Introduce a wrapper around KekId to provide semantic value#774
Introduce a wrapper around KekId to provide semantic value#774SamBarker wants to merge 15 commits intokroxylicious:mainfrom
Conversation
| */ | ||
| @NonNull | ||
| CompletionStage<DekPair<E>> generateDekPair(@NonNull K kekRef); | ||
| CompletionStage<DekPair<E>> generateDekPair(@NonNull KekId kekRef); |
There was a problem hiding this comment.
We should probably do
| CompletionStage<DekPair<E>> generateDekPair(@NonNull KekId kekRef); | |
| CompletionStage<DekPair<E>> generateDekPair(@NonNull KekId kekId); |
However even if we don't proceed with this PR its highlighting that we are inconsistent in our usage of kekId, kekRef and kek and we should standardise on one.
| /** | ||
| * A semantic wrapper around KMS specific key id type | ||
| */ | ||
| public interface KekId { |
There was a problem hiding this comment.
I can see adding in KekId makes the InBandManager more readable and easier to relate to the concepts being implemented, but does switching to <K> K getId(Class<K> keyType) make it harder to verify that we've strung together a KMS with the right combination of keyIdSerde, resolveAlias and unencryptedKeyId? It seems funky to me that the serde has to know "this KMS's implementation supports getting UUID".
There was a problem hiding this comment.
Yeah I hear you. My rationale was the serde has to know the concrete type anyway because its sole job is to translate the concrete type to bytes.
|
not related to this PR but it feels like it could use an additional layer of protection to prevent a misnamed key or incorrect template from forwarding unencrypted data. Maybe we could add an additional, optional configuration like prefixes/literals/regexes/whitelist/blacklist/etc of topics so there is some secondary bit of information about which topics should have a key. edit: issue created #811 |
|
Another unrelated thing to figure out, I wonder if we will want a configurable policy for kekId resolution/caching. Should we cache non-existence aggressively if we are taking it to mean do-not-encrypt. You could imagine the proxy hammering the KMS if they are only targeting a small subset of their topics. edit: issue created #816 |
SamBarker
force-pushed
the
SemanticKekIdType
branch
2 times, most recently
from
649fcf1 to
1723516
Compare
robobario
left a comment
robobario
left a comment
There was a problem hiding this comment.
LGTM, should make an issue to do the same for DEKs
There was a problem hiding this comment.
several nits, but the code looks okay to me.
I'm not quite grasping the motivation for the change. Can you give an example what is actually improved by the change? Haven't we just now got an extra step of indirection?
Separately, when are you planning to land this change? Is this a 0.4.0?
|
No it's a 0.5.0 change. The original motivation was the same as the encryption scheme change to remove the semantic null when when catching an unknown alias exception. Which I had in this Pr. However the consensus in NZ was that wasn't the right solution to the unknown alias problem but the rest of the change improved readability. Is that a fair summary @robobario @gracegrimwood ? As well as improving readability I think introducing a wrapper is helpful. As it will allow us to attach behaviour To the keys themselves (my original idea was an |
SamBarker
force-pushed
the
SemanticKekIdType
branch
2 times, most recently
from
5a11ea4 to
575dae9
Compare
| import io.kroxylicious.kms.service.KmsException; | ||
|
|
||
| public record StringKekid(@NonNull String keyId) implements KekId { | ||
| public StringKekid(String keyId) { |
There was a problem hiding this comment.
use compact ctor
| public StringKekid(String keyId) { | |
| public StringKekid() { |
|
|
||
| public record StringKekid(@NonNull String keyId) implements KekId { | ||
|
|
||
| public StringKekid { |
There was a problem hiding this comment.
@k-wall @robobario would this be better called VaultKekId. I know it is a string but its the vault specific implementation of an ID.
|
Signed-off-by: Sam Barker <[email protected]> rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
Turns out its viral, and thus we stop needing a lot of other generics. Signed-off-by: Sam Barker <[email protected]> rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
Signed-off-by: Sam Barker <[email protected]> rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
…verrides rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
Co-authored-by: Keith Wall <[email protected]> Signed-off-by: Sam Barker <[email protected]>
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
Why are the Intellij and impsort plug-ins out of sync again :/ rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.0.1 rh-pre-commit.check-secrets: ENABLED
SamBarker
force-pushed
the
SemanticKekIdType
branch
from
ea90a4f to
e798074
Compare
|
Going to close this for now as so much has moved underneath it. I'm still in favour of shifting from |
3 participants
Type of change
Description
Adding a type to wrap the
KekIdso that we can encasulate behaviour related to ID's better. This replaces a lot of generics with an actual KekId type and pushes the need to get at the raw kek ID down to the serialisation layer.Additional Context
This is an alternative solution to the same problem as #766.
If we are to merge this PR we should follow up with a second one replacing the generics for the DEK, I think but haven't tried to do so, with a Dek type as well.
Why are you making this pull request?
Checklist
Please go through this checklist and make sure all applicable tasks have been done