hectar-glitches opened a new pull request, #1447:
URL: https://github.com/apache/iceberg-go/pull/1447

   ## Scope: 
   
   Landed the first slice of the encryption package per my earlier plan with 
the interfaces + no-op impl + in-memory KMS. Ready for review. EncryptingFileIO 
and manifest wiring intentionally deferred to follow-up PRs pending the 
key_metadata routing decision.
   
   ### Public API:
   
   'EncryptionManager': coordination interface: 'NewEncryptedOutputFile(ctx, 
writer, keyID)' and 'NewDecryptedInputFile(ctx, file, keyMetadata)'
   'KeyManagementClient': KMS interface: 'WrapKey' / 'UnwrapKey' / 
'SupportsKeyGeneration' / 'GenerateKey'
   'EncryptionKeyMetadata':opaque '[]byte' type for the per-file blob stored in 
'DataFile.KeyMetadata' / 'ManifestFile.KeyMetadata' / 
'StatisticsFile.KeyMetadata'
   'EncryptedInputFile' / 'EncryptedOutputFile': file wrappers exposing 
'KeyMetadata()'; names match the Java 'org.apache.iceberg.encryption' types
   'NativeEncryptionInputFile' / 'NativeEncryptionOutputFile': extension 
interfaces returning 'any' for format-native crypto properties (so 
'parquet.File{En,De}cryptionProperties' don't force a parquet import into a 
format-agnostic package)
   'PlaintextEncryptionManager': no-op impl for unencrypted tables; matches 
Java's 'PlaintextEncryptionManager' (silently ignores 'keyID', passes bytes 
through)
   'InMemoryKeyManagementClient': AES-GCM wrap/unwrap over an in-memory KEK 
map; documented as testing only
   Sentinel errors: 'ErrUnknownKeyID', 'ErrInvalidKeyLength', 
'ErrCiphertextTooShort', 'ErrAuthenticationFailed' (matches the 'Err*' 
convention used in 'io', 'catalog', root 'errors.go')
   
   ### Tests
   
   'PlaintextEncryptionManager' round-trip (data & key metadata pass-through)
   'InMemoryKeyManagementClient': wrap/unwrap round-trip, non-deterministic 
nonces, tamper detection, cross-key confusion, ciphertext-too-short, KEK 
overwrite, 'AddKey' input copy isolation, concurrent access via 'errgroup' 
(with race detector), key generation + round-trip, invalid length paths — all 
using 'errors.Is' and 't.Context()'
   
   
   ### Deferred to follow-ups (per our thread)
   
   'EncryptingFileIO' wrapper — needs the 'key_metadata' routing decision
   'encryption.Register' / 'LoadKMS' registry for 'encryption.kms-type' / 
'encryption.kms-impl' catalog properties
   Bridge between 'table.EncryptionKey.EncryptedKeyMetadata' (base64 'string') 
and 'EncryptionKeyMetadata' ('[]byte')
   Parquet / Manifest / Puffin native encryption wiring
   V3-only gating in table format
   
   
   ### Notes
   'EncryptionKeyMetadata' is a defined type ('type EncryptionKeyMetadata 
[]byte'), not a type alias. Every call site pulling 'KeyMetadata() []byte' from 
a manifest or data file will need an explicit conversion 
('encryption.EncryptionKeyMetadata(f.KeyMetadata())'). If the group prefers a 
type alias instead, it's a one-line change here before anything downstream is 
wired.
   
   'NativeEncryptionInputFile' / 'NativeEncryptionOutputFile' return 'any' for 
format-native properties. This avoids a parquet import in a format-agnostic 
package as callers type-assert to '*parquet.FileDecryptionProperties' etc. 
Happy to discuss alternatives.
   
   'InMemoryKeyManagementClient' uses AES-GCM for key wrapping (matching the 
Java standard KMS). It is exported (not test-only file) so other packages can 
use it in their own tests.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to