DGS-21268 Add support for full payload encryption #1452
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
Adds full payload encryption support by introducing rule phases, integrating ExecuteRulesWithPhase into serializers/deserializers, and expanding test coverage for Protobuf, JSON Schema, and Avro payload encryption.
- Introduce
RulePhaseenum and extendRuleSet.HasRulesfor migration, domain, and encoding phases - Update serializers and deserializers to call
ExecuteRulesWithPhasebefore writing/after reading payloads - Add end-to-end tests for payload encryption in Protobuf, JSON Schema, and Avro
Reviewed Changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| schemaregistry/serde/serde.go | Added ExecuteRulesWithPhase and rule-phase logic |
| schemaregistry/serde/protobuf/protobuf.go | Wrapped payload in encryption rules before serializing |
| schemaregistry/serde/protobuf/protobuf_test.go | New test for Protobuf payload encryption |
| schemaregistry/serde/jsonschema/json_schema.go | Wrapped payload in encryption rules before serializing |
| schemaregistry/serde/jsonschema/json_schema_test.go | New test for JSON Schema payload encryption |
| schemaregistry/serde/avrov2/avro.go | Wrapped payload in encryption rules before serializing |
| schemaregistry/serde/avrov2/avro_test.go | New test for Avro payload encryption |
| schemaregistry/schemaregistry_client.go | Added RulePhase constants and EncodingRules in RuleSet |
| schemaregistry/rules/encryption/* | Refactored and added payload encryption executors and tests |
Comments suppressed due to low confidence (3)
schemaregistry/serde/protobuf/protobuf.go:251
- The variable
subjectis undefined in this scope; it should betopicor the appropriate subject string to avoid compilation errors.
msg, err = s.ExecuteRulesWithPhase(subject, topic, schemaregistry/serde/jsonschema/json_schema.go:151
- The variable
subjectis undefined here; replace withtopicor the correct subject identifier to fix the compilation error.
msg, err = s.ExecuteRulesWithPhase(subject, topic, schemaregistry/serde/avrov2/avro.go:146
- Undefined variable
subjectused; substitute withtopic, or correctly compute the subject, to resolve compilation errors.
msg, err = s.ExecuteRulesWithPhase(subject, topic, 
|
Analysis Details48 Issues
Coverage and Duplications
Project ID: confluent-kafka-go |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
What
Add support for full payload encryption
Checklist
References
JIRA:
Test & Review
Open questions / Follow-ups