hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13075) Add support for SSE-KMS and SSE-C in s3a filesystem
Date Thu, 02 Feb 2017 22:22:51 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15850610#comment-15850610
] 

ASF GitHub Bot commented on HADOOP-13075:
-----------------------------------------

Github user steveloughran commented on a diff in the pull request:

    https://github.com/apache/hadoop/pull/183#discussion_r99235308
  
    --- Diff: hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3AEncryptionAlgorithmValidation.java
---
    @@ -0,0 +1,158 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + *  or more contributor license agreements.  See the NOTICE file
    + *  distributed with this work for additional information
    + *  regarding copyright ownership.  The ASF licenses this file
    + *  to you under the Apache License, Version 2.0 (the
    + *  "License"); you may not use this file except in compliance
    + *  with the License.  You may obtain a copy of the License at
    + *
    + *       http://www.apache.org/licenses/LICENSE-2.0
    + *
    + *  Unless required by applicable law or agreed to in writing, software
    + *  distributed under the License is distributed on an "AS IS" BASIS,
    + *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + *  See the License for the specific language governing permissions and
    + *  limitations under the License.
    + */
    +
    +package org.apache.hadoop.fs.s3a;
    +
    +import org.apache.hadoop.conf.Configuration;
    +import org.apache.hadoop.fs.FileSystem;
    +import org.apache.hadoop.fs.Path;
    +import org.apache.hadoop.fs.contract.s3a.S3AContract;
    +import org.junit.Ignore;
    +import org.junit.Rule;
    +import org.junit.Test;
    +import org.junit.rules.ExpectedException;
    +
    +import java.io.IOException;
    +import java.net.URI;
    +
    +import static org.apache.hadoop.fs.s3a.S3ATestUtils.*;
    +
    +/**
    + * Test whether or not encryption settings propagate by choosing an invalid
    + * one. We expect the S3AFileSystem to fail to initialize.
    + */
    +@Ignore
    +public class ITestS3AEncryptionAlgorithmValidation
    +    extends AbstractS3ATestBase {
    +
    +  @Rule
    +  public ExpectedException expectedException = ExpectedException.none();
    +
    +  @Test
    +  public void testEncryptionAlgorithmSetToDES() throws Throwable {
    +    expectedException.expect(IOException.class);
    +    expectedException.expectMessage("Unknown Server Side algorithm DES");
    +
    +    Configuration conf = super.createConfiguration();
    +    //DES is an invalid encryption algorithm
    +    conf.set(Constants.SERVER_SIDE_ENCRYPTION_ALGORITHM, "DES");
    +    S3AContract contract = (S3AContract) createContract(conf);
    +    contract.init();
    +    //skip tests if they aren't enabled
    +    assumeEnabled();
    +    //extract the test FS
    +    FileSystem fileSystem = contract.getTestFileSystem();
    +    assertNotNull("null filesystem", fileSystem);
    +    URI fsURI = fileSystem.getUri();
    +    LOG.info("Test filesystem = {} implemented by {}", fsURI, fileSystem);
    +    assertEquals("wrong filesystem of " + fsURI,
    +        contract.getScheme(), fsURI.getScheme());
    +    fileSystem.initialize(fsURI, conf);
    +
    +  }
    +
    +  @Test
    +  public void testEncryptionAlgorithmSSECWithNoEncryptionKey() throws
    +    Throwable {
    +    expectedException.expect(IllegalArgumentException.class);
    +    expectedException.expectMessage("The value of property " +
    +        "fs.s3a.server-side-encryption-key must not be null");
    +
    --- End diff --
    
    We're generally moving towards `LambdaTestUtils.intercept()`, because if a closure fails,
intercept() will print what came back. Less important for voids though, and on branch-2 &
java7, not so compelling.


> Add support for SSE-KMS and SSE-C in s3a filesystem
> ---------------------------------------------------
>
>                 Key: HADOOP-13075
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13075
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>            Reporter: Andrew Olson
>            Assignee: Steve Loughran
>
> S3 provides 3 types of server-side encryption [1],
> * SSE-S3 (Amazon S3-Managed Keys) [2]
> * SSE-KMS (AWS KMS-Managed Keys) [3]
> * SSE-C (Customer-Provided Keys) [4]
> Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 (HADOOP-10568)
-- the underlying aws-java-sdk makes that very simple [5]. With native support in aws-java-sdk
already available it should be fairly straightforward [6],[7] to support the other two types
of SSE with some additional fs.s3a configuration properties.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
> [2] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
> [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
> [4] http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
> [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html
> [6] http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java
> [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message