mariosmeim-db commented on a change in pull request #3440:
URL: https://github.com/apache/hadoop/pull/3440#discussion_r751193165
##########
File path:
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsClient.java
##########
@@ -113,13 +119,14 @@ private AbfsClient(final URL baseUrl, final
SharedKeyCredentials sharedKeyCreden
this.retryPolicy = abfsClientContext.getExponentialRetryPolicy();
this.accountName = abfsConfiguration.getAccountName().substring(0,
abfsConfiguration.getAccountName().indexOf(AbfsHttpConstants.DOT));
this.authType = abfsConfiguration.getAuthType(accountName);
+ this.encryptionContextProvider = encryptionContextProvider;
String encryptionKey = this.abfsConfiguration
.getClientProvidedEncryptionKey();
if (encryptionKey != null) {
- this.clientProvidedEncryptionKey = getBase64EncodedString(encryptionKey);
- this.clientProvidedEncryptionKeySHA = getBase64EncodedString(
- getSHA256Hash(encryptionKey));
+ this.clientProvidedEncryptionKey =
EncryptionAdapter.getBase64EncodedString(encryptionKey);
Review comment:
I am advocating in favor of the encoded version of the key for the
following reasons:
- it might be easier to manage base 64 encoded strings in the configuration
- in ingestion flows where users use azCopy to upload data and then use the
ABFS client to access them, they would need to provide both encoded (azCopy)
and unencoded (this PR) version of the key.
Alternatively, we could also use both precomputed values (key and sha) in
the provided configuration for the client.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
