You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2022/02/20 17:12:16 UTC

[GitHub] [ozone] adoroszlai opened a new pull request #3116: HDDS-6349. Cannot get object uploaded via MPU to encrypted bucket

adoroszlai opened a new pull request #3116:
URL: https://github.com/apache/ozone/pull/3116


   ## What changes were proposed in this pull request?
   
   `MultipartCryptoKeyInputStream` may need to adjust read position and/or length to make sure it reads enough data to fill the crypto buffer.  Position adjustment means read starts at a location before the actual requested position.  Length adjustment means more data is read at the end.  Extra data is discarded in both cases.
   
   This PR fixes a bug in length adjustment: the position of the underlying stream was left at the position after the discarded part, this is where the next read started.  Thus this part was missing from the final data at the client side.
   
   The bug can be reproduced with MPU parts that are not whole multiples of the crypto buffer size, which defaults to 8KB.  Hence test case is added where the first part has 1KB more, to trigger length adjustment in the second part.
   
   The PR also adds the KMS configs necessary to test S3 Gateway with encrypted bucket, and runs all S3 tests with encrypted bucket, too (in non-HA case for now).
   
   https://issues.apache.org/jira/browse/HDDS-6349
   
   ## How was this patch tested?
   
   Added Robot test to reproduce the problem:
   https://github.com/adoroszlai/hadoop-ozone/runs/5263846303#step:5:528
   
   And verified the fix:
   https://github.com/adoroszlai/hadoop-ozone/runs/5265040205#step:5:524


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #3116: HDDS-6349. IncompleteReadError on get MPU key from TDE bucket

Posted by GitBox <gi...@apache.org>.
adoroszlai commented on pull request #3116:
URL: https://github.com/apache/ozone/pull/3116#issuecomment-1050046333


   Thanks @hanishakoneru for the review.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai merged pull request #3116: HDDS-6349. IncompleteReadError on get MPU key from TDE bucket

Posted by GitBox <gi...@apache.org>.
adoroszlai merged pull request #3116:
URL: https://github.com/apache/ozone/pull/3116


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #3116: HDDS-6349. IncompleteReadError on get MPU key from TDE bucket

Posted by GitBox <gi...@apache.org>.
adoroszlai commented on pull request #3116:
URL: https://github.com/apache/ozone/pull/3116#issuecomment-1049634978


   Thanks @hanishakoneru for the review and the pointer to `TestOzoneAtRestEncryption`.  Added checks as suggested.
   
   ```
   [INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 55.158 s - in org.apache.hadoop.ozone.client.rpc.TestOzoneAtRestEncryption
   ```
   
   while same test on `master`:
   
   ```
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithLinkBucket:458->testMultipartUploadWithEncryption:538 expected:<263462> but was:<265108>
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithLinkBucket:458->testMultipartUploadWithEncryption:538 expected:<266843> but was:<270090>
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithOnePart:425->testMultipartUploadWithEncryption:538 expected:<89586> but was:<90112>
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithOnePart:425->testMultipartUploadWithEncryption:538 expected:<89455> but was:<90112>
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithThreePartsOverride:441->testMultipartUploadWithEncryption:538 expected:<528440> but was:<528739>
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithThreePartsOverride:441->testMultipartUploadWithEncryption:538 expected:<527370> but was:<534235>
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithTwoParts:433->testMultipartUploadWithEncryption:538 expected:<264508> but was:<267719>
   [ERROR]   TestOzoneAtRestEncryption.testMPUwithTwoParts:433->testMultipartUploadWithEncryption:538 expected:<264261> but was:<270519>
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] avijayanhwx commented on pull request #3116: HDDS-6349. IncompleteReadError on get MPU key from TDE bucket

Posted by GitBox <gi...@apache.org>.
avijayanhwx commented on pull request #3116:
URL: https://github.com/apache/ozone/pull/3116#issuecomment-1048974822


   cc @kerneltime for review.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] hanishakoneru commented on pull request #3116: HDDS-6349. IncompleteReadError on get MPU key from TDE bucket

Posted by GitBox <gi...@apache.org>.
hanishakoneru commented on pull request #3116:
URL: https://github.com/apache/ozone/pull/3116#issuecomment-1049283611


   Thanks @adoroszlai for fixing this. 
   Patch LGTM. 
   
   I have a minor suggestion. The acceptance test looks great. Can we also add a check in the integration test `TestOzoneAtRestEncryption#testMultipartUploadWithEncryption` to verify that the inputStream position is as expected after a read.
   Something like this at line 531:
   ```
   diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java
   index 4ebcc8745..a247b0e79 100644
   --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java
   +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java
   @@ -528,6 +528,9 @@ public void testMultipartUploadWithEncryption(OzoneBucket bucket,
            inputStream.read(readData, 0, readDataLen);
   
            assertReadContent(inputData, readData, readFromPosition);
   +        Assert.assertEquals("Position of CryptoInputStream after a read is " +
   +                "not as expected", readFromPosition + readDataLen,
   +            cryptoInputStream.getPos());
          }
        }
      }
   ```
   It would be good if this test also checked reading the file consecutively without reseting position. If not this, at least a check for verifying position would be good to have. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org