[jira] [Commented] (HADOOP-18708) AWS SDK V2 - Implement CSE

ASF GitHub Bot (Jira) Thu, 11 Jul 2024 07:25:05 -0700


    [ 
https://issues.apache.org/jira/browse/HADOOP-18708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17865094#comment-17865094
 ]


ASF GitHub Bot commented on HADOOP-18708:
-----------------------------------------

shameersss1 commented on code in PR #6884:
URL: https://github.com/apache/hadoop/pull/6884#discussion_r1674104148


##########
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java:
##########
@@ -1109,6 +1136,44 @@ private ClientManager createClientManager(URI fsURI, 
boolean dtEnabled) throws I
         S3_CLIENT_FACTORY_IMPL, DEFAULT_S3_CLIENT_FACTORY_IMPL,
         S3ClientFactory.class);
 
+    S3ClientFactory clientFactory;
+    S3ClientFactory unecnryptedClientFactory = null;
+    CSEMaterials cseMaterials = null;
+
+    if (isCSEEnabled) {
+      S3AEncryptionMethods algorithm = getS3EncryptionAlgorithm();
+      switch (algorithm) {
+      case CSE_KMS:
+        String kmsKeyId = getS3EncryptionKey(bucket, conf, true);
+        Preconditions.checkArgument(kmsKeyId != null && !kmsKeyId.isEmpty(),
+            "KMS keyId cannot be null or empty");
+        cseMaterials  = new CSEMaterials()
+            .withCSEKeyType(CSEMaterials.CSEKeyType.KMS)
+            .withConf(conf)
+            .withKmsKeyId(kmsKeyId);
+        break;
+      case CSE_CUSTOM:
+        String customCryptoClassName = 
conf.get(S3_ENCRYPTION_CSE_CUSTOM_KEYRING_CLASS_NAME);
+        Preconditions.checkArgument(customCryptoClassName != null &&
+                !customCryptoClassName.isEmpty(),
+            "CSE custom cryptographic class name cannot be null or empty");
+        cseMaterials  = new CSEMaterials()
+            .withCSEKeyType(CSEMaterials.CSEKeyType.CUSTOM)
+            .withConf(conf)
+            .withCustomCryptographicClassName(customCryptoClassName);
+        break;
+      default:
+        throw new IllegalArgumentException("Invalid client side encryption 
algorithm."
+            + " Only CSE-KMS and CSE-CUSTOM is supported");
+      }
+      clientFactory = 
ReflectionUtils.newInstance(EncryptionS3ClientFactory.class, conf);
+      // This just creates a factory class. Unencrypted client will only be 
created when the
+      // config is enabled and when it is actually required.
+      unecnryptedClientFactory = 
ReflectionUtils.newInstance(s3ClientFactoryClass, conf);

Review Comment:
   ack





> AWS SDK V2 - Implement CSE
> --------------------------
>
>                 Key: HADOOP-18708
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18708
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.4.0
>            Reporter: Ahmar Suhail
>            Assignee: Syed Shameerur Rahman
>            Priority: Major
>              Labels: pull-request-available
>
> S3 Encryption client for SDK V2 is now available, so add client side 
> encryption back in. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-18708) AWS SDK V2 - Implement CSE

Reply via email to