Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KBS: Add aliyun KMS as repository storage backend #444

Merged
merged 2 commits into from
Jul 24, 2024

Conversation

Xynnn007
Copy link
Member

@Xynnn007 Xynnn007 commented Jul 20, 2024

cc @jialez0

let me take a rebase once confidential-containers/guest-components#621 gets merged.

@jialez0
Copy link
Member

jialez0 commented Jul 22, 2024

@Xynnn007 Xynnn007 marked this pull request as ready for review July 22, 2024 08:46
@Xynnn007 Xynnn007 requested a review from sameo as a code owner July 22, 2024 08:46
@Xynnn007
Copy link
Member Author

confidential-containers/guest-components#621 merged.

Thanks. Rebased.

Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks nice. Btw, let's refer to this as an additional repository backend rather than as a plugin.

At some point I think we should also rename the repository trait, but we can do that later.

I guess it's a bit tricky to write tests for this because it depends on the KMS being setup.

@@ -114,11 +114,11 @@ pub(crate) async fn get_resource(
}

let resource_byte = repository
.read()
.write()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this required? Does it have any impact on the performance of the fs repo?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh. Yes. We'll fix the upstream plugin to make read() operations not mutable and then change this modification. cc @1570005763

kbs/src/resource/aliyun_kms.rs Outdated Show resolved Hide resolved
kbs/docs/config.md Outdated Show resolved Hide resolved
Cargo.toml Outdated
kbs-types = "0.6.0"
kms = { git = "https://github.com/confidential-containers/guest-components.git", rev="0d8146321c3de023f0f7f40e47fc0f860133dfc7", default-features = false }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't really like introducing more dependencies between the projects. I guess this does not need to be updated regularly, though.

Copy link
Member Author

@Xynnn007 Xynnn007 Jul 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a little awkward and I have tried to decrease the complexity of maintainance. As kbs_protocol and kms are both from guest-components, they might share some deps with same version. Different versions of the both might potentially cause the crate dependency version conflict when doing cargo build/check.

Thus, for ease, I move the two crates into the project's Cargo.toml and line-by-line. This would help when we want to update one of them -- we do not need to search into the code where the other is.

@Xynnn007 Xynnn007 changed the title KBS: Add aliyun KMS as storage backend plugin KBS: Add aliyun KMS as repository storage backend Jul 23, 2024
@Xynnn007
Copy link
Member Author

I guess it's a bit tricky to write tests for this because it depends on the KMS being setup.

Yes. I have tested this locally with a e2e demo and it works fine.

Copy link
Member

@jialez0 jialez0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Xynnn007 Xynnn007 merged commit 5e27ab3 into confidential-containers:main Jul 24, 2024
16 checks passed
@Xynnn007 Xynnn007 deleted the feat-aliyun branch July 24, 2024 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants