You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Steve Moist (JIRA)" <ji...@apache.org> on 2017/04/25 21:17:04 UTC
[jira] [Commented] (HADOOP-13887) Support for client-side
encryption in S3A file system
[ https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15983638#comment-15983638 ]
Steve Moist commented on HADOOP-13887:
--------------------------------------
If you don't mind. I'd like to jump in with some thoughts.
1). Rename S3AClientEncryptionMethods.KMS to S3AClientEncryptionMethods.AWS-KMS. Since Hadoop already has a KMS, it might be confusing for users that think that this might be the Hadoop KMS instead of the AWS-KMS.
2). Refactor S3AEncryptionMethods to S3AServerEncryptionMethods for clarity and consistancy with S3AClientEncryptionMethods.
3). It looks to me if S3ClientFactory.getAmazonS3EncryptionClient is configured with S3AClientEncryptionMethods.NONE, it will try to load
custom encryption materials and throw a IllegalArgumentException.
{quote}
the stack traces should go into the troubleshooting section in index.md, or maybe we could add a whole new page on encryption?
{quote}
Makes sense to me to create a new page for encryption, since I just added more troubleshooting for SSE.
{quote}
most (all?) of us don't know about how s3 client side encryption works, so these details are not something we necessarily have valid opinions on.
{quote}
I've actually worked with the Java api before with S3 CSE. So I can help with reviewing.
> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>
> Key: HADOOP-13887
> URL: https://issues.apache.org/jira/browse/HADOOP-13887
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 2.8.0
> Reporter: Jeeyoung Kim
> Assignee: Igor Mazur
> Priority: Minor
> Attachments: HADOOP-13887-002.patch, HADOOP-13887-007.patch, HADOOP-13887-branch-2-003.patch, HADOOP-13897-branch-2-004.patch, HADOOP-13897-branch-2-005.patch, HADOOP-13897-branch-2-006.patch, HADOOP-13897-branch-2-008.patch, HADOOP-13897-branch-2-009.patch, HADOOP-13897-branch-2-010.patch, HADOOP-13897-branch-2-012.patch, HADOOP-13897-branch-2-014.patch, HADOOP-13897-trunk-011.patch, HADOOP-13897-trunk-013.patch, HADOOP-14171-001.patch
>
>
> Expose the client-side encryption option documented in Amazon S3 documentation - http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS Java SDK, which Hadoop currently includes. It should be trivial to propagate this as a parameter passed to the S3client used in S3AFileSystem.java
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org