-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
utils,framework/db: Introduce new database encryption cipher based on AesGcmJce #7003
Conversation
… AesGcmJce including all changes until 2022-12-19
Codecov Report
@@ Coverage Diff @@
## main #7003 +/- ##
=============================================
+ Coverage 6.56% 12.89% +6.32%
- Complexity 8441 9019 +578
=============================================
Files 4361 2711 -1650
Lines 370925 268077 -102848
Branches 47614 45304 -2310
=============================================
+ Hits 24360 34566 +10206
+ Misses 343630 229046 -114584
- Partials 2935 4465 +1530
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
Outdated
Show resolved
Hide resolved
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch. |
@blueorangutan package |
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
Packaging result: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 5082 |
@blueorangutan test matrix |
@weizhouapache a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests |
Trillian test result (tid-58)
|
Trillian test result (tid-59)
|
Trillian test result (tid-117)
|
Trillian test result (tid-118)
|
Trillian test result (tid-6044)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - didn't test it but the code and CLI changes looks good to me.
@weizhouapache should this have any schema change in the 4.17.2.0->4.18.0.0 sql upgrade path? |
@rohityadavcloud no other schema change is required. |
@blueorangutan package |
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
732e05e
to
3804850
Compare
@blueorangutan package |
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
Packaging result: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 5467 |
@blueorangutan test rocky8 kvm-rocky8 |
@weizhouapache a Trillian-Jenkins test job (rocky8 mgmt + kvm-rocky8) has been kicked to run smoke tests |
Packaging result: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 5468 |
SonarCloud Quality Gate failed. |
@blueorangutan test matrix |
@weizhouapache a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests |
Trillian test result (tid-6064)
|
Trillian test result (tid-6062)
|
Trillian test result (tid-6063)
|
Trillian test result (tid-6061)
|
Description
CloudStack has used StandardPBEStringEncryptor from jasypt for more than 10 years.
The encryptor use algorithm "PBEWithMD5AndDes", which is considered as Insecure, because it uses MD5 and DES which has only 56-bits key.
After investigation, we decided to replace it with an implementation of AES-GCM algorithm.
Main changes of this PR
More details on cwiki: https://cwiki.apache.org/confluence/display/CLOUDSTACK/New+database+encryption+cipher+-+AeadBase64Encryptor
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Screenshots (if appropriate):
How Has This Been Tested?