blackmwk commented on code in PR #2453:
URL: https://github.com/apache/iceberg-rust/pull/2453#discussion_r3394810729
##########
crates/iceberg/src/table.rs:
##########
@@ -441,4 +495,134 @@ mod tests {
assert!(!table.readonly());
assert_eq!(table.identifier.name(), "table");
}
+
+ fn make_kms() -> Arc<dyn KeyManagementClient> {
+ let kms = MemoryKeyManagementClient::new();
+ kms.add_master_key("master-1").unwrap();
+ Arc::new(kms)
+ }
+
+ async fn encrypted_table_metadata() -> (TableMetadata, FileIO, Arc<dyn
KeyManagementClient>) {
+ let io = FileIO::new_with_memory();
+ let plain_path = "memory:///table/metadata/manifest-list-plain.avro";
+ let encrypted_path = "memory:///table/metadata/manifest-list-enc.avro";
+
+ let output =
io.new_output(plain_path).unwrap().writer().await.unwrap();
+ let mut writer = ManifestListWriter::v3(output, 1, None, 0, Some(0));
+ writer.add_manifests(std::iter::empty()).unwrap();
+ writer.close().await.unwrap();
+ let raw = io.new_input(plain_path).unwrap().read().await.unwrap();
+
+ let kms: Arc<dyn KeyManagementClient> = {
+ let k = MemoryKeyManagementClient::new();
+ k.add_master_key("master-1").unwrap();
+ Arc::new(k)
+ };
+ let mgr = EncryptionManager::builder()
+ .kms_client(Arc::clone(&kms))
+ .table_key_id("master-1")
+ .build();
+ let encrypted_output =
mgr.encrypt(io.new_output(encrypted_path).unwrap());
+ let std_km: StandardKeyMetadata =
encrypted_output.key_metadata().clone();
+ encrypted_output.write(raw).await.unwrap();
+ let key_id = mgr
+ .encrypt_manifest_list_key_metadata(&std_km)
+ .await
+ .unwrap();
+
+ let mut metadata: TableMetadata =
load_test_metadata("TableMetadataV3ValidEncryption.json");
+ metadata.encryption_keys = mgr.with_encryption_keys(|keys|
keys.clone());
Review Comment:
Sorry, I didn't make it clear before. What make me feel odd is this part:
you put encryption keys back to metadata, and you are manipulating snapshot
later. What I want to see is to put these things into the table metadata json
file, e.g. encryptiong keys, and snapshot pointing to that encryption key.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
