[jira] [Work logged] (HADOOP-16794) S3A reverts KMS encryption to the bucket's default KMS key in rename/copy

Wed, 23 Sep 2020 11:03:10 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-16794?focusedWorklogId=489728&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-489728
 ]

ASF GitHub Bot logged work on HADOOP-16794:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Sep/20 18:02
            Start Date: 23/Sep/20 18:02
    Worklog Time Spent: 10m 
      Work Description: liuml07 commented on pull request #1875:
URL: https://github.com/apache/hadoop/pull/1875#issuecomment-697803464


   Thanks @steveloughran  I will file a new PR for backporting the fix (not 
necessarily including test changes) this into `branch-2.10` branch. Hadoop 
2.10.1 has been just released so this will be target `2.10.2`.
   
   So, is my another proposal also valid? Specially, If we plan the effort of 
bulk backporting those good stuff from 3.3/3.4 back to 3.2, the per-bucket test 
failures will also be resolved. But I do not see that is planed yet. Since this 
PR is fixing security issues, I think we can merge this PR into branch-3.2 
before that. If so, @mukund-thakur can help us rebase and ideally run another 
round of tests.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 489728)
    Time Spent: 1h  (was: 50m)

> S3A reverts KMS encryption to the bucket's default KMS key in rename/copy
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-16794
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16794
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.2.1
>            Reporter: Mukund Thakur
>            Assignee: Mukund Thakur
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.3.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> When using (bucket-level) S3 Default Encryption with SSE-KMS and a CMK, all 
> files uploaded via the HDFS {{FileSystem}} {{s3a://}} scheme receive the 
> wrong encryption key, always falling back to the region-specific AWS-managed 
> KMS key for S3, instead of retaining the custom CMK.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to