Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge feature/REQ-718 branch #415

Merged
merged 13 commits into from
Nov 16, 2018
Merged

Merge feature/REQ-718 branch #415

merged 13 commits into from
Nov 16, 2018

Conversation

gaborigloi
Copy link
Contributor

I've rewritten the history a bit to halve the number of commits.

MarkSymsCtx and others added 13 commits November 1, 2018 10:55
@MarkSymsCtx
CP-29603: load plugins for key discovery
e3300c3 
Signed-off-by: Mark Syms <mark.syms@citrix.com>
@gaborigloi
CP-29688:encryption key lookup plugin
e3460db
@MarkSymsCtx @gaborigloi
CP-29688: Install the test plugin
5dacefb 
Signed-off-by: Mark Syms <mark.syms@citrix.com>
@gaborigloi
CP-29689: Integrate encryption key lookup into Storage Manager
4d1de46 
If the key_hash entry is present in the VDI's sm_config from xapi's DB,
look up the key using the key lookup plugin, and pass it to tap-ctl.

Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
@gaborigloi
CP-29755: Implement VDI.create for encrypted VDIs
3e399e4 
* Ensure that the key_hash entry in the input VDI record's sm_config
  field is stored in the newly-created VDI's sm_config field in xapi's DB,
  by adding it to SM_CONFIG_PASS_THROUGH_FIELDS
* Xapi interprets the stdout of the invoked SMAPIv1 commands as XML. The
  keymanagerutil logged the key to stdout when SM queried the key, and
  xapi tried to interpret it as the beginning of the XML, and VDI attach
  failed. So I've removed the problematic log line for now.
* We do not do a key check as key fetching is not required during VDI
  creation.

Signed-off-by: Thomas Mckelvey <thomas.mckelvey@citrix.com>
Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
@gaborigloi
If key_hash is present in sm_config then assign to variable
ae21ed2 
Signed-off-by: Thomas Mckelvey <thomas.mckelvey@citrix.com>
@gaborigloi
CP-29778: detect encrypted VHDs during SR scan
841f1e6 
For each VHD that we find, we try to get the encryption key hash using
vhd-util. We add this to the sm_config_override map of the VDI, which
will cause the VDI's sm_config in xapi's DB to be updated as necessary
at a later stage during SR scan.

Thus for new encrypted VHDs, the key_hash sm_config field will be added
to xapi's DB during SR scan, and xapi and SM will know that this is an
encrypted VDI and which key it requires.

Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
@gaborigloi
keymanagerutil: generate completely random keys & store them in base64
cfcca85 
* Generate completely random keys, that can contain any byte value.
  This is useful to test that the product code can handle the entire
  range of possible keys, not just the ones that are made up of
  bytes corresponding to printable characters.
* Store keys in base64 in the json file and accept keys in base64 format
  on the command line.
  This is necessary because the keys are completely random and may not
  contain valid characters.
* Read and write the entire key store as one json object.
  Previously we wrote one json object per line when saving the key
  store.
* Fix some pylint warnings.

Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
@RoryBG @gaborigloi
Added alphanumeric key generator and removed key field from json
d5e9e87
@gaborigloi
CA-302505: Add key_hash to sm_config of snapshots if it exists
ffb1c56 
Signed-off-by: Thomas Mckelvey <thomas.mckelvey@citrix.com>
@gaborigloi
CA-302770: Added key_hash key to sm_config_keep
b176554 
key_hash in sm_config now survives vdi-resize operation (and possibly removes
the need for the hardcoding in other places of the code so the key_hash doesn't
disappear)

Signed-off-by: Elias Calocane <elias.calocane@citrix.com>
@gaborigloi
CP-29955: pass VDI UUID too to key lookup plugin
16d2a25 
Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
@gaborigloi
CP-29955: Log failures in key lookup plugins
08478c6 
- Previously we did not log anything in the plugin manager when key
  lookup plugins were invoked or when they failed with an exception.  So
  now I have added debug logs to the plugin manager that are written to
  SMlog.
- Fixed how modules in the plugins directory are loaded. To avoid
  loading itself, the plugin manager compared each filename in its
  directory to the __file__ variable. However, sometimes this variable
  was __init__.pyc, not __init__.py, so the comparison returned false,
  and the key manager loaded itself recursively, which in turn tried to
  load the plugins again, but failed.
- I've also removed some pylint warnings: I've converted the Logger
  class into a function, fixed indentation, and removed trailing
  whitespace.

Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
@coveralls
Copy link

Coverage Status

Coverage decreased (-0.09%) to 33.502% when pulling 08478c6 on feature/REQ-718 into 47fabe7 on master.

MarkSymsCtx
MarkSymsCtx approved these changes Nov 16, 2018
View reviewed changes
Copy link
Contributor

@MarkSymsCtx MarkSymsCtx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MarkSymsCtx MarkSymsCtx merged commit 81a9fcb into master Nov 16, 2018
@MarkSymsCtx MarkSymsCtx deleted the feature/REQ-718 branch November 28, 2018 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarkSymsCtx MarkSymsCtx MarkSymsCtx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gaborigloi @coveralls @MarkSymsCtx @RoryBG