[jira] [Commented] (NIFI-4256) Add support for all AWS S3 Encryption Options

Mon, 27 Nov 2017 21:40:48 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-4256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16268152#comment-16268152
 ] 

ASF GitHub Bot commented on NIFI-4256:
--------------------------------------

Github user jvwing commented on the issue:

    https://github.com/apache/nifi/pull/2291
  
    @baank, thanks for the latest update.  Good news, we're getting down to the 
nit-picks:
    
    1.  I had a checkstyle error running the full build with contrib check on 
nifi-aws-service-api `UnusedImports: Unused import - 
com.amazonaws.services.s3.AmazonS3Encryption`.
    
    2.  In your services, some of the Property Descriptors are marked as 
supporting expression language, but EL is not evaluated when extracting the 
value of the property (like 
`context.getProperty(KMS_CMK_ID).evaluateAttributeExpressions().getValue()` or 
similar).  We should either evaluate the expressions or not mark them as 
supporting expression language:
      * EncryptedS3ClientService (KMS_CMK_ID, SECRET_KEY, PRIVATE_KEY, 
PUBLIC_KEY)
      * EncryptedS3PutEnrichmentService (KMS_KEY_ID, CUSTOMER_KEY)
    
    It's fine to update this PR.  I'll work out rebasing and squashing when 
we're ready.
    



> Add support for all AWS S3 Encryption Options
> ---------------------------------------------
>
>                 Key: NIFI-4256
>                 URL: https://issues.apache.org/jira/browse/NIFI-4256
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.2.0
>            Reporter: Franco
>              Labels: aws, aws-s3, security
>
> NiFi currently only supportsĀ SSE-S3 encryption (AES256).
> Support needs to be added for:
> * SSE-S3
> * SSE-KMS
> * SSE-C
> * CSE-KMS CMK
> * CSE-Master Key
> With all of the appropriate configuration options and such that SSE is 
> available only for PutS3Object whilst CSE is available also for FetchS3Object.
> Given that this will add another 20 or so UI properties the intention is to 
> split it into a Client Side Encryption Service and Server Side Encryption 
> Service. This will allow users to reuse "encryption" across different 
> workflows.
> Existing flows using the Server Side Encryption option will still work as is 
> but will be overridden if a service is added.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to