hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Moist (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13887) Support for client-side encryption in S3A file system
Date Tue, 25 Apr 2017 21:17:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15983638#comment-15983638

Steve Moist commented on HADOOP-13887:

If you don't mind.  I'd like to jump in with some thoughts.

1). Rename S3AClientEncryptionMethods.KMS to S3AClientEncryptionMethods.AWS-KMS.  Since Hadoop
already has a KMS, it might be confusing for users that think that this might be the Hadoop
KMS instead of the AWS-KMS.
2).  Refactor S3AEncryptionMethods to S3AServerEncryptionMethods for clarity and consistancy
with S3AClientEncryptionMethods.
3). It looks to me if S3ClientFactory.getAmazonS3EncryptionClient is configured with S3AClientEncryptionMethods.NONE,
it will try to load 
custom encryption materials and throw a IllegalArgumentException.

the stack traces should go into the troubleshooting section in index.md, or maybe we could
add a whole new page on encryption?
Makes sense to me to create a new page for encryption, since I just added more troubleshooting
for SSE.

most (all?) of us don't know about how s3 client side encryption works, so these details are
not something we necessarily have valid opinions on. 

I've actually worked with the Java api before with S3 CSE.  So I can help with reviewing.

> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>                 Key: HADOOP-13887
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13887
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.0
>            Reporter: Jeeyoung Kim
>            Assignee: Igor Mazur
>            Priority: Minor
>         Attachments: HADOOP-13887-002.patch, HADOOP-13887-007.patch, HADOOP-13887-branch-2-003.patch,
HADOOP-13897-branch-2-004.patch, HADOOP-13897-branch-2-005.patch, HADOOP-13897-branch-2-006.patch,
HADOOP-13897-branch-2-008.patch, HADOOP-13897-branch-2-009.patch, HADOOP-13897-branch-2-010.patch,
HADOOP-13897-branch-2-012.patch, HADOOP-13897-branch-2-014.patch, HADOOP-13897-trunk-011.patch,
HADOOP-13897-trunk-013.patch, HADOOP-14171-001.patch
> Expose the client-side encryption option documented in Amazon S3 documentation  - http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS Java SDK,
which Hadoop currently includes. It should be trivial to propagate this as a parameter passed
to the S3client used in S3AFileSystem.java

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message