[FEAT MERGE] 开源裁减颗粒度优化

Co-authored-by: nroskill <nroskill@gmail.com>
Co-authored-by: akaError <lzg020616@163.com>
Co-authored-by: yinyj17 <yinyijun92@gmail.com>

src/sql/code_generator/ob_dml_cg_service.cpp

@@ -28,6 +28,9 @@
 #include "sql/optimizer/ob_log_plan.h"
 #include "sql/optimizer/ob_log_update.h"
 #include "sql/engine/expr/ob_expr_calc_partition_id.h"
+#ifdef OB_BUILD_TDE_SECURITY
+#include "share/ob_master_key_getter.h"
+#endif
 
 namespace oceanbase
 {
@@ -1325,6 +1328,32 @@ int ObDmlCgService::generate_das_dml_ctdef(ObLogDelUpd &op,
     das_dml_ctdef.tz_info_ = *session->get_tz_info_wrap().get_time_zone_info();
     das_dml_ctdef.is_total_quantity_log_ = (ObBinlogRowImage::FULL == binlog_row_image);
   }
+#ifdef OB_BUILD_TDE_SECURITY
+  // generate encrypt_meta for table
+  if (OB_SUCC(ret)) {
+    ObSchemaGetterGuard *schema_guard = NULL;
+    const share::schema::ObTableSchema *table_schema = NULL;
+    if (OB_ISNULL(schema_guard = op.get_plan()
+                  ->get_optimizer_context().get_schema_guard())) {
+      ret = OB_ERR_UNEXPECTED;
+      LOG_WARN("NULL schema guard", K(ret));
+    } else if (OB_FAIL(schema_guard->get_table_schema(MTL_ID(), index_tid, table_schema))) {
+      LOG_WARN("get schema fail", KR(ret), K(index_tid));
+    } else if (OB_ISNULL(table_schema)) {
+      ret = OB_TABLE_NOT_EXIST;
+      LOG_WARN("table not exist", KR(ret), K(index_tid));
+    } else {
+      ObArray<transaction::ObEncryptMetaCache> metas;
+      if (OB_FAIL(init_encrypt_metas_(table_schema, schema_guard, metas))) {
+        LOG_WARN("init table encrypt meta fail", KR(ret));
+      } else if (metas.count() == 0)  {
+        das_dml_ctdef.encrypt_meta_.reset();
+      } else if (OB_FAIL(das_dml_ctdef.encrypt_meta_.assign(metas))) {
+        LOG_WARN("assign encrypt meta fail", KR(ret), K(index_tid), K(metas));
+      }
+    }
+  }
+#endif
   return ret;
 }
 
@@ -2802,5 +2831,113 @@ int ObDmlCgService::convert_foreign_keys(ObLogDelUpd &op,
   return ret;
 }
 
+#ifdef OB_BUILD_TDE_SECURITY
+int ObDmlCgService::init_encrypt_metas_(
+    const share::schema::ObTableSchema *table_schema,
+    share::schema::ObSchemaGetterGuard *guard,
+    ObIArray<transaction::ObEncryptMetaCache> &meta_array)
+{
+  int ret = OB_SUCCESS;
+  if (OB_ISNULL(table_schema) || OB_ISNULL(guard)) {
+    ret = OB_INVALID_ARGUMENT;
+    LOG_WARN("table schema is invalid", K(ret));
+  } else if (OB_FAIL(init_encrypt_table_meta_(table_schema, guard, meta_array))) {
+    LOG_WARN("fail to init encrypt_table_meta", KPC(table_schema), K(ret));
+  } else if (!table_schema->is_user_table()) {
+    /*do nothing*/
+  } else {
+    ObSEArray<ObAuxTableMetaInfo, 16> simple_index_infos;
+    const ObTableSchema *index_schema = nullptr;
+    if (OB_FAIL(table_schema->get_simple_index_infos(simple_index_infos))) {
+      LOG_WARN("get simple_index_infos failed", K(ret));
+    }
+    for (int i = 0; i < simple_index_infos.count() && OB_SUCC(ret); ++i) {
+      if (OB_FAIL(guard->get_table_schema(
+                  table_schema->get_tenant_id(),
+                  simple_index_infos.at(i).table_id_, index_schema))) {
+        LOG_WARN("fail to get table schema", K(ret));
+      } else if (OB_ISNULL(index_schema)) {
+        ret = OB_SCHEMA_ERROR;
+        LOG_WARN("index schema not exist", K(simple_index_infos.at(i).table_id_), K(ret));
+      } else if (!index_schema->is_index_local_storage()) {
+        // do nothing
+      } else if (OB_FAIL(init_encrypt_table_meta_(index_schema, guard, meta_array))) {
+        LOG_WARN("fail to init encrypt_table_meta", KPC(index_schema), K(ret));
+      }
+    }
+  }
+  return ret;
+}
+
+int ObDmlCgService::init_encrypt_table_meta_(
+    const share::schema::ObTableSchema *table_schema,
+    share::schema::ObSchemaGetterGuard *guard,
+    ObIArray<transaction::ObEncryptMetaCache>&meta_array)
+{
+  int ret = OB_SUCCESS;
+  transaction::ObEncryptMetaCache meta_cache;
+  char master_key[OB_MAX_MASTER_KEY_LENGTH];
+  char random_string[OB_CLOG_ENCRYPT_RANDOM_LEN];
+  int64_t master_key_length = 0;
+  if (OB_ISNULL(table_schema) || OB_ISNULL(guard)) {
+    ret = OB_INVALID_ARGUMENT;
+    LOG_WARN("table schema is invalid", K(ret));
+  } else if (!(table_schema->need_encrypt() && table_schema->get_master_key_id() > 0 &&
+               table_schema->get_encrypt_key_len() > 0)) {
+    // do nothing
+  } else if (OB_FAIL(table_schema->get_encryption_id(meta_cache.meta_.encrypt_algorithm_))) {
+    LOG_WARN("fail to get encryption id", K(ret));
+  } else {
+    if (table_schema->is_index_local_storage()) {
+      meta_cache.table_id_ = table_schema->get_data_table_id();
+      meta_cache.local_index_id_ = table_schema->get_table_id();
+    } else {
+      meta_cache.table_id_ = table_schema->get_table_id();
+    }
+    meta_cache.meta_.tenant_id_ = table_schema->get_tenant_id();
+    meta_cache.meta_.master_key_version_ = table_schema->get_master_key_id();
+    if (OB_FAIL(meta_cache.meta_.encrypted_table_key_.set_content(
+        table_schema->get_encrypt_key()))) {
+      LOG_WARN("fail to assign encrypt key", K(ret));
+    } else if (OB_FAIL(share::ObKeyGenerator::generate_encrypt_key(
+                  random_string, OB_CLOG_ENCRYPT_RANDOM_LEN))) {
+      LOG_WARN("fail to generate random string", K(ret));
+    } else if (OB_FAIL(meta_cache.meta_.random_.set_content(ObString(
+                  OB_CLOG_ENCRYPT_RANDOM_LEN, random_string)))) {
+      LOG_WARN("fail to assign random string", K(ret));
+    }
+    #ifdef ERRSIM
+      else if (OB_FAIL(OB_E(EventTable::EN_ENCRYPT_GET_MASTER_KEY_FAILED) OB_SUCCESS)) {
+      LOG_WARN("ERRSIM, fail to get master key", K(ret));
+    }
+    #endif
+      else if (OB_FAIL(share::ObMasterKeyGetter::get_master_key(table_schema->get_tenant_id(),
+                  table_schema->get_master_key_id(),
+                  master_key, OB_MAX_MASTER_KEY_LENGTH, master_key_length))) {
+      LOG_WARN("fail to get master key", K(ret));
+      // 如果在cg阶段获取主密钥失败了, 有可能是因为RS执行内部sql没有租户资源引起的.
+      // 在没有租户资源的情况下获取主密钥, 获取加密租户配置项时会失败
+      // 在这种情况下, 我们认为这里是合理的, 缓存中可以不保存主密钥内容
+      // cg阶段获取主密钥的任何失败我们可以接受
+      // 兜底是执行期再次获取, 再次获取成功了则继续往下走, 失败了则报错出来.
+      // 见bug
+      ret = OB_SUCCESS;
+    } else if (OB_FAIL(meta_cache.meta_.master_key_.set_content(ObString(
+                  master_key_length, master_key)))) {
+      LOG_WARN("fail to assign master_key", K(ret));
+    } else if (OB_FAIL(ObEncryptionUtil::decrypt_table_key(meta_cache.meta_,
+                                                           meta_cache.meta_.encrypted_table_key_.ptr(),
+                                                           meta_cache.meta_.encrypted_table_key_.size()))) {
+      LOG_WARN("failed to decrypt_table_key", K(ret));
+    } else {/*do nothing*/}
+
+    if (OB_FAIL(ret)) {
+    } else if (OB_FAIL(meta_array.push_back(meta_cache))) {
+      LOG_WARN("fail to push back meta array", K(ret));
+    }
+  }
+  return ret;
+}
+#endif
 }  // namespace sql
 }  // namespace oceanbase