diff --git a/internal/util/hookutil/cipher.go b/internal/util/hookutil/cipher.go index 93a7d69ea4..627bfcce87 100644 --- a/internal/util/hookutil/cipher.go +++ b/internal/util/hookutil/cipher.go @@ -309,18 +309,13 @@ func initCipher() error { storeCipher(nil) pathGo := paramtable.GetCipherParams().SoPathGo.GetValue() - if pathGo == "" { - log.Info("empty so path for go plugin, skip to load cipher plugin") - return nil - } - pathCpp := paramtable.GetCipherParams().SoPathCpp.GetValue() - if pathCpp == "" { - log.Info("empty so path for cpp plugin, skip to load cipher plugin") + if pathGo == "" || pathCpp == "" { + log.Info("empty so path for cipher plugin, skip to load plugin") return nil } - log.Info("start to load cipher plugin", zap.String("path", pathGo)) + log.Info("start to load cipher go plugin", zap.String("path", pathGo)) p, err := plugin.Open(pathGo) if err != nil { return fmt.Errorf("fail to open the cipher plugin, error: %s", err.Error()) @@ -332,14 +327,12 @@ func initCipher() error { return fmt.Errorf("fail to the 'CipherPlugin' object in the plugin, error: %s", err.Error()) } - var cipherVal hook.Cipher - var ok bool - cipherVal, ok = h.(hook.Cipher) + cipherVal, ok := h.(hook.Cipher) if !ok { return fmt.Errorf("fail to convert the `CipherPlugin` interface") } - initConfigs := paramtable.Get().EtcdCfg.GetAll() + initConfigs := lo.Assign(paramtable.Get().EtcdCfg.GetAll(), paramtable.GetCipherParams().GetAll()) initConfigs[CipherConfigMilvusRoleName] = paramtable.GetRole() if err = cipherVal.Init(initConfigs); err != nil { return fmt.Errorf("fail to init configs for the cipher plugin, error: %s", err.Error()) diff --git a/pkg/util/paramtable/cipher_config.go b/pkg/util/paramtable/cipher_config.go index 62491c10b9..227dc2f17c 100644 --- a/pkg/util/paramtable/cipher_config.go +++ b/pkg/util/paramtable/cipher_config.go @@ -4,14 +4,16 @@ import ( "github.com/milvus-io/milvus/pkg/v2/log" ) -const cipherYamlFile = "cipher.yaml" +const cipherYamlFile = "hook.yaml" type cipherConfig struct { cipherBase *BaseTable - SoPathGo ParamItem `refreshable:"false"` - SoPathCpp ParamItem `refreshable:"false"` - DefaultRootKey ParamItem `refreshable:"false"` + SoPathGo ParamItem `refreshable:"false"` + SoPathCpp ParamItem `refreshable:"false"` + DefaultRootKey ParamItem `refreshable:"false"` + RotationPeriodInHours ParamItem `refreshable:"false"` + KmsProvider ParamItem `refreshable:"false"` } func (c *cipherConfig) init(base *BaseTable) { @@ -20,23 +22,40 @@ func (c *cipherConfig) init(base *BaseTable) { c.SoPathGo = ParamItem{ Key: "cipherPlugin.soPathGo", - Version: "2.6.0", + Version: "2.6.1", } c.SoPathGo.Init(base.mgr) c.SoPathCpp = ParamItem{ Key: "cipherPlugin.soPathCpp", - Version: "2.6.0", + Version: "2.6.1", } c.SoPathCpp.Init(base.mgr) c.DefaultRootKey = ParamItem{ Key: "cipherPlugin.defaultKmsKeyArn", - Version: "2.6.0", + Version: "2.6.1", } c.DefaultRootKey.Init(base.mgr) + + c.RotationPeriodInHours = ParamItem{ + Key: "cipherPlugin.rotationPeriodInHours", + Version: "2.6.1", + DefaultValue: "8764", + } + c.RotationPeriodInHours.Init(base.mgr) + + c.KmsProvider = ParamItem{ + Key: "cipherPlugin.kmsProvider", + Version: "2.6.1", + } + c.KmsProvider.Init(base.mgr) } func (c *cipherConfig) Save(key string, value string) error { return c.cipherBase.Save(key, value) } + +func (c *cipherConfig) GetAll() map[string]string { + return c.cipherBase.mgr.GetConfigs() +} diff --git a/pkg/util/paramtable/runtime.go b/pkg/util/paramtable/runtime.go index 13b2db3d00..cd392026b9 100644 --- a/pkg/util/paramtable/runtime.go +++ b/pkg/util/paramtable/runtime.go @@ -55,9 +55,7 @@ func Init() { params.Init(baseTable) hookBaseTable := NewBaseTableFromYamlOnly(hookYamlFile) hookParams.init(hookBaseTable) - - cipherBaseTable := NewBaseTableFromYamlOnly(cipherYamlFile) - cipherParams.init(cipherBaseTable) + cipherParams.init(hookBaseTable) }) } @@ -66,8 +64,7 @@ func InitWithBaseTable(baseTable *BaseTable) { params.Init(baseTable) hookBaseTable := NewBaseTableFromYamlOnly(hookYamlFile) hookParams.init(hookBaseTable) - cipherBaseTable := NewBaseTableFromYamlOnly(cipherYamlFile) - cipherParams.init(cipherBaseTable) + cipherParams.init(hookBaseTable) }) }