Detailed explanation of DBPack SQL Tracing function and data encryption function

上周,我们正式发布了 DBPack SQL Tracing functions and data encryption capabilities,The two functions are described as follows.

SQL Tracing

通过 DBPack The global transaction started by the agent,会自动在 http header 中注入 traceparent,traceparent 的值如下：

00-85d85c3112590a76d0723eed4326dbd8-81e51018180f4913-01

The format of the value is：

fmt.Sprintf("%.2x-%s-%s-%s",
        supportedVersion,
        sc.TraceID(),
        sc.SpanID(),
        flags)
复制代码

其中包含了 TraceID 和 SpanID.Users can use this value to construct in their own microservices TraceContext,Delivered in business,In this way, a complete link of a distributed transaction is obtained.

traceparent 还可以通过 SQL 传递到 DBPack,以此来对 DBPack The execution logic in performs link tracking.

例如：

update /*+ XID('gs/aggregationSvc/72343404027518979') TraceParent('00-85d85c3112590a76d0723eed4326dbd8-81e51018180f4913-01') */ product.inventory set available_qty = available_qty - ?, allocated_qty = allocated_qty + ? where product_sysno = ? and available_qty >= ?
复制代码

完整的 sample 请参考：github.com/cectc/dbpac…

DBPack Supports exporting link tracking results to jaeger,只需要在 DBPack 的配置文件中增加如下配置：

trace:
  jaeger_endpoint: http://jaeger:14268/api/traces # 替换为实际的 jaeger 地址
复制代码

The figure below shows a complete distributed transaction trace 链路数据,可以看到通过 DBPack 在哪个 DB what has been implemented SQL 请求,以及耗时：

23631658827226_.pic.jpg

数据加密

DBPack 采用 AES Algorithms to encrypt data.When inserting and updating the corresponding data,DBPack The relevant columns are automatically encrypted.When the relevant column exists in the query result,DBPack 会自动解密.DBPack The use of encrypted columns is not supported WHERE 条件.

To enable the encryption and decryption function, you need to add it in the configuration file CryptoFilter 配置.例如：

executors:
  - name: redirect
    mode: sdb
    config:
      data_source_ref: employees
    filters:
      - cryptoFilter
filters:
  - name: cryptoFilter
    kind: CryptoFilter
    conf:
      column_crypto_list:
      - table: departments
        columns: ["dept_name"]
        aeskey: 123456789abcdefg
复制代码

The above configuration indicates the need to be paired departments 表的 dept_name Columns are automatically encrypted and decrypted.

插入操作：

INSERT INTO departments (id,dept_no,dept_name) VALUES (1,'1001','sunset')
复制代码

会被重写为：

INSERT INTO departments (id,dept_no,dept_name) VALUES (1,'1001','3d244141cb5b6f921923f7f88f073941')
复制代码

更新操作：

UPDATE departments SET dept_name='moonlight' WHERE id=1
复制代码

会被重写为：

UPDATE departments SET dept_name='5cdeb84b8fc3c22fd6c3e37ca6d837da' WHERE id=1
复制代码

When querying, it will be automatically decrypted and returned to the user

注意：After the setting is encrypted for the specified column,Only the ciphertext is stored in the database,The plaintext is not saved,Prevent data leakage after being dragged into the library.The encrypted column data is longer than the original data,The length of the corresponding column needs to be set.

综述

在 v0.1.0 版本我们发布了分布式事务功能,Supports various programming languages to coordinate distributed transactions.

在 v0.2.0 Version We released the read-write separation function,When the user enables the read-write separation function,Using the distributed transaction coordination function no longer requires complex integration,DBPack 提供了一站式的解决方案.

在 v0.3.0 版本,我们加入 SQL Tracing 的功能,Using this function, a complete distributed transaction chain can be collected,View the execution of the transaction.We also added data encryption,Use this function to protect users' important data assets.