Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

storage: add config option for enabling encryption-at-rest #68931

Merged
merged 1 commit into from
Aug 16, 2021
Merged

storage: add config option for enabling encryption-at-rest #68931

merged 1 commit into from
Aug 16, 2021

Conversation

andyyang890
Copy link
Collaborator

@andyyang890 andyyang890 commented Aug 14, 2021
edited
Loading

This patch adds the ability to configure encryption-at-rest for
in-memory engines, which are used in tests.

Release note: None

@andyyang890 andyyang890 requested review from jbowens and a team August 14, 2021 01:52
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@andyyang890 andyyang890 force-pushed the in_memory_encryption branch from f909972 to 1dda7f6 Compare August 14, 2021 02:04
jbowens
jbowens reviewed Aug 16, 2021
View reviewed changes
Copy link
Collaborator

@jbowens jbowens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @andyyang890)

pkg/storage/open.go, line 112 at r1 (raw file):

// registry. It is used to configure encryption-at-rest for in-memory engines,
// which are used in tests.
func UseFileRegistry(useRegistry bool) ConfigOption {

Can we consolidate these into a single EncryptionAtRest(encryptionOptions []byte) option that turns on UseFileRegistry and sets EncryptionOptions?

pkg/storage/open.go, line 125 at r1 (raw file):

	return func(cfg *engineConfig) error {
		cfg.EncryptionOptions = make([]byte, len(b))
		copy(cfg.EncryptionOptions, b)

Does cfg.EncryptionOptions get mutated? Is the copy necessary? IF so, can you document where/why?

andyyang890
andyyang890 commented Aug 16, 2021
View reviewed changes
Copy link
Collaborator Author

@andyyang890 andyyang890 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @andyyang890 and @jbowens)

pkg/storage/open.go, line 125 at r1 (raw file):

Previously, jbowens (Jackson Owens) wrote…

Does cfg.EncryptionOptions get mutated? Is the copy necessary? IF so, can you document where/why?

I was thinking it would be safer to make a copy in case the caller modifies the slice afterwards. Is that not necessary here?

@andyyang890 andyyang890 force-pushed the in_memory_encryption branch from 1dda7f6 to 7652457 Compare August 16, 2021 16:16
storage: add config option for enabling encryption-at-rest
506a61c 
This patch adds the ability to configure encryption-at-rest for
in-memory engines, which are used in tests.

Release note: None
@andyyang890 andyyang890 force-pushed the in_memory_encryption branch from 7652457 to 506a61c Compare August 16, 2021 16:17
@andyyang890 andyyang890 changed the title storage: add config options for UseFileRegistry and EncryptionOptions storage: add config option for enabling encryption-at-rest Aug 16, 2021
andyyang890
andyyang890 commented Aug 16, 2021
View reviewed changes
Copy link
Collaborator Author

@andyyang890 andyyang890 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @jbowens)

pkg/storage/open.go, line 112 at r1 (raw file):

Previously, jbowens (Jackson Owens) wrote…

Can we consolidate these into a single EncryptionAtRest(encryptionOptions []byte) option that turns on UseFileRegistry and sets EncryptionOptions?

Done.

jbowens
jbowens approved these changes Aug 16, 2021
View reviewed changes
Copy link
Collaborator

@jbowens jbowens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:LGTM:

Reviewed 3 of 3 files at r2.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @andyyang890 and @jbowens)

pkg/storage/open.go, line 125 at r1 (raw file):

Previously, andyyang890 (Andy Yang) wrote…

I was thinking it would be safer to make a copy in case the caller modifies the slice afterwards. Is that not necessary here?

I suspect no callers modify the slice, but this is fine if we're unsure.

@andyyang890
Copy link
Collaborator Author

bors r=jbowens

@craig
Copy link
Contributor

craig bot commented Aug 16, 2021

Build succeeded:

@craig craig bot merged commit 39d59f1 into cockroachdb:master Aug 16, 2021
@andyyang890 andyyang890 deleted the in_memory_encryption branch August 16, 2021 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbowens jbowens jbowens approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andyyang890 @cockroach-teamcity @jbowens