[
https://issues.apache.org/jira/browse/BEAM-5959?focusedWorklogId=195407&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-195407
]
ASF GitHub Bot logged work on BEAM-5959:
----------------------------------------
Author: ASF GitHub Bot
Created on: 06/Feb/19 22:44
Start Date: 06/Feb/19 22:44
Worklog Time Spent: 10m
Work Description: chamikaramj commented on pull request #7682:
[BEAM-5959] Add GCS KMS support
URL: https://github.com/apache/beam/pull/7682#discussion_r254478501
##########
File path:
sdks/java/extensions/google-cloud-platform-core/src/main/java/org/apache/beam/sdk/extensions/gcp/options/GcpOptions.java
##########
@@ -390,4 +396,18 @@ private static HttpRequestInitializer
chainHttpRequestInitializer(
}
}
}
+
+ /**
+ * GCP <a href="https://cloud.google.com/kms/";>Cloud KMS</a> key for
Dataflow pipelines and
+ * buckets created by GcpTempLocationFactory.
+ */
+ @Description(
+ "GCP Cloud KMS key for Dataflow pipelines. Also used by gcpTempLocation
as the default key "
+ + "for new buckets. Key format is: "
+ +
"projects/<project>/locations/<location>/keyRings/<keyring>/cryptoKeys/<key>")
+ @Experimental
+ @Nullable
+ String getDataflowKmsKey();
Review comment:
IIUC this key will be used by Dataflow pipelines (for temporary data etc)
not when reading/writing files using file-based sources/sinks. So name should
be OK.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 195407)
Time Spent: 24h 10m (was: 24h)
> Add Cloud KMS support to GCS creates and copies
> -----------------------------------------------
>
> Key: BEAM-5959
> URL: https://issues.apache.org/jira/browse/BEAM-5959
> Project: Beam
> Issue Type: Bug
> Components: io-java-gcp, sdk-py-core
> Reporter: Udi Meiri
> Assignee: Udi Meiri
> Priority: Major
> Time Spent: 24h 10m
> Remaining Estimate: 0h
>
> Beam SDK currently uses the CopyTo GCS API call, which doesn't support
> copying objects that Customer Managed Encryption Keys (CMEK).
> CMEKs are managed in Cloud KMS.
> Items (for Java and Python SDKs):
> - Update clients to versions that support KMS keys.
> - Change copyTo API calls to use rewriteTo (Python - directly, Java -
> possibly convert copyTo API call to use client library)
> - Add unit tests.
> - Add basic tests (DirectRunner and GCS buckets with CMEK).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
