[
https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15983638#comment-15983638
]
Steve Moist commented on HADOOP-13887:
--------------------------------------
If you don't mind. I'd like to jump in with some thoughts.
1). Rename S3AClientEncryptionMethods.KMS to
S3AClientEncryptionMethods.AWS-KMS. Since Hadoop already has a KMS, it might
be confusing for users that think that this might be the Hadoop KMS instead of
the AWS-KMS.
2). Refactor S3AEncryptionMethods to S3AServerEncryptionMethods for clarity
and consistancy with S3AClientEncryptionMethods.
3). It looks to me if S3ClientFactory.getAmazonS3EncryptionClient is configured
with S3AClientEncryptionMethods.NONE, it will try to load
custom encryption materials and throw a IllegalArgumentException.
{quote}
the stack traces should go into the troubleshooting section in index.md, or
maybe we could add a whole new page on encryption?
{quote}
Makes sense to me to create a new page for encryption, since I just added more
troubleshooting for SSE.
{quote}
most (all?) of us don't know about how s3 client side encryption works, so
these details are not something we necessarily have valid opinions on.
{quote}
I've actually worked with the Java api before with S3 CSE. So I can help with
reviewing.
> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>
> Key: HADOOP-13887
> URL: https://issues.apache.org/jira/browse/HADOOP-13887
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 2.8.0
> Reporter: Jeeyoung Kim
> Assignee: Igor Mazur
> Priority: Minor
> Attachments: HADOOP-13887-002.patch, HADOOP-13887-007.patch,
> HADOOP-13887-branch-2-003.patch, HADOOP-13897-branch-2-004.patch,
> HADOOP-13897-branch-2-005.patch, HADOOP-13897-branch-2-006.patch,
> HADOOP-13897-branch-2-008.patch, HADOOP-13897-branch-2-009.patch,
> HADOOP-13897-branch-2-010.patch, HADOOP-13897-branch-2-012.patch,
> HADOOP-13897-branch-2-014.patch, HADOOP-13897-trunk-011.patch,
> HADOOP-13897-trunk-013.patch, HADOOP-14171-001.patch
>
>
> Expose the client-side encryption option documented in Amazon S3
> documentation -
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS
> Java SDK, which Hadoop currently includes. It should be trivial to propagate
> this as a parameter passed to the S3client used in S3AFileSystem.java
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
