mirror of
https://github.com/zrepl/zrepl.git
synced 2024-11-29 20:04:55 +01:00
2d8c3692ec
Before this change, resuming from an unencrypted dataset with send.raw=true specified wouldn't work with zrepl due to overly restrictive resume token checking. An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503 but it didn't address the core of the problem. The core of the problem was that zrepl assumed that if a resume token contained `rawok=true, compressok=true`, the resulting send would be encrypted. But if the sender dataset was unencrypted, such a resume would actually result in an unencrypted send. Which could be totally legitimate but zrepl failed to recognize that. BACKGROUND ========== The following snippets of OpenZFS code are insightful regarding how the various ${X}ok values in the resume token are handled: -6c3c5fcfbe/module/zfs/dmu_send.c (L1947-L2012)
-6c3c5fcfbe/module/zfs/dmu_recv.c (L877-L891)
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672 Basically, some zfs send flags make the DMU send code set some DMU send stream featureflags, although it's not a pure mapping, i.e, which DMU send stream flags are used depends somewhat on the dataset (e.g., is it encrypted or not, or, does it use zstd or not). Then, the receiver looks at some (but not all) feature flags and maps them to ${X}ok dataset zap attributes. These are funnelled back to the sender 1:1 through the resume_token. And the sender turns them into lzc flags. As an example, let's look at zfs send --raw. if the sender requests a raw send on an unencrypted dataset, the send stream (and hence the resume token) will not have the raw stream featureflag set, and hence the resume token will not have the rawok field set. Instead, it will have compressok, embedok, and depending on whether large blocks are present in the dataset, largeblockok set. WHAT'S ZREPL'S ROLE IN THIS? ============================ zrepl provides a virtual encrypted sendflag that is like `raw`, but further ensures that we only send encrypted datasets. For any other resume token stuff, it shoudn't do any checking, because it's a futile effort to keep up with ZFS send/recv features that are orthogonal to encryption. CHANGES MADE IN THIS COMMIT =========================== - Rip out a bunch of needless checking that zrepl would do during planning. These checks were there to give better error messages, but actually, the error messages created by the endpoint.Sender.Send RPC upon send args validation failure are good enough. - Add platformtests to validate all combinations of (Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false) for cases both non-resuming and resuming send. Additional manual testing done: 1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified. 2. Observe that regular non-resuming send works, but resuming doesn't work. 3. Upgrade zrepl to this change. 4. Observe that both regular and resuming send works. closes https://github.com/zrepl/zrepl/pull/613
215 lines
6.2 KiB
Go
215 lines
6.2 KiB
Go
// Code generated by protoc-gen-go. DO NOT EDIT.
|
|
// versions:
|
|
// protoc-gen-go v1.25.0
|
|
// protoc v3.14.0
|
|
// source: grpcauth.proto
|
|
|
|
package pdu
|
|
|
|
import (
|
|
proto "github.com/golang/protobuf/proto"
|
|
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
|
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
|
reflect "reflect"
|
|
sync "sync"
|
|
)
|
|
|
|
const (
|
|
// Verify that this generated code is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
|
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
|
)
|
|
|
|
// This is a compile-time assertion that a sufficiently up-to-date version
|
|
// of the legacy proto package is being used.
|
|
const _ = proto.ProtoPackageIsVersion4
|
|
|
|
type GreetRequest struct {
|
|
state protoimpl.MessageState
|
|
sizeCache protoimpl.SizeCache
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
|
|
}
|
|
|
|
func (x *GreetRequest) Reset() {
|
|
*x = GreetRequest{}
|
|
if protoimpl.UnsafeEnabled {
|
|
mi := &file_grpcauth_proto_msgTypes[0]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
}
|
|
|
|
func (x *GreetRequest) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*GreetRequest) ProtoMessage() {}
|
|
|
|
func (x *GreetRequest) ProtoReflect() protoreflect.Message {
|
|
mi := &file_grpcauth_proto_msgTypes[0]
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use GreetRequest.ProtoReflect.Descriptor instead.
|
|
func (*GreetRequest) Descriptor() ([]byte, []int) {
|
|
return file_grpcauth_proto_rawDescGZIP(), []int{0}
|
|
}
|
|
|
|
func (x *GreetRequest) GetName() string {
|
|
if x != nil {
|
|
return x.Name
|
|
}
|
|
return ""
|
|
}
|
|
|
|
type GreetResponse struct {
|
|
state protoimpl.MessageState
|
|
sizeCache protoimpl.SizeCache
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
Msg string `protobuf:"bytes,1,opt,name=msg,proto3" json:"msg,omitempty"`
|
|
}
|
|
|
|
func (x *GreetResponse) Reset() {
|
|
*x = GreetResponse{}
|
|
if protoimpl.UnsafeEnabled {
|
|
mi := &file_grpcauth_proto_msgTypes[1]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
}
|
|
|
|
func (x *GreetResponse) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*GreetResponse) ProtoMessage() {}
|
|
|
|
func (x *GreetResponse) ProtoReflect() protoreflect.Message {
|
|
mi := &file_grpcauth_proto_msgTypes[1]
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use GreetResponse.ProtoReflect.Descriptor instead.
|
|
func (*GreetResponse) Descriptor() ([]byte, []int) {
|
|
return file_grpcauth_proto_rawDescGZIP(), []int{1}
|
|
}
|
|
|
|
func (x *GreetResponse) GetMsg() string {
|
|
if x != nil {
|
|
return x.Msg
|
|
}
|
|
return ""
|
|
}
|
|
|
|
var File_grpcauth_proto protoreflect.FileDescriptor
|
|
|
|
var file_grpcauth_proto_rawDesc = []byte{
|
|
0x0a, 0x0e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
|
|
0x12, 0x03, 0x70, 0x64, 0x75, 0x22, 0x22, 0x0a, 0x0c, 0x47, 0x72, 0x65, 0x65, 0x74, 0x52, 0x65,
|
|
0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
|
|
0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x21, 0x0a, 0x0d, 0x47, 0x72, 0x65,
|
|
0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x73,
|
|
0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6d, 0x73, 0x67, 0x32, 0x3b, 0x0a, 0x07,
|
|
0x47, 0x72, 0x65, 0x65, 0x74, 0x65, 0x72, 0x12, 0x30, 0x0a, 0x05, 0x47, 0x72, 0x65, 0x65, 0x74,
|
|
0x12, 0x11, 0x2e, 0x70, 0x64, 0x75, 0x2e, 0x47, 0x72, 0x65, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75,
|
|
0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x70, 0x64, 0x75, 0x2e, 0x47, 0x72, 0x65, 0x65, 0x74, 0x52,
|
|
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x07, 0x5a, 0x05, 0x2e, 0x3b, 0x70,
|
|
0x64, 0x75, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
|
}
|
|
|
|
var (
|
|
file_grpcauth_proto_rawDescOnce sync.Once
|
|
file_grpcauth_proto_rawDescData = file_grpcauth_proto_rawDesc
|
|
)
|
|
|
|
func file_grpcauth_proto_rawDescGZIP() []byte {
|
|
file_grpcauth_proto_rawDescOnce.Do(func() {
|
|
file_grpcauth_proto_rawDescData = protoimpl.X.CompressGZIP(file_grpcauth_proto_rawDescData)
|
|
})
|
|
return file_grpcauth_proto_rawDescData
|
|
}
|
|
|
|
var file_grpcauth_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
|
|
var file_grpcauth_proto_goTypes = []interface{}{
|
|
(*GreetRequest)(nil), // 0: pdu.GreetRequest
|
|
(*GreetResponse)(nil), // 1: pdu.GreetResponse
|
|
}
|
|
var file_grpcauth_proto_depIdxs = []int32{
|
|
0, // 0: pdu.Greeter.Greet:input_type -> pdu.GreetRequest
|
|
1, // 1: pdu.Greeter.Greet:output_type -> pdu.GreetResponse
|
|
1, // [1:2] is the sub-list for method output_type
|
|
0, // [0:1] is the sub-list for method input_type
|
|
0, // [0:0] is the sub-list for extension type_name
|
|
0, // [0:0] is the sub-list for extension extendee
|
|
0, // [0:0] is the sub-list for field type_name
|
|
}
|
|
|
|
func init() { file_grpcauth_proto_init() }
|
|
func file_grpcauth_proto_init() {
|
|
if File_grpcauth_proto != nil {
|
|
return
|
|
}
|
|
if !protoimpl.UnsafeEnabled {
|
|
file_grpcauth_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
|
|
switch v := v.(*GreetRequest); i {
|
|
case 0:
|
|
return &v.state
|
|
case 1:
|
|
return &v.sizeCache
|
|
case 2:
|
|
return &v.unknownFields
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
file_grpcauth_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
|
|
switch v := v.(*GreetResponse); i {
|
|
case 0:
|
|
return &v.state
|
|
case 1:
|
|
return &v.sizeCache
|
|
case 2:
|
|
return &v.unknownFields
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
}
|
|
type x struct{}
|
|
out := protoimpl.TypeBuilder{
|
|
File: protoimpl.DescBuilder{
|
|
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
|
RawDescriptor: file_grpcauth_proto_rawDesc,
|
|
NumEnums: 0,
|
|
NumMessages: 2,
|
|
NumExtensions: 0,
|
|
NumServices: 1,
|
|
},
|
|
GoTypes: file_grpcauth_proto_goTypes,
|
|
DependencyIndexes: file_grpcauth_proto_depIdxs,
|
|
MessageInfos: file_grpcauth_proto_msgTypes,
|
|
}.Build()
|
|
File_grpcauth_proto = out.File
|
|
file_grpcauth_proto_rawDesc = nil
|
|
file_grpcauth_proto_goTypes = nil
|
|
file_grpcauth_proto_depIdxs = nil
|
|
}
|