diff --git a/src/replica/replica_stub.cpp b/src/replica/replica_stub.cpp index b476fd9117..74d6a041cb 100644 --- a/src/replica/replica_stub.cpp +++ b/src/replica/replica_stub.cpp @@ -41,7 +41,7 @@ #include #include -#include "absl/strings/str_cat.h" +#include "absl/strings/string_view.h" #include "backup/replica_backup_server.h" #include "bulk_load/replica_bulk_loader.h" #include "common/backup_common.h" @@ -58,7 +58,9 @@ #include "perf_counter/perf_counter.h" #include "replica.h" #include "replica/duplication/replica_follower.h" +#include "replica/key_provider.h" #include "replica/log_file.h" +#include "replica/pegasus_kms_key_provider.h" #include "replica/replica_context.h" #include "replica/replica_stub.h" #include "replica/replication_app_base.h" @@ -69,7 +71,6 @@ #include "runtime/rpc/serialization.h" #include "runtime/security/access_controller.h" #include "runtime/task/async_calls.h" -#include "replica/pegasus_kms_key_provider.h" #include "split/replica_split_manager.h" #include "utils/command_manager.h" #include "utils/errors.h" @@ -79,7 +80,6 @@ #include "utils/process_utils.h" #include "utils/rand.h" #include "utils/string_conv.h" -#include "absl/strings/string_view.h" #include "utils/strings.h" #include "utils/synchronize.h" #ifdef DSN_ENABLE_GPERF @@ -651,10 +651,9 @@ void replica_stub::initialize(const replication_options &opts, bool clear /* = f std::string key_version; std::string server_key; // get and store eek from kms - if (key_provider) { + if (key_provider && !utils::is_empty(FLAGS_hadoop_kms_url)) { get_kms_key(_options.data_dirs[0], &encryption_key, &iv, &key_version); if (encryption_key.empty()) { - CHECK(key_provider, "invalid kms url ({})", FLAGS_hadoop_kms_url); CHECK(key_provider->GenerateEncryptionKey(&encryption_key, &iv, &key_version), "get encryption key failed"); } @@ -666,7 +665,7 @@ void replica_stub::initialize(const replication_options &opts, bool clear /* = f // Initialize the file system manager. _fs_manager.initialize(_options.data_dirs, _options.data_dir_tags); - if (key_provider) { + if (key_provider && !utils::is_empty(FLAGS_hadoop_kms_url)) { CHECK(store_kms_key(_options.data_dirs[0], encryption_key, iv, key_version), "Cant store kms key"); } diff --git a/src/replica/replica_stub.h b/src/replica/replica_stub.h index c116f715ee..bd3a09c8df 100644 --- a/src/replica/replica_stub.h +++ b/src/replica/replica_stub.h @@ -64,7 +64,6 @@ #include "runtime/task/task.h" #include "runtime/task/task_code.h" #include "runtime/task/task_tracker.h" -#include "replica/pegasus_kms_key_provider.h" #include "utils/autoref_ptr.h" #include "utils/error_code.h" #include "utils/flags.h" @@ -76,6 +75,10 @@ class command_deregister; class message_ex; class nfs_node; +namespace security { +class KeyProvider; +} // namespace security + namespace service { class copy_request; class copy_response; diff --git a/src/runtime/security/kms_client.cpp b/src/runtime/security/kms_client.cpp index c5b5172b96..80319d1798 100644 --- a/src/runtime/security/kms_client.cpp +++ b/src/runtime/security/kms_client.cpp @@ -15,6 +15,10 @@ // specific language governing permissions and limitations // under the License. +#include +#include +#include +#include #include #include @@ -23,7 +27,10 @@ #include "http/http_client.h" #include "http/http_method.h" #include "nlohmann/json.hpp" +#include "nlohmann/json_fwd.hpp" #include "runtime/security/kms_client.h" +#include "utils/error_code.h" +#include "utils/fmt_logging.h" namespace dsn { namespace security { diff --git a/src/runtime/security/kms_client.h b/src/runtime/security/kms_client.h index ee6f3cd166..3d51fd08b6 100644 --- a/src/runtime/security/kms_client.h +++ b/src/runtime/security/kms_client.h @@ -22,7 +22,6 @@ #include #include "absl/strings/str_split.h" -#include "http/http_client.h" #include "utils/errors.h" namespace dsn {