[
https://issues.apache.org/jira/browse/HADOOP-17912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654754#comment-17654754
]
ASF GitHub Bot commented on HADOOP-17912:
-----------------------------------------
pranavsaxena-microsoft commented on code in PR #3440:
URL: https://github.com/apache/hadoop/pull/3440#discussion_r1062130167
##########
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/AzureBlobFileSystemStore.java:
##########
@@ -1616,16 +1647,39 @@ private void initializeClient(URI uri, String
fileSystemName,
abfsConfiguration.getRawConfiguration());
}
+ // Encryption setup
+ EncryptionContextProvider encryptionContextProvider = null;
+ if (isSecure) {
+ encryptionContextProvider =
+ abfsConfiguration.createEncryptionContextProvider();
+ if (encryptionContextProvider != null) {
+ if (abfsConfiguration.getEncodedClientProvidedEncryptionKey() != null)
{
+ throw new IOException(
+ "Both global key and encryption context are set, only one
allowed");
+ }
+ encryptionContextProvider.initialize(
+ abfsConfiguration.getRawConfiguration(), accountName,
+ fileSystemName);
+ } else if (abfsConfiguration.getEncodedClientProvidedEncryptionKey() !=
null) {
+ if (abfsConfiguration.getEncodedClientProvidedEncryptionKeySHA() !=
null) {
+ } else {
+ throw new IOException(
+ "Encoded SHA256 hash must be provided for global encryption");
Review Comment:
refactored to have PathIOException.
> ABFS: Support for Encryption Context
> ------------------------------------
>
> Key: HADOOP-17912
> URL: https://issues.apache.org/jira/browse/HADOOP-17912
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.3.1
> Reporter: Sumangala Patki
> Assignee: Pranav Saxena
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Support for customer-provided encryption keys at the file level, superceding
> the global (account-level) key use in HADOOP-17536.
> ABFS driver will support an "EncryptionContext" plugin for retrieving
> encryption information, the implementation for which should be provided by
> the client. The keys/context retrieved will be sent via request headers to
> the server, which will store the encryption context. Subsequent REST calls to
> server that access data/user metadata of the file will require fetching the
> encryption context through a GetFileProperties call and retrieving the key
> from the custom provider, before sending the request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
