Re: [PR] GH-43535: [C++] support the AWS S3 SSE-C encryption [arrow]

Fri, 27 Sep 2024 05:13:49 -0700 


kou commented on code in PR #43601:
URL: https://github.com/apache/arrow/pull/43601#discussion_r1778521471


##########
cpp/src/arrow/filesystem/s3_test_util.cc:
##########
@@ -91,9 +121,21 @@ Status MinioTestServer::Start() {
   impl_->connect_string_ = GenerateConnectString();
   
ARROW_RETURN_NOT_OK(impl_->server_process_->SetExecutable(kMinioExecutableName));
   // NOTE: --quiet makes startup faster by suppressing remote version check
-  impl_->server_process_->SetArgs({"server", "--quiet", "--compat", 
"--address",
-                                   impl_->connect_string_,
-                                   impl_->temp_dir_->path().ToString()});
+  std::vector<std::string> start_args = {"server", "--quiet", "--compat", 
"--address",
+                                         impl_->connect_string_};
+
+  // create the dedicated folder for certificate file, rather than reuse the 
data
+  // folder, since there is test case to check whether the folder is empty.
+  ARROW_ASSIGN_OR_RAISE(impl_->temp_dir_ca_, 
TemporaryDir::Make("s3fs-test-ca-"));
+  GenerateCertificateFile();
+  start_args.push_back("--certs-dir");
+  start_args.push_back(ca_path());
+  arrow::fs::FileSystemGlobalOptions global_options;
+  global_options.tls_ca_dir_path = ca_path();
+  ARROW_RETURN_NOT_OK(arrow::fs::Initialize(global_options));

Review Comment:
   Oh.
   
   @pitrou Can we add `S3Options::tls_ca_{file,dir}_path` and use them like the 
following?
   
   ```diff
   diff --git a/cpp/src/arrow/filesystem/s3fs.cc 
b/cpp/src/arrow/filesystem/s3fs.cc
   index 77b111f61b..9441fb1592 100644
   --- a/cpp/src/arrow/filesystem/s3fs.cc
   +++ b/cpp/src/arrow/filesystem/s3fs.cc
   @@ -1125,10 +1125,14 @@ class ClientBuilder {
        } else {
          client_config_.retryStrategy = 
std::make_shared<ConnectRetryStrategy>();
        }
   -    if (!internal::global_options.tls_ca_file_path.empty()) {
   +    if (!options_.tls_ca_file_path.empty()) {
   +      client_config_.caFile = ToAwsString(options_.tls_ca_file_path);
   +    } else if (!internal::global_options.tls_ca_file_path.empty()) {
          client_config_.caFile = 
ToAwsString(internal::global_options.tls_ca_file_path);
        }
   -    if (!internal::global_options.tls_ca_dir_path.empty()) {
   +    if (!options_.tls_ca_dir_path.empty()) {
   +      client_config_.caPath = ToAwsString(options_.tls_ca_dir_path);
   +    } else if (!internal::global_options.tls_ca_dir_path.empty()) {
          client_config_.caPath = 
ToAwsString(internal::global_options.tls_ca_dir_path);
        }
    
   ```
   
   It seems that you added this feature by Gh-7580.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to