Commit a25e8b54 authored by neelesh thakur's avatar neelesh thakur
Browse files

Merge branch 'master' into score-sort

parents 34fa6ded 00ba603d
This diff is collapsed.
...@@ -33,6 +33,8 @@ In order to run the service locally or remotely, you will need to have the follo ...@@ -33,6 +33,8 @@ In order to run the service locally or remotely, you will need to have the follo
| `PARTITION_API` | ex `http://localhost:8080/api/partition/v1` | Partition service endpoint | no | output of infrastructure deployment | | `PARTITION_API` | ex `http://localhost:8080/api/partition/v1` | Partition service endpoint | no | output of infrastructure deployment |
| `POLICY_API` | ex `http://localhost:8080/api/policy/v1/` | Police service endpoint | no | output of infrastructure deployment | | `POLICY_API` | ex `http://localhost:8080/api/policy/v1/` | Police service endpoint | no | output of infrastructure deployment |
| `POLICY_ID` | ex `search` | policeId from ex `http://localhost:8080/api/policy/v1/policies`. Look at `POLICY_API` | no | - | | `POLICY_ID` | ex `search` | policeId from ex `http://localhost:8080/api/policy/v1/policies`. Look at `POLICY_API` | no | - |
| `KEY_RING` | by default `csqp` | Key ring used by Search service to decrypt elastic setting | no | https://console.cloud.google.com/security/kms/keyrings |
| `KMS_KEY` | by default `searchService` | Key in key ring used by Search service to decrypt elastic setting | no | https://console.cloud.google.com/security/kms/keyrings |
### Run Locally ### Run Locally
Check that maven is installed: Check that maven is installed:
......
...@@ -51,7 +51,7 @@ public class KmsClient { ...@@ -51,7 +51,7 @@ public class KmsClient {
Preconditions.checkNotNullOrEmpty(textToBeEncrypted, "textToBeEncrypted cannot be null"); Preconditions.checkNotNullOrEmpty(textToBeEncrypted, "textToBeEncrypted cannot be null");
byte[] plaintext = textToBeEncrypted.getBytes(StandardCharsets.UTF_8); byte[] plaintext = textToBeEncrypted.getBytes(StandardCharsets.UTF_8);
String resourceName = String.format(KEY_NAME, properties.getGoogleCloudProject(), "csqp", "searchService"); String resourceName = String.format(KEY_NAME, properties.getGoogleCloudProject(), properties.getKeyRing(), properties.getKmsKey());
CloudKMS kms = createAuthorizedClient(); CloudKMS kms = createAuthorizedClient();
EncryptRequest request = new EncryptRequest().encodePlaintext(plaintext); EncryptRequest request = new EncryptRequest().encodePlaintext(plaintext);
EncryptResponse response = kms.projects().locations().keyRings().cryptoKeys() EncryptResponse response = kms.projects().locations().keyRings().cryptoKeys()
...@@ -68,7 +68,7 @@ public class KmsClient { ...@@ -68,7 +68,7 @@ public class KmsClient {
Preconditions.checkNotNullOrEmpty(textToBeDecrypted, "textToBeDecrypted cannot be null"); Preconditions.checkNotNullOrEmpty(textToBeDecrypted, "textToBeDecrypted cannot be null");
CloudKMS kms = createAuthorizedClient(); CloudKMS kms = createAuthorizedClient();
String cryptoKeyName = String.format(KEY_NAME, properties.getGoogleCloudProject(), "csqp", "searchService"); String cryptoKeyName = String.format(KEY_NAME, properties.getGoogleCloudProject(), properties.getKeyRing(), properties.getKmsKey());
DecryptRequest request = new DecryptRequest().setCiphertext(textToBeDecrypted); DecryptRequest request = new DecryptRequest().setCiphertext(textToBeDecrypted);
DecryptResponse response = kms.projects().locations().keyRings().cryptoKeys() DecryptResponse response = kms.projects().locations().keyRings().cryptoKeys()
.decrypt(cryptoKeyName, request) .decrypt(cryptoKeyName, request)
......
...@@ -8,7 +8,8 @@ JAVA_GC_OPTS=-XX:+UseG1GC -XX:+UseStringDeduplication -XX:InitiatingHeapOccupanc ...@@ -8,7 +8,8 @@ JAVA_GC_OPTS=-XX:+UseG1GC -XX:+UseStringDeduplication -XX:InitiatingHeapOccupanc
spring.jackson.deserialization.fail-on-unknown-properties=true spring.jackson.deserialization.fail-on-unknown-properties=true
elastic-datastore-id=search-service elastic-datastore-id=search-service
elastic-datastore-kind=SearchSettings elastic-datastore-kind=SearchSettings
key-ring=csqp
kms-key=searchService
#Default Cache Settings #Default Cache Settings
schema-cache-expiration=60 schema-cache-expiration=60
index-cache-expiration=60 index-cache-expiration=60
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment