[
https://issues.apache.org/jira/browse/HADOOP-17912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17655966#comment-17655966
]
ASF GitHub Bot commented on HADOOP-17912:
-----------------------------------------
pranavsaxena-microsoft commented on PR #3440:
URL: https://github.com/apache/hadoop/pull/3440#issuecomment-1375240277
> There, i've just spent a couple of hours going through it. big piece of
work.
>
> In this current design, the EncryptionAdapter is either null or non null;
if non null it is used to do the encryption/decryption, which is a bit
scattered through the code
>
> There's another strategy: move the work into the EncryptionAdapter itself,
with a an abstract EncryptionAdapter base class, a NoEncryptionAdapter for when
its not used (make this a singleton) and then the ContextEncryptionAdapter
which uses the EncryptionContextProvider, conains the keys etc and where you
can push the work
>
> I'm worried that AbfsClient will call getPathStatus() on any operation
when it things it needs the header, including getPathStatus itself. I think
that code needs to be restricted only to those calls where it absolutely needs
that header (do delete and flush really need it?), and that getPathStatus is
explicitly excluded.
>
> Finally, is the new api live?
In the method addEncryptionKeyRequestHeaders of AbfsClient.java,
encrptionAdapter is always going to be non-null object. when
encryptionType==ENCRYPTION_CONTEXT. Hence, we would not need to call
getPathStatus in this method. And as there is no logic when encryptionAdapter
is null, have not made the change for EncryptionAdapter base class and having
NoEncryptionAdapter child class.
> ABFS: Support for Encryption Context
> ------------------------------------
>
> Key: HADOOP-17912
> URL: https://issues.apache.org/jira/browse/HADOOP-17912
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.3.1
> Reporter: Sumangala Patki
> Assignee: Pranav Saxena
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Support for customer-provided encryption keys at the file level, superceding
> the global (account-level) key use in HADOOP-17536.
> ABFS driver will support an "EncryptionContext" plugin for retrieving
> encryption information, the implementation for which should be provided by
> the client. The keys/context retrieved will be sent via request headers to
> the server, which will store the encryption context. Subsequent REST calls to
> server that access data/user metadata of the file will require fetching the
> encryption context through a GetFileProperties call and retrieving the key
> from the custom provider, before sending the request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
