CORE-12165: merge key rotation feature work #5126
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…CryptoRekeyBusProcessor
…or the config required for publisher
…e to a response topic
…esource, update tests
* bump API reference * go to debug levecl * change REST path to 5.2 * drop simulate, timeToLive and limit parameters * remove limit and simulate flag * remove typo * use new API * use new field name agreed in API change * bump API version
* bump API reference * go to debug levecl * remove limit and simulate flag * remove typo * restore nested topic * prevent duplicated rotation of cluster wrapping keys * simplify stream/sequence handling add test case * remove wildcard import * remove test duplication * fix formatting * update for API changes * fix rebase error * fix formatting
|
Matching PR for API change is corda/corda-api#1348 |
mag1c-48
previously approved these changes
Nov 21, 2023
charlieR3
previously approved these changes
Nov 21, 2023
vkolomeyko
reviewed
Nov 21, 2023
components/crypto/crypto-rest/src/main/kotlin/net/corda/crypto/rest/KeyRotationRestResource.kt
Show resolved
Hide resolved
...ing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/AssertWithRetryBuilder.kt
Show resolved
Hide resolved
components/crypto/crypto-rest/src/main/kotlin/net/corda/crypto/rest/KeyRotationRestResource.kt
Outdated
Show resolved
Hide resolved
vkolomeyko
reviewed
Nov 21, 2023
components/crypto/crypto-rest/src/main/kotlin/net/corda/crypto/rest/KeyRotationRestResource.kt
Show resolved
Hide resolved
driessamyn
reviewed
Nov 21, 2023
...o-service-impl/src/main/kotlin/net/corda/crypto/service/impl/bus/CryptoRewrapBusProcessor.kt
Outdated
Show resolved
Hide resolved
…esource (#5143) * Remove initialise function from the rest resource interface. * Update swagger baseline test with new rest resource. * Add package files for OSGi export.
…artitions (#5146) * User random key for kafka topic to spread the work between partitions * Use random key for kafka topic to spread the work between partitions on producer side too
… feature branch on the API (#5151) * CORE-18072 CORE-18263 fix resolveStateRef logic and call (#5071) - findSignedLedgerTransaction explicitly called the resolveStateRefs function which resulted in opening two DB connections at the same time. This has been modified to a direct call to the repository instead. - The resolveStateRefs function in the state query service uses a cache but we always fetch all of the state refs instead of just the non-cached ones. * CORE-17972: implementation of send & receive tx (#5042) implemented logic for sending and receiving a transaction and verification for the transaction received. * CORE-17961: Allow Time & Multiple Metadata Filters (#5139) - Allow filtering states by last updated timestamp and multiple metadata filters (both conjunctive and disjunctive operations). - Update 'ScheduledTaskProcessor' to use the new feature instead of manually filtering states. * CORE-17821 Removed Kafka implementation from CryptoProcessorImpl (#5135) This PR removes any deprecated or duplicated code, particularly Kafka-based implementations, in the CryptoProcessor which was created during the migration from Kafka to RPC external event communications. * CORE-18413: Increase timeout for vNode operations for E2E tests (#5144) * tidy up merge * Return a list from findKeysWrappedByAlias to avoid using the Stream after it is closed * use new API version * remove old imports * fix merge * fix * fix tests * fix detekt * Revert "CORE-12165: Use UUID as key to spread the work evenly between Kafka partitions (#5146)" This reverts commit 3490b40 * fix revert and tests * CORE-12459: Configure Corda dedicated vNode admin fix (#5123) Allows a user that is not the cluster user to sync the vNode on an external DB * CORE-18152/CORE-17601: Remove Kryo Pool Upper Limit (#5145) * CORE-18352 Fix app-simulator optional database parameters (#5105) The app-simulator’s database parameters are optional when running in SENDER mode. This change fixes an issue where the Sender fails to start if these are not provided. * fix test * use final 5.2.0.5 API version --------- Co-authored-by: nkovacsx <[email protected]> Co-authored-by: Jenny Yang <[email protected]> Co-authored-by: Juan José Ramos <[email protected]> Co-authored-by: Ben Millar <[email protected]> Co-authored-by: Viktor Kolomeyko <[email protected]> Co-authored-by: Ben Yip <[email protected]> Co-authored-by: Yash Nabar <[email protected]>
…-12165-zero-merge # Conflicts: # gradle.properties # processors/crypto-processor/src/main/kotlin/net/corda/processors/crypto/internal/CryptoProcessorImpl.kt
CORE-12165: record merge
|
Kudos, SonarCloud Quality Gate passed!
|
vkolomeyko
approved these changes
Nov 22, 2023
emilybowe
approved these changes
Nov 22, 2023
lankydan
approved these changes
Nov 22, 2023
wzur-r3
approved these changes
Nov 22, 2023
charlieR3
approved these changes
Nov 22, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Take new API update with additional Avro, kafka and config for crypto key rotation.
Add new RestResource called KeyRotationRestResource which is automatically injected into the REST procesosr and allows crypto unmanaged wrapping key rotation to be started.
Implement unmanaged key rotation, for now in a relatively simple way where we take work requests on Kafka then process them to completion. This won't necessarily be the best way for the database at scale, and we have a design for spreading the work out over a nested Kafka topic, but let's get something in that is simple and works first.
Add alias to WrappingKeyInfo. It's not clear why this wasn't here before. WrappingKeyInfo is a data transfer object (DTO) and it seems reasonable for it to hide DB implementation detals such as the synthetic primary ID field. Alias is also part of a compound key with generation, and both alias and generation are user-visible features of wrapping keys; for instance a user could specify wrapping key alias when creating a signing key pair.
Making WrappingKeyEntity key_material updatable since that's what happens during key rotation.
Add state manager arguments to the crypto worker, so that later the crypto worker can use the state manager for status notifications.