JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6b23380d6b
storj/uplink/config.go

196 lines
7.3 KiB
Go
Raw Normal View History

Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package uplink
import (
"context"
"errors"
Change where the encryption key is being stored for uplink (#1967) * uplink: Add a new flag to set the filepath of the file which is used for saving the encryption key and rename the one that hold the encryption key and establish that it has priority over the key stored in the file to make the configuration usable without having a huge refactoring in test-sim. * cmd/uplink: Adapt the setup subcommand for storing the user input key to a file and adapt the rest of the subcommands for reading the key from the key-file when the key isn't explicitly set with a command line flag. * cmd/gateway: Adapt it to read the encryption key from the key-file or use the one passed by a command line flag. * pkg/process: Export the default configuration filename so other packages which use the same value can reference to it rather than having it hardcoded. * Adapt several integrations (scripts, etc.) to consider the changes applied in uplink and cmd packages.
2019-05-22 14:57:12 +01:00
"io/ioutil"
Download is hanging when one node is not responsive (#1764) Change closes download connection in parallel and sets a timeout for communication between uplink and storage node
2019-04-25 09:17:26 +01:00
"time"
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
"github.com/vivint/infectious"
"github.com/zeebo/errs"
monkit "gopkg.in/spacemonkeygo/monkit.v2"
"storj.io/storj/internal/memory"
"storj.io/storj/pkg/eestream"
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol
2019-03-18 10:55:06 +00:00
"storj.io/storj/pkg/encryption"
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
"storj.io/storj/pkg/identity"
"storj.io/storj/pkg/metainfo/kvmetainfo"
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections.
2019-02-11 11:17:32 +00:00
"storj.io/storj/pkg/peertls/tlsopts"
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
ecclient "storj.io/storj/pkg/storage/ec"
"storj.io/storj/pkg/storage/segments"
"storj.io/storj/pkg/storage/streams"
"storj.io/storj/pkg/storj"
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections.
2019-02-11 11:17:32 +00:00
"storj.io/storj/pkg/transport"
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol
2019-03-18 10:55:06 +00:00
"storj.io/storj/uplink/metainfo"
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
)
// RSConfig is a configuration struct that keeps details about default
// redundancy strategy information
type RSConfig struct {
add support to hide config settings (#2241) * add hide support for config settings * updates per CR to unit test * check err for lint
2019-06-19 15:27:44 +01:00
MaxBufferMem memory.Size `help:"maximum buffer memory (in bytes) to be allocated for read buffers" default:"4MiB" hidden:"true"`
ErasureShareSize memory.Size `help:"the size of each new erasure share in bytes" default:"256B" hidden:"true"`
MinThreshold int `help:"the minimum pieces required to recover a segment. k." releaseDefault:"29" devDefault:"4" hidden:"true"`
RepairThreshold int `help:"the minimum safe pieces before a repair is triggered. m." releaseDefault:"35" devDefault:"6" hidden:"true"`
SuccessThreshold int `help:"the desired total pieces for a segment. o." releaseDefault:"80" devDefault:"8" hidden:"true"`
MaxThreshold int `help:"the largest amount of pieces to encode to. n." releaseDefault:"130" devDefault:"10" hidden:"true"`
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
// EncryptionConfig is a configuration struct that keeps details about
// encrypting segments
type EncryptionConfig struct {
uplink: enc.encryption-key flag is only available for setup command (#2090) * uplink: Mark encryption key config field for setup Set the "setup" property to the `EncryptionConfig.EncrptionKey` for avoiding to save it in the configuration file. This field is only meant for using in the command line parameters which need to use a different encryption key than the one present in the key file or use it when there is not set any encryption key file path. * cmd/uplink: Setup non-interactive accept enc key Change the uplink CLI setup command non-interactive to save the encryption key into a file when it's passed through the flag --enc.encryption-key Previous to this change it wasn't possible to create an key file despite of that the flag was provided, so it was useless on the setup command. * cmd/uplink: Reuse logic to read pwd from terminal Reuse the logic which is already implemented in the pkg/cfgstruct for reading a password from the terminal on interactive mode, rather than duplicating it in the setup command. * cmd/gateway: Use encryption key file flags The cmd/gateway was still using the `enc.key` configuration field which doesn't exist anymore and its setup command wasn't using the `enc.key-filepath` with combination of the `enc.encryption-key` for generating a file with the encryption key. This commit update the cmd/gateway appropriately and move to the uplink package the function used by cmd/uplink to save the encryption key for allowing to also be used by the cmd/gateway without duplicating the logic. * cmd/storj-sim: Adapt gateway config cmd changes Adapt the cmd/storj-sim to correctly pass the parameters to the cmd/gateway setup and run command. * scripts: Don't pass the --enc.encryption-key flag uplink configuration has changed to only support the `--enc.encryption-key` flag for setup commands and consequently the cmd/uplink and cmd/gateway don't accept this flag over other commands, hence the test for the uplink had to be updated for no passing the flag on the multiples calls that the test do to cmd/uplink. * uplink: Remove func which aren't useful anymore Remove the function which allows to user or load an encryption key because it isn't needed anymore since the `--enc.encryption-key` flag is only available for the setup command. Consequently remove its usage from cmd/uplink and cmd/gateway, because such flag will always be empty because in case that's passed Cobra will return an error due to a "unknown flag".
2019-06-07 17:14:40 +01:00
EncryptionKey string `help:"the root key for encrypting the data which will be stored in KeyFilePath" setup:"true"`
makes sure all uplink cli configs get passed to libuplink, add stripeSize (#2103) * makes sure all uplink cli configs get passed to libuplink, add stripSize * update comment * update defaults for uplink config blocksize * changes per CR, update uplink config defaults * pass shareSize from uplink config * move block size validation to kvmeta pkg * fix tests * shareSize default 1k, rm config option blocksize * rm printing err to stdout
2019-06-06 19:55:10 +01:00
KeyFilepath string `help:"the path to the file which contains the root key for encrypting the data"`
DataType int `help:"Type of encryption to use for content and metadata (1=AES-GCM, 2=SecretBox)" default:"1"`
PathType int `help:"Type of encryption to use for paths (0=Unencrypted, 1=AES-GCM, 2=SecretBox)" default:"1"`
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
// ClientConfig is a configuration struct for the uplink that controls how
// to talk to the rest of the network.
type ClientConfig struct {
transport: separate dial from request timeouts (#1940) A previous change reused the same timeout for dialing as well as requesting in order to speed up some tests. This change introduces a distinct timeout so that the different operations can have different timeouts.
2019-05-10 12:26:25 +01:00
APIKey string `default:"" help:"the api key to use for the satellite" noprefix:"true"`
SatelliteAddr string `releaseDefault:"127.0.0.1:7777" devDefault:"127.0.0.1:10000" help:"the address to use for the satellite" noprefix:"true"`
MaxInlineSize memory.Size `help:"max inline segment size in bytes" default:"4KiB"`
SegmentSize memory.Size `help:"the size of a segment in bytes" default:"64MiB"`
RequestTimeout time.Duration `help:"timeout for request" default:"0h0m20s"`
DialTimeout time.Duration `help:"timeout for dials" default:"0h0m20s"`
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
// Config uplink configuration
type Config struct {
Client ClientConfig
RS RSConfig
Enc EncryptionConfig
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections.
2019-02-11 11:17:32 +00:00
TLS tlsopts.Config
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
var (
mon = monkit.Package()
// Error is the errs class of standard End User Client errors
Error = errs.Class("Uplink configuration error")
)
// GetMetainfo returns an implementation of storj.Metainfo
func (c Config) GetMetainfo(ctx context.Context, identity *identity.FullIdentity) (db storj.Metainfo, ss streams.Store, err error) {
defer mon.Task()(&ctx)(&err)
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections.
2019-02-11 11:17:32 +00:00
tlsOpts, err := tlsopts.NewOptions(identity, c.TLS)
if err != nil {
return nil, nil, err
}
Add Versioning Server (#1576) * Initial Webserver Draft for Version Controlling * Rename type to avoid confusion * Move Function Calls into Version Package * Fix Linting and Language Typos * Fix Linting and Spelling Mistakes * Include Copyright * Include Copyright * Adjust Version-Control Server to return list of Versions * Linting * Improve Request Handling and Readability * Add Configuration File Option Add Systemd Service file * Add Logging to File * Smaller Changes * Add Semantic Versioning and refuses outdated Software from Startup (#1612) * implements internal Semantic Version library * adds version logging + reporting to process * Advance SemVer struct for easier handling * Add Accepted Version Store * Fix Function * Restructure * Type Conversion * Handle Version String properly * Add Note about array index * Set temporary Default Version * Add Copyright * Adding Version to Dashboard * Adding Version Info Log * Renaming and adding CheckerProcess * Iteration Sync * Iteration V2 * linting * made LogAndReportVersion a go routine * Refactor to Go Routine * Add Context to Go Routine and allow Operation if Lookup to Control Server fails * Handle Unmarshal properly * Linting * Relocate Version Checks * Relocating Version Check and specified default Version for now * Linting Error Prevention * Refuse Startup on outdated Version * Add Startup Check Function * Straighten Logging * Dont force Shutdown if --dev flag is set * Create full Service/Peer Structure for ControlServer * Linting * Straighting Naming * Finish VersionControl Service Layout * Improve Error Handling * Change Listening Address * Move Checker Function * Remove VersionControl Peer * Linting * Linting * Create VersionClient Service * Renaming * Add Version Client to Peer Definitions * Linting and Renaming * Linting * Remove Transport Checks for now * Move to Client Side Flag * Remove check * Linting * Transport Client Version Intro * Adding Version Client to Transport Client * Add missing parameter * Adding Version Check, to set Allowed = true * Set Default to true, testing * Restructuring Code * Uplink Changes * Add more proper Defaults * Renaming of Version struct * Dont pass Service use Pointer * Set Defaults for Versioning Checks * Put HTTP Server in go routine * Add Versioncontrol to Storj-Sim * Testplanet Fixes * Linting * Add Error Handling and new Server Struct * Move Lock slightly * Reduce Race Potentials * Remove unnecessary files * Linting * Add Proper Transport Handling * small fixes * add fence for allowed check * Add Startup Version Check and Service Naming * make errormessage private * Add Comments about VersionedClient * Linting * Remove Checks that refuse outgoing connections * Remove release cmd * Add Release Script * Linting * Update to use correct Values * Move vars private and set minimum default versions for testing builds * Remove VersionedClient * Better Error Handling and naked return removal * Straighten the Regex and string conversion * Change Check to allows testplanet and storj-sim to run without the need to pass an LDFlag * Cosmetic Change to Dashboard * Cleanup Returns and remove commented code * Remove Version Check if no build options are passed in * Pass in Config Values instead of Pointers * Handle missed Error * Update Endpoint URL * Change Type of Release Flag * Add additional Logging * Remove Versions Logging of other Services * minor fixes Change-Id: I5cc04a410ea6b2008d14dffd63eb5f36dd348a8b
2019-04-03 20:13:39 +01:00
// ToDo: Handle Versioning for Uplinks here
transport: separate dial from request timeouts (#1940) A previous change reused the same timeout for dialing as well as requesting in order to speed up some tests. This change introduces a distinct timeout so that the different operations can have different timeouts.
2019-05-10 12:26:25 +01:00
tc := transport.NewClientWithTimeouts(tlsOpts, transport.Timeouts{
Request: c.Client.RequestTimeout,
Dial: c.Client.DialTimeout,
})
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections.
2019-02-11 11:17:32 +00:00
Remove PointerDB client (#1520)
2019-03-22 09:01:49 +00:00
if c.Client.SatelliteAddr == "" {
return nil, nil, errors.New("satellite address not specified")
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
Fix some metainfo.Client leaks (#2327)
2019-06-25 16:36:23 +01:00
m, err := metainfo.Dial(ctx, tc, c.Client.SatelliteAddr, c.Client.APIKey)
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
if err != nil {
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol
2019-03-18 10:55:06 +00:00
return nil, nil, Error.New("failed to connect to metainfo service: %v", err)
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
Fix some metainfo.Client leaks (#2327)
2019-06-25 16:36:23 +01:00
// TODO: handle closing of m
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
Don't require encryption keys for project or bucket management (#2291)
2019-06-24 03:06:14 +01:00
project, err := kvmetainfo.SetupProject(m)
if err != nil {
return nil, nil, Error.New("failed to create project: %v", err)
}
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections.
2019-02-11 11:17:32 +00:00
ec := ecclient.NewClient(tc, c.RS.MaxBufferMem.Int())
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
fc, err := infectious.NewFEC(c.RS.MinThreshold, c.RS.MaxThreshold)
if err != nil {
return nil, nil, Error.New("failed to create erasure coding client: %v", err)
}
rs, err := eestream.NewRedundancyStrategy(eestream.NewRSScheme(fc, c.RS.ErasureShareSize.Int()), c.RS.RepairThreshold, c.RS.SuccessThreshold)
if err != nil {
return nil, nil, Error.New("failed to create redundancy strategy: %v", err)
}
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol
2019-03-18 10:55:06 +00:00
maxEncryptedSegmentSize, err := encryption.CalcEncryptedSize(c.Client.SegmentSize.Int64(), c.GetEncryptionScheme())
if err != nil {
return nil, nil, Error.New("failed to calculate max encrypted segment size: %v", err)
}
Don't require encryption keys for project or bucket management (#2291)
2019-06-24 03:06:14 +01:00
segment := segments.NewSegmentStore(m, ec, rs, c.Client.MaxInlineSize.Int(), maxEncryptedSegmentSize)
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
makes sure all uplink cli configs get passed to libuplink, add stripeSize (#2103) * makes sure all uplink cli configs get passed to libuplink, add stripSize * update comment * update defaults for uplink config blocksize * changes per CR, update uplink config defaults * pass shareSize from uplink config * move block size validation to kvmeta pkg * fix tests * shareSize default 1k, rm config option blocksize * rm printing err to stdout
2019-06-06 19:55:10 +01:00
blockSize := c.GetEncryptionScheme().BlockSize
if int(blockSize)%c.RS.ErasureShareSize.Int()*c.RS.MinThreshold != 0 {
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
err = Error.New("EncryptionBlockSize must be a multiple of ErasureShareSize * RS MinThreshold")
return nil, nil, err
}
uplink: enc.encryption-key flag is only available for setup command (#2090) * uplink: Mark encryption key config field for setup Set the "setup" property to the `EncryptionConfig.EncrptionKey` for avoiding to save it in the configuration file. This field is only meant for using in the command line parameters which need to use a different encryption key than the one present in the key file or use it when there is not set any encryption key file path. * cmd/uplink: Setup non-interactive accept enc key Change the uplink CLI setup command non-interactive to save the encryption key into a file when it's passed through the flag --enc.encryption-key Previous to this change it wasn't possible to create an key file despite of that the flag was provided, so it was useless on the setup command. * cmd/uplink: Reuse logic to read pwd from terminal Reuse the logic which is already implemented in the pkg/cfgstruct for reading a password from the terminal on interactive mode, rather than duplicating it in the setup command. * cmd/gateway: Use encryption key file flags The cmd/gateway was still using the `enc.key` configuration field which doesn't exist anymore and its setup command wasn't using the `enc.key-filepath` with combination of the `enc.encryption-key` for generating a file with the encryption key. This commit update the cmd/gateway appropriately and move to the uplink package the function used by cmd/uplink to save the encryption key for allowing to also be used by the cmd/gateway without duplicating the logic. * cmd/storj-sim: Adapt gateway config cmd changes Adapt the cmd/storj-sim to correctly pass the parameters to the cmd/gateway setup and run command. * scripts: Don't pass the --enc.encryption-key flag uplink configuration has changed to only support the `--enc.encryption-key` flag for setup commands and consequently the cmd/uplink and cmd/gateway don't accept this flag over other commands, hence the test for the uplink had to be updated for no passing the flag on the multiples calls that the test do to cmd/uplink. * uplink: Remove func which aren't useful anymore Remove the function which allows to user or load an encryption key because it isn't needed anymore since the `--enc.encryption-key` flag is only available for the setup command. Consequently remove its usage from cmd/uplink and cmd/gateway, because such flag will always be empty because in case that's passed Cobra will return an error due to a "unknown flag".
2019-06-07 17:14:40 +01:00
key, err := LoadEncryptionKey(c.Enc.KeyFilepath)
Change where the encryption key is being stored for uplink (#1967) * uplink: Add a new flag to set the filepath of the file which is used for saving the encryption key and rename the one that hold the encryption key and establish that it has priority over the key stored in the file to make the configuration usable without having a huge refactoring in test-sim. * cmd/uplink: Adapt the setup subcommand for storing the user input key to a file and adapt the rest of the subcommands for reading the key from the key-file when the key isn't explicitly set with a command line flag. * cmd/gateway: Adapt it to read the encryption key from the key-file or use the one passed by a command line flag. * pkg/process: Export the default configuration filename so other packages which use the same value can reference to it rather than having it hardcoded. * Adapt several integrations (scripts, etc.) to consider the changes applied in uplink and cmd packages.
2019-05-22 14:57:12 +01:00
if err != nil {
return nil, nil, Error.Wrap(err)
}
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
Create and use an encryption.Store (#2293) * add path implementation This commit adds a pkg/paths package which contains two types, Encrypted and Unencrypted, to statically enforce what is contained in a path. It's part of a refactoring of the code base to be more clear about what is contained in a storj.Path at all the layers. Change-Id: Ifc4d4932da26a97ea99749b8356b4543496a8864 * add encryption store This change adds an encryption.Store type to keep a collection of root keys for arbitrary locations in some buckets. It allows one to look up all of the necessary information to encrypt paths, decrypt paths and decrypt list operations. It adds some exported functions to perform encryption on paths using a Store. Change-Id: I1a3d230c521d65f0ede727f93e1cb389f8be9497 * add shim around streams store This commit changes no functionality, but just reorganizes the code so that changes can be made directly to the streams store implementation without affecting callers. It also adds a Path type that will be used at the interface boundary for the streams store so that it can be sure that it's getting well formed paths that it expects. Change-Id: I50bd682995b185beb653b00562fab62ef11f1ab5 * refactor streams to use encryption store This commit changes the streams store to use the path type as well as the encryption store to handle all of it's encryption and decryption. Some changes were made to how the default key is returned in the encryption store to have it include the case when the bucket exists but no paths matched. The path iterator could also be simplified to not report if a consume was valid: that information is no longer necessary. The kvmetainfo tests were changed to appropriately pass the subtests *testing.T rather than having the closure it executes use the parent one. The test framework now correctly reports which test did the failing. There are still some latent issues with listing in that listing for "a/" and listing for "a" are not the same operation, but we treat them as such. I suspect that there are also issues with paths like "/" or "//foo", but that's for another time. Change-Id: I81cad4ba2850c3d14ba7e632777c4cac93db9472 * use an encryption store at the upper layers Change-Id: Id9b4dd5f27b3ecac863de586e9ae076f4f927f6f * fix linting failures Change-Id: Ifb8378879ad308d4d047a0483850156371a41280 * fix linting in encryption test Change-Id: Ia35647dfe18b0f20fe13763b28e53294f75c38fa * get rid of kvmetainfo rootKey Change-Id: Id795ca03d9417e3fe9634365a121430eb678d6d5 * Fix linting failure for return with else Change-Id: I0b9ffd92be42ffcd8fef7ea735c5fc114a55d3b5 * fix some bugs adding enc store to kvmetainfo Change-Id: I8e765970ba817289c65ec62971ae3bfa2c53a1ba * respond to review feedback Change-Id: I43e2ce29ce2fb6677b1cd6b9469838d80ec92c86
2019-06-24 20:23:07 +01:00
encStore := encryption.NewStore()
encStore.SetDefaultKey(key)
strms, err := streams.NewStreamStore(segment, c.Client.SegmentSize.Int64(), encStore,
Always encrypt inline segments without padding (#2183)
2019-06-19 09:11:27 +01:00
int(blockSize), storj.Cipher(c.Enc.DataType), c.Client.MaxInlineSize.Int(),
)
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
if err != nil {
return nil, nil, Error.New("failed to create stream store: %v", err)
}
Create and use an encryption.Store (#2293) * add path implementation This commit adds a pkg/paths package which contains two types, Encrypted and Unencrypted, to statically enforce what is contained in a path. It's part of a refactoring of the code base to be more clear about what is contained in a storj.Path at all the layers. Change-Id: Ifc4d4932da26a97ea99749b8356b4543496a8864 * add encryption store This change adds an encryption.Store type to keep a collection of root keys for arbitrary locations in some buckets. It allows one to look up all of the necessary information to encrypt paths, decrypt paths and decrypt list operations. It adds some exported functions to perform encryption on paths using a Store. Change-Id: I1a3d230c521d65f0ede727f93e1cb389f8be9497 * add shim around streams store This commit changes no functionality, but just reorganizes the code so that changes can be made directly to the streams store implementation without affecting callers. It also adds a Path type that will be used at the interface boundary for the streams store so that it can be sure that it's getting well formed paths that it expects. Change-Id: I50bd682995b185beb653b00562fab62ef11f1ab5 * refactor streams to use encryption store This commit changes the streams store to use the path type as well as the encryption store to handle all of it's encryption and decryption. Some changes were made to how the default key is returned in the encryption store to have it include the case when the bucket exists but no paths matched. The path iterator could also be simplified to not report if a consume was valid: that information is no longer necessary. The kvmetainfo tests were changed to appropriately pass the subtests *testing.T rather than having the closure it executes use the parent one. The test framework now correctly reports which test did the failing. There are still some latent issues with listing in that listing for "a/" and listing for "a" are not the same operation, but we treat them as such. I suspect that there are also issues with paths like "/" or "//foo", but that's for another time. Change-Id: I81cad4ba2850c3d14ba7e632777c4cac93db9472 * use an encryption store at the upper layers Change-Id: Id9b4dd5f27b3ecac863de586e9ae076f4f927f6f * fix linting failures Change-Id: Ifb8378879ad308d4d047a0483850156371a41280 * fix linting in encryption test Change-Id: Ia35647dfe18b0f20fe13763b28e53294f75c38fa * get rid of kvmetainfo rootKey Change-Id: Id795ca03d9417e3fe9634365a121430eb678d6d5 * Fix linting failure for return with else Change-Id: I0b9ffd92be42ffcd8fef7ea735c5fc114a55d3b5 * fix some bugs adding enc store to kvmetainfo Change-Id: I8e765970ba817289c65ec62971ae3bfa2c53a1ba * respond to review feedback Change-Id: I43e2ce29ce2fb6677b1cd6b9469838d80ec92c86
2019-06-24 20:23:07 +01:00
return kvmetainfo.New(project, m, strms, segment, encStore), strms, nil
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
// GetRedundancyScheme returns the configured redundancy scheme for new uploads
func (c Config) GetRedundancyScheme() storj.RedundancyScheme {
return storj.RedundancyScheme{
Algorithm: storj.ReedSolomon,
makes sure all uplink cli configs get passed to libuplink, add stripeSize (#2103) * makes sure all uplink cli configs get passed to libuplink, add stripSize * update comment * update defaults for uplink config blocksize * changes per CR, update uplink config defaults * pass shareSize from uplink config * move block size validation to kvmeta pkg * fix tests * shareSize default 1k, rm config option blocksize * rm printing err to stdout
2019-06-06 19:55:10 +01:00
ShareSize: c.RS.ErasureShareSize.Int32(),
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
RequiredShares: int16(c.RS.MinThreshold),
RepairShares: int16(c.RS.RepairThreshold),
OptimalShares: int16(c.RS.SuccessThreshold),
TotalShares: int16(c.RS.MaxThreshold),
}
}
makes sure all uplink cli configs get passed to libuplink, add stripeSize (#2103) * makes sure all uplink cli configs get passed to libuplink, add stripSize * update comment * update defaults for uplink config blocksize * changes per CR, update uplink config defaults * pass shareSize from uplink config * move block size validation to kvmeta pkg * fix tests * shareSize default 1k, rm config option blocksize * rm printing err to stdout
2019-06-06 19:55:10 +01:00
// GetPathCipherSuite returns the cipher suite used for path encryption for bucket objects
func (c Config) GetPathCipherSuite() storj.CipherSuite {
return storj.Cipher(c.Enc.PathType).ToCipherSuite()
}
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
// GetEncryptionScheme returns the configured encryption scheme for new uploads
add const stripesPerBlock const to calc blocksize (#2163) * add const stripesPerBlock, update comments in Pad, add speed to progressbar * change size of erasure share size, update comments * missing copyright * update tests with stripesPerBlock
2019-06-11 18:14:05 +01:00
// Blocksize should align with the stripe size therefore multiples of stripes
// should fit in every encryption block. Instead of lettings users configure this
// multiple value, we hardcode stripesPerBlock as 2 for simplicity.
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
func (c Config) GetEncryptionScheme() storj.EncryptionScheme {
add const stripesPerBlock const to calc blocksize (#2163) * add const stripesPerBlock, update comments in Pad, add speed to progressbar * change size of erasure share size, update comments * missing copyright * update tests with stripesPerBlock
2019-06-11 18:14:05 +01:00
const stripesPerBlock = 2
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
return storj.EncryptionScheme{
Cipher: storj.Cipher(c.Enc.DataType),
add const stripesPerBlock const to calc blocksize (#2163) * add const stripesPerBlock, update comments in Pad, add speed to progressbar * change size of erasure share size, update comments * missing copyright * update tests with stripesPerBlock
2019-06-11 18:14:05 +01:00
BlockSize: c.GetRedundancyScheme().StripeSize() * stripesPerBlock,
Move metainfo config (#1234) * Move metainfo config * move config to uplink * reorganize code * use satellite apikey * comment update
2019-02-08 12:57:35 +00:00
}
}
Change where the encryption key is being stored for uplink (#1967) * uplink: Add a new flag to set the filepath of the file which is used for saving the encryption key and rename the one that hold the encryption key and establish that it has priority over the key stored in the file to make the configuration usable without having a huge refactoring in test-sim. * cmd/uplink: Adapt the setup subcommand for storing the user input key to a file and adapt the rest of the subcommands for reading the key from the key-file when the key isn't explicitly set with a command line flag. * cmd/gateway: Adapt it to read the encryption key from the key-file or use the one passed by a command line flag. * pkg/process: Export the default configuration filename so other packages which use the same value can reference to it rather than having it hardcoded. * Adapt several integrations (scripts, etc.) to consider the changes applied in uplink and cmd packages.
2019-05-22 14:57:12 +01:00
makes sure all uplink cli configs get passed to libuplink, add stripeSize (#2103) * makes sure all uplink cli configs get passed to libuplink, add stripSize * update comment * update defaults for uplink config blocksize * changes per CR, update uplink config defaults * pass shareSize from uplink config * move block size validation to kvmeta pkg * fix tests * shareSize default 1k, rm config option blocksize * rm printing err to stdout
2019-06-06 19:55:10 +01:00
// GetSegmentSize returns the segment size set in uplink config
func (c Config) GetSegmentSize() memory.Size {
return c.Client.SegmentSize
}
Change where the encryption key is being stored for uplink (#1967) * uplink: Add a new flag to set the filepath of the file which is used for saving the encryption key and rename the one that hold the encryption key and establish that it has priority over the key stored in the file to make the configuration usable without having a huge refactoring in test-sim. * cmd/uplink: Adapt the setup subcommand for storing the user input key to a file and adapt the rest of the subcommands for reading the key from the key-file when the key isn't explicitly set with a command line flag. * cmd/gateway: Adapt it to read the encryption key from the key-file or use the one passed by a command line flag. * pkg/process: Export the default configuration filename so other packages which use the same value can reference to it rather than having it hardcoded. * Adapt several integrations (scripts, etc.) to consider the changes applied in uplink and cmd packages.
2019-05-22 14:57:12 +01:00
// LoadEncryptionKey loads the encryption key stored in the file pointed by
// filepath.
//
// An error is file is not found or there is an I/O error.
func LoadEncryptionKey(filepath string) (key *storj.Key, error error) {
if filepath == "" {
return &storj.Key{}, nil
}
rawKey, err := ioutil.ReadFile(filepath)
if err != nil {
return nil, err
}
return storj.NewKey(rawKey)
}
Reference in New Issue Copy Permalink