Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Crypto Provider interface to provide encryption and decryption capabilities #9505

Closed
wants to merge 2 commits into from
Closed

Add Crypto Provider interface to provide encryption and decryption capabilities #9505

wants to merge 2 commits into from

Conversation

gbbafna
Copy link
Collaborator

@gbbafna gbbafna commented Aug 23, 2023

Description

Adding encryption-sdk in OpenSearch which provides interfaces for encryption and decryption capabilities.

Related Issues

Partially resolves #7229

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@vikasvb90 @gbbafna
initial commit of crypto lib
faa1807 
Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>

Addressed review comments

Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>

Made FrameCryptoProvider a CryptoProvider type to allow registering other crypto provider types

Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>

Moved crypto cache and crypto manager code to libs/encryption-sdk

Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>

raw type warning fix

Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>

Added changelog entries

Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>

Fixed rawtype warnings

Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>

Removing Frame based Crypto provider and adding Dummy Crypto provider

Signed-off-by: Gaurav Bafna <gbbafna@amazon.com>
@opensearch-trigger-bot
Copy link
Contributor

Compatibility status:

Checks if related components are compatible with change 5d3633c

Incompatible components

Incompatible components: [https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/security-analytics.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git]

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@codecov
Copy link

codecov bot commented Aug 23, 2023
edited
Loading

Codecov Report

Merging #9505 (69cc705) into main (ebdffbb) will decrease coverage by 0.08%.
Report is 13 commits behind head on main.
The diff coverage is 29.16%.

@@             Coverage Diff              @@
##               main    #9505      +/-   ##
============================================
- Coverage     71.20%   71.13%   -0.08%     
+ Complexity    57474    57443      -31     
============================================
  Files          4776     4783       +7     
  Lines        270815   270974     +159     
  Branches      39584    39586       +2     
============================================
- Hits         192835   192757      -78     
- Misses        61741    61974     +233     
- Partials      16239    16243       +4
Files Changed Coverage Δ
...java/org/opensearch/common/crypto/DataKeyPair.java 0.00% <0.00%> (ø)
...h/common/crypto/DecryptedRangedStreamProvider.java 0.00% <0.00%> (ø)
...earch/script/expression/ExpressionScoreScript.java 0.00% <0.00%> (ø)
...arch/script/expression/ExpressionScriptEngine.java 33.99% <ø> (ø)
...earch/example/expertscript/ExpertScriptPlugin.java 0.00% <0.00%> (ø)
...ry/functionscore/TermFrequencyFunctionFactory.java 0.00% <0.00%> (ø)
...n/java/org/opensearch/script/ScoreScriptUtils.java 1.43% <0.00%> (-0.31%) ⬇️
...search/encryption/keyprovider/CryptoMasterKey.java 22.72% <22.72%> (ø)
...pensearch/encryption/dummy/NoOpCryptoProvider.java 30.76% <30.76%> (ø)
...nsearch/search/lookup/LeafTermFrequencyLookup.java 35.71% <35.71%> (ø)
... and 5 more

... and 472 files with indirect coverage changes

@gbbafna gbbafna marked this pull request as ready for review August 24, 2023 04:19
@gbbafna gbbafna requested a review from vikasvb90 August 24, 2023 04:19
linuxpi
linuxpi reviewed Aug 24, 2023
View reviewed changes
libs/encryption-sdk/src/test/java/org/opensearch/encryption/CryptoManagerFactoryTests.java Outdated
assertNotNull(cryptoManager);
}

// public void testUnsupportedAlgorithm() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to fix this? or remove?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i can remove this for now in my next commit.

Bukhtawar
Bukhtawar reviewed Aug 24, 2023
View reviewed changes
libs/encryption-sdk/src/main/java/org/opensearch/encryption/dummy/DummyCryptoProvider.java Outdated

import com.amazonaws.encryptionsdk.caching.CachingCryptoMaterialsManager;

public class DummyCryptoProvider implements CryptoProvider {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this in libs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CryptoManager needs 1 implementation of CryptoProvider to unblock itself. This is only a temporary provider for now . Once we have a RealCryptoProvider we can remove it . I will add a ToDo for this .

@gbbafna
Renaming DummyCryptoProvider to NoOpCryptoProvider
69cc705 
Signed-off-by: Gaurav Bafna <gbbafna@amazon.com>
@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@gbbafna gbbafna closed this Aug 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bukhtawar Bukhtawar Bukhtawar left review comments

@linuxpi linuxpi linuxpi approved these changes

@reta reta Awaiting requested review from reta reta is a code owner

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@setiah setiah Awaiting requested review from setiah

@kartg kartg Awaiting requested review from kartg

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@vikasvb90 vikasvb90 Awaiting requested review from vikasvb90

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[META] Client Side Encryption in OpenSearch
4 participants
@gbbafna @linuxpi @Bukhtawar @vikasvb90