mirror of
https://github.com/apple/foundationdb.git
synced 2025-05-14 01:42:37 +08:00
670d40ef79
* FDB native KMS Connector Framework Description Major changes includes: 1. Framework code to enable FDB native KMS connector implementation. 2. SERVER_KNOBS->KMS_CONNECTOR_TYPE controls the connector type selection. 3. KmsConnectorInterface endpoint definitions, every KMSConnector implementation needs to support defined endpoints. 4. Update EncryptKeyProxy to leverage KmsConnectorInterface endpoints to fetch encryption keys on-demand and/or periodic refreshes. Integrate SimKmsConnector implementation. 5. Implement SimKmsConnector by leveraging existing SimKeyProxy implementation. Testing Unit test: fdbserver/SimKmsConnector Simulation: EncryptKeyProxy
44 lines
1.5 KiB
C++
44 lines
1.5 KiB
C++
/*
|
|
* KmsConnector.h
|
|
*
|
|
* This source file is part of the FoundationDB open source project
|
|
*
|
|
* Copyright 2013-2022 Apple Inc. and the FoundationDB project authors
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef KMS_CONNECTOR_H
|
|
#define KMS_CONNECTOR_H
|
|
#pragma once
|
|
|
|
#include "fdbserver/KmsConnectorInterface.h"
|
|
#include "flow/Arena.h"
|
|
#include "flow/EncryptUtils.h"
|
|
|
|
// FDB encryption needs to interact with external Key Management Services (KMS) solutions to lookup/refresh encryption
|
|
// keys. KmsConnector interface is an abstract interface enabling implementing specialized KMS connector
|
|
// implementations.
|
|
// FDB KMSConnector implementation should inherit from KmsConnector and implement pure virtual function,
|
|
// EncryptKeyProxyServer instantiates desired implementation object based on SERVER_KNOB->KMS_CONNECTOR_TYPE knob.
|
|
|
|
class KmsConnector : public NonCopyable {
|
|
public:
|
|
KmsConnector() {}
|
|
virtual ~KmsConnector() {}
|
|
|
|
virtual Future<Void> connectorCore(struct KmsConnectorInterface interf) = 0;
|
|
};
|
|
|
|
#endif
|