Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORE-15939: NOT FOR REVIEW - Add support for Rekey and Rewrap bus processors, add REST APIs #4578

Merged
merged 59 commits into from
Oct 23, 2023
Merged

CORE-15939: NOT FOR REVIEW - Add support for Rekey and Rewrap bus processors, add REST APIs #4578

merged 59 commits into from
Oct 23, 2023

Conversation

anien
Copy link
Contributor

@anien anien commented Sep 4, 2023

This change adds two building blocks for key rotation

  • It adds first draft for REST APIs that support initiating the key rotation of the root key and to check the status of the current key rotation in progress.
  • It also adds the rekey and rewrap bus processors to handle new kafka messages.
  • CryptoRekeyBusProcessor handles messages coming from the REST Worker about the key rotation
  • CryptoRewrapBusProcessor handles individuals key rotations (rewraps) of the key.

The idea is that user post a request to Corda saying it wants to rotate a key. Rest Worker then publishes a message to Kafka (first new message) that key rotation is initiated. Crypto Worker picks up this message and finds out how many keys are required to rotate (rewrap with the new wrapping key) - this is done by CryptoRekeyBusProcessor. For each of these keys it posts a message to Kafka with individual key request. This is a second new message. Messages are picked up by CryptoRewrapBusProcessor which then do the individual rewrap of the key.

Design doc: Key rotation

API PR:1232

@anien anien requested review from a team as code owners September 4, 2023 13:47
@anien anien marked this pull request as draft September 4, 2023 13:47
@anien anien mentioned this pull request Sep 4, 2023
Merged
@anien anien changed the title CORE-15939: Add support for Rekey and Rewrap bus processors, add REST APIs CORE-15939: NOT FOR REVIEW - Add support for Rekey and Rewrap bus processors, add REST APIs Sep 4, 2023
@anien anien force-pushed the anna/CORE-15939-add-rest-api-and-processor branch from 6df89fa to b6582a4 Compare September 21, 2023 10:47
@driessamyn driessamyn removed request for a team October 4, 2023 13:17
thiagoviana and others added 2 commits October 17, 2023 11:06
@thiagoviana @driessamyn
CORE-16242 - Synchronous RPC Pattern API Implementation for Crypto Wo…
704b3c6 
…rker (#4820)

HTTP RPC server integration into the Crypto processor. Allows Crypto processor to receive HTTP external event requests sent from the flow engine. Client integration will come later.
@davidcurrie @driessamyn
CORE-17822 Apply prefix to topic overrides (#4893)
7465279
@anien anien force-pushed the anna/CORE-15939-add-rest-api-and-processor branch from 5a201ea to 14ec682 Compare October 17, 2023 10:12
nikinagy and others added 13 commits October 17, 2023 11:18
@nikinagy
CORE-17045 - Membership platform upgrade test (#4817)
cc61a52 
Description:
used more generic name for cross version testing cluster
added ability to define notary service name when onboarding notaries
@driessamyn
Merge pull request #4897 from corda/driessamyn/merge-perf-int-work-5
017e82b 
CORE-16242, CORE-17822 - Integration with release branch
@JamesHR3 @driessamyn
CORE-17627: Add metadata to flow mapper states for mapper status (#4886)
2a6037a 
Adds the state status key to flow mapper state metadata and populates it with the current state.

The metadata key is used by the mapper cleanup logic to ensure that mapper states are removed.
@JamesHR3 @driessamyn
CORE-17388: Add session timeout metadata to store alongside the check…
041a355 
…point (#4889)

Adds session timeout to the metadata stored alongside the checkpoint.

Session timeout is implemented using the state storage lookup mechanism, which requires the metadata to be populated with the session timeout key. The earliest timestamp of session expiry for currently open sessions is the value assigned to this property.
@yift-r3
CORE-17863: Close db connection pool after getOwnedKeyRecord (#4904)
08daa23
@vkolomeyko
CORE-17867: Some extra logging for External Messaging (#4906)
40516d8 
During vNode creation and upgrade.
@JamesHR3 @driessamyn
CORE-17882: Add a route for flow events (#4915)
034c4fa 
Adds a route for flow events to the flow worker event mediator.
@driessamyn
Disable test.
ffc0f34
@driessamyn
Merge pull request #4905 from corda/driessamyn/merge-perf-int-work-6
2adfca3 
CORE-17627, CORE-17388, CORE-17882 - integration with release
@ben-millar @mbrkic-r3 @driessamyn
CORE-16181 Implementing RPC client, routing external events through R…
0d868f2 
…PC (#4885)

This PR adds a new implementation of MessagingClient, RPCClient, handling synchronous calls to the Corda workers via RPC/HTTP with configurable retries.

Includes also a small bug-fix for the task manager.

---------

Co-authored-by: Miljenko Brkic <[email protected]>
@JamesHR3 @driessamyn
CORE-17626: Add integration test for flow mapper cleanup (#4907)
82df696 
Adds an integration test for mapper cleanup.

Also addresses a small bug where the key for the cleanup event was not serialized correctly.
@jacob-scott3141
Create Remove Stale Branches GitHub Action (#4909)
aaf7973
@driessamyn
Merge pull request #4923 from corda/driessamyn/merge-perf-int-work-7
365d145 
CORE-16181 Implementing RPC client, routing external events through RPC (#4885)
anien and others added 25 commits October 19, 2023 13:30
@anien @dickon
Add publishing Kafka message to rest impl and add initialise method f…
9c682bc 
…or the config required for publisher
@anien @dickon
Find the keys that need to be rewrapped
d2a9fd7
@anien @dickon
Add start and end timestamp for key rotation response, return respons…
800fbb3 
…e to a response topic
@anien @dickon
Rename cryptoConfig to messagingConfig as that is what we use
dae40d1
@anien @dickon
Update timestamps according changes in api repo - status now contains…
70f17b9 
… start timestamp
@anien @dickon
Limit the number of key rotations if requested by user
7171027
@anien @dickon
Add key rotation rest resource test plus do changes to key rotatino r…
a04885a 
…esponse
@anien @dickon
Add oldKeyAlias and newKeyAlias validation to the key rotation rest r…
2a9d8b7 
…esource, update tests
@anien @dickon
Simplify initialisation step in key rotation rest resource
b9bf3ad
@anien @dickon
Update kdocs - add throws, update key rotation response with correct …
7c873b5 
…values
@anien @dickon
Add comment
fd09baf
@anien @dickon
Add first CryptoRekeyBusProcessor tests
34180b8
@anien @dickon
Simplify tests by creating a getRecord function
8c4c2f0
@anien @dickon
Add comment in the wrapping repo test reagarding the alias
d2388de
@anien @dickon
Add test for zero limit in key rotation request
1654376
@anien @dickon
Fix the way we retrieve tenantId, close wrapping repo, close publisher
8b20744
@anien @dickon
Add first draft of the test that checks which tenant's wrapping repo …
0e1ac0a 
…contains key for rotation
@anien @dickon
Create functions for duplicate code in a test
44c32b3
@anien @dickon
Remove crypto config from the test as it is not needed
b39a8bc
@anien @dickon
Update topic name for key rotation
4ed699c
@dickon
bump API version to alpha version
3f51051
@dickon
remove check code since crypto is not available
fa4dcf0
@dickon
remove unused imports (to fix detekt)
c837520
@dickon
remove test cases that cover client side config checks we can't do
ee6de08
@dickon
remove unused imports
640750e
@dickon dickon force-pushed the anna/CORE-15939-add-rest-api-and-processor branch from 6e4c6b0 to 640750e Compare October 19, 2023 12:31
@corda-jenkins-ci02
Copy link
Contributor

corda-jenkins-ci02 bot commented Oct 19, 2023
edited
Loading

Jenkins build for PR 4578 build 29

Build Successful:
Jar artifact version produced by this PR: 5.1.0.0-alpha-1697718738292
Helm chart version produced by this PR: 5.1.0-alpha.1697718738292
Helm chart pushed to: oci://corda-os-docker-dev.software.r3.com/helm-charts/pr-4578/corda

@dickon dickon merged commit 640750e into feature/CORE-12165/key-rotation Oct 23, 2023
@dickon dickon deleted the anna/CORE-15939-add-rest-api-and-processor branch October 23, 2023 08:52
@dickon
Copy link
Contributor

dickon commented Oct 23, 2023

I've been through this to some extent and I think it's ready to go to the feature branch. Unfortunately to get it working I had to add a few commits of my own, which we'll need to get reviewed at some point. Since it is DRAFT and green at the time of writing I can't merge the PR so I'll simply force-push the head to the feature branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.