You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Valentin Kulichenko (JIRA)" <ji...@apache.org> on 2018/10/09 23:27:00 UTC

[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption

    [ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16644233#comment-16644233 ] 

Valentin Kulichenko commented on IGNITE-7054:
---------------------------------------------

[~uday], I looked through your changes and here are my comments.

# In most cases Ignite is configured via XML, not in code, so you should make sure all the classes that can be part of configuration are Spring compatible. For example, {{AsymmetricKeyEncryptionService}} has {{setKeyPair}} method, which takes two parameters and therefore can't be provided as a bean property. Please fix this one and check others for similar issues.
# I don't like that {{AsymmetricKeyEncryptionService}} uses {{SymmetricKeyEncryptionService}} under the hood, this is a bit confusing. I think it would be better to move common code to {{IgniteUtils}} and make service implementations independent from each other.
# Try to minimize amount of actions that happen in {{encrypt}} and {{decrypt}} methods. For example, do you need to create new {{Cipher}} every time in {{SymmetricKeyEncryptionService}}? Do you need to call {{AwsKmsEncryptionService#initClientAndKmsMasterKeyProvider()}} every time you encrypt/decrypt? Please check all the implementations for this kind of things.
# Some methods are package-private, while they can (and should) be private. E.g., {{AwsKmsEncryptionService#createClient()}}.
# What is the purpose of {{Base32}} encryption on top of encryption provided by the service?

Let me know if you have questions.

> S3 IP finder: support client side encryption
> --------------------------------------------
>
>                 Key: IGNITE-7054
>                 URL: https://issues.apache.org/jira/browse/IGNITE-7054
>             Project: Ignite
>          Issue Type: Improvement
>          Components: s3
>    Affects Versions: 2.3
>            Reporter: Valentin Kulichenko
>            Assignee: Uday Kale
>            Priority: Major
>             Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need to add this option to the S3 IP finder, along with any applicable configuration parameters.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)