Skip to content

feat(core): server side encryption support for azblob#2347

Merged
Xuanwo merged 8 commits intoapache:mainfrom
morristai:feat/encryption_support_for_azblob
May 30, 2023
Merged

feat(core): server side encryption support for azblob#2347
Xuanwo merged 8 commits intoapache:mainfrom
morristai:feat/encryption_support_for_azblob

Conversation

@morristai
Copy link
Copy Markdown
Member

@morristai morristai commented May 28, 2023
edited
Loading

Description

Changes Made

Add SSE headers into these requests

  • azblob_get_blob_request
  • azblob_put_blob_request
  • azblob_init_appendable_blob_request
  • azblob_append_blob_request
  • azblob_head_blob_request

Additional Notes

Helper Function Design

Hi @Xuanwo, what do you think about these two functions? Should we provide them separately or together? (Also, since azblob only support for AES256 as encryption algorithm, do we still need to provide setting options for user?)

builder.root("/")
    .container("test")
    .endpoint("http://127.0.0.1:10000/devstoreaccount1")
    .account_name("devstoreaccount1")
    .account_key("Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==")
    // separately
    .server_side_encryption_customer_key("S5D+fhPQjqxK7udHboDgMw==")
    .server_side_encryption_customer_key_sha256("18b04c198bb2ee7db24cc491dc9ebaf265be28bcf6796e85e0e27f7a9c39f8a9")
    .server_side_encryption_customer_algorithm("AES256");
builder.root("/")
    .container("test")
    .endpoint("http://127.0.0.1:10000/devstoreaccount1")
    .account_name("devstoreaccount1")
    .account_key("Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==")
    // together (Algorithm only support for AES256 for now)
    .encryption_with_customer_provided_key("S5D+fhPQjqxK7udHboDgMw==", "18b04c198bb2ee7db24cc491dc9ebaf265be28bcf6796e85e0e27f7a9c39f8a9");

Test Case Design

I haven't implemented testing for this change, any suggestion? (I assume it can leverage Azurite in GitHub Actions)

@morristai morristai marked this pull request as draft May 28, 2023 06:34
@Xuanwo
Copy link
Copy Markdown
Member

Xuanwo commented May 28, 2023

I prefer to have separately options which is easier to be fetched from env or hashmap. And we can provide a server_side_encryption_with_customer_key("key") as a rust only helper to set key, hash and algo in one function call.

Xuanwo
Xuanwo reviewed May 28, 2023
View reviewed changes
Comment thread core/src/services/azblob/backend.rs Outdated
Comment thread core/src/services/azblob/backend.rs Outdated
@morristai morristai marked this pull request as ready for review May 28, 2023 23:21
@morristai morristai force-pushed the feat/encryption_support_for_azblob branch from fe6241f to 2e4b8ce Compare May 28, 2023 23:25
Xuanwo
Xuanwo reviewed May 29, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@Xuanwo Xuanwo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Others LGTM, thanks a lot!

Comment thread core/Cargo.toml Outdated
Comment thread core/src/services/azblob/backend.rs Outdated
Comment thread core/src/services/azblob/backend.rs Outdated
Comment thread core/src/services/azblob/backend.rs Outdated
Comment thread core/src/services/azblob/backend.rs
@morristai morristai force-pushed the feat/encryption_support_for_azblob branch from d8719dc to 8d4e4dd Compare May 30, 2023 04:02
Xuanwo
Xuanwo approved these changes May 30, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@Xuanwo Xuanwo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks a lot!

@Xuanwo Xuanwo merged commit c5d5b56 into apache:main May 30, 2023
This was referenced May 30, 2023
Closed
Merged
@morristai morristai changed the title feat: server side encryption support for azblob feat(core): server side encryption support for azblob Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Xuanwo Xuanwo Xuanwo approved these changes

@PsiACE PsiACE Awaiting requested review from PsiACE

@ClSlaid ClSlaid Awaiting requested review from ClSlaid

@sundy-li sundy-li Awaiting requested review from sundy-li

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

encryption support for azblob

2 participants

@morristai @Xuanwo