From 0c40ccef27e5f8aab4d4d032fceca3e6d4060d69 Mon Sep 17 00:00:00 2001 From: Matt Lehman Date: Thu, 29 Feb 2024 14:15:00 -0800 Subject: [PATCH] Remove GCS-specific code. It is no longer in use. --- .../priam/aws/S3CrossAccountFileSystem.java | 94 ------- .../priam/aws/S3EncryptedFileSystem.java | 197 ------------- .../priam/defaultimpl/PriamGuiceModule.java | 28 +- .../netflix/priam/google/GcsCredential.java | 54 ---- .../google/GoogleEncryptedFileSystem.java | 263 ------------------ .../priam/google/GoogleFileIterator.java | 101 ------- ...ossAccountCryptographyRestoreStrategy.java | 86 ------ .../priam/restore/EncryptedRestoreBase.java | 207 -------------- .../restore/EncryptedRestoreStrategy.java | 83 ------ .../GoogleCryptographyRestoreStrategy.java | 78 ------ .../netflix/priam/restore/RestoreContext.java | 114 +------- .../priam/restore/RestoreTokenSelector.java | 3 +- .../netflix/priam/backup/BRTestModule.java | 13 +- 13 files changed, 8 insertions(+), 1313 deletions(-) delete mode 100755 priam/src/main/java/com/netflix/priam/aws/S3CrossAccountFileSystem.java delete mode 100755 priam/src/main/java/com/netflix/priam/aws/S3EncryptedFileSystem.java delete mode 100755 priam/src/main/java/com/netflix/priam/google/GcsCredential.java delete mode 100755 priam/src/main/java/com/netflix/priam/google/GoogleEncryptedFileSystem.java delete mode 100755 priam/src/main/java/com/netflix/priam/google/GoogleFileIterator.java delete mode 100755 priam/src/main/java/com/netflix/priam/restore/AwsCrossAccountCryptographyRestoreStrategy.java delete mode 100755 priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreBase.java delete mode 100755 priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreStrategy.java delete mode 100755 priam/src/main/java/com/netflix/priam/restore/GoogleCryptographyRestoreStrategy.java diff --git a/priam/src/main/java/com/netflix/priam/aws/S3CrossAccountFileSystem.java b/priam/src/main/java/com/netflix/priam/aws/S3CrossAccountFileSystem.java deleted file mode 100755 index 5651ebb45..000000000 --- a/priam/src/main/java/com/netflix/priam/aws/S3CrossAccountFileSystem.java +++ /dev/null @@ -1,94 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.aws; - -import com.amazonaws.services.s3.AmazonS3; -import com.amazonaws.services.s3.AmazonS3Client; -import com.netflix.priam.aws.auth.IS3Credential; -import com.netflix.priam.backup.IBackupFileSystem; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.identity.config.InstanceInfo; -import javax.inject.Inject; -import javax.inject.Named; -import javax.inject.Singleton; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/* - * A version of S3FileSystem which allows it api access across different AWS accounts. - * - * *Note: ideally, this object should extend S3FileSystem but could not be done because: - * - S3FileSystem is a singleton and it uses DI. To follow the DI pattern, the best way to get this singleton is via injection. - * - S3FileSystem registers a MBean to JMX which must be only once per JVM. If not, you get - * java.lang.RuntimeException: javax.management.InstanceAlreadyExistsException: com.priam.aws.S3FileSystemMBean:name=S3FileSystemMBean - * - - */ -@Singleton -public class S3CrossAccountFileSystem { - private static final Logger logger = LoggerFactory.getLogger(S3CrossAccountFileSystem.class); - - private AmazonS3 s3Client; - private final S3FileSystem s3fs; - private final IConfiguration config; - private final IS3Credential s3Credential; - private final InstanceInfo instanceInfo; - - @Inject - public S3CrossAccountFileSystem( - @Named("backup") IBackupFileSystem fs, - @Named("awss3roleassumption") IS3Credential s3Credential, - IConfiguration config, - InstanceInfo instanceInfo) { - - this.s3fs = (S3FileSystem) fs; - this.config = config; - this.s3Credential = s3Credential; - this.instanceInfo = instanceInfo; - } - - public IBackupFileSystem getBackupFileSystem() { - return this.s3fs; - } - - public AmazonS3 getCrossAcctS3Client() { - if (this.s3Client == null) { - - synchronized (this) { - if (this.s3Client == null) { - - try { - - this.s3Client = - AmazonS3Client.builder() - .withCredentials(s3Credential.getAwsCredentialProvider()) - .withRegion(instanceInfo.getRegion()) - .build(); - - } catch (Exception e) { - throw new IllegalStateException( - "Exception in getting handle to s3 client. Msg: " - + e.getLocalizedMessage(), - e); - } - - // Lets leverage the IBackupFileSystem behaviors except we want it to use our - // amazon S3 client which has cross AWS account api capability. - this.s3fs.setS3Client(s3Client); - } - } - } - - return this.s3Client; - } -} diff --git a/priam/src/main/java/com/netflix/priam/aws/S3EncryptedFileSystem.java b/priam/src/main/java/com/netflix/priam/aws/S3EncryptedFileSystem.java deleted file mode 100755 index 098dcb62a..000000000 --- a/priam/src/main/java/com/netflix/priam/aws/S3EncryptedFileSystem.java +++ /dev/null @@ -1,197 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.aws; - -import com.amazonaws.services.s3.AmazonS3Client; -import com.amazonaws.services.s3.model.CompleteMultipartUploadResult; -import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest; -import com.amazonaws.services.s3.model.InitiateMultipartUploadResult; -import com.amazonaws.services.s3.model.PartETag; -import com.netflix.priam.backup.AbstractBackupPath; -import com.netflix.priam.backup.BackupRestoreException; -import com.netflix.priam.backup.DynamicRateLimiter; -import com.netflix.priam.backup.RangeReadInputStream; -import com.netflix.priam.compress.ChunkedStream; -import com.netflix.priam.compress.ICompression; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.cred.ICredential; -import com.netflix.priam.cryptography.IFileCryptography; -import com.netflix.priam.identity.config.InstanceInfo; -import com.netflix.priam.merics.BackupMetrics; -import com.netflix.priam.notification.BackupNotificationMgr; -import java.io.*; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.time.Instant; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Iterator; -import java.util.List; -import javax.inject.Inject; -import javax.inject.Named; -import javax.inject.Provider; -import javax.inject.Singleton; -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** Implementation of IBackupFileSystem for S3. The upload/download will work with ciphertext. */ -@Singleton -public class S3EncryptedFileSystem extends S3FileSystemBase { - - private static final Logger logger = LoggerFactory.getLogger(S3EncryptedFileSystem.class); - private final IFileCryptography encryptor; - private final DynamicRateLimiter dynamicRateLimiter; - - @Inject - public S3EncryptedFileSystem( - Provider pathProvider, - ICompression compress, - final IConfiguration config, - ICredential cred, - @Named("filecryptoalgorithm") IFileCryptography fileCryptography, - BackupMetrics backupMetrics, - BackupNotificationMgr backupNotificationMgr, - InstanceInfo instanceInfo, - DynamicRateLimiter dynamicRateLimiter) { - - super(pathProvider, compress, config, backupMetrics, backupNotificationMgr); - this.encryptor = fileCryptography; - this.dynamicRateLimiter = dynamicRateLimiter; - super.s3Client = - AmazonS3Client.builder() - .withCredentials(cred.getAwsCredentialProvider()) - .withRegion(instanceInfo.getRegion()) - .build(); - } - - @Override - protected void downloadFileImpl(AbstractBackupPath path, String suffix) - throws BackupRestoreException { - String remotePath = path.getRemotePath(); - Path localPath = Paths.get(path.newRestoreFile().getAbsolutePath() + suffix); - try (OutputStream os = new FileOutputStream(localPath.toFile()); - RangeReadInputStream rris = - new RangeReadInputStream( - s3Client, getShard(), super.getFileSize(remotePath), remotePath)) { - /* - * To handle use cases where decompression should be done outside of the download. For example, the file have been compressed and then encrypted. - * Hence, decompressing it here would compromise the decryption. - */ - IOUtils.copyLarge(rris, os); - } catch (Exception e) { - throw new BackupRestoreException( - "Exception encountered downloading " - + remotePath - + " from S3 bucket " - + getShard() - + ", Msg: " - + e.getMessage(), - e); - } - } - - @Override - protected long uploadFileImpl(AbstractBackupPath path, Instant target) - throws BackupRestoreException { - Path localPath = Paths.get(path.getBackupFile().getAbsolutePath()); - String remotePath = path.getRemotePath(); - - long chunkSize = getChunkSize(localPath); - // initialize chunking request to aws - InitiateMultipartUploadRequest initRequest = - new InitiateMultipartUploadRequest(config.getBackupPrefix(), remotePath); - // Fetch the aws generated upload id for this chunking request - InitiateMultipartUploadResult initResponse = s3Client.initiateMultipartUpload(initRequest); - DataPart part = - new DataPart(config.getBackupPrefix(), remotePath, initResponse.getUploadId()); - // Metadata on number of parts to be uploaded - List partETags = Collections.synchronizedList(new ArrayList<>()); - - // Read chunks from src, compress it, and write to temp file - File compressedDstFile = new File(localPath.toString() + ".compressed"); - if (logger.isDebugEnabled()) - logger.debug( - "Compressing {} with chunk size {}", - compressedDstFile.getAbsolutePath(), - chunkSize); - - try (InputStream in = new FileInputStream(localPath.toFile()); - BufferedOutputStream compressedBos = - new BufferedOutputStream(new FileOutputStream(compressedDstFile))) { - Iterator compressedChunks = - new ChunkedStream(in, chunkSize, path.getCompression()); - while (compressedChunks.hasNext()) { - byte[] compressedChunk = compressedChunks.next(); - compressedBos.write(compressedChunk); - } - } catch (Exception e) { - String message = - "Exception in compressing the input data during upload to EncryptedStore Msg: " - + e.getMessage(); - logger.error(message, e); - throw new BackupRestoreException(message); - } - - // == Read compressed data, encrypt each chunk, upload it to aws - try (BufferedInputStream compressedBis = - new BufferedInputStream(new FileInputStream(compressedDstFile))) { - Iterator chunks = this.encryptor.encryptStream(compressedBis, remotePath); - - // identifies this part position in the object we are uploading - int partNum = 0; - long encryptedFileSize = 0; - - while (chunks.hasNext()) { - byte[] chunk = chunks.next(); - // throttle upload to endpoint - rateLimiter.acquire(chunk.length); - dynamicRateLimiter.acquire(path, target, chunk.length); - - DataPart dp = - new DataPart( - ++partNum, - chunk, - config.getBackupPrefix(), - remotePath, - initResponse.getUploadId()); - S3PartUploader partUploader = new S3PartUploader(s3Client, dp, partETags); - encryptedFileSize += chunk.length; - executor.submit(partUploader); - } - - executor.sleepTillEmpty(); - if (partNum != partETags.size()) { - throw new BackupRestoreException( - "Number of parts(" - + partNum - + ") does not match the expected number of uploaded parts(" - + partETags.size() - + ")"); - } - - // complete the aws chunking upload by providing to aws the ETag that uniquely - // identifies the combined object datav - CompleteMultipartUploadResult resultS3MultiPartUploadComplete = - new S3PartUploader(s3Client, part, partETags).completeUpload(); - checkSuccessfulUpload(resultS3MultiPartUploadComplete, localPath); - return encryptedFileSize; - } catch (Exception e) { - new S3PartUploader(s3Client, part, partETags).abortUpload(); - throw new BackupRestoreException("Error uploading file: " + localPath, e); - } finally { - if (compressedDstFile.exists()) compressedDstFile.delete(); - } - } -} diff --git a/priam/src/main/java/com/netflix/priam/defaultimpl/PriamGuiceModule.java b/priam/src/main/java/com/netflix/priam/defaultimpl/PriamGuiceModule.java index 0f68962ac..fda267097 100644 --- a/priam/src/main/java/com/netflix/priam/defaultimpl/PriamGuiceModule.java +++ b/priam/src/main/java/com/netflix/priam/defaultimpl/PriamGuiceModule.java @@ -18,8 +18,6 @@ import com.google.inject.AbstractModule; import com.google.inject.name.Names; -import com.netflix.priam.aws.S3CrossAccountFileSystem; -import com.netflix.priam.aws.S3EncryptedFileSystem; import com.netflix.priam.aws.S3FileSystem; import com.netflix.priam.aws.auth.EC2RoleAssumptionCredential; import com.netflix.priam.aws.auth.IS3Credential; @@ -29,12 +27,6 @@ import com.netflix.priam.backupv2.MetaV1Proxy; import com.netflix.priam.backupv2.MetaV2Proxy; import com.netflix.priam.cred.ICredential; -import com.netflix.priam.cred.ICredentialGeneric; -import com.netflix.priam.cryptography.IFileCryptography; -import com.netflix.priam.cryptography.pgp.PgpCredential; -import com.netflix.priam.cryptography.pgp.PgpCryptography; -import com.netflix.priam.google.GcsCredential; -import com.netflix.priam.google.GoogleEncryptedFileSystem; import com.netflix.spectator.api.NoopRegistry; import com.netflix.spectator.api.Registry; import org.quartz.SchedulerFactory; @@ -45,31 +37,13 @@ public class PriamGuiceModule extends AbstractModule { protected void configure() { bind(SchedulerFactory.class).to(StdSchedulerFactory.class).asEagerSingleton(); - bind(IBackupFileSystem.class).annotatedWith(Names.named("backup")).to(S3FileSystem.class); - bind(IBackupFileSystem.class) - .annotatedWith(Names.named("encryptedbackup")) - .to(S3EncryptedFileSystem.class); - - bind(S3CrossAccountFileSystem.class); - - bind(IBackupFileSystem.class) - .annotatedWith(Names.named("gcsencryptedbackup")) - .to(GoogleEncryptedFileSystem.class); + bind(IBackupFileSystem.class).to(S3FileSystem.class); bind(IS3Credential.class) .annotatedWith(Names.named("awss3roleassumption")) .to(S3RoleAssumptionCredential.class); bind(ICredential.class) .annotatedWith(Names.named("awsec2roleassumption")) .to(EC2RoleAssumptionCredential.class); - bind(IFileCryptography.class) - .annotatedWith(Names.named("filecryptoalgorithm")) - .to(PgpCryptography.class); - bind(ICredentialGeneric.class) - .annotatedWith(Names.named("gcscredential")) - .to(GcsCredential.class); - bind(ICredentialGeneric.class) - .annotatedWith(Names.named("pgpcredential")) - .to(PgpCredential.class); bind(IMetaProxy.class).annotatedWith(Names.named("v1")).to(MetaV1Proxy.class); bind(IMetaProxy.class).annotatedWith(Names.named("v2")).to(MetaV2Proxy.class); bind(Registry.class).toInstance(new NoopRegistry()); diff --git a/priam/src/main/java/com/netflix/priam/google/GcsCredential.java b/priam/src/main/java/com/netflix/priam/google/GcsCredential.java deleted file mode 100755 index f8447c3bb..000000000 --- a/priam/src/main/java/com/netflix/priam/google/GcsCredential.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.google; - -import com.amazonaws.auth.AWSCredentialsProvider; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.cred.ICredentialGeneric; -import javax.inject.Inject; - -/* - * A generic implementation of fetch keys as plaintext. The key values are used with Google Cloud Storage. Users may - * want to provide an implementation where your key(s)' value is decrypted using AES encryption algorithm. - */ -public class GcsCredential implements ICredentialGeneric { - - private final IConfiguration config; - - @Inject - public GcsCredential(IConfiguration config) { - this.config = config; - } - - @Override - public AWSCredentialsProvider getAwsCredentialProvider() { - // TODO Auto-generated method stub - return null; - } - - @Override - public byte[] getValue(KEY key) { - if (key == null) { - throw new NullPointerException("Credential key cannot be null."); - } - - if (key.equals(KEY.GCS_PRIVATE_KEY_LOC)) { - return this.config.getGcsServiceAccountPrivateKeyLoc().getBytes(); - } else if (key.equals(KEY.GCS_SERVICE_ID)) { - return this.config.getGcsServiceAccountId().getBytes(); - } else { - throw new IllegalArgumentException("Key value not supported."); - } - } -} diff --git a/priam/src/main/java/com/netflix/priam/google/GoogleEncryptedFileSystem.java b/priam/src/main/java/com/netflix/priam/google/GoogleEncryptedFileSystem.java deleted file mode 100755 index edb42ca4f..000000000 --- a/priam/src/main/java/com/netflix/priam/google/GoogleEncryptedFileSystem.java +++ /dev/null @@ -1,263 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.google; - -import com.google.api.client.auth.oauth2.Credential; -import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; -import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; -import com.google.api.client.http.HttpTransport; -import com.google.api.client.json.JsonFactory; -import com.google.api.client.json.jackson2.JacksonFactory; -import com.google.api.services.storage.Storage; -import com.google.api.services.storage.StorageScopes; -import com.netflix.priam.backup.AbstractBackupPath; -import com.netflix.priam.backup.AbstractFileSystem; -import com.netflix.priam.backup.BackupRestoreException; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.cred.ICredentialGeneric; -import com.netflix.priam.cred.ICredentialGeneric.KEY; -import com.netflix.priam.merics.BackupMetrics; -import com.netflix.priam.notification.BackupNotificationMgr; -import java.io.*; -import java.nio.file.Path; -import java.time.Instant; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import javax.inject.Inject; -import javax.inject.Named; -import javax.inject.Provider; -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class GoogleEncryptedFileSystem extends AbstractFileSystem { - - private static final Logger logger = LoggerFactory.getLogger(GoogleEncryptedFileSystem.class); - - private static final String APPLICATION_NAME = "gdl"; - private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance(); - - private HttpTransport httpTransport; - // represents our "service account" credentials we will use to access GCS - private Credential credential; - private Storage gcsStorageHandle; - private Storage.Objects objectsResoruceHandle = null; - private String srcBucketName; - private final IConfiguration config; - - private final ICredentialGeneric gcsCredential; - private final BackupMetrics backupMetrics; - - @Inject - public GoogleEncryptedFileSystem( - Provider pathProvider, - final IConfiguration config, - @Named("gcscredential") ICredentialGeneric credential, - BackupMetrics backupMetrics, - BackupNotificationMgr backupNotificationManager) { - super(config, backupMetrics, backupNotificationManager, pathProvider); - this.backupMetrics = backupMetrics; - this.config = config; - this.gcsCredential = credential; - - try { - this.httpTransport = GoogleNetHttpTransport.newTrustedTransport(); - } catch (Exception e) { - throw new IllegalStateException( - "Unable to create a handle to the Google Http tranport", e); - } - - this.srcBucketName = getShard(); - } - - private Storage.Objects constructObjectResourceHandle() { - if (this.objectsResoruceHandle != null) { - return this.objectsResoruceHandle; - } - - constructGcsStorageHandle(); - this.objectsResoruceHandle = this.gcsStorageHandle.objects(); - return this.objectsResoruceHandle; - } - - /* - * Get a handle to the GCS api to manage our data within their storage. Code derive from - * https://code.google.com/p/google-api-java-client/source/browse/storage-cmdline-sample/src/main/java/com/google/api/services/samples/storage/cmdline/StorageSample.java?repo=samples - * - * Note: GCS storage will use our credential to do auto-refresh of expired tokens - */ - private Storage constructGcsStorageHandle() { - if (this.gcsStorageHandle != null) { - return this.gcsStorageHandle; - } - - try { - constructGcsCredential(); - } catch (Exception e) { - throw new IllegalStateException("Exception during GCS authorization", e); - } - - this.gcsStorageHandle = - new Storage.Builder(this.httpTransport, JSON_FACTORY, this.credential) - .setApplicationName(APPLICATION_NAME) - .build(); - return this.gcsStorageHandle; - } - - /** - * Authorizes the installed application to access user's protected data, code from - * https://developers.google.com/maps-engine/documentation/oauth/serviceaccount and - * http://javadoc.google-api-java-client.googlecode.com/hg/1.8.0-beta/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.html - */ - private Credential constructGcsCredential() throws Exception { - - if (this.credential != null) { - return this.credential; - } - - synchronized (this) { - if (this.credential == null) { - - String service_acct_email = - new String(this.gcsCredential.getValue(KEY.GCS_SERVICE_ID)); - - if (this.config.getGcsServiceAccountPrivateKeyLoc() == null - || this.config.getGcsServiceAccountPrivateKeyLoc().isEmpty()) { - throw new NullPointerException( - "Fast property for the the GCS private key file is null/empty."); - } - - // Take the encrypted private key, decrypted into an in-transit file which is passed - // to GCS - File gcsPrivateKeyHandle = - new File(this.config.getGcsServiceAccountPrivateKeyLoc() + ".output"); - - ByteArrayOutputStream byteos = new ByteArrayOutputStream(); - - byte[] gcsPrivateKeyPlainText = - this.gcsCredential.getValue(KEY.GCS_PRIVATE_KEY_LOC); - try (BufferedOutputStream bos = - new BufferedOutputStream(new FileOutputStream(gcsPrivateKeyHandle))) { - byteos.write(gcsPrivateKeyPlainText); - byteos.writeTo(bos); - } catch (IOException e) { - throw new IOException( - "Exception when writing decrypted gcs private key value to disk.", e); - } - - Collection scopes = new ArrayList<>(1); - scopes.add(StorageScopes.DEVSTORAGE_READ_ONLY); - // Cryptex decrypted service account key derive from the GCS console - this.credential = - new GoogleCredential.Builder() - .setTransport(this.httpTransport) - .setJsonFactory(JSON_FACTORY) - .setServiceAccountId(service_acct_email) - .setServiceAccountScopes(scopes) - .setServiceAccountPrivateKeyFromP12File(gcsPrivateKeyHandle) - .build(); - } - } - - return this.credential; - } - - @Override - protected void downloadFileImpl(AbstractBackupPath path, String suffix) - throws BackupRestoreException { - String remotePath = path.getRemotePath(); - File localFile = new File(path.newRestoreFile().getAbsolutePath() + suffix); - String objectName = parseObjectname(getPrefix().toString()); - com.google.api.services.storage.Storage.Objects.Get get; - - try { - get = constructObjectResourceHandle().get(this.srcBucketName, remotePath); - } catch (IOException e) { - throw new BackupRestoreException( - "IO error retrieving metadata for: " - + objectName - + " from bucket: " - + this.srcBucketName, - e); - } - - // If you're not using GCS' AppEngine, download the whole thing (instead of chunks) in one - // request, if possible. - get.getMediaHttpDownloader().setDirectDownloadEnabled(true); - try (OutputStream os = new FileOutputStream(localFile); - InputStream is = get.executeMediaAsInputStream()) { - IOUtils.copyLarge(is, os); - } catch (IOException e) { - throw new BackupRestoreException( - "IO error during streaming of object: " - + objectName - + " from bucket: " - + this.srcBucketName, - e); - } catch (Exception ex) { - throw new BackupRestoreException( - "Exception encountered when copying bytes from input to output", ex); - } - - backupMetrics.recordDownloadRate(get.getLastResponseHeaders().getContentLength()); - } - - @Override - protected boolean doesRemoteFileExist(Path remotePath) { - // TODO: Implement based on GCS. Since this is only used for upload, leaving it empty - return false; - } - - @Override - public Iterator listFileSystem(String prefix, String delimiter, String marker) { - return new GoogleFileIterator(constructGcsStorageHandle(), prefix, null); - } - - @Override - public void cleanup() { - // TODO Auto-generated method stub - } - - @Override - public void shutdown() { - // TODO Auto-generated method stub - } - - @Override - protected long uploadFileImpl(AbstractBackupPath path, Instant target) - throws BackupRestoreException { - throw new UnsupportedOperationException(); - } - - @Override - public long getFileSize(String remotePath) throws BackupRestoreException { - return 0; - } - - @Override - public void deleteFiles(List remotePaths) throws BackupRestoreException { - // TODO: Delete implementation - } - - /* - * @param pathPrefix - * @return objectName - */ - static String parseObjectname(String pathPrefix) { - int offset = pathPrefix.lastIndexOf(0x2f); - return pathPrefix.substring(offset + 1); - } -} diff --git a/priam/src/main/java/com/netflix/priam/google/GoogleFileIterator.java b/priam/src/main/java/com/netflix/priam/google/GoogleFileIterator.java deleted file mode 100755 index ac06e5592..000000000 --- a/priam/src/main/java/com/netflix/priam/google/GoogleFileIterator.java +++ /dev/null @@ -1,101 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.google; - -import com.google.api.services.storage.Storage; -import com.google.api.services.storage.model.StorageObject; -import com.google.common.collect.Lists; -import java.io.IOException; -import java.util.Iterator; -import java.util.List; - -/* - * Represents a list of objects within Google Cloud Storage (GCS) - */ -public class GoogleFileIterator implements Iterator { - private Iterator iterator; - private String bucketName; - private String prefix; - private Storage.Objects objectsResoruceHandle = null; - private Storage.Objects.List listObjectsSrvcHandle = null; - private com.google.api.services.storage.model.Objects objectsContainerHandle = null; - - public GoogleFileIterator(Storage gcsStorageHandle, String bucket, String prefix) { - - this.objectsResoruceHandle = gcsStorageHandle.objects(); - this.bucketName = bucket; - this.prefix = prefix; - - try { // == Get the initial page of results - this.iterator = createIterator(); - } catch (Exception e) { - throw new RuntimeException( - "Exception encountered fetching elements, msg: ." + e.getLocalizedMessage(), e); - } - } - - private void initListing() { - try { - - this.listObjectsSrvcHandle = - objectsResoruceHandle.list(bucketName); // == list objects within bucket - // fetch elements within bucket that matches this prefix - this.listObjectsSrvcHandle.setPrefix(this.prefix); - } catch (IOException e) { - throw new RuntimeException("Unable to get gcslist handle to bucket: " + bucketName, e); - } - } - - /* - * Fetch a page of results - */ - private Iterator createIterator() throws Exception { - if (listObjectsSrvcHandle == null) initListing(); - List temp = Lists.newArrayList(); // a container of results - - // Sends the metadata request to the server and returns the parsed metadata response. - this.objectsContainerHandle = listObjectsSrvcHandle.execute(); - - for (StorageObject object : this.objectsContainerHandle.getItems()) { - // processing a page of results - temp.add(object.getName()); - } - return temp.iterator(); - } - - @Override - public boolean hasNext() { - if (this.iterator.hasNext()) { - return true; - } - - while (this.objectsContainerHandle.getNextPageToken() != null && !iterator.hasNext()) - try { // if here, you have iterated through all elements of the previous page, now, get - // the next page of results - this.listObjectsSrvcHandle.setPageToken(objectsContainerHandle.getNextPageToken()); - this.iterator = createIterator(); - } catch (Exception e) { - throw new RuntimeException( - "Exception encountered fetching elements, see previous messages for details.", - e); - } - - return this.iterator.hasNext(); - } - - @Override - public String next() { - return iterator.next(); - } -} diff --git a/priam/src/main/java/com/netflix/priam/restore/AwsCrossAccountCryptographyRestoreStrategy.java b/priam/src/main/java/com/netflix/priam/restore/AwsCrossAccountCryptographyRestoreStrategy.java deleted file mode 100755 index 565fe764d..000000000 --- a/priam/src/main/java/com/netflix/priam/restore/AwsCrossAccountCryptographyRestoreStrategy.java +++ /dev/null @@ -1,86 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.restore; - -import com.netflix.priam.aws.S3CrossAccountFileSystem; -import com.netflix.priam.backup.AbstractBackupPath; -import com.netflix.priam.backup.MetaData; -import com.netflix.priam.compress.ICompression; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.cred.ICredentialGeneric; -import com.netflix.priam.cryptography.IFileCryptography; -import com.netflix.priam.defaultimpl.ICassandraProcess; -import com.netflix.priam.health.InstanceState; -import com.netflix.priam.identity.InstanceIdentity; -import com.netflix.priam.scheduler.SimpleTimer; -import com.netflix.priam.scheduler.TaskTimer; -import com.netflix.priam.utils.Sleeper; -import javax.inject.Inject; -import javax.inject.Named; -import javax.inject.Provider; -import javax.inject.Singleton; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/* - * A strategy to restore from an AWS bucket whose objects are not owned by the current IAM role thus requiring AWS cross account assumption. - * In addition, this strategy will handle data which has been encrypted. - */ - -@Singleton -public class AwsCrossAccountCryptographyRestoreStrategy extends EncryptedRestoreBase { - private static final Logger logger = - LoggerFactory.getLogger(AwsCrossAccountCryptographyRestoreStrategy.class); - public static final String JOBNAME = "AWS_CROSS_ACCT_CRYPTOGRAPHY_RESTORE_JOB"; - - // Note: see javadoc for S3CrossAccountFileSystem for reason why we inject a concrete class - // (S3CrossAccountFileSystem) instead of the inteface IBackupFileSystem - @Inject - public AwsCrossAccountCryptographyRestoreStrategy( - final IConfiguration config, - ICassandraProcess cassProcess, - S3CrossAccountFileSystem crossAcctfs, - Sleeper sleeper, - @Named("filecryptoalgorithm") IFileCryptography fileCryptography, - @Named("pgpcredential") ICredentialGeneric credential, - ICompression compress, - Provider pathProvider, - InstanceIdentity id, - RestoreTokenSelector tokenSelector, - MetaData metaData, - InstanceState instanceState, - IPostRestoreHook postRestoreHook) { - - super( - config, - crossAcctfs.getBackupFileSystem(), - JOBNAME, - sleeper, - cassProcess, - pathProvider, - id, - tokenSelector, - credential, - fileCryptography, - compress, - metaData, - instanceState, - postRestoreHook); - } - - /** @return a timer used by the scheduler to determine when "this" should be run. */ - public static TaskTimer getTimer() { - return new SimpleTimer(JOBNAME); - } -} diff --git a/priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreBase.java b/priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreBase.java deleted file mode 100755 index 0b7012782..000000000 --- a/priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreBase.java +++ /dev/null @@ -1,207 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.restore; - -import com.netflix.priam.backup.AbstractBackupPath; -import com.netflix.priam.backup.IBackupFileSystem; -import com.netflix.priam.backup.MetaData; -import com.netflix.priam.compress.CompressionType; -import com.netflix.priam.compress.ICompression; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.cred.ICredentialGeneric; -import com.netflix.priam.cryptography.IFileCryptography; -import com.netflix.priam.defaultimpl.ICassandraProcess; -import com.netflix.priam.health.InstanceState; -import com.netflix.priam.identity.InstanceIdentity; -import com.netflix.priam.scheduler.NamedThreadPoolExecutor; -import com.netflix.priam.utils.RetryableCallable; -import com.netflix.priam.utils.Sleeper; -import java.io.*; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.concurrent.Future; -import java.util.concurrent.ThreadPoolExecutor; -import javax.inject.Provider; -import org.bouncycastle.util.io.Streams; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** Provides common functionality applicable to all restore strategies */ -public abstract class EncryptedRestoreBase extends AbstractRestore { - private static final Logger logger = LoggerFactory.getLogger(EncryptedRestoreBase.class); - private static final String TMP_SUFFIX = ".tmp"; - - private final String jobName; - private final ICredentialGeneric pgpCredential; - private final IFileCryptography fileCryptography; - private final ICompression compress; - private final ThreadPoolExecutor executor; - - protected EncryptedRestoreBase( - IConfiguration config, - IBackupFileSystem fs, - String jobName, - Sleeper sleeper, - ICassandraProcess cassProcess, - Provider pathProvider, - InstanceIdentity instanceIdentity, - RestoreTokenSelector tokenSelector, - ICredentialGeneric pgpCredential, - IFileCryptography fileCryptography, - ICompression compress, - MetaData metaData, - InstanceState instanceState, - IPostRestoreHook postRestoreHook) { - super( - config, - fs, - jobName, - sleeper, - pathProvider, - instanceIdentity, - tokenSelector, - cassProcess, - instanceState, - postRestoreHook); - - this.jobName = jobName; - this.pgpCredential = pgpCredential; - this.fileCryptography = fileCryptography; - this.compress = compress; - executor = new NamedThreadPoolExecutor(config.getRestoreThreads(), jobName); - executor.allowCoreThreadTimeOut(true); - logger.info( - "Trying to restore cassandra cluster with filesystem: {}, RestoreStrategy: {}, Encryption: ON, Compression: {}", - fs.getClass(), - jobName, - compress.getClass()); - } - - @Override - protected final Future downloadFile(final AbstractBackupPath path) throws Exception { - final char[] passPhrase = - new String(this.pgpCredential.getValue(ICredentialGeneric.KEY.PGP_PASSWORD)) - .toCharArray(); - File restoreLocation = path.newRestoreFile(); - File tempFile = new File(restoreLocation.getAbsolutePath() + TMP_SUFFIX); - - return executor.submit( - new RetryableCallable() { - - @Override - public Path retriableCall() throws Exception { - - // == download object from source bucket - try { - // Not retrying to download file here as it is already in RetryCallable. - fs.downloadFile(path, TMP_SUFFIX, 0 /* retries */); - } catch (Exception ex) { - // This behavior is retryable; therefore, lets get to a clean state - // before each retry. - if (tempFile.exists()) { - tempFile.createNewFile(); - } - - throw new Exception( - "Exception downloading file from: " - + path.getRemotePath() - + " to: " - + tempFile.getAbsolutePath(), - ex); - } - - // == object downloaded successfully from source, decrypt it. - File decryptedFile = new File(tempFile.getAbsolutePath() + ".decrypted"); - try (OutputStream fOut = - new BufferedOutputStream( - new FileOutputStream( - decryptedFile)); // destination file after - // decryption) - InputStream in = - new BufferedInputStream( - new FileInputStream(tempFile.getAbsolutePath()))) { - InputStream encryptedDataInputStream = - fileCryptography.decryptStream( - in, passPhrase, tempFile.getAbsolutePath()); - Streams.pipeAll(encryptedDataInputStream, fOut); - logger.info( - "Completed decrypting file: {} to final file dest: {}", - tempFile.getAbsolutePath(), - decryptedFile.getAbsolutePath()); - - } catch (Exception ex) { - // This behavior is retryable; therefore, lets get to a clean state - // before each retry. - if (tempFile.exists()) { - tempFile.createNewFile(); - } - - if (decryptedFile.exists()) { - decryptedFile.createNewFile(); - } - - throw new Exception( - "Exception during decryption file: " - + decryptedFile.getAbsolutePath(), - ex); - } - - // == object is downloaded and decrypted, now uncompress it if necessary - if (path.getCompression() == CompressionType.NONE) { - Files.move(decryptedFile.toPath(), restoreLocation.toPath()); - } else { - logger.info( - "Start uncompressing file: {} to the FINAL destination stream", - decryptedFile.getAbsolutePath()); - - try (InputStream is = - new BufferedInputStream( - new FileInputStream(decryptedFile)); - BufferedOutputStream finalDestination = - new BufferedOutputStream( - new FileOutputStream(restoreLocation))) { - compress.decompressAndClose(is, finalDestination); - } catch (Exception ex) { - throw new Exception( - "Exception uncompressing file: " - + decryptedFile.getAbsolutePath() - + " to the FINAL destination stream", - ex); - } - - logger.info( - "Completed uncompressing file: {} to the FINAL destination stream " - + " current worker: {}", - decryptedFile.getAbsolutePath(), - Thread.currentThread().getName()); - } - // if here, everything was successful for this object, lets remove unneeded - // file(s) - if (tempFile.exists()) tempFile.delete(); - - if (decryptedFile.exists()) { - decryptedFile.delete(); - } - - return Paths.get(path.getRemotePath()); - } - }); - } - - @Override - public String getName() { - return this.jobName; - } -} diff --git a/priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreStrategy.java b/priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreStrategy.java deleted file mode 100755 index 48197758c..000000000 --- a/priam/src/main/java/com/netflix/priam/restore/EncryptedRestoreStrategy.java +++ /dev/null @@ -1,83 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.restore; - -import com.netflix.priam.backup.AbstractBackupPath; -import com.netflix.priam.backup.IBackupFileSystem; -import com.netflix.priam.backup.MetaData; -import com.netflix.priam.compress.ICompression; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.cred.ICredentialGeneric; -import com.netflix.priam.cryptography.IFileCryptography; -import com.netflix.priam.defaultimpl.ICassandraProcess; -import com.netflix.priam.health.InstanceState; -import com.netflix.priam.identity.InstanceIdentity; -import com.netflix.priam.scheduler.SimpleTimer; -import com.netflix.priam.scheduler.TaskTimer; -import com.netflix.priam.utils.Sleeper; -import javax.inject.Inject; -import javax.inject.Named; -import javax.inject.Provider; -import javax.inject.Singleton; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/* - * A strategy to restore encrypted data from a primary AWS account - */ -@Singleton -public class EncryptedRestoreStrategy extends EncryptedRestoreBase { - private static final Logger logger = LoggerFactory.getLogger(EncryptedRestoreStrategy.class); - public static final String JOBNAME = "CRYPTOGRAPHY_RESTORE_JOB"; - - @Inject - public EncryptedRestoreStrategy( - final IConfiguration config, - ICassandraProcess cassProcess, - @Named("encryptedbackup") IBackupFileSystem fs, - Sleeper sleeper, - @Named("filecryptoalgorithm") IFileCryptography fileCryptography, - @Named("pgpcredential") ICredentialGeneric credential, - ICompression compress, - Provider pathProvider, - InstanceIdentity id, - RestoreTokenSelector tokenSelector, - MetaData metaData, - InstanceState instanceState, - IPostRestoreHook postRestoreHook) { - - super( - config, - fs, - JOBNAME, - sleeper, - cassProcess, - pathProvider, - id, - tokenSelector, - credential, - fileCryptography, - compress, - metaData, - instanceState, - postRestoreHook); - } - - /* - * @return a timer used by the scheduler to determine when "this" should be run. - */ - public static TaskTimer getTimer() { - return new SimpleTimer(JOBNAME); - } -} diff --git a/priam/src/main/java/com/netflix/priam/restore/GoogleCryptographyRestoreStrategy.java b/priam/src/main/java/com/netflix/priam/restore/GoogleCryptographyRestoreStrategy.java deleted file mode 100755 index c735d254e..000000000 --- a/priam/src/main/java/com/netflix/priam/restore/GoogleCryptographyRestoreStrategy.java +++ /dev/null @@ -1,78 +0,0 @@ -/** - * Copyright 2017 Netflix, Inc. - * - *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.netflix.priam.restore; - -import com.netflix.priam.backup.AbstractBackupPath; -import com.netflix.priam.backup.IBackupFileSystem; -import com.netflix.priam.backup.MetaData; -import com.netflix.priam.compress.ICompression; -import com.netflix.priam.config.IConfiguration; -import com.netflix.priam.cred.ICredentialGeneric; -import com.netflix.priam.cryptography.IFileCryptography; -import com.netflix.priam.defaultimpl.ICassandraProcess; -import com.netflix.priam.health.InstanceState; -import com.netflix.priam.identity.InstanceIdentity; -import com.netflix.priam.scheduler.SimpleTimer; -import com.netflix.priam.scheduler.TaskTimer; -import com.netflix.priam.utils.Sleeper; -import javax.inject.Inject; -import javax.inject.Named; -import javax.inject.Provider; -import javax.inject.Singleton; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -@Singleton -public class GoogleCryptographyRestoreStrategy extends EncryptedRestoreBase { - private static final Logger logger = - LoggerFactory.getLogger(GoogleCryptographyRestoreStrategy.class); - public static final String JOBNAME = "GOOGLECLOUDSTORAGE_RESTORE_JOB"; - - @Inject - public GoogleCryptographyRestoreStrategy( - final IConfiguration config, - ICassandraProcess cassProcess, - @Named("gcsencryptedbackup") IBackupFileSystem fs, - Sleeper sleeper, - @Named("filecryptoalgorithm") IFileCryptography fileCryptography, - @Named("pgpcredential") ICredentialGeneric credential, - ICompression compress, - Provider pathProvider, - InstanceIdentity id, - RestoreTokenSelector tokenSelector, - MetaData metaData, - InstanceState instanceState, - IPostRestoreHook postRestoreHook) { - super( - config, - fs, - JOBNAME, - sleeper, - cassProcess, - pathProvider, - id, - tokenSelector, - credential, - fileCryptography, - compress, - metaData, - instanceState, - postRestoreHook); - } - - /** @return a timer used by the scheduler to determine when "this" should be run. */ - public static TaskTimer getTimer() { - return new SimpleTimer(JOBNAME); - } -} diff --git a/priam/src/main/java/com/netflix/priam/restore/RestoreContext.java b/priam/src/main/java/com/netflix/priam/restore/RestoreContext.java index 2252acfc9..f88c57ddb 100755 --- a/priam/src/main/java/com/netflix/priam/restore/RestoreContext.java +++ b/priam/src/main/java/com/netflix/priam/restore/RestoreContext.java @@ -15,7 +15,6 @@ import com.netflix.priam.config.IConfiguration; import com.netflix.priam.scheduler.PriamScheduler; -import com.netflix.priam.scheduler.UnsupportedTypeException; import javax.inject.Inject; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; @@ -41,113 +40,10 @@ public boolean isRestoreEnabled() { public void restore() throws Exception { if (!isRestoreEnabled()) return; - - // Restore is required. - if (StringUtils.isEmpty(config.getRestoreSourceType()) && !config.isRestoreEncrypted()) { - // Restore is needed and it will be done from the primary AWS account - scheduler.addTask( - Restore.JOBNAME, - Restore.class, - Restore.getTimer()); // restore from the AWS primary acct - logger.info("Scheduled task " + Restore.JOBNAME); - } else if (config.isRestoreEncrypted()) { - SourceType sourceType = SourceType.lookup(config.getRestoreSourceType(), true, false); - - if (sourceType == null) { - scheduler.addTask( - EncryptedRestoreStrategy.JOBNAME, - EncryptedRestoreStrategy.class, - EncryptedRestoreStrategy.getTimer()); - logger.info("Scheduled task " + Restore.JOBNAME); - return; - } - - switch (sourceType) { - case AWSCROSSACCT: - scheduler.addTask( - AwsCrossAccountCryptographyRestoreStrategy.JOBNAME, - AwsCrossAccountCryptographyRestoreStrategy.class, - AwsCrossAccountCryptographyRestoreStrategy.getTimer()); - logger.info( - "Scheduled task " + AwsCrossAccountCryptographyRestoreStrategy.JOBNAME); - break; - - case GOOGLE: - scheduler.addTask( - GoogleCryptographyRestoreStrategy.JOBNAME, - GoogleCryptographyRestoreStrategy.class, - GoogleCryptographyRestoreStrategy.getTimer()); - logger.info("Scheduled task " + GoogleCryptographyRestoreStrategy.JOBNAME); - break; - } - } - } - - enum SourceType { - AWSCROSSACCT("AWSCROSSACCT"), - GOOGLE("GOOGLE"); - - private static final Logger logger = LoggerFactory.getLogger(SourceType.class); - - private final String sourceType; - - SourceType(String sourceType) { - this.sourceType = sourceType.toUpperCase(); - } - - public static SourceType lookup( - String sourceType, boolean acceptNullOrEmpty, boolean acceptIllegalValue) - throws UnsupportedTypeException { - if (StringUtils.isEmpty(sourceType)) - if (acceptNullOrEmpty) return null; - else { - String message = - String.format( - "%s is not a supported SourceType. Supported values are %s", - sourceType, getSupportedValues()); - logger.error(message); - throw new UnsupportedTypeException(message); - } - - try { - return SourceType.valueOf(sourceType.toUpperCase()); - } catch (IllegalArgumentException ex) { - String message = - String.format( - "%s is not a supported SourceType. Supported values are %s", - sourceType, getSupportedValues()); - - if (acceptIllegalValue) { - message = - message - + ". Since acceptIllegalValue is set to True, returning NULL instead."; - logger.error(message); - return null; - } - - logger.error(message); - throw new UnsupportedTypeException(message, ex); - } - } - - private static String getSupportedValues() { - StringBuilder supportedValues = new StringBuilder(); - boolean first = true; - for (SourceType type : SourceType.values()) { - if (!first) supportedValues.append(","); - supportedValues.append(type); - first = false; - } - - return supportedValues.toString(); - } - - public static SourceType lookup(String sourceType) throws UnsupportedTypeException { - return lookup(sourceType, false, false); - } - - public String getSourceType() { - return sourceType; - } + scheduler.addTask( + Restore.JOBNAME, + Restore.class, + Restore.getTimer()); // restore from the AWS primary acct + logger.info("Scheduled task " + Restore.JOBNAME); } } diff --git a/priam/src/main/java/com/netflix/priam/restore/RestoreTokenSelector.java b/priam/src/main/java/com/netflix/priam/restore/RestoreTokenSelector.java index 016dcfd07..4d6701143 100644 --- a/priam/src/main/java/com/netflix/priam/restore/RestoreTokenSelector.java +++ b/priam/src/main/java/com/netflix/priam/restore/RestoreTokenSelector.java @@ -25,7 +25,6 @@ import java.util.Iterator; import java.util.List; import javax.inject.Inject; -import javax.inject.Named; /** Runs algorithms as finding closest token from a list of token (in a backup) */ public class RestoreTokenSelector { @@ -33,7 +32,7 @@ public class RestoreTokenSelector { private final IBackupFileSystem fs; @Inject - public RestoreTokenSelector(ITokenManager tokenManager, @Named("backup") IBackupFileSystem fs) { + public RestoreTokenSelector(ITokenManager tokenManager, IBackupFileSystem fs) { this.tokenManager = tokenManager; this.fs = fs; diff --git a/priam/src/test/java/com/netflix/priam/backup/BRTestModule.java b/priam/src/test/java/com/netflix/priam/backup/BRTestModule.java index 6a1425f49..ec626b72f 100644 --- a/priam/src/test/java/com/netflix/priam/backup/BRTestModule.java +++ b/priam/src/test/java/com/netflix/priam/backup/BRTestModule.java @@ -30,8 +30,6 @@ import com.netflix.priam.config.IBackupRestoreConfig; import com.netflix.priam.config.IConfiguration; import com.netflix.priam.cred.ICredential; -import com.netflix.priam.cryptography.IFileCryptography; -import com.netflix.priam.cryptography.pgp.PgpCryptography; import com.netflix.priam.defaultimpl.FakeCassandraProcess; import com.netflix.priam.defaultimpl.ICassandraProcess; import com.netflix.priam.identity.FakeMembership; @@ -68,22 +66,13 @@ protected void configure() { bind(IMembership.class) .toInstance(new FakeMembership(Collections.singletonList("fakeInstance1"))); bind(ICredential.class).to(FakeNullCredential.class).in(Scopes.SINGLETON); - bind(IBackupFileSystem.class) - .annotatedWith(Names.named("backup")) - .to(FakeBackupFileSystem.class) - .in(Scopes.SINGLETON); + bind(IBackupFileSystem.class).to(FakeBackupFileSystem.class).in(Scopes.SINGLETON); bind(Sleeper.class).to(FakeSleeper.class); bind(IS3Credential.class) .annotatedWith(Names.named("awss3roleassumption")) .to(S3RoleAssumptionCredential.class); - bind(IBackupFileSystem.class) - .annotatedWith(Names.named("encryptedbackup")) - .to(NullBackupFileSystem.class); - bind(IFileCryptography.class) - .annotatedWith(Names.named("filecryptoalgorithm")) - .to(PgpCryptography.class); bind(ICassandraProcess.class).to(FakeCassandraProcess.class); bind(IPostRestoreHook.class).to(FakePostRestoreHook.class); bind(Registry.class).toInstance(new DefaultRegistry());