shameersss1 commented on code in PR #6884:
URL: https://github.com/apache/hadoop/pull/6884#discussion_r1702678008
##########
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/Constants.java:
##########
@@ -746,6 +746,69 @@ private Constants() {
public static final String S3_ENCRYPTION_CONTEXT =
"fs.s3a.encryption.context";
+ /**
+ * Client side encryption (CSE-CUSTOM) with custom cryptographic material
manager class name.
+ * Custom keyring class name for CSE-KMS.
+ * value:{@value}
+ */
+ public static final String S3_ENCRYPTION_CSE_CUSTOM_KEYRING_CLASS_NAME =
+ "fs.s3a.encryption.cse.custom.keyring.class.name";
+
+ /**
+ * This config initializes unencrypted s3 client will be used to access
unencrypted
+ * s3 object. This is to provide backward compatibility.
+ * Config to support reading unencrypted s3 objects when CSE is enabled.
+ * This is to provide backward compatibility with V1/V2 client.
+ * value:{@value}
+ */
+ public static final String S3_ENCRYPTION_CSE_READ_UNENCRYPTED_OBJECTS =
+ "fs.s3a.encryption.cse.read.unencrypted.objects";
+
+ /**
+ * Default value : {@value}.
+ */
+ public static final boolean
S3_ENCRYPTION_CSE_READ_UNENCRYPTED_OBJECTS_DEFAULT = false;
+
+ /**
+ * Config to calculate the size of unencrypted object size using ranged S3
calls.
+ * This is to provide backward compatability with objects encrypted with V1
client.
+ * Unlike V2 and V3 client which always pads 16 bytes, V1 client pads bytes
till the
+ * object size reaches next multiple of 16.
+ * This is to provide backward compatibility.
+ * This is to provide backward compatibility with V1 client.
+ * value:{@value}
+ */
+ public static final String
S3_ENCRYPTION_CSE_OBJECT_SIZE_FROM_RANGED_GET_ENABLED =
Review Comment:
It makes sense. Currently there are three configurations for v1 backward
compatibility
1. Read unencrypted object
2. To identify the plaintext length
3. skipping of instruction file
i agree this makes user experience difficult. I agree with a single flag `
fs.s3a.encryption.cse.v1.compatibility.enabled ` to do all the operations.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
