Skip to content

Add --tokenKMSEncryptionKey option for PubSubToSplunkTemplate.#123

Merged
ryanmcdowell merged 1 commit intoGoogleCloudPlatform:masterfrom
melbrodrigues:master
May 19, 2020
Merged

Add --tokenKMSEncryptionKey option for PubSubToSplunkTemplate.#123
ryanmcdowell merged 1 commit intoGoogleCloudPlatform:masterfrom
melbrodrigues:master

Conversation

@melbrodrigues
Copy link
Copy Markdown
Contributor

@melbrodrigues melbrodrigues commented May 15, 2020

Adds an optional parameter to specify a Cloud KMS Encryption Key if an encrypted token parameter is passed to the template.

Fixes #122

@googlebot googlebot added the cla: yes The PR submitter has a CLA label May 15, 2020
jaketf
jaketf suggested changes May 16, 2020
View reviewed changes
Copy link
Copy Markdown

@jaketf jaketf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we be more specific of the purpose of this KMS key in the param name to avoid confusion about pubsub and KMS

@melbrodrigues melbrodrigues changed the title Add --KMSEncryptionKey option for PubSubToSplunkTemplate. Add --tokenKMSEncryptionKey option for PubSubToSplunkTemplate. May 16, 2020
@brandonjbjelland
Copy link
Copy Markdown

brandonjbjelland commented May 18, 2020
edited
Loading

This is great! Thanks for the quick work here @melbrodrigues 🙌

@sabhyankar sabhyankar self-requested a review May 19, 2020 02:49
sabhyankar
sabhyankar requested changes May 19, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@sabhyankar sabhyankar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit but looks good otherwise!
Thanks @melbrodrigues

src/main/java/com/google/cloud/teleport/templates/PubSubToSplunk.java Outdated
Copy link
Copy Markdown
Member

@sabhyankar sabhyankar May 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a JavaDoc here to clarify what we are doing with this static method?

Copy link
Copy Markdown
Contributor Author

@melbrodrigues melbrodrigues May 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@sabhyankar
Copy link
Copy Markdown
Member

sabhyankar commented May 19, 2020

@rarsan FYI

@melbrodrigues melbrodrigues requested a review from sabhyankar May 19, 2020 09:21
sabhyankar
sabhyankar approved these changes May 19, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@sabhyankar sabhyankar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sabhyankar sabhyankar added the Google LGTM Approval of a pull request to be merged into the repository label May 19, 2020
rarsan
rarsan reviewed May 19, 2020
View reviewed changes
src/main/java/com/google/cloud/teleport/templates/PubSubToSplunk.java
*/
private static ValueProvider<String> maybeDecrypt(
ValueProvider<String> unencryptedToken, ValueProvider<String> kmsKey) {
return new KMSEncryptedNestedValueProvider(unencryptedToken, kmsKey);
Copy link
Copy Markdown
Contributor

@rarsan rarsan May 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thx @melbrodrigues for this update.
Shouldn't this parameter be named encryptedToken?

Copy link
Copy Markdown
Member

@sabhyankar sabhyankar May 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch @rarsan - I think the value may or may-not-be encrypted tbh since this is backwards compatible. The user could choose to send the hec token without any encryption.

Since this is a private method, we can correct it post merge.

@ryanmcdowell ryanmcdowell merged commit 6458367 into GoogleCloudPlatform:master May 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sabhyankar sabhyankar sabhyankar approved these changes

+2 more reviewers

@rarsan rarsan rarsan left review comments

@jaketf jaketf jaketf requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes The PR submitter has a CLA Google LGTM Approval of a pull request to be merged into the repository

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security concern: Pub/Sub to Splunk HEC requires a token as a parameter in plain text

7 participants

@melbrodrigues @brandonjbjelland @sabhyankar @rarsan @jaketf @ryanmcdowell @googlebot