EncryptionRequestHandler supports encryption requests distribution. #115
Conversation
| EncryptionDirectoryFactory.getFactory(req.getCore()); | ||
|
|
||
| if (req.getParams().getBool(DISTRIB, false)) { |
There was a problem hiding this comment.
It'd be nice if we could default "distrib" based on whether the request was addressed to the collection or not. Maybe that metadata is there?
| } | ||
| try (SolrClientHolder solrClient = getHttpSolrClient(req)) { | ||
| ModifiableSolrParams params = createDistributedRequestParams(req, rsp, keyId); | ||
| for (Slice slice : docCollection.getActiveSlices()) { |
There was a problem hiding this comment.
Hmm; sends in series vs in parallel. We could chat about that tomorrow.
| } | ||
| if (log.isInfoEnabled()) { | ||
| long timeMs = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startTimeNs); | ||
| log.info("Responding encryption distributed state={} success={} for keyId={} collection={} timeMs={}", |
There was a problem hiding this comment.
FYI collection is redundant with MDC.
And you might want to put state and/or success into rsp.addToLog where it may be seen in structured logs
| if (collectionState != null) { | ||
| rsp.add(ENCRYPTION_STATE, collectionState.value); | ||
| } | ||
| if (log.isInfoEnabled()) { |
There was a problem hiding this comment.
BTW you needn't ever check for isInfoEnabled. It's often needed, however, for debug or trace level but even then not always.
| } | ||
| } | ||
|
|
||
| private SolrClientHolder getHttpSolrClient(SolrQueryRequest req) { |
There was a problem hiding this comment.
Why not just use org.apache.solr.core.CoreContainer#getDefaultHttpSolrClient? This is very new BTW.
| private NamedList<Object> sendEncryptionRequest(Replica replica, ModifiableSolrParams params, Http2SolrClient httpSolrClient) | ||
| throws SolrServerException, IOException { | ||
| GenericSolrRequest request = new GenericSolrRequest(SolrRequest.METHOD.POST, getPath(), params); | ||
| request.setBasePath(replica.getCoreUrl()); |
There was a problem hiding this comment.
setBasePath is now gone in Solr main. Instead, you should use httpSolrClient.requestWithBaseUrl
| } | ||
|
|
||
| private EncryptionStatus encryptDistrib(ModifiableSolrParams params) throws SolrServerException, IOException { | ||
| params.set(DISTRIB, "true"); |
There was a problem hiding this comment.
icky to manipulate the input arg but I can let it slide. I wish there was a Solr one-liner to wrap SolrParams with a default. SolrParams.wrapDefaults is a technique.
| @@ -220,10 +249,14 @@ public void assertCannotReloadCores() throws Exception { | |||
| } | |||
|
|
|||
| /** Processes the given {@code action} for all replicas of the collection defined in the constructor. */ | |||
| public void forAllReplicas(Consumer<Replica> action) { | |||
| public void forAllReplicas(Consumer<Replica> action, boolean onlyLeaders) { | |||
There was a problem hiding this comment.
I think the functional arg should be last as a matter of taste
The client can call EncryptionRequestHandler and provide the additional parameter "distrib" = "true". In this case, this handler will distribute the encryption request to all the leader replicas of all the shards of the collection, ensuring they all encrypt their index shard. The response "encryptionState" will be "complete" only when all the shards return "complete". So the caller may repeatedly send the same encryption request with "distrib" = "true" to know when the whole collection encryption is complete. In addition, the caller can set the "timeAllowed" parameter to define a timeout for the request distribution, in milliseconds. This timeout is for the distribution itself, not the encryption process.