foundationdb

Commit Graph

Author	SHA1	Message	Date
Ata E Husain Bohra	91fc3fef4a	[EAR]: Remove usage of EncryptDomainName for Encryption at-rest operations (#8715 ) * [EAR]: Remove usage of EncryptDomainName for Encryption at-rest operations Description diff-1: Address review comments EncryptDomainName is an auxillary information, given EAR encryption domain matches with Tenants, EncryptDomainName maps to TenantName in the current code. However, this mapping adds EAR depedency has multiple drawbacks: 1. In some scenarios obtaning consistent mapping of TenantId <-> TenantName is difficult to maintain. For instance: StorageServer (SS) TLog mutation pop loop, it is possible that same commit batch contains: TenantMap update mutation as well as a Tenant user mutation. SS would parse TenantMap update mutation (FDB System Keyspace encryption domain), process the mutation, but, doesn't apply it to the process local TenantMap. SS then attempts to process, Tenant user mutation and fails to decrypt the mutation given TenantMetadaMap isn't updated yet. 2. FDB codebase uses EncryptDomainId matching TenantId, TenantName is used as an auxillary information source and feels better to be handled by an external KMS. Major changes include: 1. EAR to remove TenantName dependency across all participating processes such as: CommitProxy, Redwood, BlobGranule and Backup agent. 2. Update EKP and KmsConnector APIs to avoid relying on "domainName" information being passed around to external KMS EAR endpoints. Testing devRunCorrectness - 100K EncryptKeyProxyTest - 100K EncryptionOps Test - 100K	2022-11-16 10:26:39 -08:00
Josh Slocum	4d3553481f	Blob connection provider test (#8478 ) * Refactoring test blob metadata creation * Implementing BlobConnectionProviderTest * createRandomTestBlobMetadata supports blobstore and works outside simulation	2022-10-27 10:44:06 -05:00

Author

SHA1

Message

Date

Ata E Husain Bohra

91fc3fef4a

[EAR]: Remove usage of EncryptDomainName for Encryption at-rest operations (#8715 )

* [EAR]: Remove usage of EncryptDomainName for Encryption at-rest operations

Description

 diff-1: Address review comments

EncryptDomainName is an auxillary information, given EAR encryption domain
matches with Tenants, EncryptDomainName maps to TenantName in the current
code. However, this mapping adds EAR depedency has multiple drawbacks:
1. In some scenarios obtaning consistent mapping of TenantId <-> TenantName
   is difficult to maintain. For instance: StorageServer (SS)  TLog mutation
   pop loop, it is possible that same commit batch contains: TenantMap update
   mutation as well as a Tenant user mutation. SS would parse TenantMap update
   mutation (FDB System Keyspace encryption domain), process the mutation, but,
   doesn't apply it to the process local TenantMap. SS then attempts to process,
   Tenant user mutation and fails to decrypt the mutation given TenantMetadaMap
   isn't updated yet.
2. FDB codebase uses EncryptDomainId matching TenantId, TenantName is used as
   an auxillary information source and feels better to be handled by an
   external KMS.

Major changes include:
1. EAR to remove TenantName dependency across all participating processes
   such as: CommitProxy, Redwood, BlobGranule and Backup agent.
2. Update EKP and KmsConnector APIs to avoid relying on "domainName"
   information being passed around to external KMS EAR endpoints.

Testing

devRunCorrectness - 100K
EncryptKeyProxyTest - 100K
EncryptionOps Test - 100K

2022-11-16 10:26:39 -08:00

Josh Slocum

4d3553481f

Blob connection provider test (#8478 )

* Refactoring test blob metadata creation

* Implementing BlobConnectionProviderTest

* createRandomTestBlobMetadata supports blobstore and works outside simulation

2022-10-27 10:44:06 -05:00

2 Commits