haridsv opened a new pull request, #7584:
URL: https://github.com/apache/hbase/pull/7584
This commit prepares the codebase for the upcoming key management feature
(HBASE-29368) by introducing the necessary API definitions, protocol buffer
changes, and infrastructure refactoring. No functional changes are included;
all implementation will follow in the feature PR.
This precursor PR essentially extracts the API surface definitions and
infrastructure refactoring from the main feature PR (#7421) to facilitate
easier review. By separating the ~15k line feature PR into a smaller precursor
containing interface definitions, protocol changes, and method signature
updates, the subsequent feature PR will focus purely on implementation logic.
API Surface Additions:
* New interfaces:
- KeymetaAdmin: Admin API for key management operations
- Server methods for cache management (getManagedKeyDataCache,
getSystemKeyCache)
* Protocol buffer definitions:
- ManagedKeys.proto: Definitions for managed key data and operations
- Admin.proto: RPC methods for key management admin operations
- Procedure.proto: Key rotation procedure support
Infrastructure Refactoring:
* Encryption context creation:
- Moved createEncryptionContext from EncryptionUtil (client) to
SecurityUtil (server) where it properly belongs, as it requires server-side
resources
- Added overloads to support future key encryption key (KEK) parameters
* Method signature updates:
- Added ManagedKeyDataCache and SystemKeyCache parameters to
encryption-related methods throughout HRegion, HStore, HStoreFile, and HFile
classes
- Updated constructors and factory methods to thread cache references
- All cache parameters are currently null/unused, enabling gradual feature
rollout
* New utility methods:
- Encryption.encryptWithGivenKey() / decryptWithGivenKey(): Extract method
refactoring to support both subject-based and KEK-based encryption
- EncryptionUtil.wrapKey() / unwrapKey() overloads with KEK parameter
- Bytes.add() 4-argument overload for concatenation
Stub Infrastructure:
* Blank place holder shells for some public data classes such as
ManagedKeyData and KeymetaAdminClient
* Stub implementations for key management services and caches that return
null or throw UnsupportedOperationException, clearly documented as placeholders
* New package org.apache.hadoop.hbase.keymeta for key management classes
* Mock services updated to support new cache getter methods for testing
Code Organization:
* Procedure framework: Added support for region-level server name tracking
to support future key rotation procedures
* Testing infrastructure updated to support new constructor signatures
All stub implementations clearly document they are placeholders for the
upcoming feature PR. Existing encryption functionality remains unchanged and
continues to work as before.
Testing:
* Build completes successfully with new API surface
* All existing tests pass (precursor introduces no functional changes)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
