[jira] [Commented] (HADOOP-13075) Add support for SSE-KMS and SSE-C in s3a filesystem

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-13075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15372837#comment-15372837
 ] 

ASF GitHub Bot commented on HADOOP-13075:
-----------------------------------------

Github user fedecz commented on a diff in the pull request:

    https://github.com/apache/hadoop/pull/113#discussion_r70432238
  
    --- Diff: 
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java
 ---
    @@ -1674,6 +1693,111 @@ public void progressChanged(ProgressEvent 
progressEvent) {
         }
       }
     
    +  protected void setSSEKMSOrCIfRequired(InitiateMultipartUploadRequest 
req) {
    +    if (StringUtils.isNotBlank(serverSideEncryptionAlgorithm)){
    +      if(S3AEncryptionMethods.SSE_KMS.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //Use specified key
    +          req.setSSEAwsKeyManagementParams(
    +              new SSEAwsKeyManagementParams(serverSideEncryptionKey)
    +          );
    +        }else{
    +          //Use default key
    +          req.setSSEAwsKeyManagementParams(new 
SSEAwsKeyManagementParams());
    +        }
    +      }else if(S3AEncryptionMethods.SSE_C.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //at the moment, only supports copy using the same key
    +          req.setSSECustomerKey(new 
SSECustomerKey(serverSideEncryptionKey));
    +        }
    +      }
    +    }
    +  }
    +
    +
    +  protected void setSSEKMSOrCIfRequired(CopyObjectRequest 
copyObjectRequest) {
    +    if (StringUtils.isNotBlank(serverSideEncryptionAlgorithm)){
    +      if(S3AEncryptionMethods.SSE_KMS.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //Use specified key
    +          copyObjectRequest.setSSEAwsKeyManagementParams(
    +              new SSEAwsKeyManagementParams(serverSideEncryptionKey)
    +          );
    +        }else{
    +          //Use default key
    +          copyObjectRequest.setSSEAwsKeyManagementParams(
    +              new SSEAwsKeyManagementParams()
    +          );
    +        }
    +      }else if(S3AEncryptionMethods.SSE_C.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //at the moment, only supports copy using the same key
    +          copyObjectRequest.setSourceSSECustomerKey(
    +              new SSECustomerKey(serverSideEncryptionKey)
    +          );
    +          copyObjectRequest.setDestinationSSECustomerKey(
    +              new SSECustomerKey(serverSideEncryptionKey)
    +          );
    +        }
    +      }
    +    }
    +  }
    +
    +  protected void setSSECIfRequired(GetObjectMetadataRequest request) {
    +    if (StringUtils.isNotBlank(serverSideEncryptionAlgorithm)){
    +      if(S3AEncryptionMethods.SSE_C.getMethod()
    +          .equals(serverSideEncryptionAlgorithm)) {
    +        if (StringUtils.isNotBlank(serverSideEncryptionKey)) {
    +          //at the moment, only supports copy using the same key
    +          request.setSSECustomerKey(
    +              new SSECustomerKey(serverSideEncryptionKey)
    --- End diff --
    
    true, but not all of them can be merged. I'm relying in else clauses as 
well depending on some of the conditions being false. I'll try to rewrite it 
though and will see how it looks.


> Add support for SSE-KMS and SSE-C in s3a filesystem
> ---------------------------------------------------
>
>                 Key: HADOOP-13075
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13075
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>            Reporter: Andrew Olson
>            Assignee: Federico Czerwinski
>
> S3 provides 3 types of server-side encryption [1],
> * SSE-S3 (Amazon S3-Managed Keys) [2]
> * SSE-KMS (AWS KMS-Managed Keys) [3]
> * SSE-C (Customer-Provided Keys) [4]
> Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 
> (HADOOP-10568) -- the underlying aws-java-sdk makes that very simple [5]. 
> With native support in aws-java-sdk already available it should be fairly 
> straightforward [6],[7] to support the other two types of SSE with some 
> additional fs.s3a configuration properties.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
> [2] 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
> [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
> [4] 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
> [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html
> [6] 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java
> [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org