ggershinsky commented on code in PR #15272:
URL: https://github.com/apache/iceberg/pull/15272#discussion_r2783147363
##########
core/src/main/java/org/apache/iceberg/encryption/EncryptionUtil.java:
##########
@@ -53,8 +54,18 @@ public static KeyManagementClient
createKmsClient(Map<String, String> catalogPro
kmsType,
kmsImpl);
- // TODO: Add KMS implementations
- Preconditions.checkArgument(kmsType == null, "Unsupported KMS type: %s",
kmsType);
+ if (kmsType != null) {
+ kmsImpl =
+ switch (kmsType.toLowerCase(Locale.ROOT)) {
+ case CatalogProperties.ENCRYPTION_KMS_TYPE_AWS ->
+ CatalogProperties.ENCRYPTION_KMS_IMPL_AWS;
+ case CatalogProperties.ENCRYPTION_KMS_TYPE_AZURE ->
+ CatalogProperties.ENCRYPTION_KMS_IMPL_AZURE;
+ case CatalogProperties.ENCRYPTION_KMS_TYPE_GCP ->
+ CatalogProperties.ENCRYPTION_KMS_IMPL_GCP;
+ default -> throw new IllegalStateException("Unsupported KMS type:
" + kmsType);
+ };
Review Comment:
Currently, we have three single-cloud implementations, built-in the Iceberg
code. When a patch for a new KMS client (for a widely used platform) is sent
and merged in Iceberg, a new type would be added here.
A multi-cloud KMS client sounds better fitted for the custom
`encryption.kms-impl` parameter; but if there is a popular usecase, then no
reason not to have it as a new type.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
