Package io.confluent.dekregistry.storage
Class KafkaDekRegistry
java.lang.Object
io.confluent.dekregistry.storage.AbstractDekRegistry
io.confluent.dekregistry.storage.KafkaDekRegistry
- All Implemented Interfaces:
Closeable,AutoCloseable
- Direct Known Subclasses:
DekRegistry
Kafka/KCache-backed implementation of DEK Registry.
-
Field Summary
Fields inherited from class io.confluent.dekregistry.storage.AbstractDekRegistry
AWS_KMS, AZURE_KMS, cryptors, DEK_TYPE, dekSubjectSearchDefaultLimit, dekSubjectSearchMaxLimit, dekVersionSearchDefaultLimit, dekVersionSearchMaxLimit, EMPTY_AAD, GCP_KMS, initialized, initLatch, KEK_TYPE, kekSearchDefaultLimit, kekSearchMaxLimit, KEY, LATEST_VERSION, MIN_VERSION, tenantToLock, TEST_SUBJECT, VOID_TYPE, X_FORWARD_HEADER -
Constructor Summary
ConstructorsModifierConstructorDescriptionKafkaDekRegistry(SchemaRegistry schemaRegistry, MetricsManager metricsManager) protectedKafkaDekRegistry(SchemaRegistry schemaRegistry, MetricsManager metricsManager, DekRegistryConfig config) -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()protected <K,V> io.kcache.Cache<K, V> createCache(org.apache.kafka.common.serialization.Serde<K> keySerde, org.apache.kafka.common.serialization.Serde<V> valueSerde, String topic, io.kcache.CacheUpdateHandler<K, V> cacheUpdateHandler) protected io.kcache.CacheUpdateHandler<EncryptionKeyId,EncryptionKey> protected DataEncryptionKeygetDekById(DataEncryptionKeyId keyId) Get a DEK by its ID.protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeksFromStore(String tenant, String minKekName, String maxKekName, boolean lookupDeleted) Get all DEKs for a tenant within a KEK name range.protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeksFromStore(String tenant, String kekName, String subject, DekFormat algorithm, boolean lookupDeleted) Get DEKs for a specific subject and algorithm.protected KeyEncryptionKeygetKekById(KeyEncryptionKeyId keyId) Get a KEK by its ID.protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getKeksFromStore(String tenant, boolean lookupDeleted) Get all KEKs for a tenant.com.google.common.collect.SetMultimap<String,KeyEncryptionKeyId> voidinit()protected voidPerform any initialization required by the storage backend.io.kcache.Cache<EncryptionKeyId,EncryptionKey> keys()Get the underlying keys kcache (only kafka-based implementations override this).protected voidputKey(EncryptionKeyId id, EncryptionKey key) Store a key (KEK or DEK).protected voidRemove a key from storage.protected voidSync/refresh the store to ensure it's up-to-date.Methods inherited from class io.confluent.dekregistry.storage.AbstractDekRegistry
config, createDek, createDekOrForward, createKek, createKekOrForward, deleteDek, deleteDekOrForward, deleteDekVersion, deleteDekVersionOrForward, deleteKek, deleteKekOrForward, generateEncryptedDek, generateRawDek, getAead, getCryptor, getDek, getDeks, getDeks, getDeks, getDekSubjects, getDekVersions, getKek, getKekNames, getKeks, getKey, getLatestDek, getLatestDek, getMetricsManager, getSchemaRegistry, initialized, isLeader, isLeader, lock, lockFor, maybeGenerateRawDek, normalizeDekSubjectLimit, normalizeDekVersionLimit, normalizeKekLimit, normalizeKmsType, normalizeLimit, putKek, putKekOrForward, rangeKeys, testKek, toJson, toKekEntity, undeleteDek, undeleteDekOrForward, undeleteDekVersion, undeleteDekVersionOrForward, undeleteKek, undeleteKekOrForward, unlock, waitForInit
-
Constructor Details
-
KafkaDekRegistry
-
KafkaDekRegistry
protected KafkaDekRegistry(SchemaRegistry schemaRegistry, MetricsManager metricsManager, DekRegistryConfig config)
-
-
Method Details
-
createCache
protected <K,V> io.kcache.Cache<K,V> createCache(org.apache.kafka.common.serialization.Serde<K> keySerde, org.apache.kafka.common.serialization.Serde<V> valueSerde, String topic, io.kcache.CacheUpdateHandler<K, V> cacheUpdateHandler) throws io.kcache.exceptions.CacheInitializationException- Throws:
io.kcache.exceptions.CacheInitializationException
-
getCacheUpdateHandler
protected io.kcache.CacheUpdateHandler<EncryptionKeyId,EncryptionKey> getCacheUpdateHandler(DekRegistryConfig config) -
keys
Description copied from class:AbstractDekRegistryGet the underlying keys kcache (only kafka-based implementations override this). Provides backward compatibility for external components relying on direct cache access.- Overrides:
keysin classAbstractDekRegistry- Returns:
- the keys cache
-
getKeksFromStore
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getKeksFromStore(String tenant, boolean lookupDeleted) Description copied from class:AbstractDekRegistryGet all KEKs for a tenant.- Specified by:
getKeksFromStorein classAbstractDekRegistry
-
getDeksFromStore
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeksFromStore(String tenant, String minKekName, String maxKekName, boolean lookupDeleted) Description copied from class:AbstractDekRegistryGet all DEKs for a tenant within a KEK name range.- Specified by:
getDeksFromStorein classAbstractDekRegistry
-
getDeksFromStore
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeksFromStore(String tenant, String kekName, String subject, DekFormat algorithm, boolean lookupDeleted) Description copied from class:AbstractDekRegistryGet DEKs for a specific subject and algorithm.- Specified by:
getDeksFromStorein classAbstractDekRegistry
-
getKekById
Description copied from class:AbstractDekRegistryGet a KEK by its ID.- Specified by:
getKekByIdin classAbstractDekRegistry
-
getDekById
Description copied from class:AbstractDekRegistryGet a DEK by its ID.- Specified by:
getDekByIdin classAbstractDekRegistry
-
putKey
Description copied from class:AbstractDekRegistryStore a key (KEK or DEK).- Specified by:
putKeyin classAbstractDekRegistry
-
removeKey
Description copied from class:AbstractDekRegistryRemove a key from storage.- Specified by:
removeKeyin classAbstractDekRegistry
-
syncStore
protected void syncStore()Description copied from class:AbstractDekRegistrySync/refresh the store to ensure it's up-to-date.- Specified by:
syncStorein classAbstractDekRegistry
-
initStore
protected void initStore()Description copied from class:AbstractDekRegistryPerform any initialization required by the storage backend.- Specified by:
initStorein classAbstractDekRegistry
-
init
@PostConstruct public void init()- Overrides:
initin classAbstractDekRegistry
-
close
- Throws:
IOException
-