[FEAT MERGE] support restore encrypted tenant

2023-04-28 15:15:31 +00:00
parent b41dc0ebdd
commit 34a9edf738
39 changed files with 455 additions and 57 deletions
--- a/src/sql/engine/cmd/ob_alter_system_executor.cpp
+++ b/src/sql/engine/cmd/ob_alter_system_executor.cpp
@ -2105,6 +2105,12 @@ int ObDeletePolicyExecutor::execute(ObExecContext &ctx, ObDeletePolicyStmt &stmt
  return ret;
 }

+int ObBackupKeyExecutor::execute(ObExecContext &ctx, ObBackupKeyStmt &stmt)
+{
+  int ret = OB_SUCCESS;
+  return ret;
+}
+
 int ObBackupBackupsetExecutor::execute(ObExecContext &ctx, ObBackupBackupsetStmt &stmt)
 {
  int ret = OB_SUCCESS;
--- a/src/sql/engine/cmd/ob_alter_system_executor.h
+++ b/src/sql/engine/cmd/ob_alter_system_executor.h
@ -122,6 +122,7 @@ DEF_SIMPLE_EXECUTOR(ObBackupDatabase);
 DEF_SIMPLE_EXECUTOR(ObBackupManage);
 DEF_SIMPLE_EXECUTOR(ObBackupClean);
 DEF_SIMPLE_EXECUTOR(ObDeletePolicy);
+DEF_SIMPLE_EXECUTOR(ObBackupKey);
 DEF_SIMPLE_EXECUTOR(ObBackupBackupset);
 DEF_SIMPLE_EXECUTOR(ObBackupArchiveLog);
 DEF_SIMPLE_EXECUTOR(ObBackupBackupPiece);
--- a/src/sql/executor/ob_cmd_executor.cpp
+++ b/src/sql/executor/ob_cmd_executor.cpp
@ -850,6 +850,10 @@ int ObCmdExecutor::execute(ObExecContext &ctx, ObICmd &cmd)
        DEFINE_EXECUTE_CMD(ObDeletePolicyStmt, ObDeletePolicyExecutor);
        break;
      }
+      case stmt::T_BACKUP_KEY: {
+        DEFINE_EXECUTE_CMD(ObBackupKeyStmt, ObBackupKeyExecutor);
+        break;
+      }
      case stmt::T_CREATE_DBLINK: {
        DEFINE_EXECUTE_CMD(ObCreateDbLinkStmt, ObCreateDbLinkExecutor);
        break;
--- a/src/sql/parser/non_reserved_keywords_mysql_mode.c
+++ b/src/sql/parser/non_reserved_keywords_mysql_mode.c
@ -236,6 +236,7 @@ static const NonReservedKeyword Mysql_none_reserved_keywords[] =
  {"enable_arbitration_service", ENABLE_ARBITRATION_SERVICE},
  {"enable_extended_rowid", ENABLE_EXTENDED_ROWID},
  {"enclosed", ENCLOSED},
+  {"encrypted", ENCRYPTED},
  {"encryption", ENCRYPTION},
  {"end", END},
  {"ends", ENDS},
--- a/src/sql/parser/sql_parser_mysql_mode.y
+++ b/src/sql/parser/sql_parser_mysql_mode.y
@ -266,7 +266,7 @@ END_P SET_VAR DELIMITER
        DIRECTORY DISABLE DISCARD DISK DISKGROUP DO DUMP DUMPFILE DUPLICATE DUPLICATE_SCOPE DYNAMIC
        DATABASE_ID DEFAULT_TABLEGROUP DISCONNECT

-        EFFECTIVE EMPTY ENABLE ENABLE_ARBITRATION_SERVICE ENABLE_EXTENDED_ROWID ENCRYPTION END ENDS ENFORCED ENGINE_ ENGINES ENUM ENTITY ERROR_CODE ERROR_P ERRORS ESTIMATE
+        EFFECTIVE EMPTY ENABLE ENABLE_ARBITRATION_SERVICE ENABLE_EXTENDED_ROWID ENCRYPTED ENCRYPTION END ENDS ENFORCED ENGINE_ ENGINES ENUM ENTITY ERROR_CODE ERROR_P ERRORS ESTIMATE
        ESCAPE EVENT EVENTS EVERY EXCHANGE EXECUTE EXPANSION EXPIRE EXPIRE_INFO EXPORT OUTLINE EXTENDED
        EXTENDED_NOADDR EXTENT_SIZE EXTRACT EXCEPT EXPIRED

@ -489,7 +489,7 @@ END_P SET_VAR DELIMITER
 %type <node> alter_tablespace_stmt
 %type <node> permanent_tablespace permanent_tablespace_options permanent_tablespace_option alter_tablespace_actions alter_tablespace_action opt_force_purge
 %type <node> opt_sql_throttle_for_priority opt_sql_throttle_using_cond sql_throttle_one_or_more_metrics sql_throttle_metric
-%type <node> opt_copy_id opt_backup_dest opt_preview opt_backup_backup_dest opt_tenant_info opt_with_active_piece get_format_unit opt_backup_tenant_list opt_backup_to opt_description policy_name opt_recovery_window opt_redundancy opt_backup_copies opt_restore_until
+%type <node> opt_copy_id opt_backup_dest opt_preview opt_backup_backup_dest opt_tenant_info opt_with_active_piece get_format_unit opt_backup_tenant_list opt_backup_to opt_description policy_name opt_recovery_window opt_redundancy opt_backup_copies opt_restore_until opt_backup_key_info opt_encrypt_key
 %type <node> new_or_old new_or_old_column_ref diagnostics_info_ref
 %type <node> on_empty on_error json_on_response opt_returning_type opt_on_empty_or_error json_value_expr opt_ascii
 %type <node> ws_nweights opt_ws_as_char opt_ws_levels ws_level_flag_desc ws_level_flag_reverse ws_level_flags ws_level_list ws_level_list_item ws_level_number ws_level_range ws_level_list_or_range
@ -14435,16 +14435,16 @@ ALTER SYSTEM CLEAR RESTORE SOURCE
  malloc_terminal_node($$, result->malloc_pool_, T_CLEAR_RESTORE_SOURCE);
 }
 |
-ALTER SYSTEM RESTORE table_list FOR relation_name opt_backup_dest opt_restore_until WITH STRING_VALUE opt_description
+ALTER SYSTEM RESTORE table_list FOR relation_name opt_backup_dest opt_restore_until WITH STRING_VALUE opt_encrypt_key opt_backup_key_info opt_description
 {
  ParseNode *tables = NULL;
  merge_nodes(tables, result, T_TABLE_LIST, $4);
-  malloc_non_terminal_node($$, result->malloc_pool_, T_PHYSICAL_RESTORE_TENANT, 6, $6, $7, $8, $10, $11, tables);
+  malloc_non_terminal_node($$, result->malloc_pool_, T_PHYSICAL_RESTORE_TENANT, 8, $6, $7, $8, $10, $11, $12, $13, tables);
 }
 |
-ALTER SYSTEM RESTORE relation_name opt_backup_dest opt_restore_until WITH STRING_VALUE opt_description opt_preview
+ALTER SYSTEM RESTORE relation_name opt_backup_dest opt_restore_until WITH STRING_VALUE opt_encrypt_key opt_backup_key_info opt_description opt_preview
 {
-  malloc_non_terminal_node($$, result->malloc_pool_, T_PHYSICAL_RESTORE_TENANT, 6, $4, $5, $6, $8, $9, $10);
+  malloc_non_terminal_node($$, result->malloc_pool_, T_PHYSICAL_RESTORE_TENANT, 8, $4, $5, $6, $8, $9, $10, $11, $12);
 }
 |
 ALTER SYSTEM CHANGE TENANT change_tenant_name_or_tenant_id
@ -14601,6 +14601,22 @@ ALTER SYSTEM BACKUP INCREMENTAL opt_backup_tenant_list opt_backup_to PLUS ARCHIV
  malloc_non_terminal_node($$, result->malloc_pool_, T_BACKUP_DATABASE, 6, tenant, compl_log, incremental, $5, $6, $9);
 }
 |
+ALTER SYSTEM BACKUP KEY opt_backup_to opt_encrypt_key
+{
+  ParseNode *tenant = NULL;
+  malloc_terminal_node(tenant, result->malloc_pool_, T_INT);
+  tenant->value_ = 0;
+  malloc_non_terminal_node($$, result->malloc_pool_, T_BACKUP_KEY, 3, tenant, $5, $6);
+}
+|
+ALTER SYSTEM BACKUP KEY tenant_list_tuple opt_backup_to opt_encrypt_key
+{
+  ParseNode *tenant = NULL;
+  malloc_terminal_node(tenant, result->malloc_pool_, T_INT);
+  tenant->value_ = 1;
+  malloc_non_terminal_node($$, result->malloc_pool_, T_BACKUP_KEY, 4, tenant, $5, $6, $7);
+}
+|
 ALTER SYSTEM CANCEL BACKUP opt_backup_tenant_list
 {
  ParseNode *type = NULL;
@ -16242,6 +16258,21 @@ opt_restore_until:
 }
 ;

+opt_backup_key_info:
+/*EMPTY*/  { $$ = NULL; }
+| WITH KEY FROM STRING_VALUE opt_encrypt_key
+{
+  malloc_non_terminal_node($$, result->malloc_pool_, T_BACKUP_KEY, 2, $4, $5);
+}
+;
+
+opt_encrypt_key:
+/*EMPTY*/  { $$ = NULL; }
+| ENCRYPTED BY STRING_VALUE
+{
+  $$ = $3;
+}
+;

 /*===========================================================
 * savepoint
@ -16992,6 +17023,7 @@ ACCOUNT
 |       ENABLE
 |       ENABLE_ARBITRATION_SERVICE
 |       ENABLE_EXTENDED_ROWID
+|       ENCRYPTED
 |       ENCRYPTION
 |       END
 |       ENDS
--- a/src/sql/privilege_check/ob_privilege_check.cpp
+++ b/src/sql/privilege_check/ob_privilege_check.cpp
@ -1711,6 +1711,7 @@ int get_sys_tenant_alter_system_priv(
             stmt::T_BACKUP_MANAGE != basic_stmt->get_stmt_type() &&
             stmt::T_BACKUP_CLEAN != basic_stmt->get_stmt_type() &&
             stmt::T_DELETE_POLICY != basic_stmt->get_stmt_type() &&
+             stmt::T_BACKUP_KEY != basic_stmt->get_stmt_type() &&
             stmt::T_RECOVER != basic_stmt->get_stmt_type()) {
    ret = OB_ERR_NO_PRIVILEGE;
    LOG_WARN("Only sys tenant can do this operation",
--- a/src/sql/resolver/cmd/ob_alter_system_resolver.cpp
+++ b/src/sql/resolver/cmd/ob_alter_system_resolver.cpp
@ -2470,7 +2470,7 @@ int ObPhysicalRestoreTenantResolver::resolve(const ParseNode &parse_tree)
  } else if (OB_UNLIKELY(NULL == parse_tree.children_)) {
    ret = OB_ERR_UNEXPECTED;
    LOG_WARN("children should not be null");
-  } else if (OB_UNLIKELY(6 != parse_tree.num_child_)) {
+  } else if (OB_UNLIKELY(8 != parse_tree.num_child_)) {
    ret = OB_ERR_UNEXPECTED;
    LOG_WARN("num of children not match", K(ret), "child_num", parse_tree.num_child_);
  } else {
@ -2495,7 +2495,31 @@ int ObPhysicalRestoreTenantResolver::resolve(const ParseNode &parse_tree)
          }
        }
      }
-      ParseNode *description_node = parse_tree.children_[4];
+      if (OB_FAIL(ret)) {
+        // do nothing
+      } else if (OB_NOT_NULL(parse_tree.children_[4])
+          && OB_FAIL(Util::resolve_string(parse_tree.children_[4],
+                                          stmt->get_rpc_arg().encrypt_key_))) {
+        LOG_WARN("failed to resolve encrypt key", K(ret));
+      } else if (OB_NOT_NULL(parse_tree.children_[5])) {
+        ParseNode *kms_node = parse_tree.children_[5];
+        if (2 != kms_node->num_child_) {
+          ret = OB_ERR_UNEXPECTED;
+          LOG_WARN("num of children not match", K(ret), "child_num", kms_node->num_child_);
+        } else if (OB_ISNULL(kms_node->children_[0])) {
+          ret = OB_ERR_UNEXPECTED;
+          LOG_WARN("kms uri should not be NULL", K(ret));
+        } else if (OB_FAIL(Util::resolve_string(kms_node->children_[0],
+                                                stmt->get_rpc_arg().kms_uri_))) {
+          LOG_WARN("failed to resolve kms uri", K(ret));
+        } else if (OB_NOT_NULL(kms_node->children_[1])
+            && OB_FAIL(Util::resolve_string(kms_node->children_[1],
+                                            stmt->get_rpc_arg().kms_encrypt_key_))) {
+          LOG_WARN("failed to resolve kms encrypt key", K(ret));
+        }
+      }
+
+      ParseNode *description_node = parse_tree.children_[6];
      if (OB_FAIL(ret)) {
        // do nothing
      } else if (OB_FAIL(Util::resolve_string(parse_tree.children_[3],
@ -2520,8 +2544,8 @@ int ObPhysicalRestoreTenantResolver::resolve(const ParseNode &parse_tree)
      }

      if (OB_SUCC(ret)) {
-        if (6 == parse_tree.num_child_) { // resolve table_list
-          const ParseNode *node = parse_tree.children_[5];
+        if (8 == parse_tree.num_child_) { // resolve table_list
+          const ParseNode *node = parse_tree.children_[7];
          if (OB_ISNULL(node)) {
            stmt->set_is_preview(false);
          } else {
@ -4046,6 +4070,12 @@ int ObDeletePolicyResolver::resolve(const ParseNode &parse_tree)
  return ret;
 }

+int ObBackupKeyResolver::resolve(const ParseNode &parse_tree)
+{
+  int ret = OB_ERR_PARSE_SQL;
+  return ret;
+}
+
 int ObBackupArchiveLogResolver::resolve(const ParseNode &parse_tree)
 {
  int ret = OB_SUCCESS;
--- a/src/sql/resolver/cmd/ob_alter_system_resolver.h
+++ b/src/sql/resolver/cmd/ob_alter_system_resolver.h
@ -228,6 +228,7 @@ DEF_SIMPLE_CMD_RESOLVER(ObBackupDatabaseResolver);
 DEF_SIMPLE_CMD_RESOLVER(ObBackupManageResolver);
 DEF_SIMPLE_CMD_RESOLVER(ObBackupCleanResolver);
 DEF_SIMPLE_CMD_RESOLVER(ObDeletePolicyResolver);
+DEF_SIMPLE_CMD_RESOLVER(ObBackupKeyResolver);
 DEF_SIMPLE_CMD_RESOLVER(ObEnableSqlThrottleResolver);
 DEF_SIMPLE_CMD_RESOLVER(ObDisableSqlThrottleResolver);
 DEF_SIMPLE_CMD_RESOLVER(ObSetRegionBandwidthResolver);
--- a/src/sql/resolver/cmd/ob_alter_system_stmt.h
+++ b/src/sql/resolver/cmd/ob_alter_system_stmt.h
@ -1093,6 +1093,45 @@ private:
  DISALLOW_COPY_AND_ASSIGN(ObDeletePolicyStmt);
 };

+class ObBackupKeyStmt : public ObSystemCmdStmt
+{
+public:
+  ObBackupKeyStmt()
+    : ObSystemCmdStmt(stmt::T_BACKUP_KEY),
+      tenant_id_(OB_INVALID_TENANT_ID),
+      backup_dest_()
+  {
+  }
+  virtual ~ObBackupKeyStmt() {}
+
+  uint64 get_tenant_id() const { return tenant_id_; }
+  const share::ObBackupPathString &get_backup_dest() const { return backup_dest_; }
+  const ObString &get_encrypt_key() const { return encrypt_key_; }
+  int set_param(const uint64_t tenant_id,
+                const share::ObBackupPathString &backup_dest,
+                const ObString &encrypt_key)
+  {
+    int ret = common::OB_SUCCESS;
+    if (OB_INVALID_ID == tenant_id) {
+      ret = OB_INVALID_ARGUMENT;
+	    COMMON_LOG(WARN, "invalid args", K(tenant_id));
+    } else if (OB_FAIL(backup_dest_.assign(backup_dest))) {
+      COMMON_LOG(WARN, "set backup dest failed", K(backup_dest));
+    } else {
+      tenant_id_ = tenant_id;
+      encrypt_key_ = encrypt_key;
+    }
+    return ret;
+  }
+
+  TO_STRING_KV(N_STMT_TYPE, ((int)stmt_type_), K_(tenant_id), K_(backup_dest));
+
+private:
+  uint64_t tenant_id_;
+  share::ObBackupPathString backup_dest_;
+  ObString encrypt_key_;
+};
+
 class ObBackupSetEncryptionStmt : public ObSystemCmdStmt
 {
 public:
--- a/src/sql/resolver/ob_resolver.cpp
+++ b/src/sql/resolver/ob_resolver.cpp
@ -986,6 +986,10 @@ int ObResolver::resolve(IsPrepared if_prepared, const ParseNode &parse_tree, ObS
        REGISTER_STMT_RESOLVER(BackupDatabase);
        break;
      }
+      case T_BACKUP_KEY: {
+        REGISTER_STMT_RESOLVER(BackupKey);
+        break;
+      }
      case T_BACKUP_MANAGE: {
        REGISTER_STMT_RESOLVER(BackupManage);
        break;
--- a/src/sql/resolver/ob_stmt_type.h
+++ b/src/sql/resolver/ob_stmt_type.h
@ -280,6 +280,7 @@ OB_STMT_TYPE_DEF_UNKNOWN_AT(T_ADD_ARBITRATION_SERVICE, get_sys_tenant_alter_syst
 OB_STMT_TYPE_DEF_UNKNOWN_AT(T_REMOVE_ARBITRATION_SERVICE, get_sys_tenant_alter_system_priv, 281)
 OB_STMT_TYPE_DEF_UNKNOWN_AT(T_REPLACE_ARBITRATION_SERVICE, get_sys_tenant_alter_system_priv, 282)
 OB_STMT_TYPE_DEF_UNKNOWN_AT(T_SHOW_SEQUENCES, err_stmt_type_priv, 283)
+OB_STMT_TYPE_DEF_UNKNOWN_AT(T_BACKUP_KEY, get_sys_tenant_alter_system_priv, 284)

 OB_STMT_TYPE_DEF_UNKNOWN_AT(T_MAX, err_stmt_type_priv, 500)
 #endif