[jira] [Commented] (NIFI-4256) Add support for all AWS S3 Encryption Options

Wed, 29 Nov 2017 21:13:27 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-4256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16272175#comment-16272175
 ] 

ASF GitHub Bot commented on NIFI-4256:
--------------------------------------

Github user jvwing commented on the issue:

    https://github.com/apache/nifi/pull/2291
  
    @baank - thanks for the update, I think we're almost done.  Two things: 
    
    1.) I still see a checkstyle warning for nifi-aws-processors:
    
    > [INFO] --- maven-checkstyle-plugin:2.15:check (check-style) @ 
nifi-aws-processors ---
    [WARNING] 
src/test/java/org/apache/nifi/processors/aws/s3/TestPutS3Object.java[27:8] 
(imports) UnusedImports: Unused import - 
com.amazonaws.services.s3.model.CryptoConfiguration.
    
    Are you able to run the full build with `mvn clean install -Pcontrib-check` 
or otherwise run the checkstyle:check task?
    
    2.) We still have property descriptors in EncryptedS3PutEnrichmentService 
that specify expression language, but are not evaluating EL (KMS_KEY_ID, 
CUSTOMER_KEY).  Did you mean to change those also?


> Add support for all AWS S3 Encryption Options
> ---------------------------------------------
>
>                 Key: NIFI-4256
>                 URL: https://issues.apache.org/jira/browse/NIFI-4256
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.2.0
>            Reporter: Franco
>              Labels: aws, aws-s3, security
>
> NiFi currently only supportsĀ SSE-S3 encryption (AES256).
> Support needs to be added for:
> * SSE-S3
> * SSE-KMS
> * SSE-C
> * CSE-KMS CMK
> * CSE-Master Key
> With all of the appropriate configuration options and such that SSE is 
> available only for PutS3Object whilst CSE is available also for FetchS3Object.
> Given that this will add another 20 or so UI properties the intention is to 
> split it into a Client Side Encryption Service and Server Side Encryption 
> Service. This will allow users to reuse "encryption" across different 
> workflows.
> Existing flows using the Server Side Encryption option will still work as is 
> but will be overridden if a service is added.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to