[jira] [Commented] (HADOOP-13075) Add support for SSE-KMS and SSE-C in s3a filesystem

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-13075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15370930#comment-15370930
 ] 

ASF GitHub Bot commented on HADOOP-13075:
-----------------------------------------

Github user steveloughran commented on a diff in the pull request:

    https://github.com/apache/hadoop/pull/113#discussion_r70274270
  
    --- Diff: 
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java
 ---
    @@ -1674,6 +1693,111 @@ public void progressChanged(ProgressEvent 
progressEvent) {
         }
       }
     
    +  protected void setSSEKMSOrCIfRequired(InitiateMultipartUploadRequest 
req) {
    +    if (StringUtils.isNotBlank(serverSideEncryptionAlgorithm)){
    +      if(S3AEncryptionMethods.SSE_KMS.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //Use specified key
    +          req.setSSEAwsKeyManagementParams(
    +              new SSEAwsKeyManagementParams(serverSideEncryptionKey)
    +          );
    +        }else{
    +          //Use default key
    +          req.setSSEAwsKeyManagementParams(new 
SSEAwsKeyManagementParams());
    +        }
    +      }else if(S3AEncryptionMethods.SSE_C.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //at the moment, only supports copy using the same key
    +          req.setSSECustomerKey(new 
SSECustomerKey(serverSideEncryptionKey));
    +        }
    +      }
    +    }
    +  }
    +
    +
    +  protected void setSSEKMSOrCIfRequired(CopyObjectRequest 
copyObjectRequest) {
    +    if (StringUtils.isNotBlank(serverSideEncryptionAlgorithm)){
    +      if(S3AEncryptionMethods.SSE_KMS.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //Use specified key
    +          copyObjectRequest.setSSEAwsKeyManagementParams(
    +              new SSEAwsKeyManagementParams(serverSideEncryptionKey)
    +          );
    +        }else{
    +          //Use default key
    +          copyObjectRequest.setSSEAwsKeyManagementParams(
    +              new SSEAwsKeyManagementParams()
    +          );
    +        }
    +      }else if(S3AEncryptionMethods.SSE_C.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //at the moment, only supports copy using the same key
    +          copyObjectRequest.setSourceSSECustomerKey(
    +              new SSECustomerKey(serverSideEncryptionKey)
    +          );
    +          copyObjectRequest.setDestinationSSECustomerKey(
    +              new SSECustomerKey(serverSideEncryptionKey)
    +          );
    +        }
    +      }
    +    }
    +  }
    +
    +  protected void setSSECIfRequired(GetObjectMetadataRequest request) {
    +    if (StringUtils.isNotBlank(serverSideEncryptionAlgorithm)){
    +      if(S3AEncryptionMethods.SSE_C.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //at the moment, only supports copy using the same key
    +          request.setSSECustomerKey(
    +              new SSECustomerKey(serverSideEncryptionKey)
    --- End diff --
    
    this is three chained conditions which could be merged through `&&`


> Add support for SSE-KMS and SSE-C in s3a filesystem
> ---------------------------------------------------
>
>                 Key: HADOOP-13075
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13075
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>            Reporter: Andrew Olson
>            Assignee: Federico Czerwinski
>
> S3 provides 3 types of server-side encryption [1],
> * SSE-S3 (Amazon S3-Managed Keys) [2]
> * SSE-KMS (AWS KMS-Managed Keys) [3]
> * SSE-C (Customer-Provided Keys) [4]
> Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 
> (HADOOP-10568) -- the underlying aws-java-sdk makes that very simple [5]. 
> With native support in aws-java-sdk already available it should be fairly 
> straightforward [6],[7] to support the other two types of SSE with some 
> additional fs.s3a configuration properties.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
> [2] 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
> [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
> [4] 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
> [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html
> [6] 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java
> [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org