[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16639598#comment-16639598 ] ASF GitHub Bot commented on IGNITE-8485: Github user asfgit closed the pull request at: https://github.com/apache/ignite/pull/4167 > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > Attachments: IGNITE-8485-encryption-disabled-1.png, > IGNITE-8485-encryption-disabled-2.png, Screen Shot 2018-10-01 at 10.27.37 > AM.png, Screen Shot 2018-10-01 at 10.27.51 AM.png, master.png > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16639583#comment-16639583 ] Nikolay Izhikov commented on IGNITE-8485: - Run All - https://ci.ignite.apache.org/viewLog.html?buildId=2007151=buildResultsDiv=IgniteTests24Java8_RunAll .Net - https://ci.ignite.apache.org/viewLog.html?buildId=2011355=queuedBuildOverviewTab > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > Attachments: IGNITE-8485-encryption-disabled-1.png, > IGNITE-8485-encryption-disabled-2.png, Screen Shot 2018-10-01 at 10.27.37 > AM.png, Screen Shot 2018-10-01 at 10.27.51 AM.png, master.png > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16636779#comment-16636779
]
Ignite TC Bot commented on IGNITE-8485:
---
{panel:title=No blockers
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
[TeamCity Run
All|http://ci.ignite.apache.org/viewLog.html?buildId=1993274buildTypeId=IgniteTests24Java8_RunAll]
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
> Attachments: IGNITE-8485-encryption-disabled-1.png,
> IGNITE-8485-encryption-disabled-2.png, Screen Shot 2018-10-01 at 10.27.37
> AM.png, Screen Shot 2018-10-01 at 10.27.51 AM.png, master.png
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16636567#comment-16636567 ] Nikolay Izhikov commented on IGNITE-8485: - Run All results - https://ci.ignite.apache.org/viewLog.html?buildId=1993274 [~dpavlov] > We should definitely fix .NET compilation before the merge, we agreed to > avoid tests failure, here I can see compilation failure Thank for pointing this out. Fixed > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > Attachments: IGNITE-8485-encryption-disabled-1.png, > IGNITE-8485-encryption-disabled-2.png, Screen Shot 2018-10-01 at 10.27.37 > AM.png, Screen Shot 2018-10-01 at 10.27.51 AM.png, master.png > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16635481#comment-16635481 ] Dmitriy Pavlov commented on IGNITE-8485: We should definitely fix .NET compilation before the merge, we agreed to avoid tests failure, here I can see compilation failure Compilation error: modules\platforms\dotnet\Apache.Ignite.Core\Apache.Ignite.Core.csproj Open in IDE IgniteConfiguration.cs(42, 30): error CS0234: The type or namespace name 'Encryption' does not exist in the namespace 'Apache.Ignite.Core' (are you missing an assembly reference?) IgniteConfiguration.cs(43, 30): error CS0234: The type or namespace name 'Encryption' does not exist in the namespace 'Apache.Ignite.Core' (are you missing an assembly reference?) IgniteConfiguration.cs(1067, 16): error CS0246: The type or namespace name 'IEncryptionSpi' could not be found (are you missing a using directive or an assembly reference?) > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > Attachments: IGNITE-8485-encryption-disabled-1.png, > IGNITE-8485-encryption-disabled-2.png, Screen Shot 2018-10-01 at 10.27.37 > AM.png, Screen Shot 2018-10-01 at 10.27.51 AM.png, master.png > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16635406#comment-16635406 ] Dmitriy Pavlov commented on IGNITE-8485: I left several comments in the PR about API uniformity, I'm going to finish this review shortly. And could we also issue TC Bot visa with more or less absent new test failures? > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > Attachments: IGNITE-8485-encryption-disabled-1.png, > IGNITE-8485-encryption-disabled-2.png, Screen Shot 2018-10-01 at 10.27.37 > AM.png, Screen Shot 2018-10-01 at 10.27.51 AM.png, master.png > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16635111#comment-16635111 ] Nikolay Izhikov commented on IGNITE-8485: - [~avinogradov] I double checked benchmark results on my local environment. You can see results on the pictures. The results of master and IGNITE-8485 in case encryption is disabled are the same. !IGNITE-8485-encryption-disabled-1.png! !IGNITE-8485-encryption-disabled-2.png! !master.png! > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > Attachments: IGNITE-8485-encryption-disabled-1.png, > IGNITE-8485-encryption-disabled-2.png, Screen Shot 2018-10-01 at 10.27.37 > AM.png, Screen Shot 2018-10-01 at 10.27.51 AM.png, master.png > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16633971#comment-16633971
]
Ignite TC Bot commented on IGNITE-8485:
---
{panel:title=Possible
Blockers|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}
{color:#d04437}Platform .NET{color} [[tests 0 Exit Code , TC_COMPILATION_ERROR
|https://ci.ignite.apache.org/viewLog.html?buildId=1979757]]
{color:#d04437}Platform .NET (Long Running){color} [[tests 0 Exit Code ,
TC_COMPILATION_ERROR
|https://ci.ignite.apache.org/viewLog.html?buildId=1979760]]
{color:#d04437}Platform .NET (Inspections){color} [[tests 0 Exit Code ,
TC_COMPILATION_ERROR
|https://ci.ignite.apache.org/viewLog.html?buildId=1979756]]
{color:#d04437}Platform .NET (Integrations){color} [[tests 0 Exit Code ,
TC_COMPILATION_ERROR
|https://ci.ignite.apache.org/viewLog.html?buildId=1979758]]
{color:#d04437}Platform .NET (NuGet)*{color} [[tests 0 Exit Code
|https://ci.ignite.apache.org/viewLog.html?buildId=1979761]]
{color:#d04437}Activate | Deactivate Cluster{color} [[tests
69|https://ci.ignite.apache.org/viewLog.html?buildId=1979712]]
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testJoinClientStaticCacheConfigurationOnJoin -
0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testJoinClientStaticCacheConfigurationSameOnBoth
- 0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testJoinClientWithOutConfiguration - 0,0% fails
in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testJoinWithOutConfiguration - 0,0% fails in last
100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testStaticCacheConfigurationDifferentOnBoth -
0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testStaticCacheConfigurationInCluster - 0,0%
fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testStaticCacheConfigurationOnJoin - 0,0% fails
in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToActiveCluster.testStaticCacheConfigurationSameOnBoth - 0,0%
fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testJoinClientStaticCacheConfigurationOnJoin -
0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testJoinClientStaticCacheConfigurationSameOnBoth
- 0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testJoinClientWithOutConfiguration - 0,0% fails
in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testJoinWithOutConfiguration - 0,0% fails in
last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testStaticCacheConfigurationDifferentOnBoth -
0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testStaticCacheConfigurationInCluster - 0,0%
fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testStaticCacheConfigurationOnJoin - 0,0% fails
in last 100 master runs.
* IgniteStandByClusterSuite:
JoinActiveNodeToInActiveCluster.testStaticCacheConfigurationSameOnBoth - 0,0%
fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testJoinClientStaticCacheConfigurationOnJoin -
0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testJoinClientStaticCacheConfigurationSameOnBoth
- 0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testJoinClientWithOutConfiguration - 0,0% fails
in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testJoinWithOutConfiguration - 0,0% fails in
last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testStaticCacheConfigurationDifferentOnBoth -
0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testStaticCacheConfigurationInCluster - 0,0%
fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testStaticCacheConfigurationOnJoin - 0,0% fails
in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToActiveCluster.testStaticCacheConfigurationSameOnBoth - 0,0%
fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToInActiveCluster.testJoinClientStaticCacheConfigurationOnJoin
- 0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToInActiveCluster.testJoinClientStaticCacheConfigurationSameOnBoth
- 0,0% fails in last 100 master runs.
* IgniteStandByClusterSuite:
JoinInActiveNodeToInActiveCluster.testJoinClientWithOutConfiguration - 0,0%
fails in last 100 master runs.
*
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16633800#comment-16633800
]
Ignite TC Bot commented on IGNITE-8485:
---
{panel:title=Possible
Blockers|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}
{color:#d04437}Data Structures{color} [[tests 0 TIMEOUT , Exit Code
|https://ci.ignite.apache.org/viewLog.html?buildId=1566693]]
{color:#d04437}Thin client: Node.js{color} [[tests 1 Exit Code
|https://ci.ignite.apache.org/viewLog.html?buildId=1566674]]
* execute auth example : AuthTlsExample - 4,0% fails in last 100 master
runs.
{color:#d04437}~[Obsolete] JCache TCK*{color} [[tests 0 Exit Code
|https://ci.ignite.apache.org/viewLog.html?buildId=1566695]]
{color:#d04437}Platform .NET{color} [[tests
9|https://ci.ignite.apache.org/viewLog.html?buildId=1566658]]
* exe: DataStorageMetricsTest.TestDataStorageMetrics - 0,0% fails in last 100
master runs.
* exe: DataStreamerTest.TestObjectGraphs - 0,0% fails in last 100 master runs.
* exe: DataStreamerTest.TestPropertyPropagation - 0,0% fails in last 100 master
runs.
* exe: DataStreamerTest.TestStreamReceiver - 0,0% fails in last 100 master runs.
* exe: DataStreamerTest.TestStreamReceiverKeepBinary - 0,0% fails in last 100
master runs.
* exe: DataStreamerTest.TestStreamTransformer - 0,0% fails in last 100 master
runs.
* exe: DataStreamerTest.TestStreamVisitor - 0,0% fails in last 100 master runs.
* exe: DataStreamerTest.TestTryFlush - 0,0% fails in last 100 master runs.
* exe: IgniteConfigurationSerializerTest.TestAllPropertiesArePresentInSchema -
0,0% fails in last 100 master runs.
{color:#d04437}Platform .NET (Long Running){color} [[tests
12|https://ci.ignite.apache.org/viewLog.html?buildId=151]]
* exe: CacheReplicatedAtomicTest.TestPut(False) - 0,0% fails in last 100 master
runs.
* exe: CacheReplicatedAtomicTest.TestPut(True) - 0,0% fails in last 100 master
runs.
* exe: CacheReplicatedAtomicTest.TestPutAll(False) - 0,0% fails in last 100
master runs.
* exe: CacheReplicatedAtomicTest.TestPutAll(True) - 0,0% fails in last 100
master runs.
* exe: CacheReplicatedAtomicTest.TestPutIfAbsent(False) - 0,0% fails in last
100 master runs.
* exe: CacheReplicatedAtomicTest.TestPutIfAbsent(True) - 0,0% fails in last 100
master runs.
* exe: CacheAbstractTransactionalTest.TestLockSimple - 0,0% fails in last 100
master runs.
* exe: CacheAbstractTransactionalTest.TestNestedTransactionScope - 0,0% fails
in last 100 master runs.
* exe: CacheAbstractTransactionalTest.TestSuppressedTransactionScope - 0,0%
fails in last 100 master runs.
* exe: ExamplesTest.TestRemoteNodes(BinaryModeExample) - 0,0% fails in last 100
master runs.
* exe: ExamplesTest.TestRemoteNodes(LinqExample) - 0,0% fails in last 100
master runs.
* exe: ExamplesTest.TestRemoteNodes(SqlExample) - 0,0% fails in last 100 master
runs.
{color:#d04437}ZooKeeper (Discovery) 2{color} [[tests
2|https://ci.ignite.apache.org/viewLog.html?buildId=1566653]]
* ZookeeperDiscoverySpiTestSuite2: IgniteClientReconnectCacheTest.testReconnect
- 0,0% fails in last 100 master runs.
* ZookeeperDiscoverySpiTestSuite2:
IgniteClientReconnectCacheTest.testReconnectMultinode - 0,0% fails in last 100
master runs.
{color:#d04437}ZooKeeper (Discovery) 1{color} [[tests
2|https://ci.ignite.apache.org/viewLog.html?buildId=1566652]]
* ZookeeperDiscoverySpiTestSuite1:
ZookeeperDiscoverySpiTest.testDuplicatedNodeId - 0,0% fails in last 100 master
runs.
{color:#d04437}PDS 2{color} [[tests
3|https://ci.ignite.apache.org/viewLog.html?buildId=159]]
* IgnitePdsTestSuite2: SlowHistoricalRebalanceSmallHistoryTest.testReservation
- 0,0% fails in last 100 master runs.
* IgnitePdsTestSuite2: IgniteWalReaderTest.testArchiveCompletedEventFired -
0,0% fails in last 100 master runs.
{color:#d04437}PDS 1{color} [[tests
1|https://ci.ignite.apache.org/viewLog.html?buildId=158]]
* IgnitePdsTestSuite: IgnitePdsDynamicCacheTest.testRestartAndCreate - 0,0%
fails in last 100 master runs.
{color:#d04437}Cache 5{color} [[tests
1|https://ci.ignite.apache.org/viewLog.html?buildId=1566692]]
* IgniteCacheWithIndexingTestSuite:
BinaryTypeMismatchLoggingTest.testEntryWriteQueryEntities - 0,0% fails in last
100 master runs.
{color:#d04437}Cache 4{color} [[tests
1|https://ci.ignite.apache.org/viewLog.html?buildId=1566691]]
* IgniteCacheTestSuite4:
CacheStoreUsageMultinodeStaticStartTxTest.testStaticConfigurationTxWriteBehindStore
- 0,0% fails in last 100 master runs.
{panel}
[TeamCity Run
All|http://ci.ignite.apache.org/viewLog.html?buildId=1566705buildTypeId=IgniteTests24Java8_RunAll]
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16633767#comment-16633767 ] Nikolay Izhikov commented on IGNITE-8485: - Benchmark results !Screen Shot 2018-10-01 at 10.27.37 AM.png! !Screen Shot 2018-10-01 at 10.27.51 AM.png! > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > Attachments: Screen Shot 2018-10-01 at 10.27.37 AM.png, Screen Shot > 2018-10-01 at 10.27.51 AM.png > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16631518#comment-16631518
]
Nikolay Izhikov commented on IGNITE-8485:
-
Hello, [~agoncharuk]
> did you add a check if Ignite starts on a storage which does not correspond
> to the cache config?
Yes, I do.
Please, take a look into:
{{SpringEcnryptedCacheRestartTest}} test names -
{{testStartWithEncryptedOnDiskPlainInCfg}},
{{testStartWithPlainOnDiskEncryptedInCfg}}
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16631509#comment-16631509 ] Alexey Goncharuk commented on IGNITE-8485: -- [~NIzhikov], did you add a check if Ignite starts on a storage which does not correspond to the cache config? (for example, an encrypted storage and no encryption key provided). I cannot find this place in the code. > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16627410#comment-16627410 ] Vladimir Ozerov commented on IGNITE-8485: - [~NIzhikov], thank you. Now encryption part looks good to me. Need review from storage experts. > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16625677#comment-16625677
]
Nikolay Izhikov commented on IGNITE-8485:
-
[~vozerov] As we discussed privately, I've moved localJoin handler to the
straight callback in {{GridDiscoveryManager}}.
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16625424#comment-16625424
]
Vladimir Ozerov commented on IGNITE-8485:
-
[~NIzhikov], I am not sure I understand the whole picture about static caches
still. Please note that {{onKernalStart}} is executed after both discovery and
IO are operational. IMO everything should happen on discovery stage:
1) Nodes share discovery data with each other, which includes cache
descriptors. Local node should collect it's own cache descriptors
(GridCacheProcessor#addCacheOnJoinFromConfig) *with* proposed encryption key.
2) Other nodes either accept or reject this key
3) Full map of keys are sent back to the joining node
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16620535#comment-16620535
]
Nikolay Izhikov commented on IGNITE-8485:
-
[~vozerov]
> 5) GridEncryptionManager - checks for notCoordinator() looks strange to me. I
> do not see any cases where current coordinator should do anything else than
> other nodes.
Yes, you are right in case of {{collectGridNodeData}}. Redundant check removed.
> 4) GridEncryptionManager.onKernalStart0 - I cannot understand why we are
> listening to ctx.discovery().localJoinFuture().listen here. Could you please
> clarify?
This is required to handle the case with statically configured caches:
1. Statically configured caches are registered *before* node joins to the
cluster.
2. At the moment of such registration, we can't generate and store an
encryption keys, because keys would be different on every node.
3. If node create new cluster({{locaJoinFuture}} && {{notCoordinator==false}})
we can generate and store encryption keys.
4. Second and subsequent nodes will receive newly generated keys from
coordinator on join.
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16620242#comment-16620242 ] Alexey Goncharuk commented on IGNITE-8485: -- I will take a look shortly. [~DmitriyGovorukhin], [~ivan.glukos], can you take a look as well? [~NIzhikov], can you move the ticket in a proper status? > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16620253#comment-16620253 ] Nikolay Izhikov commented on IGNITE-8485: - [~agoncharuk] I will fix Vladimir comments in a couple of hours and move the ticket to PA. For now it "In Progress". > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16619628#comment-16619628
]
Vladimir Ozerov commented on IGNITE-8485:
-
Hi [~NIzhikov], my comments:
First part of comments relate to public API only:
1) EncryptionSpi should be located inside o.a.i.spi.encryption package for
consistency with other SPIs
2) Please add package-info files to new public packages (o.a.i.spi.encryption,
o.a.i.spi.encryption.jks)
3) I would rename "jks" package to "keystore" to have consistency between
package and class names (as in most other SPIs)
4) Same thing for EncryptionKey -> KeystoreEncryptionKey
5) NoopEncryptionSpi should either be removed completely (manager could be used
to check if encryption is enabled), or moved to "noop" package (with
package-info). I vote for removal - no need to add useless classes to public
API.
6) IEncryptionSpi - dotnetdocs are missing
7) Apache.Ignite.Core.Encryption.Aes namespace should be renamed to
Apache.Ignite.Core.Encryption.Keystore
Internals:
1) GridComponent.DiscoveryDataExchangeType.ENCRYPTION_MGR - I think it is
better to move it after CACHE_CRD_PROC for safety.
2) GridEncryptionManager.start/stop - no need to write debug log, as it is
already written in startSpi/stopSpi methods
3) GridEncryptionManager.onKernalStart0 - this is too late to register
listeners, as IO and discovery is already active at this point. Things like
this should be prepared on start() stage.
4) GridEncryptionManager.onKernalStart0 - I cannot understand why we are
listening to {{ctx.discovery().localJoinFuture().listen}} here. Could you
please clarify?
5) GridEncryptionManager - checks for {{notCoordinator()}} looks strange to me.
I do not see any cases where current coordinator should do anything else than
other nodes. All of them are equal. The only thing we need is to agree on
encryption key, which should happen on all nodes in the same place - during
cache creation inside exchange thread.
All in all, looks like we need to do some clean up in API and in manager.
Also I would like to ask persistence experts to throw a glance at
storage-related code (WAL, IOs, etc). [~agoncharuk], could you please do that
or suggest someone else, who can help us?
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16613207#comment-16613207 ] Nikolay Izhikov commented on IGNITE-8485: - [~vozerov] > 7) There is no need to throw exception in IO listener threads. All we can do > here is to log error with proper message. Fixed. Please, take a look. > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612504#comment-16612504 ] Nikolay Izhikov commented on IGNITE-8485: - [~vozerov] I've fixed all your comments excluding 7. Can you, please, explain it to me more clearly. Where, exactly, I shouldn't throw an exception? > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16611999#comment-16611999 ] ASF GitHub Bot commented on IGNITE-8485: Github user nizhikov closed the pull request at: https://github.com/apache/ignite/pull/4634 > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16610255#comment-16610255
]
Vladimir Ozerov commented on IGNITE-8485:
-
Hi [~NIzhikov], my comments:
1) Styling: please look through your code and fix the following issues:
- Unused imports
- Replace abbreviations in method names with full words (as abbreviations are
allowed only for variable, not method names and class names)
- Replace "log.warn" with "U.warn"
2) I am still not satisfied with API. "AES" name is not appropriate here,
because it denotes algorithm, but instead it should denote underlying storage.
Correct name would be "Keystore". First, it will help us to add more algorithms
in future while still using keystore (e.g. 3DES, which is used by other
vendors). Second, what if in future we add another implementation over some KMS
which will also use AES? How would we name? This is why "AES" should go away
from interface names.
3) Key generation for clients - please move it to {{GridEncryptionManager}}, as
this is exactly what managers and processors are created for - to manage
component lifecycle, listen for events, encapsulate related logic in a single
place.
4) Currently random node is picked to send request to. Instead, random *server*
node should be used.
5) I would suggest to remove group IDs from request. First, at this point our
understanding that cache groups is a hack feature, which is likely to be
removed in future in favor of tablespaces. So it is better to avoid relying on
it if possible. Second, there is no need to get existing keys for caches at
all. Because by the time you got the key from existing cache, it may get's
re-created concurrently with another key. Or key rotation may happen (in future
release). So you can never rely on what key is returned, and it should be
compared with existing group key in exchange thread during cache start. IMO all
we need is the request is the number of keys to be generated.
6) {{GridCacheProcessor#genEncKeysAndStartCacheAfter}} - future is registered
after message is sent, which means that response may be missed (e.g. in case of
long GC pause or unfavorable context switch). Also there is no proper sync with
disconnect event, meaning that you may have hanging futures after disconnect as
well. Bulletproof synchronization here looks like this :
{code:java}
boolean stopped;
boolean disconnected;
onStart(...) {
// Set all listeners
}
onKernalStop(...) {
sync (mux) {
// Set stop flag
// Complete all futures with error
}
}
onDiscoveryMessage(...) {
sync (mux) {
// Iterate over registered futures, resend if possible or finish with
error
}
}
onIOMessage(...) {
sync (mux) {
// Generate key or complete and deregister future.
}
}
onDisconnect(...) {
sync (mux) {
// Set disconnect flag
// Complete all futures with error
}
}
onReconnect(...) {
sync (mux) {
// Remove disconnect flag.
}
}
generateKeys(...) {
sync (mux) {
// Check stop and disconnect flags
// Register future, send request
}
}{code}
At this point it should be obvious why all this logic should be located in
separate processor.
7) There is no need to throw exception in IO listener threads. All we can do
here is to log error with proper message.
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16603538#comment-16603538
]
Nikolay Izhikov commented on IGNITE-8485:
-
[~vozerov]
I've fixed all comments from your first code review:
1. {{encrypted}} renamed to {{isEncryptionEnabled}}
2. Ticket to add {{isEncryptionEnabled}} created.
3. .Net SPI implementation created.
4. CRC of encrypted page calculated and stored in the persistent store. We can
check persisted data integrity on reading from a file.
5. {{EncryptionKey}} removed. {{Serializable}} used instead.
6. I've keep {{NoonEncryptionSpi}} - it required in for a internal logic.
7. {{keySize}} and {{masterKeName}} are now can be setted by user.
8. MVCC PageIO checked.
9. {{GenerateEncryptionKeyRequst}} now send via communication SPI.
10. SPI implementation renamed to AESEncryptionSpi and moved to the
corresponding package.
11. Some tests added.
PDS tests group are executed with encryption mode forced for all caches.
PR - https://github.com/apache/ignite/pull/4634
Tests - https://ci.ignite.apache.org/viewLog.html?buildId=1794649
Please, take a look on main PR one more time -
https://github.com/apache/ignite/pull/4167
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16595122#comment-16595122 ] ASF GitHub Bot commented on IGNITE-8485: GitHub user nizhikov opened a pull request: https://github.com/apache/ignite/pull/4634 IGNITE-8485: force encrypted mode for all caches You can merge this pull request into a Git repository by running: $ git pull https://github.com/nizhikov/ignite IGNITE-8485-forced Alternatively you can review and apply these changes as the patch at: https://github.com/apache/ignite/pull/4634.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #4634 commit 241eeab3dea6dae3652d106e7f835be0f081f89a Author: Nikolay Izhikov Date: 2018-06-25T10:22:59Z IGNITE-8485: TDE Implementation commit 763ebc413a6b9d395a71ac7024f028228f4dd710 Author: Nikolay Izhikov Date: 2018-06-25T19:46:41Z Merge branch 'master' into IGNITE-8485 commit 410c7be5e0ebab67b0b74331559ed4f9548d2601 Author: Nikolay Izhikov Date: 2018-06-25T20:04:01Z IGNITE-8485: Code review fixes. commit 43b9cde1fc373cfecf7ebcf19b72d87e2e8653f4 Author: Nikolay Izhikov Date: 2018-06-26T08:33:59Z IGNITE-8485: Code review fixes. commit efac7b2b46729a73421b7738fea47171a71c2440 Author: Nikolay Izhikov Date: 2018-06-26T08:44:54Z IGNITE-8485: Code review fixes. commit 03855222fdab19c1173b9d2931d7b1db463f066e Author: Nikolay Izhikov Date: 2018-06-26T08:45:39Z IGNITE-8485: Code review fixes. commit 02f7cffbee852345ed690e67100bbd701d03c429 Author: Nikolay Izhikov Date: 2018-06-26T08:58:07Z IGNITE-8485: Code review fixes. commit 6a884eaf9e3dfce7f177a59e591dd430b609a303 Author: Nikolay Izhikov Date: 2018-06-26T09:13:19Z IGNITE-8485: Code review fixes. commit 53a7eaaeb78190f69d2ecd8b3d775e7efc3dd65d Author: Nikolay Izhikov Date: 2018-06-26T10:57:34Z Merge branch 'master' into IGNITE-8485 commit f1581e53a6f6bcd066c9c2820570d11f586be516 Author: Nikolay Izhikov Date: 2018-06-26T11:03:28Z IGNITE-8485: Code review fixes. commit 4e4142eb28f3346e35a98d08ce65641c24834c4d Author: Nikolay Izhikov Date: 2018-06-26T14:17:03Z Merge branch 'master' into IGNITE-8485 commit 284177c8447f8baabab8d6553132c8c9da662359 Author: Nikolay Izhikov Date: 2018-06-26T14:28:45Z IGNITE-8485: Code review fixes. commit 9b222135db1a73d40c8973711581fe0768ad0528 Author: Nikolay Izhikov Date: 2018-06-26T14:34:30Z IGNITE-8485: Code review fixes. commit 5d237570ec02f53f4aadcc8f189e064bea45faa2 Author: Nikolay Izhikov Date: 2018-06-26T14:54:18Z IGNITE-8485: Code review fixes. commit 5894c498fa2516097256b0e1aa0ed67776dbab31 Author: Nikolay Izhikov Date: 2018-06-26T16:04:27Z IGNITE-8485: Fix flaky test. Add encryption supported check. commit 049cd0a554785511b2cadb0f90a8a4f60440dc93 Author: Nikolay Izhikov Date: 2018-06-26T16:30:34Z IGNITE-8485: Code review fixes. commit 4d4d0e2686b1f6c3894df90256493a8ea7d2b852 Author: Nikolay Izhikov Date: 2018-06-27T15:46:52Z Merge branch 'master' into IGNITE-8485 commit 6af7e8be9f069ec5d6f1e9ee3457f67bc81f2763 Author: Nikolay Izhikov Date: 2018-06-28T15:43:49Z IGNITE-8485: Code review fixes. commit 6b6fb4d8eedc77d1be1490a5d45e4e2024ef1354 Author: Nikolay Izhikov Date: 2018-06-29T09:28:01Z IGNITE-8485: Code review(In progress). Compilation failed. commit fc6d0256b9b11dce822365b03798334f4a28f0c1 Author: Nikolay Izhikov Date: 2018-06-29T09:33:11Z IGNITE-8485: revert unnecessary changes commit af86e66bd4bf61e15e65cbc8ead95b0581e6fd2f Author: Nikolay Izhikov Date: 2018-06-29T10:55:26Z IGNITE-8485: Refactor encryption of DataRecord commit 5127a6c03ef3aacbc179323c4e7737a045c481df Author: Nikolay Izhikov Date: 2018-06-29T10:57:38Z IGNITE-8485: Compilation fix commit cde18b0127f8237c37bdace85e2659f826d6c75d Author: Nikolay Izhikov Date: 2018-06-29T11:00:44Z IGNITE-8485: minor fix commit a20669026981141e70ab54956facc394536f6b2c Author: Nikolay Izhikov Date: 2018-06-29T11:12:33Z IGNITE-8485: minor fix commit 4849f51067f040c514980d0734173c5ca98f13d4 Author: Nikolay Izhikov Date: 2018-06-29T15:04:33Z IGNITE-8485: Test fixed. commit bd312865091f6ed40e609b2e508754a92743c434 Author: Nikolay Izhikov Date: 2018-06-29T15:20:52Z IGNITE-8485: minor fix. commit 9cab4a1ccb1ef3b2b93f1da3f559e464a4ed157d Author: Nikolay Izhikov Date: 2018-06-29T15:23:03Z Undo edit commit 9308e0f7e3f0ec07f126ea2d601ac625d0a1ef16 Author: Nikolay Izhikov Date: 2018-06-29T15:29:39Z Merge branch 'master' into IGNITE-8485 commit eefa124153f6ad7529ef4991e7d391c09cc278de Author: Nikolay Izhikov Date: 2018-06-29T16:13:40Z IGNITE-8485: Test fix commit 6acad7c10cd3a6b46382abd1e0dcef52eaded378 Author: Nikolay Izhikov Date:
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16523957#comment-16523957 ] Ryabov Dmitrii commented on IGNITE-8485: Looks good to me. > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.7 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16523799#comment-16523799 ] Nikolay Izhikov commented on IGNITE-8485: - Please, note: To run TDE tests one should install "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" [1] [1] http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html > TDE - Phase-1 > - > > Key: IGNITE-8485 > URL: https://issues.apache.org/jira/browse/IGNITE-8485 > Project: Ignite > Issue Type: Sub-task >Reporter: Nikolay Izhikov >Assignee: Nikolay Izhikov >Priority: Critical > Fix For: 2.6 > > > Basic support for a Transparent Data Encryption should be implemented: > 1. Usage of standard JKS, Java Security. > 2. Persistent Data Encryption/Decryption. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1651#comment-1651
]
Vladimir Ozerov commented on IGNITE-8485:
-
Hi, [~NIzhikov].
Several preliminary questions around API:
1) Why do we use master key to encrypt WAL records? I looked through all record
types marked as "encryptable" and all of them has cache group ID, i.e. it is
possible to get CEKs for them. If you replace MEK with CEK here, then it would
be possible to remove {{CipherSpi#masterKey}} method.
2) {{CipherSpi#create}} and {{CipherSpi#encryptKey}} are always used near each
other (2 times each). I would remove {{CipherSpi#create}} method and modify API
as follows:
{code}
byte[] createEncryptedCacheKey();
K decryptCacheKey(byte[] keyBytes);
{code}
What do you think?
> TDE - Phase-1
> -
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
>Reporter: Nikolay Izhikov
>Assignee: Nikolay Izhikov
>Priority: Critical
> Fix For: 2.6
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-8485) TDE - Phase-1
[ https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16506896#comment-16506896 ] ASF GitHub Bot commented on IGNITE-8485: GitHub user nizhikov opened a pull request: https://github.com/apache/ignite/pull/4167 IGNITE-8485: TDE Implementation You can merge this pull request into a Git repository by running: $ git pull https://github.com/nizhikov/ignite IGNITE-8485 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/ignite/pull/4167.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #4167 commit 02bf17120260850a51fd707b1c4af0ea029f5947 Author: Nikolay Izhikov Date: 2018-05-04T15:42:15Z First draft of TDE public api commit b8219398ed899859943371499edaf97094b89f07 Author: Nikolay Izhikov Date: 2018-05-17T12:38:34Z Merge branch 'tde-public-api' into IGNITE-8485 commit e3588129374ce382c9e263f9124ac36dc1157e04 Author: Nikolay Izhikov Date: 2018-05-18T11:05:10Z IGNITE-8485: Initial commit. commit bd784bc72a0f6014d96af2ca6ca3ec0871804df9 Author: Nikolay Izhikov Date: 2018-05-23T18:44:54Z Merge branch 'master' into IGNITE-8485 commit 2a4cb3e2d79dbc724afe58fb3d411ea890491c68 Author: Nikolay Izhikov Date: 2018-05-24T07:50:32Z Merge branch 'master' into IGNITE-8485 commit a1eee8cf8bf2a601b5180261e7d8bc64ef994ce6 Author: Nikolay Izhikov Date: 2018-05-24T11:13:41Z IGNITE-6055: Some work done commit 1f11d94ebf608a27e36c5b3ba7869d791363eebe Author: Nikolay Izhikov Date: 2018-05-28T06:59:16Z Merge branch 'master' into IGNITE-8485 commit 5ba1429c8ee8cc18d5e6bbbe1b798564098d9852 Author: Nikolay Izhikov Date: 2018-05-28T12:04:08Z IGNITE-8485: Cipher SPI Default implementation. commit 55e63969472d2c14e67f5f47f2ea4b26245fc0e5 Author: Nikolay Izhikov Date: 2018-05-28T12:14:50Z IGNITE-8485: Cipher SPI Default implementation. commit 54480f6057d1a90cf39dae025c1790a14e2a0100 Author: Nikolay Izhikov Date: 2018-05-28T13:12:52Z Merge branch 'master' into IGNITE-8485 commit 406e9b9f991d25a11050026a82a899dad95a85c7 Author: Nikolay Izhikov Date: 2018-05-28T19:11:26Z IGNITE-8485: Working on cache creation enhancement. commit caa33c72b5ab4bae2a65a030451bdcb40fd64e1e Author: Nikolay Izhikov Date: 2018-05-29T09:38:23Z Merge branch 'master' into IGNITE-8485 commit 76591c66c9ab4424bcf2b3a86bd6b53345352ae6 Author: Nikolay Izhikov Date: 2018-05-29T10:36:31Z IGNITE-8485: Working on cache creation enhancement. commit 48c09d6c861db73ae28d96908a1d2e32ed3fda21 Author: Nikolay Izhikov Date: 2018-05-29T13:49:00Z Merge branch 'master' into IGNITE-8485 commit 0aa270f1f348cb6a1e03c8f6ec1c592e13b08c0f Author: Nikolay Izhikov Date: 2018-05-29T17:28:12Z IGNITE-8485: Working on cache creation enhancement. commit 31552585852b1619c09731492584f592975a6b06 Author: Nikolay Izhikov Date: 2018-05-30T06:10:36Z IGNITE-8485: Working on cache creation enhancement. commit 93ae93035570f99af7342f7e7d335f9dde36825b Author: Nikolay Izhikov Date: 2018-05-30T06:10:50Z Merge branch 'master' of github.com:apache/ignite into IGNITE-8485 commit 030069df12338ad93725f1b92e41b7213896f64f Author: Nikolay Izhikov Date: 2018-05-30T16:35:53Z IGNITE-8485: Cache create implementation. commit bc66683e85dd1156f0945f308bab7c9ef8cf6639 Author: Nikolay Izhikov Date: 2018-05-30T16:42:02Z Merge branch 'master' of github.com:apache/ignite into IGNITE-8485 commit af826e2e4f510a02be642147df56ab167372e126 Author: Nikolay Izhikov Date: 2018-05-31T14:43:34Z IGNITE-8485: Cache create implementation. commit d451d4e46687ac8f1afa08c4b6ac8139fa8a5249 Author: Nikolay Izhikov Date: 2018-05-31T15:02:00Z IGNITE-8485: Cache create implementation. commit 5f49d749a48e814bf5a97371fd261bbdda9498ce Author: Nikolay Izhikov Date: 2018-05-31T15:04:27Z Merge branch 'master' into IGNITE-8485 commit 04613b2dc739ee1b0916e0e97f6bd5131a2c353e Author: Nikolay Izhikov Date: 2018-06-01T10:51:00Z IGNITE-8485: Validation of master key for joining node added. commit c4da23c88f6b84269fa9ae944e4706a716350408 Author: Nikolay Izhikov Date: 2018-06-01T17:21:38Z IGNITE-8485: Cache creation on cluster activation seems to be working. commit 2f58ad4cf0d7c2b64aca6d0050a0107dc823ee4b Author: Nikolay Izhikov Date: 2018-06-01T17:47:25Z Merge branch 'master' into IGNITE-8485 commit 6379fcf11803c6574349665365edeae7b20ffa7b Author: Nikolay Izhikov Date: 2018-06-04T12:47:01Z Merge branch 'master' into IGNITE-8485 commit 7f1640dc6d73411b549ed324d1afe8486be5e955 Author: Nikolay Izhikov Date: 2018-06-04T16:20:40Z IGNITE-8485: Refactoring to be able to implement EncryptedPageStore commit
