Merge pull request #343 from IABTechLab/cbc-UID2-4379-rename-s3-encry…

…ption-cloud-encryption

Rename in admin

.github/workflows/check-stable-dependency.yaml

@@ -3,7 +3,7 @@ on: [pull_request, workflow_dispatch]
 
 jobs:
   check_dependency:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v2
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v3
     secrets: inherit
 
 

.github/workflows/validate-image.yaml

@@ -20,7 +20,7 @@ on:
 jobs:
   build-publish-docker:
     uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3
-    with: 
+    with:
       failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
       fail_on_error: ${{ inputs.fail_on_error || true }}
       java_version: 21

conf/local-config.json

@@ -18,7 +18,7 @@
   "keysets_metadata_path": "keysets/metadata.json",
   "admin_keysets_metadata_path": "admin_keysets/metadata.json",
   "keyset_keys_metadata_path": "keyset_keys/metadata.json",
-  "s3_keys_metadata_path": "s3encryption_keys/metadata.json",
+  "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json",
   "aws_access_key_id": "no access key needed for test",
   "aws_secret_access_key": "no secret key needed for test",
   "client_side_keypair_public_prefix": "UID2-X-L-",
@@ -44,6 +44,6 @@
   "role_okta_group_map_maintainer": "developer",
   "role_okta_group_map_privileged": "developer",
   "role_okta_group_map_super_user": "developer",
-  "s3_key_activates_in_seconds": 86400,
-  "s3_key_count_per_site": 2
+  "cloud_encryption_key_activates_in_seconds": 86400,
+  "cloud_encryption_key_count_per_site": 2
 }

conf/local-e2e-docker-config.json

@@ -18,7 +18,7 @@
   "keysets_metadata_path": "keysets/metadata.json",
   "admin_keysets_metadata_path": "admin_keysets/metadata.json",
   "keyset_keys_metadata_path": "keyset_keys/metadata.json",
-  "s3_keys_metadata_path": "s3encryption_keys/metadata.json",
+  "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json",
   "aws_access_key_id": "no access key needed for test",
   "aws_secret_access_key": "no secret key needed for test",
   "client_side_keypair_public_prefix": "UID2-X-L-",
@@ -44,6 +44,6 @@
   "role_okta_group_map_maintainer": "developer",
   "role_okta_group_map_privileged": "developer",
   "role_okta_group_map_super_user": "developer",
-  "s3_key_activates_in_seconds": 86400,
-  "s3_key_count_per_site": 2
+  "cloud_encryption_key_activates_in_seconds": 86400,
+  "cloud_encryption_key_count_per_site": 2
 }

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-admin</artifactId>
-    <version>5.15.24</version>
+    <version>5.15.25-alpha-94-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -16,7 +16,7 @@
         <!-- check micrometer.version vertx-micrometer-metrics consumes before bumping up -->
         <micrometer.version>1.12.2</micrometer.version>
         <junit-jupiter.version>5.11.2</junit-jupiter.version>
-        <uid2-shared.version>7.21.7</uid2-shared.version>
+        <uid2-shared.version>8.0.0</uid2-shared.version>
         <okta-jwt.version>0.5.10</okta-jwt.version>
         <image.version>${project.version}</image.version>
     </properties>

src/main/java/com/uid2/admin/Main.java

@@ -13,7 +13,7 @@
 import com.uid2.admin.legacy.RotatingLegacyClientKeyProvider;
 import com.uid2.admin.managers.KeysetManager;
 import com.uid2.admin.monitoring.DataStoreMetrics;
-import com.uid2.admin.managers.S3KeyManager;
+import com.uid2.admin.managers.CloudEncryptionKeyManager;
 import com.uid2.admin.secret.*;
 import com.uid2.admin.store.*;
 import com.uid2.admin.store.reader.RotatingAdminKeysetStore;
@@ -197,18 +197,18 @@ public void run() {
             operatorKeyProvider.loadContent(operatorKeyProvider.getMetadata());
             OperatorKeyStoreWriter operatorKeyStoreWriter = new OperatorKeyStoreWriter(operatorKeyProvider, fileManager, jsonWriter, versionGenerator);
 
-            CloudPath s3KeyMetadataPath = new CloudPath(config.getString(Const.Config.S3keysMetadataPathProp));
-            GlobalScope s3KeyGlobalScope = new GlobalScope(s3KeyMetadataPath);
-            RotatingS3KeyProvider s3KeyProvider = new RotatingS3KeyProvider(cloudStorage, s3KeyGlobalScope);
-            S3KeyStoreWriter s3KeyStoreWriter = new S3KeyStoreWriter(s3KeyProvider, fileManager, jsonWriter, versionGenerator, clock, s3KeyGlobalScope);
+            CloudPath cloudEncryptionKeyMetadataPath = new CloudPath(config.getString(Const.Config.CloudEncryptionKeysMetadataPathProp));
+            GlobalScope cloudEncryptionKeyGlobalScope = new GlobalScope(cloudEncryptionKeyMetadataPath);
+            RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider = new RotatingCloudEncryptionKeyProvider(cloudStorage, cloudEncryptionKeyGlobalScope);
+            CloudEncryptionKeyStoreWriter cloudEncryptionKeyStoreWriter = new CloudEncryptionKeyStoreWriter(RotatingCloudEncryptionKeyProvider, fileManager, jsonWriter, versionGenerator, clock, cloudEncryptionKeyGlobalScope);
             IKeyGenerator keyGenerator = new SecureKeyGenerator();
-            S3KeyManager s3KeyManager = new S3KeyManager(s3KeyProvider, s3KeyStoreWriter,keyGenerator);
+            CloudEncryptionKeyManager cloudEncryptionKeyManager = new CloudEncryptionKeyManager(RotatingCloudEncryptionKeyProvider, cloudEncryptionKeyStoreWriter,keyGenerator);
             try {
-                s3KeyProvider.loadContent();
+                RotatingCloudEncryptionKeyProvider.loadContent();
             } catch (CloudStorageException e) {
                 if (e.getMessage().contains("The specified key does not exist")) {
-                    s3KeyStoreWriter.upload(new HashMap<>(), null);
-                    s3KeyProvider.loadContent();
+                    cloudEncryptionKeyStoreWriter.upload(new HashMap<>(), null);
+                    RotatingCloudEncryptionKeyProvider.loadContent();
                 } else {
                     throw e;
                 }
@@ -255,11 +255,11 @@ public void run() {
                     clientSideKeypairService,
                     new ServiceService(auth, writeLock, serviceStoreWriter, serviceProvider, siteProvider, serviceLinkProvider),
                     new ServiceLinkService(auth, writeLock, serviceLinkStoreWriter, serviceLinkProvider, serviceProvider, siteProvider),
-                    new OperatorKeyService(config, auth, writeLock, operatorKeyStoreWriter, operatorKeyProvider, siteProvider, keyGenerator, keyHasher, s3KeyManager),
+                    new OperatorKeyService(config, auth, writeLock, operatorKeyStoreWriter, operatorKeyProvider, siteProvider, keyGenerator, keyHasher, cloudEncryptionKeyManager),
                     new SaltService(auth, writeLock, saltStoreWriter, saltProvider, saltRotation),
                     new SiteService(auth, writeLock, siteStoreWriter, siteProvider, clientKeyProvider),
                     new PartnerConfigService(auth, writeLock, partnerStoreWriter, partnerConfigProvider),
-                    new PrivateSiteDataRefreshService(auth, jobDispatcher, writeLock, config, s3KeyProvider),
+                    new PrivateSiteDataRefreshService(auth, jobDispatcher, writeLock, config, RotatingCloudEncryptionKeyProvider),
                     new JobDispatcherService(auth, jobDispatcher),
                     new SearchService(auth, clientKeyProvider, operatorKeyProvider)
             };
@@ -286,8 +286,8 @@ public void run() {
             }
 
             synchronized (writeLock) {
-                s3KeyManager.generateKeysForOperators(operatorKeyProvider.getAll(), config.getLong("s3_key_activates_in_seconds"), config.getInteger("s3_key_count_per_site"));
-                s3KeyProvider.loadContent();
+                cloudEncryptionKeyManager.generateKeysForOperators(operatorKeyProvider.getAll(), config.getLong("cloud_encryption_key_activates_in_seconds"), config.getInteger("cloud_encryption_key_count_per_site"));
+                RotatingCloudEncryptionKeyProvider.loadContent();
             }
 
             /*
@@ -336,7 +336,7 @@ public void run() {
             CompletableFuture<Boolean> privateSiteDataSyncJobFuture = jobDispatcher.executeNextJob();
             privateSiteDataSyncJobFuture.get();
 
-            EncryptedFilesSyncJob encryptedFilesSyncJob = new EncryptedFilesSyncJob(config, writeLock,s3KeyProvider);
+            EncryptedFilesSyncJob encryptedFilesSyncJob = new EncryptedFilesSyncJob(config, writeLock,RotatingCloudEncryptionKeyProvider);
             jobDispatcher.enqueue(encryptedFilesSyncJob);
             CompletableFuture<Boolean> encryptedFilesSyncJobFuture = jobDispatcher.executeNextJob();
             encryptedFilesSyncJobFuture.get();

src/main/java/com/uid2/admin/job/EncryptionJob/ClientKeyEncryptionJob.java

@@ -26,7 +26,7 @@ public ClientKeyEncryptionJob(
 
     @Override
     public String getId() {
-        return "s3-encryption-sync-clientKeys";
+        return "cloud-encryption-sync-clientKeys";
     }
 
     @Override

src/main/java/com/uid2/admin/job/EncryptionJob/EncryptionKeyEncryptionJob.java

@@ -40,7 +40,7 @@ public EncryptionKeyEncryptionJob(
 
     @Override
     public String getId() {
-        return "s3-encryption-sync-encryptionKeys";
+        return "cloud-encryption-sync-encryptionKeys";
     }
 
     @Override

src/main/java/com/uid2/admin/job/EncryptionJob/KeyAclEncryptionJob.java

@@ -27,7 +27,7 @@ public KeyAclEncryptionJob(
 
     @Override
     public String getId() {
-        return "s3-encryption-sync-keyAcls";
+        return "cloud-encryption-sync-keyAcls";
     }
 
     @Override

src/main/java/com/uid2/admin/job/EncryptionJob/KeysetKeyEncryptionJob.java

@@ -35,7 +35,7 @@ public KeysetKeyEncryptionJob(Collection<OperatorKey> globalOperators,
 
     @Override
     public String getId() {
-        return "s3-encryption-sync-keysetKeys";
+        return "cloud-encryption-sync-keysetKeys";
     }
 
     @Override

src/main/java/com/uid2/admin/job/EncryptionJob/SiteEncryptionJob.java

@@ -25,7 +25,7 @@ public SiteEncryptionJob(
 
     @Override
     public String getId() {
-        return "s3-encryption-sync-sites";
+        return "cloud-encryption-sync-sites";
     }
 
     @Override

src/main/java/com/uid2/admin/job/EncryptionJob/SiteKeysetEncryptionJob.java

@@ -28,7 +28,7 @@ public SiteKeysetEncryptionJob(
 
     @Override
     public String getId() {
-        return "s3-encryption-sync-keysets";
+        return "cloud-encryption-sync-keysets";
     }
 
     @Override

src/main/java/com/uid2/admin/job/jobsync/EncryptedFilesSyncJob.java

@@ -2,7 +2,6 @@
 
 import com.fasterxml.jackson.databind.ObjectWriter;
 import com.uid2.admin.job.EncryptionJob.*;
-import com.uid2.admin.job.jobsync.acl.KeyAclSyncJob;
 import com.uid2.admin.job.EncryptionJob.ClientKeyEncryptionJob;
 import com.uid2.admin.job.model.Job;
 import com.uid2.admin.store.*;
@@ -23,7 +22,8 @@
 import com.uid2.shared.model.Site;
 import com.uid2.shared.store.CloudPath;
 import com.uid2.admin.legacy.LegacyClientKey;
-import com.uid2.shared.store.reader.RotatingS3KeyProvider;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
 import com.uid2.shared.store.scope.GlobalScope;
 import io.vertx.core.json.JsonObject;
 
@@ -34,12 +34,12 @@
 public class EncryptedFilesSyncJob extends Job {
     private final JsonObject config;
     private final WriteLock writeLock;
-    private final RotatingS3KeyProvider s3KeyProvider;
+    private final RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider;
 
-    public EncryptedFilesSyncJob(JsonObject config, WriteLock writeLock,RotatingS3KeyProvider s3KeyProvider) {
+    public EncryptedFilesSyncJob(JsonObject config, WriteLock writeLock, RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider) {
         this.config = config;
         this.writeLock = writeLock;
-        this.s3KeyProvider = s3KeyProvider;
+        this.RotatingCloudEncryptionKeyProvider = RotatingCloudEncryptionKeyProvider;
     }
 
     @Override
@@ -62,7 +62,7 @@ public void execute() throws Exception {
                 jsonWriter,
                 versionGenerator,
                 clock,
-                s3KeyProvider,
+                RotatingCloudEncryptionKeyProvider,
                 fileManager);
 
         ClientKeyStoreFactory clientKeyStoreFactory = new ClientKeyStoreFactory(
@@ -71,15 +71,15 @@ public void execute() throws Exception {
                 jsonWriter,
                 versionGenerator,
                 clock,
-                s3KeyProvider,
+                RotatingCloudEncryptionKeyProvider,
                 fileManager);
 
         EncryptionKeyStoreFactory encryptionKeyStoreFactory = new EncryptionKeyStoreFactory(
                 cloudStorage,
                 new CloudPath(config.getString(Const.Config.KeysMetadataPathProp)),
                 versionGenerator,
                 clock,
-                s3KeyProvider,
+                RotatingCloudEncryptionKeyProvider,
                 fileManager);
 
         KeyAclStoreFactory keyAclStoreFactory = new KeyAclStoreFactory(
@@ -88,7 +88,7 @@ public void execute() throws Exception {
                 jsonWriter,
                 versionGenerator,
                 clock,
-                s3KeyProvider,
+                RotatingCloudEncryptionKeyProvider,
                 fileManager);
 
         KeysetStoreFactory keysetStoreFactory = new KeysetStoreFactory(
@@ -98,7 +98,7 @@ public void execute() throws Exception {
                 versionGenerator,
                 clock,
                 fileManager,
-                s3KeyProvider,
+                RotatingCloudEncryptionKeyProvider,
                 config.getBoolean(enableKeysetConfigProp));
 
         KeysetKeyStoreFactory keysetKeyStoreFactory = new KeysetKeyStoreFactory(
@@ -107,15 +107,15 @@ public void execute() throws Exception {
                 versionGenerator,
                 clock,
                 fileManager,
-                s3KeyProvider,
+                RotatingCloudEncryptionKeyProvider,
                 config.getBoolean(enableKeysetConfigProp));
 
         CloudPath operatorMetadataPath = new CloudPath(config.getString(Const.Config.OperatorsMetadataPathProp));
         GlobalScope operatorScope = new GlobalScope(operatorMetadataPath);
         RotatingOperatorKeyProvider operatorKeyProvider = new RotatingOperatorKeyProvider(cloudStorage, cloudStorage, operatorScope);
 
         synchronized (writeLock) {
-            s3KeyProvider.loadContent();
+            RotatingCloudEncryptionKeyProvider.loadContent();
             operatorKeyProvider.loadContent(operatorKeyProvider.getMetadata());
             siteStoreFactory.getGlobalReader().loadContent(siteStoreFactory.getGlobalReader().getMetadata());
             clientKeyStoreFactory.getGlobalReader().loadContent();

src/main/java/com/uid2/admin/legacy/LegacyClientKeyStoreWriter.java

@@ -10,7 +10,7 @@
 import com.uid2.admin.store.writer.EncryptedScopedStoreWriter;
 import com.uid2.admin.store.writer.ScopedStoreWriter;
 import com.uid2.admin.store.writer.StoreWriter;
-import com.uid2.shared.store.reader.RotatingS3KeyProvider;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
 import com.uid2.shared.store.scope.EncryptedScope;
 import com.uid2.shared.store.scope.StoreScope;
 import io.vertx.core.json.JsonObject;
@@ -33,11 +33,11 @@ public LegacyClientKeyStoreWriter(RotatingLegacyClientKeyProvider provider,
                                       VersionGenerator versionGenerator,
                                       Clock clock,
                                       EncryptedScope scope,
-                                      RotatingS3KeyProvider s3KeyProvider) {
+                                      RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) {
         this.jsonWriter = jsonWriter;
         FileName dataFile = new FileName("clients", ".json");
         String dataType = "client_keys";
-        this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, s3KeyProvider, scope.getId());
+        this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, cloudEncryptionKeyProvider, scope.getId());
     }
 
     @Override

src/main/java/com/uid2/admin/legacy/RotatingLegacyClientKeyProvider.java

@@ -6,7 +6,7 @@
 import com.uid2.shared.store.CloudPath;
 import com.uid2.shared.store.EncryptedScopedStoreReader;
 import com.uid2.shared.store.ScopedStoreReader;
-import com.uid2.shared.store.reader.RotatingS3KeyProvider;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
 import com.uid2.shared.store.reader.StoreReader;
 import com.uid2.shared.store.scope.EncryptedScope;
 import com.uid2.shared.store.scope.StoreScope;
@@ -48,8 +48,8 @@ public RotatingLegacyClientKeyProvider(DownloadCloudStorage fileStreamProvider,
         this.authorizableStore = new AuthorizableStore<>(LegacyClientKey.class);
     }
 
-    public RotatingLegacyClientKeyProvider(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingS3KeyProvider s3KeyProvider) {
-        this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new LegacyClientParser(), "auth keys", s3KeyProvider);
+    public RotatingLegacyClientKeyProvider(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) {
+        this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new LegacyClientParser(), "auth keys", cloudEncryptionKeyProvider);
         this.authorizableStore = new AuthorizableStore<>(LegacyClientKey.class);
     }