- Notifications
You must be signed in to change notification settings - Fork919
DGS-21268 Add support for full payload encryption#2011
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
🎉 All Contributor License Agreements have been signed. Ready to merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR adds full payload encryption support by introducing a new payload-level executor, extending rule phases, and wiring encoding-phase rule execution into all sync/async serdes.
- Introduce
EncryptionExecutoralongside legacyFieldEncryptionExecutorto handle full payload encryption. - Add a new
RulePhase.ENCODINGandencoding_rulesinRuleSetfor payload-phase rules. - Update all sync and async JSON/Avro/Protobuf serializers/deserializers to run encoding-phase rules before serialization and after deserialization.
- Add end-to-end payload encryption tests (
test_*_payload_encryption) for JSON, Avro, and Protobuf in both sync and async contexts.
Reviewed Changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/schema_registry/_sync/test_proto_serdes.py | ImportedEncryptionExecutor, adjusted client references, added payload encryption test |
| tests/schema_registry/_sync/test_json_serdes.py | ImportedEncryptionExecutor, adjusted client references, added payload encryption test |
| tests/schema_registry/_sync/test_avro_serdes.py | ImportedEncryptionExecutor, adjusted client references, added payload encryption test |
| src/confluent_kafka/schema_registry/rules/encryption/*.py | AddedEncryptionExecutor, renamed transform signatures, wrapped field executor |
| src/confluent_kafka/schema_registry/common/schema_registry_client.py | AddedRulePhase.ENCODING andencoding_rules inRuleSet |
| src/confluent_kafka/schema_registry/_sync/serde.py | Added_execute_rules_with_phase and wired encoding-phase rules |
| src/confluent_kafka/schema_registry/_sync/{protobuf,json_schema,avro}.py | Hooked encoding-phase execution in serializers/deserializers |
| src/confluent_kafka/schema_registry/_async/serde.py | Mirrored sync serde changes for async |
| src/confluent_kafka/schema_registry/_async/{protobuf,json_schema,avro}.py | Mirrored sync serializers/deserializers changes for async |
Comments suppressed due to low confidence (2)
tests/schema_registry/_sync/test_json_serdes.py:998
- [nitpick] Rename the test function to test_json_payload_encryption for consistency with the other payload encryption test names.
def test_json_payloadencryption():tests/schema_registry/_async/test_json_serdes.py:998
- [nitpick] Rename the async test function to test_json_payload_encryption for consistency with other payload encryption test names.
async def test_json_payloadencryption():
Analysis Details51 Issues
Coverage and Duplications
Project ID: confluent-kafka-python |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM
02b1e6f intomasterUh oh!
There was an error while loading.Please reload this page.
What
Add support for full payload encryption
Checklist
References
JIRA:
Test & Review
Open questions / Follow-ups