TEST_F(KeysManagerShardedTest, ShouldStillBeAbleToUpdateCacheEvenIfItCantCreateKeys) {
KeysCollectionDocument origKey1(
1, "dummy", TimeProofService::generateRandomKey(), LogicalTime(Timestamp(105, 0)));
ASSERT_OK(insertToConfigCollection(
operationContext(), KeysCollectionDocument::ConfigNS, origKey1.toBSON()));
// Set the time to be very ahead so the updater will be forced to create new keys.
const LogicalTime fakeTime(Timestamp(20000, 0));
LogicalClock::get(operationContext())->setClusterTimeFromTrustedSource(fakeTime);
FailPointEnableBlock failWriteBlock("failCollectionInserts");
{
FailPointEnableBlock failQueryBlock("planExecutorAlwaysFails");
keyManager()->startMonitoring(getServiceContext());
keyManager()->enableKeyGenerator(operationContext(), true);
}
auto keyStatus =
keyManager()->getKeyForValidation(operationContext(), 1, LogicalTime(Timestamp(100, 0)));
ASSERT_OK(keyStatus.getStatus());
auto key = keyStatus.getValue();
ASSERT_EQ(1, key.getKeyId());
ASSERT_EQ(origKey1.getKey(), key.getKey());
ASSERT_EQ(Timestamp(105, 0), key.getExpiresAt().asTimestamp());
}
TEST_F(KeysManagerShardedTest, GetKeyForValidationErrorsIfKeyDoesntExist) {
keyManager()->startMonitoring(getServiceContext());
auto keyStatus =
keyManager()->getKeyForValidation(operationContext(), 1, LogicalTime(Timestamp(100, 0)));
ASSERT_EQ(ErrorCodes::KeyNotFound, keyStatus.getStatus());
}
TEST_F(KeysManagerShardedTest, GetKeyForSigningShouldReturnRightOldKey) {
keyManager()->startMonitoring(getServiceContext());
KeysCollectionDocument origKey1(
1, "dummy", TimeProofService::generateRandomKey(), LogicalTime(Timestamp(105, 0)));
ASSERT_OK(insertToConfigCollection(
operationContext(), KeysCollectionDocument::ConfigNS, origKey1.toBSON()));
KeysCollectionDocument origKey2(
2, "dummy", TimeProofService::generateRandomKey(), LogicalTime(Timestamp(110, 0)));
ASSERT_OK(insertToConfigCollection(
operationContext(), KeysCollectionDocument::ConfigNS, origKey2.toBSON()));
keyManager()->refreshNow(operationContext());
{
auto keyStatus = keyManager()->getKeyForSigning(nullptr, LogicalTime(Timestamp(100, 0)));
ASSERT_OK(keyStatus.getStatus());
auto key = keyStatus.getValue();
ASSERT_EQ(1, key.getKeyId());
ASSERT_EQ(origKey1.getKey(), key.getKey());
ASSERT_EQ(Timestamp(105, 0), key.getExpiresAt().asTimestamp());
}
{
auto keyStatus = keyManager()->getKeyForSigning(nullptr, LogicalTime(Timestamp(105, 0)));
ASSERT_OK(keyStatus.getStatus());
auto key = keyStatus.getValue();
ASSERT_EQ(2, key.getKeyId());
ASSERT_EQ(origKey2.getKey(), key.getKey());
ASSERT_EQ(Timestamp(110, 0), key.getExpiresAt().asTimestamp());
}
}
TEST_F(KeysManagerShardedTest, GetKeyWithMultipleKeys) {
keyManager()->startMonitoring(getServiceContext());
KeysCollectionDocument origKey1(
1, "dummy", TimeProofService::generateRandomKey(), LogicalTime(Timestamp(105, 0)));
ASSERT_OK(insertToConfigCollection(
operationContext(), KeysCollectionDocument::ConfigNS, origKey1.toBSON()));
KeysCollectionDocument origKey2(
2, "dummy", TimeProofService::generateRandomKey(), LogicalTime(Timestamp(205, 0)));
ASSERT_OK(insertToConfigCollection(
operationContext(), KeysCollectionDocument::ConfigNS, origKey2.toBSON()));
auto keyStatus =
keyManager()->getKeyForValidation(operationContext(), 1, LogicalTime(Timestamp(100, 0)));
ASSERT_OK(keyStatus.getStatus());
auto key = keyStatus.getValue();
ASSERT_EQ(1, key.getKeyId());
ASSERT_EQ(origKey1.getKey(), key.getKey());
ASSERT_EQ(Timestamp(105, 0), key.getExpiresAt().asTimestamp());
keyStatus =
keyManager()->getKeyForValidation(operationContext(), 2, LogicalTime(Timestamp(100, 0)));
ASSERT_OK(keyStatus.getStatus());
key = keyStatus.getValue();
ASSERT_EQ(2, key.getKeyId());
ASSERT_EQ(origKey2.getKey(), key.getKey());
ASSERT_EQ(Timestamp(205, 0), key.getExpiresAt().asTimestamp());
}
TEST_F(KeysManagerShardedTest, HasSeenKeysIsFalseUntilKeysAreFound) {
const LogicalTime currentTime(Timestamp(100, 0));
LogicalClock::get(operationContext())->setClusterTimeFromTrustedSource(currentTime);
ASSERT_EQ(false, keyManager()->hasSeenKeys());
{
FailPointEnableBlock failKeyGenerationBlock("disableKeyGeneration");
keyManager()->startMonitoring(getServiceContext());
keyManager()->enableKeyGenerator(operationContext(), true);
keyManager()->refreshNow(operationContext());
auto keyStatus = keyManager()->getKeyForValidation(
operationContext(), 1, LogicalTime(Timestamp(100, 0)));
ASSERT_EQ(ErrorCodes::KeyNotFound, keyStatus.getStatus());
ASSERT_EQ(false, keyManager()->hasSeenKeys());
}
// Once the failpoint is disabled, the generator can make keys again.
keyManager()->refreshNow(operationContext());
auto keyStatus = keyManager()->getKeyForSigning(nullptr, LogicalTime(Timestamp(100, 0)));
ASSERT_OK(keyStatus.getStatus());
ASSERT_EQ(true, keyManager()->hasSeenKeys());
}
TEST_F(KeysManagerShardedTest, GetKeyShouldErrorIfKeyIdMismatchKey) {
keyManager()->startMonitoring(getServiceContext());
KeysCollectionDocument origKey1(
1, "dummy", TimeProofService::generateRandomKey(), LogicalTime(Timestamp(105, 0)));
ASSERT_OK(insertToConfigCollection(
operationContext(), KeysCollectionDocument::ConfigNS, origKey1.toBSON()));
auto keyStatus =
keyManager()->getKeyForValidation(operationContext(), 2, LogicalTime(Timestamp(100, 0)));
ASSERT_EQ(ErrorCodes::KeyNotFound, keyStatus.getStatus());
}
TEST_F(KeysManagerShardedTest, ShouldCreateKeysIfKeyGeneratorEnabled) {
keyManager()->startMonitoring(getServiceContext());
const LogicalTime currentTime(LogicalTime(Timestamp(100, 0)));
LogicalClock::get(operationContext())->setClusterTimeFromTrustedSource(currentTime);
keyManager()->enableKeyGenerator(operationContext(), true);
keyManager()->refreshNow(operationContext());
auto keyStatus = keyManager()->getKeyForSigning(nullptr, LogicalTime(Timestamp(100, 100)));
ASSERT_OK(keyStatus.getStatus());
auto key = keyStatus.getValue();
ASSERT_EQ(Timestamp(101, 0), key.getExpiresAt().asTimestamp());
}
TEST_F(KeysManagerShardedTest, GetKeyForValidationTimesOutIfRefresherIsNotRunning) {
operationContext()->setDeadlineAfterNowBy(Microseconds(250 * 1000),
ErrorCodes::ExceededTimeLimit);
ASSERT_THROWS(
keyManager()->getKeyForValidation(operationContext(), 1, LogicalTime(Timestamp(100, 0))),
DBException);
}
TEST_F(KeysManagerShardedTest, GetKeyForValidationTimesOutIfRefresherIsNotRunning) {
operationContext()->setDeadlineAfterNowBy(Microseconds(250 * 1000));
ASSERT_THROWS(keyManager()
->getKeyForValidation(operationContext(), 1, LogicalTime(Timestamp(100, 0)))
.status_with_transitional_ignore(),
DBException);
}
TEST_F(KeysManagerShardedTest, ShouldNotReturnKeysInFeatureCompatibilityVersion34) {
serverGlobalParams.featureCompatibility.version.store(
ServerGlobalParams::FeatureCompatibility::Version::k34);
keyManager()->startMonitoring(getServiceContext());
keyManager()->enableKeyGenerator(operationContext(), true);
KeysCollectionDocument origKey(
1, "dummy", TimeProofService::generateRandomKey(), LogicalTime(Timestamp(105, 0)));
ASSERT_OK(insertToConfigCollection(
operationContext(), NamespaceString(KeysCollectionDocument::ConfigNS), origKey.toBSON()));
keyManager()->refreshNow(operationContext());
auto keyStatus =
keyManager()->getKeyForValidation(operationContext(), 1, LogicalTime(Timestamp(100, 0)));
ASSERT_EQ(ErrorCodes::KeyNotFound, keyStatus.getStatus());
}
TEST_F(KeysManagerShardedTest, EnableModeFlipFlopStressTest) {
keyManager()->startMonitoring(getServiceContext());
const LogicalTime currentTime(LogicalTime(Timestamp(100, 0)));
LogicalClock::get(operationContext())->setClusterTimeFromTrustedSource(currentTime);
bool doEnable = true;
for (int x = 0; x < 10; x++) {
keyManager()->enableKeyGenerator(operationContext(), doEnable);
keyManager()->refreshNow(operationContext());
auto keyStatus = keyManager()->getKeyForSigning(nullptr, LogicalTime(Timestamp(100, 100)));
ASSERT_OK(keyStatus.getStatus());
auto key = keyStatus.getValue();
ASSERT_EQ(Timestamp(101, 0), key.getExpiresAt().asTimestamp());
doEnable = !doEnable;
}
}
