[jira] [Commented] (SPARK-21702) Structured Streaming S3A SSE Encryption Not Applied when PartitionBy Used

George Pongracz (JIRA) Thu, 17 Aug 2017 17:38:29 -0700

    [ 
https://issues.apache.org/jira/browse/SPARK-21702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16131537#comment-16131537
 ]


George Pongracz commented on SPARK-21702:
-----------------------------------------

*Update:*

The data bearing files (files that contain the data payload from the stream) 
written to s3 when viewed through the AWS S3 GUI and selected using their LHS 
check-box encryption in the properties section as "-".

All related non-data bearing files when selected using their LHS check-box 
encryption in the properties section report their encryption  as "AES-256".

When clicking through the name of a single data bearing file, which brings up a 
dedicated overview screen for the file, reports it as having AES-256 encryption.

As one can see, this labelling of encryption is inconsistent and can cause 
confusion that a file on first inspection is unencrypted. 

The good news is that the files are all encrypted underneath even if not 
appearing so at initial inspection though the AWS S3 GUI.

I think this lowers the priority of this iss and I can close if deemed a non 
issue - please advise. 

> Structured Streaming S3A SSE Encryption Not Applied when PartitionBy Used
> -------------------------------------------------------------------------
>
>                 Key: SPARK-21702
>                 URL: https://issues.apache.org/jira/browse/SPARK-21702
>             Project: Spark
>          Issue Type: Bug
>          Components: Structured Streaming
>    Affects Versions: 2.2.0
>         Environment: Hadoop 2.7.3: AWS SDK 1.7.4
> Hadoop 2.8.1: AWS SDK 1.10.6
>            Reporter: George Pongracz
>            Priority: Minor
>              Labels: security
>
> Settings:
>       .config("spark.hadoop.fs.s3a.impl", 
> "org.apache.hadoop.fs.s3a.S3AFileSystem")
>       .config("spark.hadoop.fs.s3a.server-side-encryption-algorithm", 
> "AES256")
> When writing to an S3 sink from structured streaming the files are being 
> encrypted using AES-256
> When introducing a "PartitionBy" the output data files are unencrypted. 
> All other supporting files, metadata are encrypted
> Suspect write to temp is encrypted and move/rename is not applying the SSE.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SPARK-21702) Structured Streaming S3A SSE Encryption Not Applied when PartitionBy Used

Reply via email to