[ https://issues.apache.org/jira/browse/HADOOP-13075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15850610#comment-15850610 ]
ASF GitHub Bot commented on HADOOP-13075: ----------------------------------------- Github user steveloughran commented on a diff in the pull request: https://github.com/apache/hadoop/pull/183#discussion_r99235308 --- Diff: hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3AEncryptionAlgorithmValidation.java --- @@ -0,0 +1,158 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.fs.s3a; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.fs.contract.s3a.S3AContract; +import org.junit.Ignore; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +import java.io.IOException; +import java.net.URI; + +import static org.apache.hadoop.fs.s3a.S3ATestUtils.*; + +/** + * Test whether or not encryption settings propagate by choosing an invalid + * one. We expect the S3AFileSystem to fail to initialize. + */ +@Ignore +public class ITestS3AEncryptionAlgorithmValidation + extends AbstractS3ATestBase { + + @Rule + public ExpectedException expectedException = ExpectedException.none(); + + @Test + public void testEncryptionAlgorithmSetToDES() throws Throwable { + expectedException.expect(IOException.class); + expectedException.expectMessage("Unknown Server Side algorithm DES"); + + Configuration conf = super.createConfiguration(); + //DES is an invalid encryption algorithm + conf.set(Constants.SERVER_SIDE_ENCRYPTION_ALGORITHM, "DES"); + S3AContract contract = (S3AContract) createContract(conf); + contract.init(); + //skip tests if they aren't enabled + assumeEnabled(); + //extract the test FS + FileSystem fileSystem = contract.getTestFileSystem(); + assertNotNull("null filesystem", fileSystem); + URI fsURI = fileSystem.getUri(); + LOG.info("Test filesystem = {} implemented by {}", fsURI, fileSystem); + assertEquals("wrong filesystem of " + fsURI, + contract.getScheme(), fsURI.getScheme()); + fileSystem.initialize(fsURI, conf); + + } + + @Test + public void testEncryptionAlgorithmSSECWithNoEncryptionKey() throws + Throwable { + expectedException.expect(IllegalArgumentException.class); + expectedException.expectMessage("The value of property " + + "fs.s3a.server-side-encryption-key must not be null"); + --- End diff -- We're generally moving towards `LambdaTestUtils.intercept()`, because if a closure fails, intercept() will print what came back. Less important for voids though, and on branch-2 & java7, not so compelling. > Add support for SSE-KMS and SSE-C in s3a filesystem > --------------------------------------------------- > > Key: HADOOP-13075 > URL: https://issues.apache.org/jira/browse/HADOOP-13075 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 > Reporter: Andrew Olson > Assignee: Steve Loughran > > S3 provides 3 types of server-side encryption [1], > * SSE-S3 (Amazon S3-Managed Keys) [2] > * SSE-KMS (AWS KMS-Managed Keys) [3] > * SSE-C (Customer-Provided Keys) [4] > Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 > (HADOOP-10568) -- the underlying aws-java-sdk makes that very simple [5]. > With native support in aws-java-sdk already available it should be fairly > straightforward [6],[7] to support the other two types of SSE with some > additional fs.s3a configuration properties. > [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html > [2] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html > [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html > [4] > http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html > [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html > [6] > http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java > [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org