feat: use transform pipeline

jeqo · jeqo · commit 0bfabf2dbd84 · 2023-06-08T16:05:51.000+03:00
diff --git a/core/src/main/java/io/aiven/kafka/tieredstorage/ChunkManager.java b/core/src/main/java/io/aiven/kafka/tieredstorage/ChunkManager.java
@@ -19,39 +19,32 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.List;
 import java.util.Optional;
 
 import org.apache.kafka.server.log.remote.storage.RemoteLogSegmentMetadata;
 
 import io.aiven.kafka.tieredstorage.cache.ChunkCache;
-import io.aiven.kafka.tieredstorage.manifest.SegmentEncryptionMetadata;
 import io.aiven.kafka.tieredstorage.manifest.SegmentManifest;
-import io.aiven.kafka.tieredstorage.security.AesEncryptionProvider;
 import io.aiven.kafka.tieredstorage.storage.ObjectFetcher;
 import io.aiven.kafka.tieredstorage.storage.StorageBackendException;
-import io.aiven.kafka.tieredstorage.transform.BaseDetransformChunkEnumeration;
-import io.aiven.kafka.tieredstorage.transform.DecompressionChunkEnumeration;
-import io.aiven.kafka.tieredstorage.transform.DecryptionChunkEnumeration;
-import io.aiven.kafka.tieredstorage.transform.DetransformChunkEnumeration;
-import io.aiven.kafka.tieredstorage.transform.DetransformFinisher;
+import io.aiven.kafka.tieredstorage.transform.TransformPipeline;
 
 import org.apache.commons.io.IOUtils;
 
 public class ChunkManager {
     private final ObjectFetcher fetcher;
     private final ObjectKey objectKey;
-    private final AesEncryptionProvider aesEncryptionProvider;
     private final ChunkCache chunkCache;
+    private final TransformPipeline transformPipeline;
 
     public ChunkManager(final ObjectFetcher fetcher,
                         final ObjectKey objectKey,
-                        final AesEncryptionProvider aesEncryptionProvider,
-                        final ChunkCache chunkCache) {
+                        final ChunkCache chunkCache,
+                        final TransformPipeline transformPipeline) {
         this.fetcher = fetcher;
         this.objectKey = objectKey;
-        this.aesEncryptionProvider = aesEncryptionProvider;
         this.chunkCache = chunkCache;
+        this.transformPipeline = transformPipeline;
     }
 
     /**
@@ -63,19 +56,8 @@ public InputStream getChunk(final RemoteLogSegmentMetadata remoteLogSegmentMetad
                                 final int chunkId) throws StorageBackendException {
         final Chunk chunk = manifest.chunkIndex().chunks().get(chunkId);
         final InputStream chunkContent = getChunkContent(remoteLogSegmentMetadata, chunk);
-        DetransformChunkEnumeration detransformEnum = new BaseDetransformChunkEnumeration(chunkContent, List.of(chunk));
-        final Optional<SegmentEncryptionMetadata> encryptionMetadata = manifest.encryption();
-        if (encryptionMetadata.isPresent()) {
-            detransformEnum = new DecryptionChunkEnumeration(
-                detransformEnum,
-                encryptionMetadata.get().ivSize(),
-                encryptedChunk -> aesEncryptionProvider.decryptionCipher(encryptedChunk, encryptionMetadata.get())
-            );
-        }
-        if (manifest.compression()) {
-            detransformEnum = new DecompressionChunkEnumeration(detransformEnum);
-        }
-        final DetransformFinisher detransformFinisher = new DetransformFinisher(detransformEnum);
+        final var detransformFinisher = transformPipeline.outboundTransformChain(chunkContent, manifest, chunk)
+            .complete();
         return detransformFinisher.toInputStream();
     }
 
diff --git a/core/src/main/java/io/aiven/kafka/tieredstorage/RemoteStorageManager.java b/core/src/main/java/io/aiven/kafka/tieredstorage/RemoteStorageManager.java
@@ -16,9 +16,6 @@
 
 package io.aiven.kafka.tieredstorage;
 
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -35,31 +32,17 @@
 import org.apache.kafka.server.log.remote.storage.RemoteLogSegmentMetadata;
 import org.apache.kafka.server.log.remote.storage.RemoteStorageException;
 
-import io.aiven.kafka.tieredstorage.manifest.SegmentEncryptionMetadataV1;
 import io.aiven.kafka.tieredstorage.manifest.SegmentManifest;
-import io.aiven.kafka.tieredstorage.manifest.SegmentManifestV1;
-import io.aiven.kafka.tieredstorage.manifest.index.ChunkIndex;
-import io.aiven.kafka.tieredstorage.manifest.serde.DataKeyDeserializer;
-import io.aiven.kafka.tieredstorage.manifest.serde.DataKeySerializer;
 import io.aiven.kafka.tieredstorage.metrics.Metrics;
-import io.aiven.kafka.tieredstorage.security.AesEncryptionProvider;
-import io.aiven.kafka.tieredstorage.security.DataKeyAndAAD;
-import io.aiven.kafka.tieredstorage.security.RsaEncryptionProvider;
 import io.aiven.kafka.tieredstorage.storage.BytesRange;
 import io.aiven.kafka.tieredstorage.storage.ObjectDeleter;
 import io.aiven.kafka.tieredstorage.storage.ObjectFetcher;
 import io.aiven.kafka.tieredstorage.storage.ObjectUploader;
 import io.aiven.kafka.tieredstorage.storage.StorageBackendException;
-import io.aiven.kafka.tieredstorage.transform.BaseTransformChunkEnumeration;
-import io.aiven.kafka.tieredstorage.transform.CompressionChunkEnumeration;
-import io.aiven.kafka.tieredstorage.transform.EncryptionChunkEnumeration;
 import io.aiven.kafka.tieredstorage.transform.FetchChunkEnumeration;
-import io.aiven.kafka.tieredstorage.transform.TransformChunkEnumeration;
 import io.aiven.kafka.tieredstorage.transform.TransformFinisher;
+import io.aiven.kafka.tieredstorage.transform.TransformPipeline;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.module.SimpleModule;
-import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -83,13 +66,9 @@ public class RemoteStorageManager implements org.apache.kafka.server.log.remote.
     private ObjectDeleter deleter;
     private boolean compressionEnabled;
     private boolean compressionHeuristic;
-    private boolean encryptionEnabled;
-    private int chunkSize;
-    private RsaEncryptionProvider rsaEncryptionProvider;
-    private AesEncryptionProvider aesEncryptionProvider;
-    private ObjectMapper mapper;
     private ChunkManager chunkManager;
     private ObjectKey objectKey;
+    private TransformPipeline transformPipeline;
 
     private SegmentManifestProvider segmentManifestProvider;
 
@@ -111,49 +90,27 @@ public void configure(final Map<String, ?> configs) {
         uploader = config.storage();
         deleter = config.storage();
         objectKey = new ObjectKey(config.keyPrefix());
-        encryptionEnabled = config.encryptionEnabled();
-        if (encryptionEnabled) {
-            rsaEncryptionProvider = RsaEncryptionProvider.of(
-                config.encryptionPublicKeyFile(),
-                config.encryptionPrivateKeyFile()
-            );
-            aesEncryptionProvider = new AesEncryptionProvider();
-        }
-        chunkManager = new ChunkManager(
-            fetcher,
-            objectKey,
-            aesEncryptionProvider,
-            config.chunkCache()
-        );
 
-        chunkSize = config.chunkSize();
         compressionEnabled = config.compressionEnabled();
         compressionHeuristic = config.compressionHeuristicEnabled();
 
-        mapper = getObjectMapper();
+        transformPipeline = TransformPipeline.newBuilder().fromConfig(config).build();
 
+        chunkManager = new ChunkManager(
+            fetcher,
+            objectKey,
+            config.chunkCache(),
+            transformPipeline
+        );
         segmentManifestProvider = new SegmentManifestProvider(
             objectKey,
             config.segmentManifestCacheSize(),
             config.segmentManifestCacheRetention(),
             fetcher,
-            mapper,
+            transformPipeline.objectMapper(),
             executor);
     }
 
-    private ObjectMapper getObjectMapper() {
-        final ObjectMapper objectMapper = new ObjectMapper();
-        objectMapper.registerModule(new Jdk8Module());
-        if (encryptionEnabled) {
-            final SimpleModule simpleModule = new SimpleModule();
-            simpleModule.addSerializer(SecretKey.class, new DataKeySerializer(rsaEncryptionProvider::encryptDataKey));
-            simpleModule.addDeserializer(SecretKey.class, new DataKeyDeserializer(
-                b -> new SecretKeySpec(rsaEncryptionProvider.decryptDataKey(b), "AES")));
-            objectMapper.registerModule(simpleModule);
-        }
-        return objectMapper;
-    }
-
     @Override
     public void copyLogSegmentData(final RemoteLogSegmentMetadata remoteLogSegmentMetadata,
                                    final LogSegmentData logSegmentData) throws RemoteStorageException {
@@ -165,27 +122,11 @@ public void copyLogSegmentData(final RemoteLogSegmentMetadata remoteLogSegmentMe
         final long startedMs = time.milliseconds();
 
         try {
-            TransformChunkEnumeration transformEnum = new BaseTransformChunkEnumeration(
-                Files.newInputStream(logSegmentData.logSegment()), chunkSize);
-            SegmentEncryptionMetadataV1 encryptionMetadata = null;
-            final boolean requiresCompression = requiresCompression(logSegmentData);
-            if (requiresCompression) {
-                transformEnum = new CompressionChunkEnumeration(transformEnum);
-            }
-            if (encryptionEnabled) {
-                final DataKeyAndAAD dataKeyAndAAD = aesEncryptionProvider.createDataKeyAndAAD();
-                transformEnum = new EncryptionChunkEnumeration(
-                    transformEnum,
-                    () -> aesEncryptionProvider.encryptionCipher(dataKeyAndAAD));
-                encryptionMetadata = new SegmentEncryptionMetadataV1(dataKeyAndAAD.dataKey, dataKeyAndAAD.aad);
-            }
-            final TransformFinisher transformFinisher =
-                new TransformFinisher(transformEnum, remoteLogSegmentMetadata.segmentSizeInBytes());
+            final var inboundTransformChain = transformPipeline.inboundTransformChain(logSegmentData.logSegment());
+            final var transformFinisher = inboundTransformChain.complete();
             uploadSegmentLog(remoteLogSegmentMetadata, transformFinisher);
 
-            final ChunkIndex chunkIndex = transformFinisher.chunkIndex();
-            final SegmentManifest segmentManifest =
-                new SegmentManifestV1(chunkIndex, requiresCompression, encryptionMetadata);
+            final SegmentManifest segmentManifest = transformPipeline.segmentManifest(transformFinisher.chunkIndex());
             uploadManifest(remoteLogSegmentMetadata, segmentManifest);
 
             final InputStream offsetIndex = Files.newInputStream(logSegmentData.offsetIndex());
@@ -248,10 +189,9 @@ private void uploadIndexFile(final RemoteLogSegmentMetadata remoteLogSegmentMeta
     private void uploadManifest(final RemoteLogSegmentMetadata remoteLogSegmentMetadata,
                                 final SegmentManifest segmentManifest)
         throws StorageBackendException, IOException {
-        final String manifest = mapper.writeValueAsString(segmentManifest);
-        final String manifestFileKey = objectKey.key(remoteLogSegmentMetadata, ObjectKey.Suffix.MANIFEST);
-
-        try (final ByteArrayInputStream manifestContent = new ByteArrayInputStream(manifest.getBytes())) {
+        final byte[] manifestBytes = transformPipeline.objectMapper().writeValueAsBytes(segmentManifest);
+        try (final var manifestContent = new ByteArrayInputStream(manifestBytes)) {
+            final String manifestFileKey = objectKey.key(remoteLogSegmentMetadata, ObjectKey.Suffix.MANIFEST);
             uploader.upload(manifestContent, manifestFileKey);
         }
     }
diff --git a/core/src/test/java/io/aiven/kafka/tieredstorage/ChunkManagerTest.java b/core/src/test/java/io/aiven/kafka/tieredstorage/ChunkManagerTest.java
@@ -35,6 +35,7 @@
 import io.aiven.kafka.tieredstorage.security.DataKeyAndAAD;
 import io.aiven.kafka.tieredstorage.storage.StorageBackend;
 import io.aiven.kafka.tieredstorage.storage.StorageBackendException;
+import io.aiven.kafka.tieredstorage.transform.TransformPipeline;
 
 import com.github.luben.zstd.ZstdCompressCtx;
 import org.junit.jupiter.api.BeforeEach;
@@ -51,7 +52,7 @@
 import static org.mockito.Mockito.when;
 
 @ExtendWith(MockitoExtension.class)
-class ChunkManagerTest extends AesKeyAwareTest {
+class ChunkManagerTest extends RsaKeyAwareTest {
 
     static final byte[] TEST_CHUNK_CONTENT = "0123456789".getBytes();
     @Mock
@@ -71,7 +72,8 @@ void testGetChunk() throws StorageBackendException {
         final FixedSizeChunkIndex chunkIndex = new FixedSizeChunkIndex(10, 10, 10, 10);
 
         final SegmentManifest manifest = new SegmentManifestV1(chunkIndex, false, null);
-        final ChunkManager chunkManager = new ChunkManager(storage, objectKey, null, null);
+        final TransformPipeline transformPipeline = TransformPipeline.newBuilder().build();
+        final ChunkManager chunkManager = new ChunkManager(storage, objectKey, null, transformPipeline);
         when(storage.fetch("test.log", chunkIndex.chunks().get(0).range()))
             .thenReturn(new ByteArrayInputStream("0123456789".getBytes()));
 
@@ -95,8 +97,8 @@ void testGetChunkWithCaching() throws StorageBackendException {
         final ChunkManager chunkManager = new ChunkManager(
             storage,
             objectKey,
-            null,
-            new UnboundInMemoryChunkCache()
+            new UnboundInMemoryChunkCache(),
+            TransformPipeline.newBuilder().build()
         );
 
         assertThat(chunkManager.getChunk(remoteLogSegmentMetadata, manifest, 0)).hasContent("0123456789");
@@ -132,8 +134,8 @@ void testGetChunkWithEncryption() throws Exception {
         final ChunkManager chunkManager = new ChunkManager(
             storage,
             objectKey,
-            aesEncryptionProvider,
-            new UnboundInMemoryChunkCache()
+            new UnboundInMemoryChunkCache(),
+            TransformPipeline.newBuilder().withEncryption(publicKeyPem, privateKeyPem).build()
         );
 
         assertThat(chunkManager.getChunk(remoteLogSegmentMetadata, manifest, 0)).hasBinaryContent(TEST_CHUNK_CONTENT);
@@ -165,8 +167,8 @@ void testGetChunkWithCompression() throws Exception {
         final ChunkManager chunkManager = new ChunkManager(
             storage,
             objectKey,
-            null,
-            new UnboundInMemoryChunkCache()
+            new UnboundInMemoryChunkCache(),
+            TransformPipeline.newBuilder().withCompression().build()
         );
 
         assertThat(chunkManager.getChunk(remoteLogSegmentMetadata, manifest, 0)).hasBinaryContent(TEST_CHUNK_CONTENT);
diff --git a/core/src/test/java/io/aiven/kafka/tieredstorage/transform/FetchChunkEnumerationSourceInputStreamClosingTest.java b/core/src/test/java/io/aiven/kafka/tieredstorage/transform/FetchChunkEnumerationSourceInputStreamClosingTest.java
@@ -96,7 +96,8 @@ void setup() {
     void test(final ChunkCache chunkCache,
               final boolean readFully,
               final BytesRange range) throws StorageBackendException, IOException {
-        final var chunkManager = new ChunkManager(fetcher, objectKey, null, chunkCache);
+        final TransformPipeline transformPipeline = TransformPipeline.newBuilder().build();
+        final var chunkManager = new ChunkManager(fetcher, objectKey, chunkCache, transformPipeline);
         final var is = new FetchChunkEnumeration(chunkManager, REMOTE_LOG_SEGMENT_METADATA, SEGMENT_MANIFEST, range)
             .toInputStream();
         if (readFully) {
