wgtmac commented on code in PR #40329:
URL: https://github.com/apache/arrow/pull/40329#discussion_r1520846640
##########
cpp/src/parquet/encryption/key_management_test.cc:
##########
@@ -324,6 +324,37 @@ TEST_F(TestEncryptionKeyManagement,
KeyRotationWithInternalMaterial) {
EXPECT_THROW(this->RotateKeys(double_wrapping, encryption_no),
ParquetException);
}
+TEST_F(TestEncryptionKeyManagement, UsePropertiesAfterCrytoFactoryDestroyed) {
+ constexpr bool wrap_locally = true;
+ std::shared_ptr<KmsClientFactory> kms_client_factory =
+ std::make_shared<TestOnlyInMemoryKmsClientFactory>(wrap_locally,
key_list_);
+ std::shared_ptr<CryptoFactory> crypto_factory =
std::make_shared<CryptoFactory>();
+ crypto_factory->RegisterKmsClientFactory(kms_client_factory);
+
+ constexpr bool double_wrapping = true;
+ constexpr bool internal_key_material = true;
+ constexpr int encryption_no = 0;
+
+ std::string file_name =
+ GetFileName(double_wrapping, wrap_locally, internal_key_material,
encryption_no);
+ auto encryption_config =
+ GetEncryptionConfiguration(double_wrapping, internal_key_material,
encryption_no);
+ auto decryption_config = GetDecryptionConfiguration();
+
+ auto file_encryption_properties =
crypto_factory->GetFileEncryptionProperties(
+ kms_connection_config_, encryption_config);
+ auto file_decryption_properties =
crypto_factory->GetFileDecryptionProperties(
+ kms_connection_config_, decryption_config);
+
+ // Free CryptoFactory
+ crypto_factory.reset();
Review Comment:
Is it possible to add a real case where the issue happens?
##########
cpp/src/parquet/encryption/crypto_factory.h:
##########
@@ -148,7 +148,7 @@ class PARQUET_EXPORT CryptoFactory {
int dek_length, const std::string& column_keys, FileKeyWrapper*
key_wrapper);
/// Key utilities object for kms client initialization and cache control
- KeyToolkit key_toolkit_;
+ std::shared_ptr<KeyToolkit> key_toolkit_;
Review Comment:
```suggestion
std::shared_ptr<KeyToolkit> key_toolkit_ = std::make_shared<KeyToolkit>();
```
And remove the explicit ctor at line 103. WDYT?
##########
cpp/src/parquet/encryption/crypto_factory.cc:
##########
@@ -28,9 +28,36 @@
namespace parquet::encryption {
+namespace {
+
+/// Holds a FileKeyUnwrapper and shared pointer to a KeyToolkit to allow
+/// keeping the KeyToolkit alive alongside the FileKeyUnwrapper
+class CryptoFactoryFileKeyRetriever : public DecryptionKeyRetriever {
+ public:
+ CryptoFactoryFileKeyRetriever(
+ std::shared_ptr<KeyToolkit> key_toolkit,
+ const KmsConnectionConfig& kms_connection_config, double
cache_lifetime_seconds,
+ const std::string& file_path = "",
Review Comment:
nit: please remove the default parameter
##########
cpp/src/parquet/encryption/crypto_factory.cc:
##########
@@ -172,8 +201,8 @@ std::shared_ptr<FileDecryptionProperties>
CryptoFactory::GetFileDecryptionProper
const KmsConnectionConfig& kms_connection_config,
const DecryptionConfiguration& decryption_config, const std::string&
file_path,
const std::shared_ptr<::arrow::fs::FileSystem>& file_system) {
- auto key_retriever = std::make_shared<FileKeyUnwrapper>(
- &key_toolkit_, kms_connection_config,
decryption_config.cache_lifetime_seconds,
+ auto key_retriever = std::make_shared<CryptoFactoryFileKeyRetriever>(
Review Comment:
Thanks for the explanation! Could you point me to a real world code or test
case having this issue if possible?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
