in encryption/src/main/java/org/apache/solr/encryption/EncryptionMergePolicy.java [53:88]
public MergeSpecification findForcedMerges(SegmentInfos segmentInfos,
int maxSegmentCount,
Map<SegmentCommitInfo,Boolean> segmentsToMerge,
MergeContext mergeContext) throws IOException {
if (maxSegmentCount != Integer.MAX_VALUE) {
return super.findForcedMerges(segmentInfos, maxSegmentCount, segmentsToMerge, mergeContext);
}
if (segmentInfos.size() == 0) {
return null;
}
//TODO: this does not seem to work correctly under heavy concurrent load.
Directory dir = segmentInfos.info(0).info.dir;
if (!(dir instanceof EncryptionDirectory)) {
// This may happen if the DirectoryFactory configured is not the EncryptionDirectoryFactory,
// but this is a misconfiguration. Let's log a warning.
log.warn("{} is configured whereas {} is not set; check the DirectoryFactory configuration",
getClass().getName(), EncryptionDirectoryFactory.class.getName());
return super.findForcedMerges(segmentInfos, maxSegmentCount, segmentsToMerge, mergeContext);
}
String keyRef = getActiveKeyRefFromCommit(segmentInfos.getUserData());
String activeKeyId = keyRef == null ? null : getKeyIdFromCommit(keyRef, segmentInfos.getUserData());
List<SegmentCommitInfo> segmentsWithOldKeyId = ((EncryptionDirectory) dir).getSegmentsWithOldKeyId(segmentInfos, activeKeyId);
if (segmentsWithOldKeyId.isEmpty()) {
return null;
}
// The goal is to rewrite each segment encrypted with an old key, so that it is re-encrypted
// with the latest active encryption key.
// Create a MergeSpecification containing multiple OneMerge, a OneMerge for each segment.
MergeSpecification spec = new MergeSpecification();
for (SegmentCommitInfo segmentInfo : segmentsWithOldKeyId) {
spec.add(new OneMerge(Collections.singletonList(segmentInfo)));
}
return spec;
}