No commit message

godaddy · Jul 26, 2023 · 4104a01 · 4104a01
2 parents ba81e3a + fd44dcc
commit 4104a01
Show file tree

Hide file tree

Showing 20 changed files with 228 additions and 250 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,36 @@
+To help us get this pull request reviewed and merged quickly, please be sure to include the following items:
+
+* [ ] Tests (if applicable)
+* [ ] Documentation (if applicable)
+* [ ] Changelog entry
+* [ ] A full explanation here in the PR description of the work done
+
+## PR Type
+What kind of change does this PR introduce?
+
+* [ ] Bugfix
+* [ ] Feature
+* [ ] Code style update (formatting, local variables)
+* [ ] Refactoring (no functional changes, no api changes)
+* [ ] Build related changes
+* [ ] CI related changes
+* [ ] Documentation content changes
+* [ ] Tests
+* [ ] Other
+
+## Backward Compatibility
+
+Is this change backward compatible with the most recently released version? Does it introduce changes which might change the user experience in any way? Does it alter the API in any way?
+
+* [ ] Yes (backward compatible)
+* [ ] No (breaking changes)
+
+
+## Issue Linking
+<!--
+    KEYWORD #ISSUE-NUMBER
+    [closes|fixes|resolves] #
+-->
+
+## What's new?
+-
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ env:
   MYSQL_USERNAME: root
   MYSQL_PASSWORD: Password123
   DISABLE_TESTCONTAINERS: true
-  AWS_ACCESS_KEY_ID: dummy_key
+  AWS_ACCESS_KEY_ID: dummykey
   AWS_SECRET_ACCESS_KEY: dummy_secret
   AWS_DEFAULT_REGION: us-west-2
   AWS_REGION: us-west-2

diff --git a/go/appencryption/.versionfile b/go/appencryption/.versionfile
@@ -1 +1 @@
-0.2.6
+0.3.0
diff --git a/go/appencryption/README.md b/go/appencryption/README.md
@@ -105,6 +105,17 @@ if err != nil {
 metastore := persistence.NewSQLMetastore(db)
 ```
 
+You can also use the `WithSQLMetastoreDBType` option to configure the metastore for use with a
+specific type of `database/sql` driver. **This is required when using an Oracle or PostgreSQL database.**
+
+```go
+// Build the Metastore for use with a Postgres DB
+metastore := persistence.NewSQLMetastore(
+    db,
+    persistence.WithSQLMetastoreDBType(persistence.Postgres),
+)
+```
+
 #### DynamoDB Metastore
 
 ```go

diff --git a/go/appencryption/integrationtest/go.mod b/go/appencryption/integrationtest/go.mod
@@ -50,7 +50,7 @@ require (
 	golang.org/x/sys v0.5.0 // indirect
 	golang.org/x/tools v0.5.0 // indirect
 	google.golang.org/genproto v0.0.0-20230127162408-596548ed4efa // indirect
-	google.golang.org/grpc v1.52.3 // indirect
+	google.golang.org/grpc v1.53.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go/appencryption/integrationtest/go.sum b/go/appencryption/integrationtest/go.sum
@@ -81,8 +81,6 @@ github.com/awnumar/memcall v0.1.2/go.mod h1:S911igBPR9CThzd/hYQQmTc9SWNu3ZHIlCGa
 github.com/awnumar/memguard v0.22.3 h1:b4sgUXtbUjhrGELPbuC62wU+BsPQy+8lkWed9Z+pj0Y=
 github.com/awnumar/memguard v0.22.3/go.mod h1:mmGunnffnLHlxE5rRgQc3j+uwPZ27eYb61ccr8Clz2Y=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/aws/aws-sdk-go v1.44.250 h1:IuGUO2Hafv/b0yYKI5UPLQShYDx50BCIQhab/H1sX2M=
-github.com/aws/aws-sdk-go v1.44.250/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go v1.44.265 h1:rlBuD8OYjM5Vfcf7jDa264oVHqlPqY7y7o+JmrjNFUc=
 github.com/aws/aws-sdk-go v1.44.265/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -1033,8 +1031,8 @@ google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTp
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ=
-google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
+google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
+google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

diff --git a/go/appencryption/pkg/persistence/sql.go b/go/appencryption/pkg/persistence/sql.go
@@ -5,6 +5,8 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
+	"regexp"
+	"strconv"
 	"time"
 
 	"github.com/pkg/errors"
@@ -14,9 +16,9 @@ import (
 )
 
 const (
-	loadKeyQuery    = "SELECT key_record FROM encryption_key WHERE id = ? AND created = ?"
-	storeKeyQuery   = "INSERT INTO encryption_key (id, created, key_record) VALUES (?, ?, ?)"
-	loadLatestQuery = "SELECT key_record from encryption_key WHERE id = ? ORDER BY created DESC LIMIT 1"
+	defaultLoadKeyQuery    = "SELECT key_record FROM encryption_key WHERE id = ? AND created = ?"
+	defaultStoreKeyQuery   = "INSERT INTO encryption_key (id, created, key_record) VALUES (?, ?, ?)"
+	defaultLoadLatestQuery = "SELECT key_record from encryption_key WHERE id = ? ORDER BY created DESC LIMIT 1"
 )
 
 var (
@@ -28,18 +30,83 @@ var (
 	loadLatestSQLTimer = metrics.GetOrRegisterTimer(fmt.Sprintf("%s.metastore.sql.loadlatest", appencryption.MetricsPrefix), nil)
 )
 
+// SQLMetastoreDBType identifies a specific database/sql driver
+type SQLMetastoreDBType string
+
+const (
+	Postgres SQLMetastoreDBType = "postgres"
+	Oracle   SQLMetastoreDBType = "oracle"
+	MySQL    SQLMetastoreDBType = "mysql"
+
+	DefaultDBType = MySQL
+)
+
+var qrx = regexp.MustCompile(`\?`)
+
+// q converts "?" characters to $1, $2, $n on postgres, :1, :2, :n on Oracle.
+//
+// This function is based on a function of the same name found in the Go
+// sql test project: https://github.com/bradfitz/go-sql-test.
+func (t SQLMetastoreDBType) q(sql string) string {
+	var pref string
+	switch t {
+	case Postgres:
+		pref = "$"
+	case Oracle:
+		pref = ":"
+	default:
+		return sql
+	}
+	n := 0
+	return qrx.ReplaceAllStringFunc(sql, func(string) string {
+		n++
+		return pref + strconv.Itoa(n)
+	})
+}
+
+// SQLMetastoreOption is used to configure additional options in a SQLMetastore.
+type SQLMetastoreOption func(*SQLMetastore)
+
+// WithSQLMetastoreDBType configures the SQLMetastore for use with the specified
+// family of database/sql drivers such as Postgres, Oracle, or MySQL (default).
+func WithSQLMetastoreDBType(t SQLMetastoreDBType) SQLMetastoreOption {
+	return func(s *SQLMetastore) {
+		s.dbType = t
+		s.loadKeyQuery = t.q(s.loadKeyQuery)
+		s.storeKeyQuery = t.q(s.storeKeyQuery)
+		s.loadLatestQuery = t.q(s.loadLatestQuery)
+	}
+}
+
 // SQLMetastore implements the Metastore interface for a RDBMS metastore.
-// See scripts/encryption_key.sql for table structure and required
-// stored procedures.
+//
+// See https://github.com/godaddy/asherah/blob/master/docs/Metastore.md#rdbms for the
+// required table structure and other relevent information.
 type SQLMetastore struct {
 	db *sql.DB
+
+	dbType          SQLMetastoreDBType
+	loadKeyQuery    string
+	storeKeyQuery   string
+	loadLatestQuery string
 }
 
 // NewSQLMetastore returns a new SQLMetastore with the provided policy and sql connection.
-func NewSQLMetastore(dbHandle *sql.DB) *SQLMetastore {
-	return &SQLMetastore{
+func NewSQLMetastore(dbHandle *sql.DB, opts ...SQLMetastoreOption) *SQLMetastore {
+	metastore := &SQLMetastore{
 		db: dbHandle,
+
+		dbType:          DefaultDBType,
+		loadKeyQuery:    defaultLoadKeyQuery,
+		storeKeyQuery:   defaultStoreKeyQuery,
+		loadLatestQuery: defaultLoadLatestQuery,
+	}
+
+	for _, opt := range opts {
+		opt(metastore)
 	}
+
+	return metastore
 }
 
 type scanner interface {
@@ -73,14 +140,14 @@ func (s *SQLMetastore) Load(ctx context.Context, keyID string, created int64) (*
 
 	t := time.Unix(created, 0)
 
-	return parseEnvelope(s.db.QueryRowContext(ctx, loadKeyQuery, keyID, t))
+	return parseEnvelope(s.db.QueryRowContext(ctx, s.loadKeyQuery, keyID, t))
 }
 
 // LoadLatest returns the newest record matching the ID.
 func (s *SQLMetastore) LoadLatest(ctx context.Context, keyID string) (*appencryption.EnvelopeKeyRecord, error) {
 	defer loadLatestSQLTimer.UpdateSince(time.Now())
 
-	return parseEnvelope(s.db.QueryRowContext(ctx, loadLatestQuery, keyID))
+	return parseEnvelope(s.db.QueryRowContext(ctx, s.loadLatestQuery, keyID))
 }
 
 // Store attempts to insert the key into the metastore if one is not
@@ -99,7 +166,7 @@ func (s *SQLMetastore) Store(ctx context.Context, keyID string, created int64, e
 
 	createdAt := time.Unix(created, 0)
 
-	if _, err := s.db.ExecContext(ctx, storeKeyQuery, keyID, createdAt, string(bytes)); err != nil {
+	if _, err := s.db.ExecContext(ctx, s.storeKeyQuery, keyID, createdAt, string(bytes)); err != nil {
 		// Go sql package does not provide a specific integrity violation error for duplicate detection
 		// at this time, so it's treated similar to other errors to avoid error parsing.
 		// The caller is left to assume any false/error return value may be a duplicate.

diff --git a/go/appencryption/pkg/persistence/sql_test.go b/go/appencryption/pkg/persistence/sql_test.go
@@ -1,6 +1,7 @@
 package persistence
 
 import (
+	"database/sql"
 	"testing"
 
 	"github.com/stretchr/testify/suite"
@@ -14,8 +15,59 @@ type SQLSuite struct {
 	suite.Suite
 }
 
-// TODO: add tests
-
 func TestMySqlSuite(t *testing.T) {
 	suite.Run(t, new(SQLSuite))
 }
+
+func (s *SQLSuite) TestNewSQLMetastore() {
+	db := &sql.DB{}
+
+	m := NewSQLMetastore(db)
+
+	s.Equal(MySQL, m.dbType)
+	s.Equal(defaultLoadKeyQuery, m.loadKeyQuery)
+	s.Equal(defaultStoreKeyQuery, m.storeKeyQuery)
+	s.Equal(defaultLoadLatestQuery, m.loadLatestQuery)
+}
+
+func (s *SQLSuite) TestNewSQLMetastore_WithSQLMetastoreDBType() {
+	tests := []struct {
+		dbType                  SQLMetastoreDBType
+		expectedLoadKeyQuery    string
+		expectedStoreKeyQuery   string
+		expectedLoadLatestQuery string
+	}{
+		{
+			dbType:                  Postgres,
+			expectedLoadKeyQuery:    "SELECT key_record FROM encryption_key WHERE id = $1 AND created = $2",
+			expectedStoreKeyQuery:   "INSERT INTO encryption_key (id, created, key_record) VALUES ($1, $2, $3)",
+			expectedLoadLatestQuery: "SELECT key_record from encryption_key WHERE id = $1 ORDER BY created DESC LIMIT 1",
+		},
+		{
+			dbType:                  Oracle,
+			expectedLoadKeyQuery:    "SELECT key_record FROM encryption_key WHERE id = :1 AND created = :2",
+			expectedStoreKeyQuery:   "INSERT INTO encryption_key (id, created, key_record) VALUES (:1, :2, :3)",
+			expectedLoadLatestQuery: "SELECT key_record from encryption_key WHERE id = :1 ORDER BY created DESC LIMIT 1",
+		},
+		{
+			dbType:                  MySQL,
+			expectedLoadKeyQuery:    "SELECT key_record FROM encryption_key WHERE id = ? AND created = ?",
+			expectedStoreKeyQuery:   "INSERT INTO encryption_key (id, created, key_record) VALUES (?, ?, ?)",
+			expectedLoadLatestQuery: "SELECT key_record from encryption_key WHERE id = ? ORDER BY created DESC LIMIT 1",
+		},
+	}
+
+	db := &sql.DB{}
+
+	for i := range tests {
+		tt := tests[i]
+		s.Run(string(tt.dbType), func() {
+			m := NewSQLMetastore(db, WithSQLMetastoreDBType(tt.dbType))
+
+			s.Equal(tt.dbType, m.dbType)
+			s.Equal(tt.expectedLoadKeyQuery, m.loadKeyQuery)
+			s.Equal(tt.expectedStoreKeyQuery, m.storeKeyQuery)
+			s.Equal(tt.expectedLoadLatestQuery, m.loadLatestQuery)
+		})
+	}
+}
diff --git a/java/app-encryption/pom.xml b/java/app-encryption/pom.xml
@@ -49,11 +49,11 @@
     <bouncycastle.version>1.70</bouncycastle.version>
     <build.helper.version>3.3.0</build.helper.version>
     <caffeine.version>3.1.6</caffeine.version>
-    <checkerframework.version>3.34.0</checkerframework.version>
+    <checkerframework.version>3.35.0</checkerframework.version>
     <commons.codec.version>1.15</commons.codec.version>
     <commons.logging.version>1.2</commons.logging.version>
     <commons.text.version>1.10.0</commons.text.version>
-    <guava.version>31.1-jre</guava.version>
+    <guava.version>32.0.1-jre</guava.version>
     <jackson.version>2.14.2</jackson.version>
     <jacoco.version>0.8.10</jacoco.version>
     <json.version>20230227</json.version>
@@ -68,7 +68,7 @@
     <maven.scm.version>2.0.0</maven.scm.version>
     <maven.source.version>3.2.1</maven.source.version>
     <maven.surefire.version>3.1.0</maven.surefire.version>
-    <micrometer.version>1.11.0</micrometer.version>
+    <micrometer.version>1.11.1</micrometer.version>
     <mockito.core.version>5.1.1</mockito.core.version>
     <nexus.staging.maven.version>1.6.13</nexus.staging.maven.version>
     <securememory.version>0.1.2</securememory.version>

diff --git a/samples/go/aws/lambda/function/go.mod b/samples/go/aws/lambda/function/go.mod
@@ -27,7 +27,7 @@ require (
 	golang.org/x/net v0.7.0 // indirect
 	golang.org/x/sys v0.5.0 // indirect
 	golang.org/x/text v0.7.0 // indirect
-	google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9 // indirect
-	google.golang.org/grpc v1.45.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
+	google.golang.org/grpc v1.53.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 )