[accumulo-testing] branch main updated: Add per table crypto settings to Terraform configuration (#231)

[dlmarion]

This is an automated email from the ASF dual-hosted git repository.

dlmarion pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/accumulo-testing.git


The following commit(s) were added to refs/heads/main by this push:
     new 658361c  Add per table crypto settings to Terraform configuration 
(#231)
658361c is described below

commit 658361cc459e848469021f7f0dd2cf123d6308b1
Author: Dave Marion <dlmar...@apache.org>
AuthorDate: Wed Sep 28 08:43:10 2022 -0400

    Add per table crypto settings to Terraform configuration (#231)
    
    Add encryption key and properties so user can enable per table crypto for 
testing
---
 .../modules/cloud-init-config/templates/cloud-init.tftpl          | 1 +
 .../modules/config-files/templates/accumulo-properties.tftpl      | 8 +++++++-
 .../modules/config-files/templates/install_sw.sh.tftpl            | 6 ++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git 
a/contrib/terraform-testing-infrastructure/modules/cloud-init-config/templates/cloud-init.tftpl
 
b/contrib/terraform-testing-infrastructure/modules/cloud-init-config/templates/cloud-init.tftpl
index 31a1687..0593b10 100644
--- 
a/contrib/terraform-testing-infrastructure/modules/cloud-init-config/templates/cloud-init.tftpl
+++ 
b/contrib/terraform-testing-infrastructure/modules/cloud-init-config/templates/cloud-init.tftpl
@@ -67,6 +67,7 @@ packages:
   - pssh
   - make
 %{ endif ~}
+  - openssl
   - docker-ce
   - docker-ce-cli
   - containerd.io
diff --git 
a/contrib/terraform-testing-infrastructure/modules/config-files/templates/accumulo-properties.tftpl
 
b/contrib/terraform-testing-infrastructure/modules/config-files/templates/accumulo-properties.tftpl
index 8c4934e..43e2a69 100644
--- 
a/contrib/terraform-testing-infrastructure/modules/config-files/templates/accumulo-properties.tftpl
+++ 
b/contrib/terraform-testing-infrastructure/modules/config-files/templates/accumulo-properties.tftpl
@@ -19,7 +19,13 @@ compactor.port.search=true
 # OpenTelemetry settings
 general.opentelemetry.enabled=true
 
-#Micrometer settings
+# Micrometer settings
 general.micrometer.enabled=true
 general.micrometer.jvm.metrics.enabled=true
 
general.micrometer.factory=org.apache.accumulo.test.metrics.TestStatsDRegistryFactory
+
+# Per-Table Encryption
+instance.crypto.opts.factory=org.apache.accumulo.core.spi.crypto.PerTableCryptoServiceFactory
+general.custom.crypto.recovery.service=org.apache.accumulo.core.spi.crypto.AESCryptoService
+general.custom.crypto.wal.service=org.apache.accumulo.core.spi.crypto.AESCryptoService
+general.custom.crypto.key.uri=file://${software_root}/accumulo/accumulo-${accumulo_version}/conf/per-table-enc-key
diff --git 
a/contrib/terraform-testing-infrastructure/modules/config-files/templates/install_sw.sh.tftpl
 
b/contrib/terraform-testing-infrastructure/modules/config-files/templates/install_sw.sh.tftpl
index 3906974..a637054 100644
--- 
a/contrib/terraform-testing-infrastructure/modules/config-files/templates/install_sw.sh.tftpl
+++ 
b/contrib/terraform-testing-infrastructure/modules/config-files/templates/install_sw.sh.tftpl
@@ -82,6 +82,12 @@ else
 fi
 ${software_root}/accumulo/accumulo-${accumulo_version}/bin/accumulo-util 
build-native
 
+#
+# Generate a 32-byte encryption key and put into 
${software_root}/accumulo/accumulo-${accumulo_version}/conf.
+# This will get distributed to all nodes and the properties that use the file 
are in accumulo.properties
+#
+openssl rand -out 
${software_root}/accumulo/accumulo-${accumulo_version}/conf/per-table-enc-key 32
+
 #
 # OpenTelemetry dependencies
 #