Skip to content

Commit f46bc05

Browse files
UgnineSirdisGazizonoki
authored andcommitted
Export/import encryption parameters in YDB SDK (#17798)
1 parent 6a8914c commit f46bc05

File tree

4 files changed

+75
-2
lines changed

4 files changed

+75
-2
lines changed

include/ydb-cpp-sdk/client/export/export.h

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,12 @@ struct TExportToS3Settings : public TOperationRequestSettings<TExportToS3Setting
7979
UNKNOWN = std::numeric_limits<int>::max(),
8080
};
8181

82+
struct TEncryptionAlgorithm {
83+
static const std::string AES_128_GCM;
84+
static const std::string AES_256_GCM;
85+
static const std::string CHACHA_20_POLY_1305;
86+
};
87+
8288
struct TItem {
8389
std::string Src;
8490
std::string Dst;
@@ -89,6 +95,17 @@ struct TExportToS3Settings : public TOperationRequestSettings<TExportToS3Setting
8995
FLUENT_SETTING_OPTIONAL(std::string, Description);
9096
FLUENT_SETTING_OPTIONAL(uint32_t, NumberOfRetries);
9197
FLUENT_SETTING_OPTIONAL(std::string, Compression);
98+
FLUENT_SETTING_OPTIONAL(std::string, SourcePath);
99+
FLUENT_SETTING_OPTIONAL(std::string, DestinationPrefix);
100+
101+
TSelf& SymmetricEncryption(const std::string& algorithm, const std::string& key) {
102+
EncryptionAlgorithm_ = algorithm;
103+
SymmetricKey_ = key;
104+
return *this;
105+
}
106+
107+
std::string EncryptionAlgorithm_;
108+
std::string SymmetricKey_;
92109
};
93110

94111
class TExportToS3Response : public TOperation {

include/ydb-cpp-sdk/client/import/import.h

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,15 +35,28 @@ struct TImportFromS3Settings : public TOperationRequestSettings<TImportFromS3Set
3535
using TSelf = TImportFromS3Settings;
3636

3737
struct TItem {
38+
// Source prefix.
39+
// S3 prefix for item
3840
std::string Src;
41+
42+
// Destination path.
43+
// database path where to import data
3944
std::string Dst;
45+
46+
// Source path.
47+
// if the export contains the database objects list, you may specify the database object name,
48+
// and the S3 prefix will be looked up in the database objects list by the import procedure
49+
std::string SrcPath = {};
4050
};
4151

4252
FLUENT_SETTING_VECTOR(TItem, Item);
4353
FLUENT_SETTING_OPTIONAL(std::string, Description);
4454
FLUENT_SETTING_OPTIONAL(uint32_t, NumberOfRetries);
4555
FLUENT_SETTING_OPTIONAL(bool, NoACL);
4656
FLUENT_SETTING_OPTIONAL(bool, SkipChecksumValidation);
57+
FLUENT_SETTING_OPTIONAL(std::string, SourcePrefix);
58+
FLUENT_SETTING_OPTIONAL(std::string, DestinationPath);
59+
FLUENT_SETTING_OPTIONAL(std::string, SymmetricKey);
4760
};
4861

4962
class TImportFromS3Response : public TOperation {

src/client/export/export.cpp

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,10 @@ namespace NExport {
2121
using namespace NThreading;
2222
using namespace Ydb::Export;
2323

24+
const std::string TExportToS3Settings::TEncryptionAlgorithm::AES_128_GCM = "AES-128-GCM";
25+
const std::string TExportToS3Settings::TEncryptionAlgorithm::AES_256_GCM = "AES-256-GCM";
26+
const std::string TExportToS3Settings::TEncryptionAlgorithm::CHACHA_20_POLY_1305 = "ChaCha20-Poly1305";
27+
2428
/// Common
2529
namespace {
2630

@@ -194,8 +198,25 @@ TFuture<TExportToS3Response> TExportClient::ExportToS3(const TExportToS3Settings
194198
request.mutable_settings()->set_compression(TStringType{settings.Compression_.value()});
195199
}
196200

201+
if (settings.SourcePath_) {
202+
request.mutable_settings()->set_source_path(settings.SourcePath_.value());
203+
}
204+
205+
if (settings.DestinationPrefix_) {
206+
request.mutable_settings()->set_destination_prefix(settings.DestinationPrefix_.value());
207+
}
208+
197209
request.mutable_settings()->set_disable_virtual_addressing(!settings.UseVirtualAddressing_);
198210

211+
if (settings.EncryptionAlgorithm_.empty() != settings.SymmetricKey_.empty()) {
212+
throw TContractViolation("Encryption algorithm and symmetric key must be set together");
213+
}
214+
215+
if (!settings.EncryptionAlgorithm_.empty() && !settings.SymmetricKey_.empty()) {
216+
request.mutable_settings()->mutable_encryption_settings()->set_encryption_algorithm(settings.EncryptionAlgorithm_);
217+
request.mutable_settings()->mutable_encryption_settings()->mutable_symmetric_key()->set_key(settings.SymmetricKey_);
218+
}
219+
199220
return Impl_->ExportToS3(std::move(request), settings);
200221
}
201222

src/client/import/import.cpp

Lines changed: 24 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -141,9 +141,19 @@ TFuture<TImportFromS3Response> TImportClient::ImportFromS3(const TImportFromS3Se
141141
request.mutable_settings()->set_secret_key(TStringType{settings.SecretKey_});
142142

143143
for (const auto& item : settings.Item_) {
144+
if (!item.Src.empty() && !item.SrcPath.empty()) {
145+
throw TContractViolation(
146+
TStringBuilder() << "Invalid item: both source prefix and source path are set: \"" << item.Src << "\" and \"" << item.SrcPath << "\"");
147+
}
148+
144149
auto& protoItem = *request.mutable_settings()->mutable_items()->Add();
145-
protoItem.set_source_prefix(TStringType{item.Src});
146-
protoItem.set_destination_path(TStringType{item.Dst});
150+
if (!item.Src.empty()) {
151+
protoItem.set_source_prefix(item.Src);
152+
}
153+
if (!item.SrcPath.empty()) {
154+
protoItem.set_source_path(item.SrcPath);
155+
}
156+
protoItem.set_destination_path(item.Dst);
147157
}
148158

149159
if (settings.Description_) {
@@ -158,6 +168,18 @@ TFuture<TImportFromS3Response> TImportClient::ImportFromS3(const TImportFromS3Se
158168
request.mutable_settings()->set_no_acl(settings.NoACL_.value());
159169
}
160170

171+
if (settings.SourcePrefix_) {
172+
request.mutable_settings()->set_source_prefix(settings.SourcePrefix_.value());
173+
}
174+
175+
if (settings.DestinationPath_) {
176+
request.mutable_settings()->set_destination_path(settings.DestinationPath_.value());
177+
}
178+
179+
if (settings.SymmetricKey_) {
180+
request.mutable_settings()->mutable_encryption_settings()->mutable_symmetric_key()->set_key(*settings.SymmetricKey_);
181+
}
182+
161183
request.mutable_settings()->set_disable_virtual_addressing(!settings.UseVirtualAddressing_);
162184

163185
return Impl_->ImportFromS3(std::move(request), settings);

0 commit comments

Comments
 (0)