[jira] [Commented] (HADOOP-13887) Support for client-side encryption in S3A file system

Wed, 15 Mar 2017 07:46:54 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15926285#comment-15926285
 ] 

Igor Mazur commented on HADOOP-13887:
-------------------------------------

I've attached a new patch with tests. At the moment it supports only KMS 
client-side encryption. Tests are copied from Server-Side Encryption tests with 
some changes. 
And I think this patch require good review because changes touch many very 
common methods.

So, where I saw problems, and what common methods were changed:
1) Surprisingly: empty folder with client-side encryption on S3 has more than 
zero file size, probably Amazon include IV to the file. (changed 
S3AUtils.objectRepresentsDirectory)
2) A size of a file on S3 less than reported through ListObjects.Size and 
Metadata.ContentLength. I suppose same reason as above. So every assert that 
checks length of original data with length that received through FileStatus 
will fail. (changed ContractTestUtils.verifyFileContents, 
ContractTestUtils.readDataset)

> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>
>                 Key: HADOOP-13887
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13887
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.0
>            Reporter: Jeeyoung Kim
>            Assignee: Igor Mazur
>            Priority: Minor
>         Attachments: HADOOP-13887-002.patch, HADOOP-14171-001.patch
>
>
> Expose the client-side encryption option documented in Amazon S3 
> documentation  - 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS 
> Java SDK, which Hadoop currently includes. It should be trivial to propagate 
> this as a parameter passed to the S3client used in S3AFileSystem.java



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to