ -1705,15 +1705,16 @@ void SimulationConfig::setEncryptionAtRestMode(const TestConfig& testConfig) {
// Enable encryption siginificantly reduces chance that a storage engine other than redwood got selected
// We want storage servers are selected by simulation tests with roughly equal chance
// If encryptMode is not specified explicitly, with high probability, we disable encryption
if (testConfig.encryptModes.empty() &&
deterministicRandom()->random01() < SERVER_KNOBS->DISABLED_ENCRYPTION_PROBABILITY_SIM) {
EncryptionAtRestMode encryptionMode = EncryptionAtRestMode::DISABLED;
TraceEvent("SimulatedClusterEncryptionMode").detail("Mode", encryptionMode.toString());
CODE_PROBE(true, "Enforce to disable encryption in simulation", probe::decoration::rare);
set_config("encryption_at_rest_mode=" + encryptionMode.toString());
return;
}
// TODO(gglass): why don't we just always disable encryption at rest mode?
//if (testConfig.encryptModes.empty() &&
// deterministicRandom()->random01() < SERVER_KNOBS->DISABLED_ENCRYPTION_PROBABILITY_SIM) {
EncryptionAtRestMode encryptionMode = EncryptionAtRestMode::DISABLED;
TraceEvent("SimulatedClusterEncryptionMode").detail("Mode", encryptionMode.toString());
CODE_PROBE(true, "Enforce to disable encryption in simulation", probe::decoration::rare);
set_config("encryption_at_rest_mode=" + encryptionMode.toString());
return;
#if 0
std::vector<bool> available;
std::vector<double> probability;
if (!testConfig.encryptModes.empty()) {
@@ -1772,6 +1773,7 @@ void SimulationConfig::setEncryptionAtRestMode(const TestConfig& testConfig) {
"Enabled domain-aware encryption in simulation",
probe::decoration::rare);
set_config("encryption_at_rest_mode=" + encryptionMode.toString());
#endif
}
namespace {

3
tests/CMakeLists.txt
View File

@@ -185,7 +185,8 @@ if(WITH_PYTHON)
add_fdb_test(TEST_FILES fast/EncryptionOps.toml)
# EncryptionUnitTests is only a convenience file to run the different types of encryption tests at once. Do not enable in general ensembles
add_fdb_test(TEST_FILES fast/EncryptionUnitTests.toml IGNORE)
add_fdb_test(TEST_FILES fast/EncryptKeyProxyTest.toml)
# TODO(gglass): get rid of EncryptKeyProxyTest because we only support unencrypted.
add_fdb_test(TEST_FILES fast/EncryptKeyProxyTest.toml IGNORE)
add_fdb_test(TEST_FILES fast/FuzzApiCorrectness.toml)
add_fdb_test(TEST_FILES fast/FuzzApiCorrectnessClean.toml)
add_fdb_test(TEST_FILES fast/HTTPKeyValueStore.toml)