hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13887) Support for client-side encryption in S3A file system
Date Thu, 23 Mar 2017 13:18:42 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938268#comment-15938268
] 

Steve Loughran commented on HADOOP-13887:
-----------------------------------------

I like how this is coming together; it's always good to keep checkstyle quiet, even though
it complains too much for my personal liking.

On the change to {{writeDataset();}}, how about retaining a method with the original signature,
and calling the new one with the last arg set to true? That way: fewer changes to the codebase,
anything downstream using CTU (I'm the likeliest culprit) doesn't break.

Other than that, I don't see any more code changes. Any other reviewers want to add. Anyone
tested it yet?

I'm thinking of end user docs. That's something we could just collaborate on in the comments
here, rather than iterate through the code patches, which are pretty stable to me. As well
as some instructions on what to do, and warnings, it'd be good to have a bit in the troubleshooting
section. I can see various problems arising: 

* encryption enabled, no key
* encryption enabled, wrong key
* encryption enabled, no JCE That crops in kerberos BTW; the KDiag entry point explicitly
tests for it. We could say "use kdiag to look for that".
* encryption enabled, no bouncy castle.
* encryption enabled, object store doesn't support it
* encryption disabled, end data encrypted.

It'd be good to have whatever stack traces you've managed to collect as part of this, otherwise
we can make some more; easily done :)


> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>
>                 Key: HADOOP-13887
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13887
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.0
>            Reporter: Jeeyoung Kim
>            Assignee: Igor Mazur
>            Priority: Minor
>         Attachments: HADOOP-13887-002.patch, HADOOP-13887-007.patch, HADOOP-13887-branch-2-003.patch,
HADOOP-13897-branch-2-004.patch, HADOOP-13897-branch-2-005.patch, HADOOP-13897-branch-2-006.patch,
HADOOP-13897-branch-2-008.patch, HADOOP-14171-001.patch
>
>
> Expose the client-side encryption option documented in Amazon S3 documentation  - http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS Java SDK,
which Hadoop currently includes. It should be trivial to propagate this as a parameter passed
to the S3client used in S3AFileSystem.java



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message