feat(encryption): add kms key management

src/security/kms_client.cpp

@@ -76,7 +76,7 @@ dsn::error_s kms_client::DecryptEncryptionKey(const dsn::replication::kms_info &
         }
         RETURN_NOT_OK(err);
         http_status_code http_status;
-        client.get_http_status(http_status);
+        RETURN_NOT_OK(client.get_http_status(http_status));
         if (http_status != http_status_code::kOk) {
             LOG_WARNING("The http status is ({}), and url is ({})",
                         get_http_status_message(http_status),
@@ -126,13 +126,13 @@ dsn::error_s kms_client::GenerateEncryptionKeyFromKMS(const std::string &key_nam
         RETURN_NOT_OK(client.set_url(url));
         RETURN_NOT_OK(client.with_get_method());
         std::string resp;
-        auto err = client.exec_method(&resp);
+        const auto &err = client.exec_method(&resp);
         if (err.code() == ERR_NETWORK_FAILURE || err.code() == ERR_TIMEOUT) {
             continue;
         }
         RETURN_NOT_OK(err);
         http_status_code http_status;
-        client.get_http_status(http_status);
+        RETURN_NOT_OK(client.get_http_status(http_status));
         if (http_status != http_status_code::kOk) {
             LOG_WARNING("The http status is ({}), and url is ({})",
                         get_http_status_message(http_status),

src/utils/env.cpp

@@ -62,9 +62,9 @@ rocksdb::Env *NewEncryptedEnv()
 {
     // Create an encryption provider.
     std::shared_ptr<rocksdb::EncryptionProvider> provider;
-    auto provider_id = fmt::format(
+    const auto &provider_id = fmt::format(
         "id=AES;hex_instance_key={};method={}", FLAGS_server_key, FLAGS_encryption_method);
-    auto s = rocksdb::EncryptionProvider::CreateFromString(
+    const auto &s = rocksdb::EncryptionProvider::CreateFromString(
         rocksdb::ConfigOptions(), provider_id, &provider);
     CHECK(s.ok(), "Failed to create encryption provider: {}", s.ToString());