ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Valentin Kulichenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
Date Tue, 09 Oct 2018 23:27:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16644233#comment-16644233

Valentin Kulichenko commented on IGNITE-7054:

[~uday], I looked through your changes and here are my comments.

# In most cases Ignite is configured via XML, not in code, so you should make sure all the
classes that can be part of configuration are Spring compatible. For example, {{AsymmetricKeyEncryptionService}}
has {{setKeyPair}} method, which takes two parameters and therefore can't be provided as a
bean property. Please fix this one and check others for similar issues.
# I don't like that {{AsymmetricKeyEncryptionService}} uses {{SymmetricKeyEncryptionService}}
under the hood, this is a bit confusing. I think it would be better to move common code to
{{IgniteUtils}} and make service implementations independent from each other.
# Try to minimize amount of actions that happen in {{encrypt}} and {{decrypt}} methods. For
example, do you need to create new {{Cipher}} every time in {{SymmetricKeyEncryptionService}}?
Do you need to call {{AwsKmsEncryptionService#initClientAndKmsMasterKeyProvider()}} every
time you encrypt/decrypt? Please check all the implementations for this kind of things.
# Some methods are package-private, while they can (and should) be private. E.g., {{AwsKmsEncryptionService#createClient()}}.
# What is the purpose of {{Base32}} encryption on top of encryption provided by the service?

Let me know if you have questions.

> S3 IP finder: support client side encryption
> --------------------------------------------
>                 Key: IGNITE-7054
>                 URL: https://issues.apache.org/jira/browse/IGNITE-7054
>             Project: Ignite
>          Issue Type: Improvement
>          Components: s3
>    Affects Versions: 2.3
>            Reporter: Valentin Kulichenko
>            Assignee: Uday Kale
>            Priority: Major
>             Fix For: 2.8
> In case client side encryption [1] is used, it may be required to use {{AmazonS3EncryptionClient}}
instead of regular {{AmazonS3Client}}. We need to add this option to the S3 IP finder, along
with any applicable configuration parameters.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html

This message was sent by Atlassian JIRA

View raw message