Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

br: add encryption config to streaming backup #1255

Merged
merged 6 commits into from
Sep 9, 2024

Conversation

Tristan1900
Copy link
Contributor

@Tristan1900 Tristan1900 commented Jul 30, 2024

  1. In stream back up task, add an optional plaintext data key, the master key based in set up in stream backup config when cluster started.
  2. Add a new message FileEncryptionInfo to store encrypted data key information, add it to DataFileInfo that's uploaded to S3 as the backup file metadata.
  3. expand MasterKeyKms with optional GCP and Azure KMS information so can used to construct master key backend
  4. Add the MasterKey to ApplyRequest so during log restore master key information can be passed down to TiKV.
  5. Changed the check.sh to accommodate version format major.minor besides major.minor.patch, add checks for protobuf 27 major release version after major version 3

@ti-chi-bot ti-chi-bot bot requested review from BornChanger and YuJuncen July 30, 2024 19:29
@CLAassistant
Copy link

CLAassistant commented Jul 30, 2024

CLA assistant check
All committers have signed the CLA.

@ti-chi-bot ti-chi-bot bot added the size/XXL label Jul 30, 2024
proto/brpb.proto Outdated
@@ -665,7 +673,7 @@ message DataFileGroup {
}

message DataFileInfo {
// SHA256 of the file.
// Logical checksum of all the kv pairs in the file.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a logical checksum over raw kvs, the checksum was executed after compression if i recall right.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

discussed offline, this is pre-compression checksum of the file but not exactly logical too. It's the checksum of the plaintext file.

if [ "$major" -eq 3 ] && [ "$minor" -ge 8 ]; then
return 0
fi
# protobuf bumps the major version to 21 after 3.
# https://github.com/protocolbuffers/protobuf/releases/tag/v21.7
if [ "$major" -ge 21 ]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Now we no more need to download an old protoc for passing the check...

@Tristan1900 Tristan1900 force-pushed the add-encryption-stream-backup branch from 96ae3e8 to c24f599 Compare August 28, 2024 14:45
@Tristan1900 Tristan1900 force-pushed the add-encryption-stream-backup branch from e964b0f to 48f62dd Compare September 3, 2024 23:46
@Tristan1900
Copy link
Contributor Author

hey folks, @BornChanger @overvenus, could you take a look at this change when you get a chance? Thanks!

@@ -394,6 +395,9 @@ message KVMeta {

// the compression type for the file.
backup.CompressionType compression_type = 13;

// encryption information of the kv file, not set if encryption is not enabled.
encryptionpb.FileEncryptionInfo file_encryption_info = 19;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The largest tag number in this message is 13. Why 19?

Copy link
Contributor Author

@Tristan1900 Tristan1900 Sep 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch! fixed


// not recommended in production.
// user needs to pass back the same data key for restore.
message PlainTextDataKey {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty message, how to pass data keys?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, it's a placeholder as this proto is going to be serialized and stored as part of the metadata in external storage. The actual plaintext key is going to be passed back by user during restore so not get exposed if external storage is breached.

@Tristan1900
Copy link
Contributor Author

@overvenus thanks for the review! Sorry for the late reply, was doing e2e testing and added one more proto message. Please take an another look if you have time!

Copy link

ti-chi-bot bot commented Sep 9, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: BornChanger, overvenus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Copy link

ti-chi-bot bot commented Sep 9, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-09-09 03:45:28.103227006 +0000 UTC m=+241597.843650946: ☑️ agreed by overvenus.
  • 2024-09-09 14:42:49.580145054 +0000 UTC m=+281039.320568992: ☑️ agreed by BornChanger.

@ti-chi-bot ti-chi-bot bot merged commit 0b10bdf into pingcap:master Sep 9, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants