hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13131) add tests to verify that s3a supports SSE-S3 encryption
Date Wed, 11 May 2016 16:27:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15280371#comment-15280371
] 

Chris Nauroth commented on HADOOP-13131:
----------------------------------------

Hello [~stevel@apache.org].

I agree with the approach of the tests.  I think these new tests are good candidates for using
a JUnit {{Parameterized}} suite to avoid writing redundant test methods.  That's just subjective
though, and I'm comfortable with whatever decision you make on that.  Aside from that, I think
it's ready to go after working through the pre-commit checks.

bq. One thing to consider is "how do non-AWS implementations of S3 react here".

My intuition is that a non-AWS implementation would simply ignore the extra {{x-amz-server-side-encryption}}
header in the requests.  I can't say for sure though since I don't have a non-AWS implementation
to test against.  I suppose it would depend on whether or not that implementation chooses
to strictly validate and reject unknown extended headers.

> add tests to verify that s3a supports SSE-S3 encryption
> -------------------------------------------------------
>
>                 Key: HADOOP-13131
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13131
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.7.2
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: HADOOP-13131-001.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Although S3A claims to support server-side S3 encryption (and does, if you set the option),
we don't have any test to verify this. Of course, as the encryption is transparent, it's hard
to test.
> Here's what I propose
> # a test which sets encryption = AES256; expects things to work as normal.
> # a test which sets encyption = DES and expects any operation creating a file or directory
to fail with a 400 "bad request" error



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message