You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2023/01/12 08:43:08 UTC
[GitHub] [cloudstack] weizhouapache opened a new pull request, #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
weizhouapache opened a new pull request, #7003:
URL: https://github.com/apache/cloudstack/pull/7003
### Description
CloudStack has used StandardPBEStringEncryptor from jasypt for more than 10 years.
The encryptor use algorithm "PBEWithMD5AndDes", which is considered as Insecure, because it uses MD5 and DES which has only 56-bits key.
After investigation, we decided to replace it with an implementation of AES-GCM algorithm.
Main changes of this PR
- Introduce new encryptor AeadBase64Encryptor, which is based on AesGcmJce
- Improve cloudstack-setup-databases to set up cloudstack database with different encryptors
- Improve cloudstack-migrate-database to migrate cloudstack properties and database with different management key, database key or encryptor version.
- Improve cloudstack startup process so that both legacy and new encryptors work. Existing environments work well without any change.
More details on cwiki: https://cwiki.apache.org/confluence/display/CLOUDSTACK/New+database+encryption+cipher+-+AeadBase64Encryptor
<!--- Describe your changes in DETAIL - And how has behaviour functionally changed. -->
<!-- For new features, provide link to FS, dev ML discussion etc. -->
<!-- In case of bug fix, the expected and actual behaviours, steps to reproduce. -->
<!-- When "Fixes: #<id>" is specified, the issue/PR will automatically be closed when this PR gets merged -->
<!-- For addressing multiple issues/PRs, use multiple "Fixes: #<id>" -->
<!-- Fixes: # -->
<!--- ********************************************************************************* -->
<!--- NOTE: AUTOMATATION USES THE DESCRIPTIONS TO SET LABELS AND PRODUCE DOCUMENTATION. -->
<!--- PLEASE PUT AN 'X' in only **ONE** box -->
<!--- ********************************************************************************* -->
### Types of changes
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
### Feature/Enhancement Scale or Bug Severity
#### Feature/Enhancement Scale
- [x] Major
- [ ] Minor
### Screenshots (if appropriate):
### How Has This Been Tested?
<!-- Please describe in detail how you tested your changes. -->
<!-- Include details of your testing environment, and the tests you ran to -->
<!-- see how your change affects other areas of the code, etc. -->
- cloudstack-setup-databases to set up database with different parameters
- cloudstack-migrate-databases to change keys and migrate databases.
<!-- Please read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md) document -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380562200
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [22 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.5% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [9.9% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380904021
<b>Trillian Build Failed (tid-5825)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on code in PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#discussion_r1084960875
##########
utils/src/test/java/com/cloud/utils/crypt/EncryptionSecretKeyCheckerTest.java:
##########
@@ -0,0 +1,58 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.cloud.utils.crypt;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Properties;
+
+public class EncryptionSecretKeyCheckerTest {
+ @Before
+ public void setup() {
+ EncryptionSecretKeyChecker.initEncryptor("managementkey");
+ }
+
+ @After
+ public void tearDown() {
+ EncryptionSecretKeyChecker.resetEncryptor();
+ }
+
+ @Test
+ public void decryptPropertyIfNeededTest() {
+ String rawValue = "ENC(iYVsCZXiGiC6SzZLMNBvBL93hoUpntxkuRjyaqC8L+JYKXw=)";
+ String result = EncryptionSecretKeyChecker.decryptPropertyIfNeeded(rawValue);
+ Assert.assertEquals("encthis", result);
+ }
+
+ @Test
+ public void decryptAnyPropertiesTest() {
+ Properties props = new Properties();
+ props.setProperty("db.cloud.encrypt.secret", "ENC(iYVsCZXiGiC6SzZLMNBvBL93hoUpntxkuRjyaqC8L+JYKXw=)");
+ props.setProperty("other.unencrypted", "somevalue");
+
+ EncryptionSecretKeyChecker.decryptAnyProperties(props);
+
+ Assert.assertEquals("encthis", props.getProperty("db.cloud.encrypt.secret"));
+ Assert.assertEquals("somevalue", props.getProperty("other.unencrypted"));
+ }
+}
Review Comment:
new line at end of file
##########
framework/db/src/main/java/com/cloud/utils/crypt/EncryptionSecretKeyChanger.java:
##########
@@ -22,149 +22,332 @@
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.nio.charset.StandardCharsets;
import java.sql.Connection;
+import java.sql.DatabaseMetaData;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Arrays;
-import java.util.Iterator;
-import java.util.List;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
import java.util.Properties;
-
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
-import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
-import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
-import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
-import org.jasypt.properties.EncryptableProperties;
+import org.apache.commons.lang3.StringUtils;
import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.ReflectUtil;
+import com.cloud.utils.db.Encrypt;
import com.cloud.utils.db.TransactionLegacy;
import com.cloud.utils.exception.CloudRuntimeException;
+import com.google.gson.Gson;
+import com.google.gson.JsonSyntaxException;
+
+import javax.persistence.Column;
+import javax.persistence.Table;
+
/*
* EncryptionSecretKeyChanger updates Management Secret Key / DB Secret Key or both.
* DB secret key is validated against the key in db.properties
* db.properties is updated with values encrypted using new MS secret key
+ * server.properties is updated with values encrypted using new MS secret key
* DB data migrated using new DB secret key
*/
public class EncryptionSecretKeyChanger {
- private StandardPBEStringEncryptor oldEncryptor = new StandardPBEStringEncryptor();
- private StandardPBEStringEncryptor newEncryptor = new StandardPBEStringEncryptor();
- private static final String keyFile = "/etc/cloudstack/management/key";
+ private CloudStackEncryptor oldEncryptor;
+ private CloudStackEncryptor newEncryptor;
+ private static final String KEY_FILE = "/etc/cloudstack/management/key";
+ private static final String ENV_NEW_MANAGEMENT_KEY = "CLOUD_SECRET_KEY_NEW";
+ private final Gson gson = new Gson();
+ private static final String PASSWORD = "password";
+
+ private static final Options options = initializeOptions();
+ private static final HelpFormatter helper = initializeHelper();
+ private static final String CMD_LINE_SYNTAX = "cloudstack-migrate-databases";
+ private static final int WIDTH = 100;
+ private static final String HEADER = "Options:";
+ private static final String FOOTER = " \nExamples: \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -v V2 \n" +
+ " Migrate cloudstack properties (db.properties and server.properties) \n" +
+ " with new management key and encryptor V2. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -e newdbkey \n" +
+ " Migrate cloudstack properties and databases with new management key and database secret key. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -e newdbkey -s -v V2 \n" +
+ " Migrate cloudstack properties with new keys and encryptor V2, but skip database migration. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -l -f \n" +
+ " Migrate cloudstack properties with new management key (load from $CLOUD_SECRET_KEY_NEW), \n" +
+ " and migrate database with old db key. \n" +
+ " \nReturn codes: \n" +
+ " 0 - Succeed to change keys and/or migrate databases \n" +
+ " 1 - Fail to parse the command line arguments \n" +
+ " 2 - Fail to validate parameters \n" +
+ " 3 - Fail to migrate database";
+ private static final String OLD_MS_KEY_OPTION = "oldMSKey";
+ private static final String OLD_DB_KEY_OPTION = "oldDBKey";
+ private static final String NEW_MS_KEY_OPTION = "newMSKey";
+ private static final String NEW_DB_KEY_OPTION = "newDBKey";
+ private static final String ENCRYPTOR_VERSION_OPTION = "version";
+ private static final String LOAD_NEW_MS_KEY_FROM_ENV_FLAG = "load-new-management-key-from-env";
+ private static final String FORCE_DATABASE_MIGRATION_FLAG = "force-database-migration";
+ private static final String SKIP_DATABASE_MIGRATION_FLAG = "skip-database-migration";
+ private static final String HELP_FLAG = "help";
public static void main(String[] args) {
- List<String> argsList = Arrays.asList(args);
- Iterator<String> iter = argsList.iterator();
- String oldMSKey = null;
- String oldDBKey = null;
- String newMSKey = null;
- String newDBKey = null;
+ if (args.length == 0 || StringUtils.equalsAny(args[0], "-h", "--help")) {
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(0);
+ }
+
+ CommandLine cmdLine = null;
+ CommandLineParser parser = new DefaultParser();
+ try {
+ cmdLine = parser.parse(options, args);
+ } catch (ParseException e) {
+ System.out.println(e.getMessage());
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(1);
+ }
+
+ String oldMSKey = cmdLine.getOptionValue(OLD_MS_KEY_OPTION);
+ String oldDBKey = cmdLine.getOptionValue(OLD_DB_KEY_OPTION);
+ String newMSKey = cmdLine.getOptionValue(NEW_MS_KEY_OPTION);
+ String newDBKey = cmdLine.getOptionValue(NEW_DB_KEY_OPTION);
+ String newEncryptorVersion = cmdLine.getOptionValue(ENCRYPTOR_VERSION_OPTION);
+ boolean loadNewMsKeyFromEnv = cmdLine.hasOption(LOAD_NEW_MS_KEY_FROM_ENV_FLAG);
+ boolean forced = cmdLine.hasOption(FORCE_DATABASE_MIGRATION_FLAG);
+ boolean skipped = cmdLine.hasOption(SKIP_DATABASE_MIGRATION_FLAG);
+
+ if (!validateParameters(oldMSKey, oldDBKey, newMSKey, newDBKey, newEncryptorVersion, loadNewMsKeyFromEnv)) {
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(2);
+ }
+
+ System.out.println("Started database migration at " + new Date());
+ if (!migrateEverything(oldMSKey, oldDBKey, newMSKey, newDBKey, newEncryptorVersion, loadNewMsKeyFromEnv, forced, skipped)) {
+ System.out.println("Got error during database migration at " + new Date());
+ System.exit(3);
+ }
+ System.out.println("Finished database migration at " + new Date());
+ }
- //Parse command-line args
- while (iter.hasNext()) {
- String arg = iter.next();
- // Old MS Key
- if (arg.equals("-m")) {
- oldMSKey = iter.next();
+ private static Options initializeOptions() {
+ Options options = new Options();
+
+ Option oldMSKey = Option.builder("m").longOpt(OLD_MS_KEY_OPTION).argName(OLD_MS_KEY_OPTION).required(true).hasArg().desc("(required) Current Mgmt Secret Key").build();
+ Option oldDBKey = Option.builder("d").longOpt(OLD_DB_KEY_OPTION).argName(OLD_DB_KEY_OPTION).required(true).hasArg().desc("(required) Current DB Secret Key").build();
+ Option newMSKey = Option.builder("n").longOpt(NEW_MS_KEY_OPTION).argName(NEW_MS_KEY_OPTION).required(false).hasArg().desc("New Mgmt Secret Key").build();
+ Option newDBKey = Option.builder("e").longOpt(NEW_DB_KEY_OPTION).argName(NEW_DB_KEY_OPTION).required(false).hasArg().desc("New DB Secret Key").build();
+ Option encryptorVersion = Option.builder("v").longOpt(ENCRYPTOR_VERSION_OPTION).argName(ENCRYPTOR_VERSION_OPTION).required(false).hasArg().desc("New DB Encryptor Version. Options are V1, V2.").build();
+
+ Option loadNewMsKeyFromEnv = Option.builder("l").longOpt(LOAD_NEW_MS_KEY_FROM_ENV_FLAG).desc("Load new management key from environment variable " + ENV_NEW_MANAGEMENT_KEY).build();
+ Option forceDatabaseMigration = Option.builder("f").longOpt(FORCE_DATABASE_MIGRATION_FLAG).desc("Force database migration even if DB Secret key is not changed").build();
+ Option skipDatabaseMigration = Option.builder("s").longOpt(SKIP_DATABASE_MIGRATION_FLAG).desc("Skip database migration even if DB Secret key is changed").build();
+ Option help = Option.builder("h").longOpt(HELP_FLAG).desc("Show help message").build();
+
+ options.addOption(oldMSKey);
+ options.addOption(oldDBKey);
+ options.addOption(newMSKey);
+ options.addOption(newDBKey);
+ options.addOption(encryptorVersion);
+ options.addOption(loadNewMsKeyFromEnv);
+ options.addOption(forceDatabaseMigration);
+ options.addOption(skipDatabaseMigration);
+ options.addOption(help);
+
+ return options;
+ }
+
+ private static HelpFormatter initializeHelper() {
+ HelpFormatter helper = new HelpFormatter();
+
+ helper.setOptionComparator((o1, o2) -> {
+ if (o1.isRequired() && !o2.isRequired()) {
+ return -1;
}
- // Old DB Key
- if (arg.equals("-d")) {
- oldDBKey = iter.next();
+ if (!o1.isRequired() && o2.isRequired()) {
+ return 1;
}
- // New MS Key
- if (arg.equals("-n")) {
- newMSKey = iter.next();
+ if (o1.hasArg() && !o2.hasArg()) {
+ return -1;
}
- // New DB Key
- if (arg.equals("-e")) {
- newDBKey = iter.next();
+ if (!o1.hasArg() && o2.hasArg()) {
+ return 1;
}
- }
+ return o1.getOpt().compareTo(o2.getOpt());
+ });
+
+ return helper;
+ }
+
+ private static boolean validateParameters(String oldMSKey, String oldDBKey, String newMSKey, String newDBKey,
Review Comment:
this method is doing a lot, it could be dissected into smaller methods.
##########
framework/db/src/main/java/com/cloud/utils/crypt/EncryptionSecretKeyChanger.java:
##########
@@ -22,149 +22,332 @@
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.nio.charset.StandardCharsets;
import java.sql.Connection;
+import java.sql.DatabaseMetaData;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Arrays;
-import java.util.Iterator;
-import java.util.List;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
import java.util.Properties;
-
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
-import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
-import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
-import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
-import org.jasypt.properties.EncryptableProperties;
+import org.apache.commons.lang3.StringUtils;
import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.ReflectUtil;
+import com.cloud.utils.db.Encrypt;
import com.cloud.utils.db.TransactionLegacy;
import com.cloud.utils.exception.CloudRuntimeException;
+import com.google.gson.Gson;
+import com.google.gson.JsonSyntaxException;
+
+import javax.persistence.Column;
+import javax.persistence.Table;
+
/*
* EncryptionSecretKeyChanger updates Management Secret Key / DB Secret Key or both.
* DB secret key is validated against the key in db.properties
* db.properties is updated with values encrypted using new MS secret key
+ * server.properties is updated with values encrypted using new MS secret key
* DB data migrated using new DB secret key
*/
public class EncryptionSecretKeyChanger {
- private StandardPBEStringEncryptor oldEncryptor = new StandardPBEStringEncryptor();
- private StandardPBEStringEncryptor newEncryptor = new StandardPBEStringEncryptor();
- private static final String keyFile = "/etc/cloudstack/management/key";
+ private CloudStackEncryptor oldEncryptor;
+ private CloudStackEncryptor newEncryptor;
+ private static final String KEY_FILE = "/etc/cloudstack/management/key";
+ private static final String ENV_NEW_MANAGEMENT_KEY = "CLOUD_SECRET_KEY_NEW";
+ private final Gson gson = new Gson();
+ private static final String PASSWORD = "password";
+
+ private static final Options options = initializeOptions();
+ private static final HelpFormatter helper = initializeHelper();
+ private static final String CMD_LINE_SYNTAX = "cloudstack-migrate-databases";
+ private static final int WIDTH = 100;
+ private static final String HEADER = "Options:";
+ private static final String FOOTER = " \nExamples: \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -v V2 \n" +
+ " Migrate cloudstack properties (db.properties and server.properties) \n" +
+ " with new management key and encryptor V2. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -e newdbkey \n" +
+ " Migrate cloudstack properties and databases with new management key and database secret key. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -e newdbkey -s -v V2 \n" +
+ " Migrate cloudstack properties with new keys and encryptor V2, but skip database migration. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -l -f \n" +
+ " Migrate cloudstack properties with new management key (load from $CLOUD_SECRET_KEY_NEW), \n" +
+ " and migrate database with old db key. \n" +
+ " \nReturn codes: \n" +
+ " 0 - Succeed to change keys and/or migrate databases \n" +
+ " 1 - Fail to parse the command line arguments \n" +
+ " 2 - Fail to validate parameters \n" +
+ " 3 - Fail to migrate database";
+ private static final String OLD_MS_KEY_OPTION = "oldMSKey";
+ private static final String OLD_DB_KEY_OPTION = "oldDBKey";
+ private static final String NEW_MS_KEY_OPTION = "newMSKey";
+ private static final String NEW_DB_KEY_OPTION = "newDBKey";
+ private static final String ENCRYPTOR_VERSION_OPTION = "version";
+ private static final String LOAD_NEW_MS_KEY_FROM_ENV_FLAG = "load-new-management-key-from-env";
+ private static final String FORCE_DATABASE_MIGRATION_FLAG = "force-database-migration";
+ private static final String SKIP_DATABASE_MIGRATION_FLAG = "skip-database-migration";
+ private static final String HELP_FLAG = "help";
public static void main(String[] args) {
- List<String> argsList = Arrays.asList(args);
- Iterator<String> iter = argsList.iterator();
- String oldMSKey = null;
- String oldDBKey = null;
- String newMSKey = null;
- String newDBKey = null;
+ if (args.length == 0 || StringUtils.equalsAny(args[0], "-h", "--help")) {
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(0);
+ }
+
+ CommandLine cmdLine = null;
+ CommandLineParser parser = new DefaultParser();
+ try {
+ cmdLine = parser.parse(options, args);
+ } catch (ParseException e) {
+ System.out.println(e.getMessage());
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(1);
+ }
+
+ String oldMSKey = cmdLine.getOptionValue(OLD_MS_KEY_OPTION);
+ String oldDBKey = cmdLine.getOptionValue(OLD_DB_KEY_OPTION);
+ String newMSKey = cmdLine.getOptionValue(NEW_MS_KEY_OPTION);
+ String newDBKey = cmdLine.getOptionValue(NEW_DB_KEY_OPTION);
+ String newEncryptorVersion = cmdLine.getOptionValue(ENCRYPTOR_VERSION_OPTION);
+ boolean loadNewMsKeyFromEnv = cmdLine.hasOption(LOAD_NEW_MS_KEY_FROM_ENV_FLAG);
+ boolean forced = cmdLine.hasOption(FORCE_DATABASE_MIGRATION_FLAG);
+ boolean skipped = cmdLine.hasOption(SKIP_DATABASE_MIGRATION_FLAG);
+
+ if (!validateParameters(oldMSKey, oldDBKey, newMSKey, newDBKey, newEncryptorVersion, loadNewMsKeyFromEnv)) {
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(2);
+ }
+
+ System.out.println("Started database migration at " + new Date());
+ if (!migrateEverything(oldMSKey, oldDBKey, newMSKey, newDBKey, newEncryptorVersion, loadNewMsKeyFromEnv, forced, skipped)) {
+ System.out.println("Got error during database migration at " + new Date());
+ System.exit(3);
+ }
+ System.out.println("Finished database migration at " + new Date());
+ }
- //Parse command-line args
- while (iter.hasNext()) {
- String arg = iter.next();
- // Old MS Key
- if (arg.equals("-m")) {
- oldMSKey = iter.next();
+ private static Options initializeOptions() {
+ Options options = new Options();
+
+ Option oldMSKey = Option.builder("m").longOpt(OLD_MS_KEY_OPTION).argName(OLD_MS_KEY_OPTION).required(true).hasArg().desc("(required) Current Mgmt Secret Key").build();
+ Option oldDBKey = Option.builder("d").longOpt(OLD_DB_KEY_OPTION).argName(OLD_DB_KEY_OPTION).required(true).hasArg().desc("(required) Current DB Secret Key").build();
+ Option newMSKey = Option.builder("n").longOpt(NEW_MS_KEY_OPTION).argName(NEW_MS_KEY_OPTION).required(false).hasArg().desc("New Mgmt Secret Key").build();
+ Option newDBKey = Option.builder("e").longOpt(NEW_DB_KEY_OPTION).argName(NEW_DB_KEY_OPTION).required(false).hasArg().desc("New DB Secret Key").build();
+ Option encryptorVersion = Option.builder("v").longOpt(ENCRYPTOR_VERSION_OPTION).argName(ENCRYPTOR_VERSION_OPTION).required(false).hasArg().desc("New DB Encryptor Version. Options are V1, V2.").build();
+
+ Option loadNewMsKeyFromEnv = Option.builder("l").longOpt(LOAD_NEW_MS_KEY_FROM_ENV_FLAG).desc("Load new management key from environment variable " + ENV_NEW_MANAGEMENT_KEY).build();
+ Option forceDatabaseMigration = Option.builder("f").longOpt(FORCE_DATABASE_MIGRATION_FLAG).desc("Force database migration even if DB Secret key is not changed").build();
+ Option skipDatabaseMigration = Option.builder("s").longOpt(SKIP_DATABASE_MIGRATION_FLAG).desc("Skip database migration even if DB Secret key is changed").build();
+ Option help = Option.builder("h").longOpt(HELP_FLAG).desc("Show help message").build();
+
+ options.addOption(oldMSKey);
+ options.addOption(oldDBKey);
+ options.addOption(newMSKey);
+ options.addOption(newDBKey);
+ options.addOption(encryptorVersion);
+ options.addOption(loadNewMsKeyFromEnv);
+ options.addOption(forceDatabaseMigration);
+ options.addOption(skipDatabaseMigration);
+ options.addOption(help);
+
+ return options;
+ }
+
+ private static HelpFormatter initializeHelper() {
+ HelpFormatter helper = new HelpFormatter();
+
+ helper.setOptionComparator((o1, o2) -> {
+ if (o1.isRequired() && !o2.isRequired()) {
+ return -1;
}
- // Old DB Key
- if (arg.equals("-d")) {
- oldDBKey = iter.next();
+ if (!o1.isRequired() && o2.isRequired()) {
+ return 1;
}
- // New MS Key
- if (arg.equals("-n")) {
- newMSKey = iter.next();
+ if (o1.hasArg() && !o2.hasArg()) {
+ return -1;
}
- // New DB Key
- if (arg.equals("-e")) {
- newDBKey = iter.next();
+ if (!o1.hasArg() && o2.hasArg()) {
+ return 1;
}
- }
+ return o1.getOpt().compareTo(o2.getOpt());
+ });
+
+ return helper;
+ }
+
+ private static boolean validateParameters(String oldMSKey, String oldDBKey, String newMSKey, String newDBKey,
+ String newEncryptorVersion, boolean loadNewMsKeyFromEnv) {
if (oldMSKey == null || oldDBKey == null) {
- System.out.println("Existing MS secret key or DB secret key is not provided");
- usage();
- return;
+ System.out.println("Existing Management secret key or DB secret key is not provided");
+ return false;
+ }
+
+ if (loadNewMsKeyFromEnv) {
+ if (StringUtils.isNotEmpty(newMSKey)) {
+ System.out.println("The new management key has already been set. Please check if it is set twice.");
+ return false;
+ }
+ newMSKey = System.getenv(ENV_NEW_MANAGEMENT_KEY);
+ if (StringUtils.isEmpty(newMSKey)) {
+ System.out.println("Environment variable " + ENV_NEW_MANAGEMENT_KEY + " is not set or empty");
+ return false;
+ }
}
if (newMSKey == null && newDBKey == null) {
- System.out.println("New MS secret key and DB secret are both not provided");
- usage();
- return;
+ System.out.println("New Management secret key and DB secret are both not provided");
+ return false;
+ }
+
+ if (newEncryptorVersion != null) {
+ try {
+ CloudStackEncryptor.EncryptorVersion.fromString(newEncryptorVersion);
+ } catch (CloudRuntimeException ex) {
+ System.out.println(ex.getMessage());
+ return false;
+ }
}
+ return true;
+ }
+
+ private static boolean migrateEverything(String oldMSKey, String oldDBKey, String newMSKey, String newDBKey,
Review Comment:
this is a god-method it could be renamed to `migrateAllEncryptedFields` and should be dissected to smaller methods.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411313783
<b>Trillian test result (tid-117)</b>
Environment: kvm-rocky8 (x2), Advanced Networking with Mgmt server r8
Total time taken: 51161 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/FR68-pr7003-t117-kvm-rocky8.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364343959
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380716945
<b>Trillian Build Failed (tid-5822)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1362839785
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [69 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.8% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [10.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] github-actions[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1363852357
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398949128
<b>Trillian Build Failed (tid-5935)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1400165689
<b>Trillian Build Failed (tid-5955)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] mlsorensen commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "mlsorensen (via GitHub)" <gi...@apache.org>.
mlsorensen commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410744480
As pointed out in the wiki, we will almost certainly need to resize the passphrase table. We don't have a single standard local storage test that creates a VM from encrypted service offering?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1384053841
<b>Trillian Build Failed (tid-5867)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410294005
@blueorangutan test matrix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411802963
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 5468
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1413315075
@DaanHoogland a Trillian-Jenkins test job (rocky8 mgmt + kvm-rocky8) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1366358415
<b>Trillian test result (tid-61)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 49103 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/FR68-pr7003-t61-kvm-centos7.zip
Smoke tests completed. 105 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_03_deploy_and_scale_kubernetes_cluster | `Failure` | 3641.03 | test_kubernetes_clusters.py
test_08_upgrade_kubernetes_ha_cluster | `Failure` | 805.73 | test_kubernetes_clusters.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] codecov[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
codecov[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1359547397
# [Codecov](https://codecov.io/gh/apache/cloudstack/pull/7003?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#7003](https://codecov.io/gh/apache/cloudstack/pull/7003?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (1f05d1b) into [main](https://codecov.io/gh/apache/cloudstack/commit/cc676cbc83348ed0776c958f566342f31be8d855?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (cc676cb) will **decrease** coverage by `0.00%`.
> The diff coverage is `0.00%`.
```diff
@@ Coverage Diff @@
## main #7003 +/- ##
============================================
- Coverage 11.27% 11.27% -0.01%
Complexity 7289 7289
============================================
Files 2492 2492
Lines 246812 246833 +21
Branches 38563 38564 +1
============================================
Hits 27833 27833
- Misses 215394 215415 +21
Partials 3585 3585
```
| [Impacted Files](https://codecov.io/gh/apache/cloudstack/pull/7003?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...java/com/cloud/upgrade/DatabaseUpgradeChecker.java](https://codecov.io/gh/apache/cloudstack/pull/7003/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZW5naW5lL3NjaGVtYS9zcmMvbWFpbi9qYXZhL2NvbS9jbG91ZC91cGdyYWRlL0RhdGFiYXNlVXBncmFkZUNoZWNrZXIuamF2YQ==) | `0.00% <0.00%> (ø)` | |
| [...in/java/com/cloud/upgrade/dao/Upgrade450to451.java](https://codecov.io/gh/apache/cloudstack/pull/7003/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZW5naW5lL3NjaGVtYS9zcmMvbWFpbi9qYXZhL2NvbS9jbG91ZC91cGdyYWRlL2Rhby9VcGdyYWRlNDUwdG80NTEuamF2YQ==) | `0.00% <0.00%> (ø)` | |
| [...java/com/cloud/server/ConfigurationServerImpl.java](https://codecov.io/gh/apache/cloudstack/pull/7003/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvY29tL2Nsb3VkL3NlcnZlci9Db25maWd1cmF0aW9uU2VydmVySW1wbC5qYXZh) | `2.35% <0.00%> (-0.01%)` | :arrow_down: |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398605510
@blueorangutan test matrix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland closed pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
DaanHoogland closed pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
URL: https://github.com/apache/cloudstack/pull/7003
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398606105
@DaanHoogland a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411277117
<b>Trillian test result (tid-6045)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 40962 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t6045-kvm-centos7.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by sonarcloud.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411816307
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [22 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.5% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [9.9% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411799653
@blueorangutan test rocky8 kvm-rocky8
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rohityadavcloud commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "rohityadavcloud (via GitHub)" <gi...@apache.org>.
rohityadavcloud commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410258552
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410126391
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 5454
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411861492
@weizhouapache a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1384107508
<b>Trillian Build Failed (tid-5871)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398562220
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 5355
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1401321659
<b>Trillian test result (tid-5962)</b>
Environment: vmware-67u3 (x2), Advanced Networking with Mgmt server r8
Total time taken: 46864 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t5962-vmware-67u3.zip
Smoke tests completed. 106 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_08_upgrade_kubernetes_ha_cluster | `Failure` | 659.29 | test_kubernetes_clusters.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410295338
@weizhouapache a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380693804
@blueorangutan test matrix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380065789
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [19 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.8% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [10.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380719483
<b>Trillian Build Failed (tid-5824)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364344011
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a diff in pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on code in PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#discussion_r1054400361
##########
engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java:
##########
@@ -417,11 +417,12 @@ private void initializeDatabaseEncryptors() {
errorMessage = "Unable to get the 'init' value from 'configuration' table in the 'cloud' database";
String sql = "SELECT value from configuration WHERE name = 'init'";
- PreparedStatement pstmt = conn.prepareStatement(sql);
- ResultSet result = pstmt.executeQuery();
- if (result.next()) {
- String init = result.getString(1);
- s_logger.info("init = " + DBEncryptionUtil.decrypt(init));
+ try (PreparedStatement pstmt = conn.prepareStatement(sql);
+ ResultSet result = pstmt.executeQuery()) {
+ if (result.next()) {
+ String init = result.getString(1);
+ s_logger.info("init = " + DBEncryptionUtil.decrypt(init));
+ }
Review Comment:
make sense. done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1384024432
@DaanHoogland a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1383770414
<b>Trillian Build Failed (tid-91)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398902220
<b>Trillian Build Failed (tid-5933)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380719839
<b>Trillian Build Failed (tid-5823)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1401212523
<b>Trillian test result (tid-5963)</b>
Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 7
Total time taken: 40267 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t5963-xenserver-71.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411860207
@blueorangutan test matrix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411701170
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a diff in pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on code in PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#discussion_r1091667193
##########
framework/db/src/main/java/com/cloud/utils/crypt/EncryptionSecretKeyChanger.java:
##########
@@ -22,149 +22,332 @@
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.nio.charset.StandardCharsets;
import java.sql.Connection;
+import java.sql.DatabaseMetaData;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Arrays;
-import java.util.Iterator;
-import java.util.List;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
import java.util.Properties;
-
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
-import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
-import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
-import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
-import org.jasypt.properties.EncryptableProperties;
+import org.apache.commons.lang3.StringUtils;
import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.ReflectUtil;
+import com.cloud.utils.db.Encrypt;
import com.cloud.utils.db.TransactionLegacy;
import com.cloud.utils.exception.CloudRuntimeException;
+import com.google.gson.Gson;
+import com.google.gson.JsonSyntaxException;
+
+import javax.persistence.Column;
+import javax.persistence.Table;
+
/*
* EncryptionSecretKeyChanger updates Management Secret Key / DB Secret Key or both.
* DB secret key is validated against the key in db.properties
* db.properties is updated with values encrypted using new MS secret key
+ * server.properties is updated with values encrypted using new MS secret key
* DB data migrated using new DB secret key
*/
public class EncryptionSecretKeyChanger {
- private StandardPBEStringEncryptor oldEncryptor = new StandardPBEStringEncryptor();
- private StandardPBEStringEncryptor newEncryptor = new StandardPBEStringEncryptor();
- private static final String keyFile = "/etc/cloudstack/management/key";
+ private CloudStackEncryptor oldEncryptor;
+ private CloudStackEncryptor newEncryptor;
+ private static final String KEY_FILE = "/etc/cloudstack/management/key";
+ private static final String ENV_NEW_MANAGEMENT_KEY = "CLOUD_SECRET_KEY_NEW";
+ private final Gson gson = new Gson();
+ private static final String PASSWORD = "password";
+
+ private static final Options options = initializeOptions();
+ private static final HelpFormatter helper = initializeHelper();
+ private static final String CMD_LINE_SYNTAX = "cloudstack-migrate-databases";
+ private static final int WIDTH = 100;
+ private static final String HEADER = "Options:";
+ private static final String FOOTER = " \nExamples: \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -v V2 \n" +
+ " Migrate cloudstack properties (db.properties and server.properties) \n" +
+ " with new management key and encryptor V2. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -e newdbkey \n" +
+ " Migrate cloudstack properties and databases with new management key and database secret key. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -n newmgmtkey -e newdbkey -s -v V2 \n" +
+ " Migrate cloudstack properties with new keys and encryptor V2, but skip database migration. \n" +
+ " " + CMD_LINE_SYNTAX + " -m password -d password -l -f \n" +
+ " Migrate cloudstack properties with new management key (load from $CLOUD_SECRET_KEY_NEW), \n" +
+ " and migrate database with old db key. \n" +
+ " \nReturn codes: \n" +
+ " 0 - Succeed to change keys and/or migrate databases \n" +
+ " 1 - Fail to parse the command line arguments \n" +
+ " 2 - Fail to validate parameters \n" +
+ " 3 - Fail to migrate database";
+ private static final String OLD_MS_KEY_OPTION = "oldMSKey";
+ private static final String OLD_DB_KEY_OPTION = "oldDBKey";
+ private static final String NEW_MS_KEY_OPTION = "newMSKey";
+ private static final String NEW_DB_KEY_OPTION = "newDBKey";
+ private static final String ENCRYPTOR_VERSION_OPTION = "version";
+ private static final String LOAD_NEW_MS_KEY_FROM_ENV_FLAG = "load-new-management-key-from-env";
+ private static final String FORCE_DATABASE_MIGRATION_FLAG = "force-database-migration";
+ private static final String SKIP_DATABASE_MIGRATION_FLAG = "skip-database-migration";
+ private static final String HELP_FLAG = "help";
public static void main(String[] args) {
- List<String> argsList = Arrays.asList(args);
- Iterator<String> iter = argsList.iterator();
- String oldMSKey = null;
- String oldDBKey = null;
- String newMSKey = null;
- String newDBKey = null;
+ if (args.length == 0 || StringUtils.equalsAny(args[0], "-h", "--help")) {
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(0);
+ }
+
+ CommandLine cmdLine = null;
+ CommandLineParser parser = new DefaultParser();
+ try {
+ cmdLine = parser.parse(options, args);
+ } catch (ParseException e) {
+ System.out.println(e.getMessage());
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(1);
+ }
+
+ String oldMSKey = cmdLine.getOptionValue(OLD_MS_KEY_OPTION);
+ String oldDBKey = cmdLine.getOptionValue(OLD_DB_KEY_OPTION);
+ String newMSKey = cmdLine.getOptionValue(NEW_MS_KEY_OPTION);
+ String newDBKey = cmdLine.getOptionValue(NEW_DB_KEY_OPTION);
+ String newEncryptorVersion = cmdLine.getOptionValue(ENCRYPTOR_VERSION_OPTION);
+ boolean loadNewMsKeyFromEnv = cmdLine.hasOption(LOAD_NEW_MS_KEY_FROM_ENV_FLAG);
+ boolean forced = cmdLine.hasOption(FORCE_DATABASE_MIGRATION_FLAG);
+ boolean skipped = cmdLine.hasOption(SKIP_DATABASE_MIGRATION_FLAG);
+
+ if (!validateParameters(oldMSKey, oldDBKey, newMSKey, newDBKey, newEncryptorVersion, loadNewMsKeyFromEnv)) {
+ helper.printHelp(WIDTH, CMD_LINE_SYNTAX, HEADER, options, FOOTER, true);
+ System.exit(2);
+ }
+
+ System.out.println("Started database migration at " + new Date());
+ if (!migrateEverything(oldMSKey, oldDBKey, newMSKey, newDBKey, newEncryptorVersion, loadNewMsKeyFromEnv, forced, skipped)) {
+ System.out.println("Got error during database migration at " + new Date());
+ System.exit(3);
+ }
+ System.out.println("Finished database migration at " + new Date());
+ }
- //Parse command-line args
- while (iter.hasNext()) {
- String arg = iter.next();
- // Old MS Key
- if (arg.equals("-m")) {
- oldMSKey = iter.next();
+ private static Options initializeOptions() {
+ Options options = new Options();
+
+ Option oldMSKey = Option.builder("m").longOpt(OLD_MS_KEY_OPTION).argName(OLD_MS_KEY_OPTION).required(true).hasArg().desc("(required) Current Mgmt Secret Key").build();
+ Option oldDBKey = Option.builder("d").longOpt(OLD_DB_KEY_OPTION).argName(OLD_DB_KEY_OPTION).required(true).hasArg().desc("(required) Current DB Secret Key").build();
+ Option newMSKey = Option.builder("n").longOpt(NEW_MS_KEY_OPTION).argName(NEW_MS_KEY_OPTION).required(false).hasArg().desc("New Mgmt Secret Key").build();
+ Option newDBKey = Option.builder("e").longOpt(NEW_DB_KEY_OPTION).argName(NEW_DB_KEY_OPTION).required(false).hasArg().desc("New DB Secret Key").build();
+ Option encryptorVersion = Option.builder("v").longOpt(ENCRYPTOR_VERSION_OPTION).argName(ENCRYPTOR_VERSION_OPTION).required(false).hasArg().desc("New DB Encryptor Version. Options are V1, V2.").build();
+
+ Option loadNewMsKeyFromEnv = Option.builder("l").longOpt(LOAD_NEW_MS_KEY_FROM_ENV_FLAG).desc("Load new management key from environment variable " + ENV_NEW_MANAGEMENT_KEY).build();
+ Option forceDatabaseMigration = Option.builder("f").longOpt(FORCE_DATABASE_MIGRATION_FLAG).desc("Force database migration even if DB Secret key is not changed").build();
+ Option skipDatabaseMigration = Option.builder("s").longOpt(SKIP_DATABASE_MIGRATION_FLAG).desc("Skip database migration even if DB Secret key is changed").build();
+ Option help = Option.builder("h").longOpt(HELP_FLAG).desc("Show help message").build();
+
+ options.addOption(oldMSKey);
+ options.addOption(oldDBKey);
+ options.addOption(newMSKey);
+ options.addOption(newDBKey);
+ options.addOption(encryptorVersion);
+ options.addOption(loadNewMsKeyFromEnv);
+ options.addOption(forceDatabaseMigration);
+ options.addOption(skipDatabaseMigration);
+ options.addOption(help);
+
+ return options;
+ }
+
+ private static HelpFormatter initializeHelper() {
+ HelpFormatter helper = new HelpFormatter();
+
+ helper.setOptionComparator((o1, o2) -> {
+ if (o1.isRequired() && !o2.isRequired()) {
+ return -1;
}
- // Old DB Key
- if (arg.equals("-d")) {
- oldDBKey = iter.next();
+ if (!o1.isRequired() && o2.isRequired()) {
+ return 1;
}
- // New MS Key
- if (arg.equals("-n")) {
- newMSKey = iter.next();
+ if (o1.hasArg() && !o2.hasArg()) {
+ return -1;
}
- // New DB Key
- if (arg.equals("-e")) {
- newDBKey = iter.next();
+ if (!o1.hasArg() && o2.hasArg()) {
+ return 1;
}
- }
+ return o1.getOpt().compareTo(o2.getOpt());
+ });
+
+ return helper;
+ }
+
+ private static boolean validateParameters(String oldMSKey, String oldDBKey, String newMSKey, String newDBKey,
Review Comment:
@DaanHoogland
thanks for review.
`validateParameters` looks ok to me.
`migrateEverything` is too large but I'd like to keep it at this stage (this PR has been tested by QA).
Actually most lines in the method are validation. The migrations have been already extracted to some methods.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380410694
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380546446
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 5247
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380692080
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [22 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.5% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [9.9% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1384023931
@blueorangutan test matrix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1384055517
<b>Trillian Build Failed (tid-5866)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398464415
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398921930
<b>Trillian Build Failed (tid-5934)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1412846343
<b>Trillian test result (tid-6062)</b>
Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 7
Total time taken: 41507 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t6062-xenserver-71.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411718692
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland merged pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland merged PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364625489
<b>Trillian test result (tid-59)</b>
Environment: vmware-70u3 (x2), Advanced Networking with Mgmt server 7
Total time taken: 45344 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/FR68-pr7003-t59-vmware-70u3.zip
Smoke tests completed. 106 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1359342858
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [3 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [2 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [113 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [13.0% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [9.9% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380789142
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [22 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.5% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [9.9% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364344221
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [19 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.8% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [10.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1384052862
<b>Trillian Build Failed (tid-5865)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache closed pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
weizhouapache closed pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
URL: https://github.com/apache/cloudstack/pull/7003
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364365129
@blueorangutan test matrix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1398465431
@DaanHoogland a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410039512
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411405627
<b>Trillian test result (tid-6044)</b>
Environment: vmware-67u3 (x2), Advanced Networking with Mgmt server r8
Total time taken: 50363 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t6044-vmware-67u3.zip
Smoke tests completed. 106 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_02_list_cpvm_vm | `Failure` | 0.04 | test_ssvm.py
test_04_cpvm_internals | `Failure` | 0.04 | test_ssvm.py
test_06_stop_cpvm | `Failure` | 0.05 | test_ssvm.py
test_07_reboot_ssvm | `Failure` | 111.41 | test_ssvm.py
test_08_reboot_cpvm | `Failure` | 0.04 | test_ssvm.py
test_10_reboot_cpvm_forced | `Failure` | 0.04 | test_ssvm.py
test_12_destroy_cpvm | `Error` | 2302.45 | test_ssvm.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rohityadavcloud commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "rohityadavcloud (via GitHub)" <gi...@apache.org>.
rohityadavcloud commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411673370
@weizhouapache should this have any schema change in the 4.17.2.0->4.18.0.0 sql upgrade path?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1413040344
<b>Trillian test result (tid-6061)</b>
Environment: kvm-rocky8 (x2), Advanced Networking with Mgmt server r8
Total time taken: 55014 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t6061-kvm-rocky8.zip
Smoke tests completed. 102 look OK, 5 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
ContextSuite context=TestRouterDnsService>:setup | `Error` | 0.00 | test_router_dnsservice.py
ContextSuite context=TestRemoteDiagnostics>:setup | `Error` | 0.00 | test_diagnostics.py
ContextSuite context=TestPrivateGwACL>:setup | `Error` | 0.00 | test_privategw_acl.py
ContextSuite context=TestDomainsServiceOfferings>:setup | `Error` | 3.61 | test_domain_service_offerings.py
test_01_template_usage | `Error` | 11.51 | test_usage.py
test_01_volume_usage | `Error` | 187.50 | test_usage.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1401222029
<b>Trillian test result (tid-5964)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 41065 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t5964-kvm-centos7.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1412932573
<b>Trillian test result (tid-6063)</b>
Environment: vmware-67u3 (x2), Advanced Networking with Mgmt server r8
Total time taken: 46138 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t6063-vmware-67u3.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410039894
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411801525
@weizhouapache a Trillian-Jenkins test job (rocky8 mgmt + kvm-rocky8) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1412842574
<b>Trillian test result (tid-6064)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 41099 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t6064-kvm-centos7.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411795536
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 5467
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by sonarcloud.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410152709
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [22 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.5% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [9.9% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411699685
> @weizhouapache should this have any schema change in the 4.17.2.0->4.18.0.0 sql upgrade path?
@rohityadavcloud
yes, just pushed a commit to resize passphrase column
https://github.com/apache/cloudstack/pull/7003/commits/732e05ebf978b702609286dac14de9552e4e6cca
no other schema change is required.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411700061
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1413314306
@blueorangutan test rocky8 kvm-rocky8
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364622693
<b>Trillian test result (tid-58)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 43288 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/FR68-pr7003-t58-kvm-centos7.zip
Smoke tests completed. 105 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_02_upgrade_kubernetes_cluster | `Failure` | 461.89 | test_kubernetes_clusters.py
test_08_upgrade_kubernetes_ha_cluster | `Failure` | 600.84 | test_kubernetes_clusters.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380694731
@DaanHoogland a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1361650345
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [70 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.9% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [10.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1361404778
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7003)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7003&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL) [76 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7003&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list) [12.9% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list) [10.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7003&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on code in PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#discussion_r1054081625
##########
engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java:
##########
@@ -417,11 +417,12 @@ private void initializeDatabaseEncryptors() {
errorMessage = "Unable to get the 'init' value from 'configuration' table in the 'cloud' database";
String sql = "SELECT value from configuration WHERE name = 'init'";
- PreparedStatement pstmt = conn.prepareStatement(sql);
- ResultSet result = pstmt.executeQuery();
- if (result.next()) {
- String init = result.getString(1);
- s_logger.info("init = " + DBEncryptionUtil.decrypt(init));
+ try (PreparedStatement pstmt = conn.prepareStatement(sql);
+ ResultSet result = pstmt.executeQuery()) {
+ if (result.next()) {
+ String init = result.getString(1);
+ s_logger.info("init = " + DBEncryptionUtil.decrypt(init));
+ }
Review Comment:
this try is good, but it would be better to have it in a separate method. It will be clearer (from the stacktrace) in which try something went wrong. (nested try clause)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364365324
@weizhouapache a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1364362101
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 5082
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410282632
<b>Trillian Build Failed (tid-6042)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1410259831
@rohityadavcloud a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411355959
<b>Trillian test result (tid-118)</b>
Environment: kvm-rocky8 (x2), Advanced Networking with Mgmt server r8
Total time taken: 52300 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/FR68-pr7003-t118-kvm-rocky8.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411310164
<b>Trillian test result (tid-6043)</b>
Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 7
Total time taken: 43272 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7003-t6043-xenserver-71.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411310372
<b>Trillian test result (tid-116)</b>
Environment: kvm-rocky8 (x2), Advanced Networking with Mgmt server r8
Total time taken: 50852 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/FR68-pr7003-t116-kvm-rocky8.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1411719290
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1413358237
<b>Trillian Build Failed (tid-6086)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache closed pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
weizhouapache closed pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
URL: https://github.com/apache/cloudstack/pull/7003
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1380412094
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7003: utils,framework/db: Introduce new database encryption cipher based on AesGcmJce
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on PR #7003:
URL: https://github.com/apache/cloudstack/pull/7003#issuecomment-1396318105
<b>Trillian test result (tid-99)</b>
Environment: kvm-rocky8 (x2), Advanced Networking with Mgmt server r8
Total time taken: 51674 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/FR68-pr7003-t99-kvm-rocky8.zip
Smoke tests completed. 107 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org