Add SecretManager in anticipation of other secret managers other than…

… Gobblin PasswordManager
linkedin · Jan 26, 2022 · 44d1950 · 44d1950
1 parent c10dd52
commit 44d1950
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 7 deletions.
diff --git a/cdi-core/src/main/java/com/linkedin/cdi/extractor/JsonExtractor.java b/cdi-core/src/main/java/com/linkedin/cdi/extractor/JsonExtractor.java
@@ -18,6 +18,7 @@
 import com.linkedin.cdi.keys.ExtractorKeys;
 import com.linkedin.cdi.keys.JobKeys;
 import com.linkedin.cdi.keys.JsonExtractorKeys;
+import com.linkedin.cdi.util.EncryptionUtils;
 import com.linkedin.cdi.util.JsonUtils;
 import com.linkedin.cdi.util.ParameterTypes;
 import com.linkedin.cdi.util.SchemaBuilder;
@@ -552,7 +553,7 @@ private JsonObject encryptJsonFields(String parentKey, JsonElement input) {
       // this function assumes that the final value to be encrypted will always be a JsonPrimitive object and in case of
       // of JsonObject it will iterate recursively.
       if (value.isJsonPrimitive() && encryptionFields.contains(new JsonPrimitive(absoluteKey))) {
-        String valStr = SecretManager.getInstance(state).encrypt(value.isJsonNull() ? "" : value.getAsString());
+        String valStr = EncryptionUtils.encryptGobblin(value.isJsonNull() ? "" : value.getAsString(), state);
         output.add(key, new JsonPrimitive(valStr));
       } else if (value.isJsonObject()) {
         output.add(key, encryptJsonFields(absoluteKey, value));

diff --git a/cdi-core/src/main/java/com/linkedin/cdi/util/HdfsReader.java b/cdi-core/src/main/java/com/linkedin/cdi/util/HdfsReader.java
@@ -212,7 +212,7 @@ private JsonObject selectFieldsFromGenericRecord(GenericRecord record, List<Stri
       if (valueObject == null || fieldType == Schema.Type.NULL) {
         jsonObject.add(field, JsonNull.INSTANCE);
       } else if (fieldType == Schema.Type.STRING) {
-        jsonObject.addProperty(field, SecretManager.getInstance(state).decrypt(valueObject.toString()));
+        jsonObject.addProperty(field, EncryptionUtils.decryptGobblin(valueObject.toString(), state));
       } else if (fieldType == Schema.Type.ARRAY) {
         jsonObject.add(field, gson.fromJson(valueObject.toString(), JsonArray.class));
       } else if (fieldType == Schema.Type.RECORD) {

diff --git a/docs/parameters/ms.secret.manager.class.md b/docs/parameters/ms.secret.manager.class.md
@@ -10,14 +10,11 @@
 
 ## Description
 
-`ms.secret.manager.class` specifies the SecretManager class to use for secrets
-and confidential data encryption and decryption.
+`ms.secret.manager.class` specifies the SecretManager class to use for secrets encryption and decryption.
 
 Secrets include usernames, passwords, API keys, tokens, etc, that are essential for connections to other
 data systems. 
 
-Confidential data include dataset columns that require encryption on storage. 
-
 Currently, we have the following SecretManager:
 
 - `com.linkedin.cdi.util.GobblinSecretManager`

diff --git a/docs/parameters/summary.md b/docs/parameters/summary.md
@@ -308,7 +308,7 @@ the primary inputs of job execution, which is its metadata, i.e, job configurati
 ## [ms.secret.manager.class](ms.secret.manager.class.md)
 
 `ms.secret.manager.class` specifies the SecretManager class to use for secrets
-and confidential data encryption and decryption.
+encryption and decryption.
 
 ## [ms.session.key.field](ms.session.key.field.md)