我需要能够在AVRO架构中标记某些字段,以便在序列化时对它们进行加密。
logicalType允许标记字段,并且与自定义转换一起允许AVRO透明地加密它们。
我有一些问题要找到有关如何在AVRO(avro_1.8.2#Logical+Types)中定义和使用新逻辑类型的文档。
我决定在这里分享我找到的答案,以便让其他人的生活更轻松,并在我做错事的时候得到一些反馈。
答案 0 :(得分:7)
首先,我将logicalType定义为:
public class EncryptedLogicalType extends LogicalType {
//The key to use as a reference to the type
public static final String ENCRYPTED_LOGICAL_TYPE_NAME = "encrypted";
EncryptedLogicalType() {
super(ENCRYPTED_LOGICAL_TYPE_NAME);
}
@Override
public void validate(Schema schema) {
super.validate(schema);
if (schema.getType() != Schema.Type.BYTES) {
throw new IllegalArgumentException(
"Logical type 'encrypted' must be backed by bytes");
}
}
}
然后是新转换:
public class EncryptedConversion extends Conversion<ByteBuffer> {
// Construct a unique instance for all the conversion. This have to be changed in case the conversion
// needs some runtime information (e.g.: an encryption key / a tenant_ID). If so, the get() method should
// return the appropriate conversion per key.
private static final EncryptedConversion INSTANCE = new EncryptedConversion();
public static final EncryptedConversion get(){ return INSTANCE; }
private EncryptedConversion(){ super(); }
//This conversion operates on ByteBuffer and returns ByteBuffer
@Override
public Class<ByteBuffer> getConvertedType() { return ByteBuffer.class; }
@Override
public String getLogicalTypeName() { return EncryptedLogicalType.ENCRYPTED_LOGICAL_TYPE_NAME; }
// fromBytes and toBytes have to be overridden as this conversion works on bytes. Other may need to be
// overridden. The types supported need to be updated also in EncryptedLogicalType#validate(Schema schema)
@Override
public ByteBuffer fromBytes(ByteBuffer value, Schema schema, LogicalType type) {
encryptedValue = __encryptionLogic__(value);
return encryptedValue;
}
@Override
public ByteBuffer toBytes(ByteBuffer value, Schema schema, LogicalType type) {
decryptedValue = __decryptionLogic__(value);
return decryptedValue;
}
}
.avsc架构文件类似于:
{
"name": “MyMessageWithEncryptedField”,
"type": "record",
"fields": [
{"name": "payload","type" : {"type" : "bytes","logicalType" : "encrypted”}},
...
最后,在模式文件生成的MyMessageWithEncryptedField.java
类中,我添加了返回转换的方法:
@Override
public Conversion<?> getConversion(int fieldIndex) {
// This allow us to have a more flexible conversion retrieval, so we don't have to code it per field.
Schema fieldSchema = SCHEMA$.getFields().get(fieldIndex).schema();
if ((fieldSchema.getLogicalType() != null)
&& (fieldSchema.getLogicalType().getName() == EncryptedLogicalType.ENCRYPTED_LOGICAL_TYPE_NAME)){
// here we could pass to the get() method a runtime information, e.g.: a tenantId that can be found in the data structure.
return EncryptedConversion.get();
}
return null;
}
要使其运行,我仍然需要在运行时注册该类型:
LogicalTypes.register(EncryptedLogicalType.ENCRYPTED_LOGICAL_TYPE_NAME, new LogicalTypes.LogicalTypeFactory() {
private final LogicalType encryptedLogicalType = new EncryptedLogicalType();
@Override
public LogicalType fromSchema(Schema schema) {
return encryptedLogicalType;
}
});
很少注意到:
MyMessageWithEncryptedField.java
)中的静态块中移动它(