Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2A72610544 for ; Fri, 19 Dec 2014 17:28:14 +0000 (UTC) Received: (qmail 60989 invoked by uid 500); 19 Dec 2014 17:28:13 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 60916 invoked by uid 500); 19 Dec 2014 17:28:13 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 60904 invoked by uid 500); 19 Dec 2014 17:28:13 -0000 Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org Received: (qmail 60901 invoked by uid 99); 19 Dec 2014 17:28:13 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Dec 2014 17:28:13 +0000 Date: Fri, 19 Dec 2014 17:28:13 +0000 (UTC) From: "Brock Noland (JIRA)" To: hive-dev@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-9167) Enhance encryption testing framework to allow create keys & zones inside .q files MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-9167?page=3Dcom.atlassian.= jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D14253= 679#comment-14253679 ]=20 Brock Noland commented on HIVE-9167: ------------------------------------ bq. do we real need add the crypto command for the beeline?=20 Sergio mentioned this to me offline and my understanding is that we would n= ot have the crypto command to beeline. It'd only be enabled for tests and t= hus not be a public API. bq. What I am trying to do with the crypto commands is that we can create = encryption zones for specific tables during our tests. Users will have tabl= es with different encryption zones, and I'd like to test different queries = that work with these tables. If we can do this without exposing the command to the end user (i.e. only i= n tests), I think this is a good approach. My reasoning is: # We need to test db level encryption in addition to each table being a dif= ferent encryption zone. # I feel like being able to create the ez's in the q-file is a little less = error prone than creating the ez's in a separate location. It'd be very eas= y to mis-name the location of a table and thus not actually test with an en= crypted location. > Enhance encryption testing framework to allow create keys & zones inside = .q files > -------------------------------------------------------------------------= -------- > > Key: HIVE-9167 > URL: https://issues.apache.org/jira/browse/HIVE-9167 > Project: Hive > Issue Type: Sub-task > Reporter: Sergio Pe=C3=B1a > Assignee: Sergio Pe=C3=B1a > > The current implementation of the encryption testing framework on HIVE-89= 00 initializes a couple of encrypted databases to be used on .q test files.= This is useful in order to make tests small, but it does not test all deta= ils found on the encryption implementation, such as: encrypted tables with = different encryption strength in the same database. > We need to allow this kind of encryption as it is how it will be used in = the real world where a database will have a few encrypted tables (not all t= he DB). > Also, we need to make this encryption framework flexible so that we can c= reate/delete keys & zones on demand when running the .q files.=20 -- This message was sent by Atlassian JIRA (v6.3.4#6332)