You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2019/12/13 06:33:14 UTC

[GitHub] [hadoop] liuml07 commented on a change in pull request #1752: HADOOP-16732. S3Guard to support encrypted DynamoDB table

liuml07 commented on a change in pull request #1752: HADOOP-16732. S3Guard to support encrypted DynamoDB table
URL: https://github.com/apache/hadoop/pull/1752#discussion_r357502118
 
 

 ##########
 File path: hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/s3guard/DynamoDBMetadataStoreTableManager.java
 ##########
 @@ -322,6 +326,24 @@ private void createTable(ProvisionedThroughput capacity) throws IOException {
     putVersionMarkerItemToTable();
   }
 
+  /**
+   * Get DynamoDB table server side encryption (SSE) settings from configuration.
+   */
+  private SSESpecification getSseSpecFromConfig() {
+    final SSESpecification sseSpecification = new SSESpecification();
+    sseSpecification.setEnabled(conf.getBoolean(S3GUARD_DDB_TABLE_SSE_ENABLED, false));
+    String cmk = conf.get(S3GUARD_DDB_TABLE_SSE_CMK);
 
 Review comment:
   Yes we should use `S3AUtils::lookupPassword` for this sensitive information.
   
   And yes this is for table creation only, other times in S3Guard, we don't need this config or option. AWS is saying:
   > You can switch between the AWS owned CMK, AWS managed CMK, and customer managed CMK at any given time.
   
   So I think in S3Guard, we can actually let user switch from command line. I prefer leaving that as future work, and user can change SSE settings in the AWS way. I assume changing SSE is not a common use case: 1) like tagging which we don't support updating, 2) unlike RCU/WCU which we have a dedicated `SetCapacity` command in S3GuardTool.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org