Skip to content

storage: pass encryption options to libroachccl. #20570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mberhault merged 1 commit into from
Dec 11, 2017
Merged

storage: pass encryption options to libroachccl. #20570

mberhault merged 1 commit into from
Dec 11, 2017

Conversation

@mberhault
Copy link
Contributor

@mberhault mberhault commented Dec 7, 2017
edited
Loading

Release Note: none.

CCL-only per-store encryption options are serialized and passed to
libroach through DBOptions.

Upon DBOpen, a hook is run extracting the options in CCL code, doing
nothing in OSS code.
This will eventually initialize encryption-related objects.

A few other things:

  • hide encryption flag, it's not ready for use
  • generate pb.{cc,h} for CCL protobuf and store in separate path
  • print out encryption flags and error out when passed

@mberhault mberhault requested review from a team December 7, 2017 22:25
@cockroach-teamcity
Copy link
Member

cockroach-teamcity commented Dec 7, 2017

This change is Reviewable

@mberhault mberhault requested review from bdarnell and benesch December 7, 2017 22:25
mberhault
mberhault commented Dec 7, 2017
View reviewed changes
Makefile
endif

CPP_PROTO_ROOT := $(LIBROACH_SRC_DIR)/protos
CPP_PROTO_CCL_ROOT := $(LIBROACH_SRC_DIR)/protosccl
Copy link
Contributor Author

@mberhault mberhault Dec 7, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be $(LIBROACH_SRC_DIR)/ccl/protos instead? There's no reason to put it in the base directory.

Copy link
Contributor Author

@mberhault mberhault Dec 8, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

either way it kind of stutters. We can have protosccl/ccl/... or ccl/protos/ccl/.... I'm not sure I care enough about generated files though.

pkg/ccl/storageccl/engineccl/rocksdb.go Outdated
}

func setupCCLHooks() engine.DBHooks {
return engine.DBHooks(unsafe.Pointer(C.GetCCLHooks()))
Copy link
Contributor Author

@mberhault mberhault Dec 7, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

eep! I'm still playing with hooks. I'd rather avoid unsafe if I can.

@mberhault mberhault force-pushed the marc/try_libroachccl_hooks branch 2 times, most recently from 3db97d5 to e43e2f3 Compare December 7, 2017 23:16
@mberhault mberhault mentioned this pull request Dec 7, 2017
Closed
29 tasks
mberhault
mberhault commented Dec 8, 2017
View reviewed changes
Makefile
CPP_HEADERS := $(subst $(PKG_ROOT),$(CPP_PROTO_ROOT),$(CPP_PROTOS:%.proto=%.pb.h))
CPP_SOURCES := $(subst $(PKG_ROOT),$(CPP_PROTO_ROOT),$(CPP_PROTOS:%.proto=%.pb.cc))

CPP_PROTOS_CCL := $(filter %ccl/baseccl/encryption_options.proto,$(GO_PROTOS))
Copy link
Contributor Author

@mberhault mberhault Dec 8, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we may want to split CCL protos out of GO_PROTOS, otherwise we're building with them even in OSS code.

@mberhault mberhault force-pushed the marc/try_libroachccl_hooks branch from 3e28564 to c058d92 Compare December 8, 2017 13:34
@mberhault
Copy link
Contributor Author

mberhault commented Dec 8, 2017

Removed the stdout logging for all but the "found extra options" when encryption flags are passed.
Made the flags hidden and DBOpen fails when present with "encryption not implemented" (after printing the parsed values).

@mberhault mberhault force-pushed the marc/try_libroachccl_hooks branch from 02618e6 to a3ca866 Compare December 8, 2017 22:32
@mberhault mberhault changed the title WIP: storage: pass encryption options to libroach ccl. storage: pass encryption options to libroach ccl. Dec 8, 2017
@mberhault mberhault changed the title storage: pass encryption options to libroach ccl. storage: pass encryption options to libroachccl. Dec 8, 2017
@mberhault
Copy link
Contributor Author

mberhault commented Dec 8, 2017

This is ready for review.

@mberhault mberhault force-pushed the marc/try_libroachccl_hooks branch from a3ca866 to b648372 Compare December 8, 2017 22:40
@bdarnell
Copy link
Contributor

bdarnell commented Dec 10, 2017

:lgtm:

Reviewed 10 of 17 files at r1, 1 of 6 files at r3, 5 of 5 files at r4.
Review status: all files reviewed at latest revision, 5 unresolved discussions, all commit checks successful.

c-deps/libroach/db.cc, line 49 at r4 (raw file):

// OpenHook does nothing in OSS mode.
__attribute__((weak)) DBStatus OpenHook(const DBOptions opts) { return kSuccess; }

s/OpenHook/DBOpenHook/? (or dbOpenHook to match the lowerCase names below)

Should this fail if extra_options is non-empty?

pkg/ccl/baseccl/encryption_options.proto, line 33 at r4 (raw file):

// EncryptionOptions defines the per-store encryption options.
message EncryptionOptions {

Unless EncryptionOptions are the only CCL options we ever have that need this treatment, the use of a field named ExtraOptions to pass EncryptionOptions is awkward. I would put a more generic ExtraOptions protobuf around EncryptionOptions to give us space for other CCL options in the future.

Comments from Reviewable

@mberhault
Copy link
Contributor Author

mberhault commented Dec 10, 2017

Review status: all files reviewed at latest revision, 5 unresolved discussions, all commit checks successful.

c-deps/libroach/db.cc, line 49 at r4 (raw file):

Previously, bdarnell (Ben Darnell) wrote…

s/OpenHook/DBOpenHook/? (or dbOpenHook to match the lowerCase names below)

Should this fail if extra_options is non-empty?

Renamed to DBOpenHook to match the DBOpen function.

I prefer to have the OSS code be blissfully ignorant of extras_options. In the encryption case, we have plenty of safeguards already (encryption flag doesn't exist, registry will have unknown file type).

pkg/ccl/baseccl/encryption_options.proto, line 33 at r4 (raw file):

Previously, bdarnell (Ben Darnell) wrote…

Unless EncryptionOptions are the only CCL options we ever have that need this treatment, the use of a field named ExtraOptions to pass EncryptionOptions is awkward. I would put a more generic ExtraOptions protobuf around EncryptionOptions to give us space for other CCL options in the future.

I started out that way but adding a whole extra message we don't need seemed premature.
Since this is only used at runtime to communicate between go/cgo and not persisted or used across processes, we can add a new message that contains the field EncryptionOptions encryption_options anytime we like.

Comments from Reviewable

@mberhault mberhault force-pushed the marc/try_libroachccl_hooks branch from b648372 to c792b1d Compare December 10, 2017 19:05
storage: pass encryption options to libroach ccl.
a077cb9 
Release Note: none.

CCL-only per-store encryption options are serialized and passed to
libroach through DBOptions.

Upon DBOpen, a hook is run extracting the options in CCL code, doing
nothing in OSS code.
This will eventually initialize encryption-related objects.

A few other things:
* hide encryption flag, it's not ready for use
* generate pb.{cc,h} for CCL protobuf and store in separate path
* print out encryption flags and error out when passed
@mberhault mberhault force-pushed the marc/try_libroachccl_hooks branch from c792b1d to a077cb9 Compare December 10, 2017 19:36
@mberhault
Copy link
Contributor Author

mberhault commented Dec 10, 2017

Review status: 10 of 16 files reviewed at latest revision, 5 unresolved discussions.

c-deps/libroach/db.cc, line 49 at r4 (raw file):

Previously, mberhault (marc) wrote…

Renamed to DBOpenHook to match the DBOpen function.

I prefer to have the OSS code be blissfully ignorant of extras_options. In the encryption case, we have plenty of safeguards already (encryption flag doesn't exist, registry will have unknown file type).

Nevermind, erroring out just in case someone tries to pass them through. You're right, the extra check doesn't hurt.
I'll add tests for this once #20594 lands.

Comments from Reviewable

@bdarnell
Copy link
Contributor

bdarnell commented Dec 11, 2017

Review status: 10 of 16 files reviewed at latest revision, 5 unresolved discussions, all commit checks successful.

pkg/ccl/baseccl/encryption_options.proto, line 33 at r4 (raw file):

Previously, mberhault (marc) wrote…

I started out that way but adding a whole extra message we don't need seemed premature.
Since this is only used at runtime to communicate between go/cgo and not persisted or used across processes, we can add a new message that contains the field EncryptionOptions encryption_options anytime we like.

Ack, I forgot that this was only used in-process so it can be changed freely.

Comments from Reviewable

@mberhault mberhault merged commit d1343a2 into cockroachdb:master Dec 11, 2017
@mberhault mberhault deleted the marc/try_libroachccl_hooks branch December 11, 2017 02:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bdarnell bdarnell Awaiting requested review from bdarnell

@benesch benesch Awaiting requested review from benesch

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mberhault @cockroach-teamcity @bdarnell