You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@orc.apache.org by omalley <gi...@git.apache.org> on 2018/03/07 22:26:55 UTC

[GitHub] orc pull request #227: ORC-318. Change KeyProvider API to separate createLoc...

GitHub user omalley opened a pull request:

    https://github.com/apache/orc/pull/227

    ORC-318. Change KeyProvider API to separate createLocalKey

    Separate createLocalKey from decryptLocalKey in HadoopShims.KeyProvider.
    
    It also:
    - changes HadoopShims.KeyMetadata from an interface to a concrete class
    - creates a NullKeyProvider for Hadoop versions < 2.7


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/omalley/orc orc-318

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/orc/pull/227.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #227
    
----
commit 58ed393f7b27f8589d4246e54a663b1ad866a413
Author: Owen O'Malley <om...@...>
Date:   2018-03-07T22:16:18Z

    ORC-318. Change KeyProvider API to separate createLocalKey from decryptLocalKey.

----


---

[GitHub] orc issue #227: ORC-318. Change KeyProvider API to separate createLocalKey

Posted by omalley <gi...@git.apache.org>.

Github user omalley commented on the issue:

    https://github.com/apache/orc/pull/227
  
    Ok, I significantly updated this patch.
    * I added tests for both the InMemoryKeyProvider and the Hadoop-based KeyProvider.
    * I allowed the user to pass in a Random implementation for the KeyProvider. That allows me to control the random for tests.
    * I added a lot of documentation about what I was doing and why.
    * I fixed an issue where the HadoopShimsFactory wasn't creating the right version of the shim.
    * I changed the InMemoryKeyProvider to use AES/CBC/NoPadding to encrypt and decrypt the local keys. Thus like the AWS KMS, the operations for encryption and decryption aren't symmetric.


---

[GitHub] orc pull request #227: ORC-318. Change KeyProvider API to separate createLoc...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/orc/pull/227


---