-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for encryption at rest. #4351
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 12 of 12 files at r1.
Reviewable status: all files reviewed, 20 unresolved discussions (waiting on @danielmai and @parasssh)
dgraph/docker-compose.yml, line 181 at r1 (raw file):
- type: bind source: ../ee/enc/enc_key_file target: /dgraph-enc/enc_key_file
enc-key
dgraph/cmd/alpha/run.go, line 108 at r1 (raw file):
" mmap consumes more RAM, but provides better performance.") // expose flag for enterprise only. enc.EncryptionKeyFile(flag)
Let's not "hide" the flag.
dgraph/cmd/alpha/run.go, line 433 at r1 (raw file):
BadgerTables: Alpha.Conf.GetString("badger.tables"), BadgerVlog: Alpha.Conf.GetString("badger.vlog"), BadgerKeyFile: enc.GetEncryptionKeyFile(Alpha.Conf),
Alpha.Conf.GetString(...)
dgraph/cmd/bulk/run.go, line 112 at r1 (raw file):
ReplaceOutDir: Bulk.Conf.GetBool("replace_out"), TmpDir: Bulk.Conf.GetString("tmp"), BadgerKeyFile: enc.GetEncryptionKeyFile(Bulk.Conf),
Bulk.Conf.GetString(...)
dgraph/cmd/zero/run.go, line 176 at r1 (raw file):
w: Zero.Conf.GetString("wal"), rebalanceInterval: Zero.Conf.GetDuration("rebalance_interval"), badgerKeyFile: enc.GetEncryptionKeyFile(Zero.Conf),
Zero.Conf.GetString(...)
dgraph/cmd/zero/run.go, line 220 at r1 (raw file):
// zero out from memory opts.badgerKeyFile = ""
remove.
ee/enc/util.go, line 34 at r1 (raw file):
// GetEncryptionKeyString return empty string for OSS build func GetEncryptionKeyFile(c *viper.Viper) string {
Probably not needed.
ee/enc/util.go, line 39 at r1 (raw file):
// ReadEncryptionKeyFile returns nil key for OSS build func ReadEncryptionKeyFile(f string) []byte {
ReadEncryptionKey(...)
ee/enc/util.go, line 40 at r1 (raw file):
// ReadEncryptionKeyFile returns nil key for OSS build func ReadEncryptionKeyFile(f string) []byte { return nil
Please do a LOG WARNING that encryption isn't enabled because of OSS. Or, you could go one step further and log fatal. Actually, let's do log fatal, because there's no way to read encrypted data with OSS anyway.
If OSS and nil flag, then OK.
ee/enc/util_ee.go, line 22 at r1 (raw file):
) const encFile string = "encryption_key_file"
The flag name should be not here. Should be in a common place.
worker/groups.go, line 996 at r1 (raw file):
} func enterpriseEnabled2() bool {
askZeroForEE()
worker/groups.go, line 1000 at r1 (raw file):
var connState *pb.ConnectionState grp := &groupi{
g := &groupi{}
worker/groups.go, line 1004 at r1 (raw file):
tablets: make(map[string]*pb.Tablet), } grp.ctx, grp.cancel = context.WithCancel(context.Background())
don't think you need this. Could do this in the loop:
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
Could make a small nested func within this fun which would do the logic of the loop and do returns instead of continues.
worker/groups.go, line 1007 at r1 (raw file):
for { // Keep on retrying. See: https://github.com/dgraph-io/dgraph/issues/2289 pl := grp.connToZeroLeader()
g.connToZeroLeader()
worker/groups.go, line 1013 at r1 (raw file):
zc := pb.NewZeroClient(pl.Get()) connState, err = zc.Connect(grp.ctx, &pb.Member{ClusterInfoOnly: true}) if connState == nil || connState.GetState() == nil || connState.GetState().GetLicense() == nil {
100 chars.
worker/groups.go, line 1014 at r1 (raw file):
connState, err = zc.Connect(grp.ctx, &pb.Member{ClusterInfoOnly: true}) if connState == nil || connState.GetState() == nil || connState.GetState().GetLicense() == nil { continue
Log Info or something.
worker/server_state.go, line 144 at r1 (raw file):
if !EnterpriseEnabled() { glog.Infof("Enterprise License missing or OSS build. Disable Encryption and proceed.")
This log should be moved.
worker/server_state.go, line 145 at r1 (raw file):
if !EnterpriseEnabled() { glog.Infof("Enterprise License missing or OSS build. Disable Encryption and proceed.") Config.BadgerKeyFile = ""
This should be a crash.
worker/server_state.go, line 147 at r1 (raw file):
Config.BadgerKeyFile = "" } else { glog.Infof("Encryption feature enabled. Encryption Key file %v", Config.BadgerKeyFile)
Using encryption key file: ...
worker/server_state.go, line 168 at r1 (raw file):
key := opt.EncryptionKey opt.EncryptionKey = nil glog.Infof("Opening write-ahead log BadgerDB with options: %+v\n", opt)
Perhaps build a stringify interface in Badger options, which can be used to print them nicely here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@parasssh Can you make sure you mark comments you have fixed as done in Reviewable? I tried to review this but it looks like only some of Manish's comments have been addressed.
Reviewed 3 of 9 files at r2, 3 of 3 files at r3.
Reviewable status: 9 of 12 files reviewed, 22 unresolved discussions (waiting on @danielmai, @manishrjain, and @parasssh)
dgraph/cmd/zero/run.go, line 97 at r3 (raw file):
Quoted 5 lines of code…
// not supported for zero for now. // flag.String("encryption_key_file", "", // "The file that stores the encryption key. The key size must be 16, 24, or 32 bytes long. "+ // "The key size determines the corresponding block size for AES encryption "+ // "(AES-128, AES-192, and AES-256 respectively). Enterprise feature.")
Personally, I'd remove the commented out code and just leave a comment saying something like "Encryption is not supported in zero yet".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dismissed @golangcibot and @manishrjain from 21 discussions.
Reviewable status: 9 of 12 files reviewed, 1 unresolved discussion (waiting on @danielmai, @manishrjain, and @parasssh)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 9 of 12 files reviewed, 1 unresolved discussion (waiting on @danielmai, @manishrjain, and @parasssh)
worker/server_state.go, line 168 at r1 (raw file):
Previously, manishrjain (Manish R Jain) wrote…
Perhaps build a stringify interface in Badger options, which can be used to print them nicely here.
Will add a task to do this later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dismissed @martinmr from a discussion.
Reviewable status: 8 of 12 files reviewed, all discussions resolved (waiting on @danielmai, @manishrjain, and @martinmr)
dgraph/cmd/zero/run.go, line 97 at r3 (raw file):
Previously, martinmr (Martin Martinez Rivera) wrote…
// not supported for zero for now. // flag.String("encryption_key_file", "", // "The file that stores the encryption key. The key size must be 16, 24, or 32 bytes long. "+ // "The key size determines the corresponding block size for AES encryption "+ // "(AES-128, AES-192, and AES-256 respectively). Enterprise feature.")
Personally, I'd remove the commented out code and just leave a comment saying something like "Encryption is not supported in zero yet".
Done.
Done. |
dgraph/docker-compose.yml, line 101 at r5 (raw file):
nit: remove trailing spaces. |
dgraph/cmd/alpha/run.go, line 447 at r5 (raw file):
Enterprise* Actually, we should replace this with x.ErrNotSupported for a standardized error message.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 9 files at r2, 1 of 2 files at r4, 3 of 3 files at r5.
Reviewable status: all files reviewed, 11 unresolved discussions (waiting on @parasssh)
dgraph/cmd/bulk/reduce.go, line 94 at r5 (raw file):
func (r *reducer) createBadger(i int) *badger.DB { if r.opt.BadgerKeyFile != "" { // need to set zero addr in workerconfig before doing license check.
WorkerConfig
dgraph/cmd/bulk/reduce.go, line 99 at r5 (raw file):
if !worker.EnterpriseEnabled() { // not licensed --> crash. log.Fatal("Enterprise License needed for the Encryption feature.")
Use glog, not log.
dgraph/cmd/bulk/reduce.go, line 102 at r5 (raw file):
} else { // licensed --> OK. log.Printf("Encryption feature enabled. Using encryption Key file: %v", r.opt.BadgerKeyFile)
Use glog, not log.
lowercase "key"
dgraph/cmd/bulk/run.go, line 138 at r5 (raw file):
// OSS, non-nil key file --> crash if !enc.EeBuild && opt.BadgerKeyFile != "" { fmt.Printf("Encryption is an Enterpise only feature.")
fmt.Printf("Cannot enable encryption: %s", x.ErrNotSupported)
dgraph/cmd/zero/run.go, line 175 at r5 (raw file):
w: Zero.Conf.GetString("wal"), rebalanceInterval: Zero.Conf.GetDuration("rebalance_interval"), badgerKeyFile: Zero.Conf.GetString("encryption_key_file"),
Do we need this code if it's not enabled in Zero yet? We should remove this and the rest of the encryption code in Zero.
ee/enc/util.go, line 28 at r5 (raw file):
// ReadEncryptionKeyFile returns nil key for OSS build func ReadEncryptionKeyFile(filepath string) []byte { x.AssertTruef(filepath == "", "encryption_key_file is an Enterprise only feature.")
Seems like this is never run since there are other OSS-build checks that happen before this gets called. This is still good to have in place.
ee/enc/util_ee.go, line 29 at r5 (raw file):
} k, err := ioutil.ReadFile(filepath) x.Checkf(err, "Error reading Encryption key file (%v)", filepath)
lowercase "encryption"
worker/groups.go, line 62 at r5 (raw file):
} var gr *groupi = nil
Is this change needed?
worker/server_state.go, line 147 at r5 (raw file):
Enterprise License needed for the Encryption feature.
"Valid enterprise license needed to enable encryption feature."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dismissed @danielmai from 11 discussions.
Reviewable status: all files reviewed, 1 unresolved discussion
dgraph/cmd/alpha/run.go, line 447 at r5 (raw file):
Previously, danielmai (Daniel Mai) wrote…
Enterprise*
Actually, we should replace this with x.ErrNotSupported for a standardized error message.
glog.Fatalf("Cannot enable encryption: %s", x.ErrNotSupported)
Done.
dgraph/cmd/bulk/reduce.go, line 99 at r5 (raw file):
log.Fatal
glog is not used anywhere in the cmd/bulk folder. I followed the current pattern.
dgraph/cmd/bulk/reduce.go, line 102 at r5 (raw file):
Previously, danielmai (Daniel Mai) wrote…
Use glog, not log.
lowercase "key"
glog is not used anywhere in the bulk cmd.
dgraph/cmd/zero/run.go, line 93 at r5 (raw file):
Keep this comment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dismissed @danielmai from a discussion.
Reviewable status: 4 of 12 files reviewed, 2 unresolved discussions (waiting on @danielmai and @martinmr)
dgraph/cmd/zero/run.go, line 93 at r5 (raw file):
Previously, danielmai (Daniel Mai) wrote…
Keep this comment.
Dismiss this comment. Let me know if you feel strongly the otherwise.
Comment not needed as there is no enc code in zero now.
FYI, you don't need to keep every commit message in the message of the final squashed commit. |
Got it. |
Enterprise feature.
Add support for encryption-at-rest for Dgraph Alpha.
TODO:
This change is