Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Support S3 batch export encryption #17401

Merged
merged 9 commits into from
Sep 14, 2023

Conversation

tomasfarias
Copy link
Contributor

@tomasfarias tomasfarias commented Sep 12, 2023

Problem

S3 batch export cannot be configured to support encryption, which is required by users.

Changes

  • Backend S3 support for SSE S3 encryption with either AES256 or AWS KMS.
    • Annoyingly, boto3 doesn't support None, so we have to conditionally set ServerSideEncryption, and SSEKMSKeyId. Not super happy how this turned out, but for only two arguments this should be fine. Happy to take comments.
  • Add Frontend support for creating S3 batch exports with encryption.
    • The kms_key_id form field is conditionally added and required if aws:kms encryption is selected.
    • Not sure if this is the best UX.

👉 Stay up-to-date with PostHog coding conventions for a smoother review.

How did you test this code?

Testing is hard as our development setup with MinIO is not configured with a KMS. So, what I did was write a new unit test for encryption that checks if AWS credentials are available and that the S3_TEST_BUCKET environment variable is set. This allows developers to test encryption locally by:

  1. Logging in to AWS.
  2. Creating a test bucket.
  3. Running test with S3_TEST_BUCKET=your-test-bucket DEBUG=1 pytest posthog/temporal/tests/batch_exports/test_s3_batch_export.py::test_s3_export_workflow_with_s3_bucket

@tomasfarias tomasfarias requested review from benjackwhite and a team September 12, 2023 15:00
@tomasfarias tomasfarias changed the title feat: Backend to support S3 batch export encryption feat: Support S3 batch export encryption Sep 12, 2023
Copy link
Contributor

@benjackwhite benjackwhite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

frontend bits look good 👍

@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

2 snapshot changes in total. 0 added, 2 modified, 0 deleted:

  • chromium: 0 added, 2 modified, 0 deleted (diff for shard 2)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

  • chromium: 0 added, 1 modified, 0 deleted (diff for shard 2)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@tomasfarias
Copy link
Contributor Author

Rebased on master to resolve conflicts.

@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

  • chromium: 0 added, 1 modified, 0 deleted (diff for shard 2)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

  • chromium: 0 added, 1 modified, 0 deleted (diff for shard 2)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@tomasfarias tomasfarias force-pushed the feat/s3-batch-exports-encryption branch from 767c964 to 91ed465 Compare September 13, 2023 13:48
@tomasfarias
Copy link
Contributor Author

Rebased on master again to fix conflicts with snapshots...

frontend/src/scenes/batch_exports/BatchExportEditForm.tsx Outdated Show resolved Hide resolved
Comment on lines +138 to +139
upload_id: str = multipart_response["UploadId"]
self.upload_id = upload_id
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not

Suggested change
upload_id: str = multipart_response["UploadId"]
self.upload_id = upload_id
self.upload_id = multipart_response["UploadId"]

Copy link
Contributor Author

@tomasfarias tomasfarias Sep 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type checking fails as self.upload_id is str | None and this function returns str, not None, so we need the extra upload_id: str to return

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't that work just fine - if it's str | None you can assign it str, I'm confused

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can assign it str but then you cannot return it, so you need the extra variable. Not the only way to solve this though, you could have some isinstance checks, adding an extra variable seemed like the easiest

@tomasfarias tomasfarias force-pushed the feat/s3-batch-exports-encryption branch from 7e2dc1b to 2981ba9 Compare September 14, 2023 12:06
@tomasfarias
Copy link
Contributor Author

Rebased on master for the daily snapshot conflict resolution...

@tomasfarias tomasfarias enabled auto-merge (squash) September 14, 2023 12:38
@tomasfarias tomasfarias merged commit 0659a47 into master Sep 14, 2023
63 checks passed
@tomasfarias tomasfarias deleted the feat/s3-batch-exports-encryption branch September 14, 2023 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants