ASF GitHub Bot commented on NIFI-1769:

Github user jvwing commented on a diff in the pull request:

    --- Diff: 
    @@ -458,6 +471,13 @@ public void process(final InputStream rawIn) throws 
IOException {
                                 // single part upload
                                 final PutObjectRequest request = new 
PutObjectRequest(bucket, key, in, objectMetadata);
    +                            if (keyId != null) {
    +                                    if 
(!context.getProperty(SIGNER_OVERRIDE).getValue().equals("AWSS3V4Signer")) {
    --- End diff --
    Would it be enough to check that it's not V2?  I don't think we need to 
make it impossible to get wrong, as long as we make a good faith attempt to 
help them get it right.  I'm thinking of a few things - 
    1. The default should now be V4, I would prefer we not force users to nail 
down their signature version
    1. AWS regions and SDK versions are complicated, for example we don't check 
if your region supports V4
    1. If or when AWS comes out with signature V5, we would have to update this 

> Add support for SSE-KMS and S3 Signature Version 4 Authentication AWS
> ---------------------------------------------------------------------
>                 Key: NIFI-1769
>                 URL: https://issues.apache.org/jira/browse/NIFI-1769
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 0.5.1
>            Reporter: Michiel Moonen
>            Priority: Minor
>              Labels: newbie, patch, security
> Currently there is no support for SSE-KMS S3 Signature Version 4 
> Authentication. This is necessary for enhanced security features

This message was sent by Atlassian JIRA

Reply via email to