One transaction per encrypt/decrypt batch
Previously, there was one (potentially quite large) transaction across all batches of templates and resources when encrypting/decrypting parameters and properties data via the rpc api. Change-Id: Iba10b7c9e88a1ae3d94ab9ddf4a8e362e72c0d50
This commit is contained in:
parent
18a7e238c9
commit
f3e6f47661
|
@ -1401,18 +1401,21 @@ def db_version(engine):
|
|||
def _db_encrypt_or_decrypt_template_params(
|
||||
ctxt, encryption_key, encrypt=False, batch_size=50, verbose=False):
|
||||
from heat.engine import template
|
||||
session = ctxt.session
|
||||
if encrypt:
|
||||
crypt_action = _('encrypt')
|
||||
else:
|
||||
crypt_action = _('decrypt')
|
||||
|
||||
excs = []
|
||||
with db_context.writer.independent.using(ctxt) as session:
|
||||
query = session.query(models.RawTemplate)
|
||||
|
||||
for raw_template in _get_batch(
|
||||
session=session, ctxt=ctxt, query=query,
|
||||
model=models.RawTemplate, batch_size=batch_size):
|
||||
template_batches = _get_batch(
|
||||
session, ctxt=ctxt, query=query, model=models.RawTemplate,
|
||||
batch_size=batch_size)
|
||||
next_batch = list(itertools.islice(template_batches, batch_size))
|
||||
while next_batch:
|
||||
with session.begin(subtransactions=True):
|
||||
for raw_template in next_batch:
|
||||
try:
|
||||
if verbose:
|
||||
LOG.info(_LI("Processing raw_template %(id)d..."),
|
||||
|
@ -1441,14 +1444,14 @@ def _db_encrypt_or_decrypt_template_params(
|
|||
param_name not in param_schemata or
|
||||
not param_schemata[param_name].hidden):
|
||||
continue
|
||||
encrypted_val = crypt.encrypt(six.text_type(param_val),
|
||||
encryption_key)
|
||||
encrypted_val = crypt.encrypt(
|
||||
six.text_type(param_val), encryption_key)
|
||||
env['parameters'][param_name] = encrypted_val
|
||||
encrypted_params.append(param_name)
|
||||
needs_update = True
|
||||
if needs_update:
|
||||
environment = env.copy()
|
||||
environment['encrypted_param_names'] = encrypted_params
|
||||
newenv = env.copy()
|
||||
newenv['encrypted_param_names'] = encrypted_params
|
||||
else: # decrypt
|
||||
for param_name in encrypted_params:
|
||||
method, value = env['parameters'][param_name]
|
||||
|
@ -1457,12 +1460,12 @@ def _db_encrypt_or_decrypt_template_params(
|
|||
env['parameters'][param_name] = decrypted_val
|
||||
needs_update = True
|
||||
if needs_update:
|
||||
environment = env.copy()
|
||||
environment['encrypted_param_names'] = []
|
||||
newenv = env.copy()
|
||||
newenv['encrypted_param_names'] = []
|
||||
|
||||
if needs_update:
|
||||
raw_template_update(ctxt, raw_template.id,
|
||||
{'environment': environment})
|
||||
{'environment': newenv})
|
||||
except Exception as exc:
|
||||
LOG.exception(
|
||||
_LE('Failed to %(crypt_action)s parameters of raw '
|
||||
|
@ -1476,6 +1479,7 @@ def _db_encrypt_or_decrypt_template_params(
|
|||
"raw_template %(id)d."),
|
||||
{'id': raw_template.id,
|
||||
'crypt_action': crypt_action})
|
||||
next_batch = list(itertools.islice(template_batches, batch_size))
|
||||
return excs
|
||||
|
||||
|
||||
|
@ -1491,9 +1495,13 @@ def _db_encrypt_or_decrypt_resource_prop_data(
|
|||
# so update those as needed
|
||||
query = session.query(models.Resource).filter(
|
||||
models.Resource.properties_data_encrypted.isnot(encrypt))
|
||||
for resource in _get_batch(
|
||||
resource_batches = _get_batch(
|
||||
session=session, ctxt=ctxt, query=query, model=models.Resource,
|
||||
batch_size=batch_size):
|
||||
batch_size=batch_size)
|
||||
next_batch = list(itertools.islice(resource_batches, batch_size))
|
||||
while next_batch:
|
||||
with session.begin(subtransactions=True):
|
||||
for resource in next_batch:
|
||||
if not resource.properties_data:
|
||||
continue
|
||||
try:
|
||||
|
@ -1511,15 +1519,17 @@ def _db_encrypt_or_decrypt_resource_prop_data(
|
|||
'properties_data_encrypted': encrypt},
|
||||
resource.atomic_key)
|
||||
except Exception as exc:
|
||||
LOG.exception(_LE('Failed to %(crypt_action)s properties_data of '
|
||||
'resource %(id)d') %
|
||||
{'id': resource.id, 'crypt_action': crypt_action})
|
||||
LOG.exception(_LE('Failed to %(crypt_action)s '
|
||||
'properties_data of resource %(id)d') %
|
||||
{'id': resource.id,
|
||||
'crypt_action': crypt_action})
|
||||
excs.append(exc)
|
||||
continue
|
||||
finally:
|
||||
if verbose:
|
||||
LOG.info(_LI("Finished processing resource "
|
||||
"%(id)d."), {'id': resource.id})
|
||||
next_batch = list(itertools.islice(resource_batches, batch_size))
|
||||
return excs
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue