Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 1993E200C40 for ; Thu, 23 Mar 2017 14:18:50 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 1830E160B92; Thu, 23 Mar 2017 13:18:50 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5FE51160B75 for ; Thu, 23 Mar 2017 14:18:49 +0100 (CET) Received: (qmail 78853 invoked by uid 500); 23 Mar 2017 13:18:48 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 78842 invoked by uid 99); 23 Mar 2017 13:18:48 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Mar 2017 13:18:48 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 042F21889D8 for ; Thu, 23 Mar 2017 13:18:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -98.549 X-Spam-Level: X-Spam-Status: No, score=-98.549 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.652, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id W_or0YFk_Rv8 for ; Thu, 23 Mar 2017 13:18:47 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id CC3A75F2F1 for ; Thu, 23 Mar 2017 13:18:46 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A2996E06CD for ; Thu, 23 Mar 2017 13:18:42 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 03B9021DA4 for ; Thu, 23 Mar 2017 13:18:42 +0000 (UTC) Date: Thu, 23 Mar 2017 13:18:42 +0000 (UTC) From: "Steve Loughran (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-13887) Support for client-side encryption in S3A file system MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 23 Mar 2017 13:18:50 -0000 [ https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938268#comment-15938268 ] Steve Loughran commented on HADOOP-13887: ----------------------------------------- I like how this is coming together; it's always good to keep checkstyle quiet, even though it complains too much for my personal liking. On the change to {{writeDataset();}}, how about retaining a method with the original signature, and calling the new one with the last arg set to true? That way: fewer changes to the codebase, anything downstream using CTU (I'm the likeliest culprit) doesn't break. Other than that, I don't see any more code changes. Any other reviewers want to add. Anyone tested it yet? I'm thinking of end user docs. That's something we could just collaborate on in the comments here, rather than iterate through the code patches, which are pretty stable to me. As well as some instructions on what to do, and warnings, it'd be good to have a bit in the troubleshooting section. I can see various problems arising: * encryption enabled, no key * encryption enabled, wrong key * encryption enabled, no JCE That crops in kerberos BTW; the KDiag entry point explicitly tests for it. We could say "use kdiag to look for that". * encryption enabled, no bouncy castle. * encryption enabled, object store doesn't support it * encryption disabled, end data encrypted. It'd be good to have whatever stack traces you've managed to collect as part of this, otherwise we can make some more; easily done :) > Support for client-side encryption in S3A file system > ----------------------------------------------------- > > Key: HADOOP-13887 > URL: https://issues.apache.org/jira/browse/HADOOP-13887 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 > Affects Versions: 2.8.0 > Reporter: Jeeyoung Kim > Assignee: Igor Mazur > Priority: Minor > Attachments: HADOOP-13887-002.patch, HADOOP-13887-007.patch, HADOOP-13887-branch-2-003.patch, HADOOP-13897-branch-2-004.patch, HADOOP-13897-branch-2-005.patch, HADOOP-13897-branch-2-006.patch, HADOOP-13897-branch-2-008.patch, HADOOP-14171-001.patch > > > Expose the client-side encryption option documented in Amazon S3 documentation - http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html > Currently this is not exposed in Hadoop but it is exposed as an option in AWS Java SDK, which Hadoop currently includes. It should be trivial to propagate this as a parameter passed to the S3client used in S3AFileSystem.java -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org