[jira] [Commented] (PARQUET-2193) Encrypting only one field in nested field prevents reading of other fields in nested field without keys
[ https://issues.apache.org/jira/browse/PARQUET-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17721265#comment-17721265 ] Vignesh Nageswaran commented on PARQUET-2193: - [~gershinsky] sorry for late reply. Yes sir spark 3.4.0 code works without setting the parameter `parquet.split.files` to false. Thanks for raising a PR to skip the verification for encrypted files. > Encrypting only one field in nested field prevents reading of other fields in > nested field without keys > --- > > Key: PARQUET-2193 > URL: https://issues.apache.org/jira/browse/PARQUET-2193 > Project: Parquet > Issue Type: New Feature > Components: parquet-mr >Affects Versions: 1.12.0 >Reporter: Vignesh Nageswaran >Priority: Major > > Hi Team, > While exploring parquet encryption, it is found that, if a field in nested > column is encrypted , and If I want to read this parquet directory from other > applications which does not have encryption keys to decrypt it, I cannot read > the remaining fields of the nested column without keys. > Example > ` > {code:java} > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > `{code} > In the case class `SquareItem` , `nestedCol` field is nested field and I want > to encrypt a field `ic` within it. > > I also want the footer to be non encrypted , so that I can use the encrypted > parquet file by legacy applications. > > Encryption is successful, however, when I query the parquet file using spark > 3.3.0 without having any configuration for parquet encryption set up , I > cannot non encrypted fields of `nestedCol` `sic`. I was expecting that only > `nestedCol` `ic` field will not be querable. > > > Reproducer. > Spark 3.3.0 Using Spark-shell > Downloaded the file > [parquet-hadoop-1.12.0-tests.jar|https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] > and added it to spark-jars folder > Code to create encrypted data. # > > {code:java} > sc.hadoopConfiguration.set("parquet.crypto.factory.class" > ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") > sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" > ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") > sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: > BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: > BAECAAECAAECAAECAAECAA==") > sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > valpartitionCol = 1 > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > val dataRange = (1 to 100).toList > val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, > scala.math.pow(i,2), partitionCol,nestedItem(i,i > squares.toDS().show() > squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", > > "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).option("parquet.encryption.footer.key", > "keyz").parquet(encryptedParquetPath) > {code} > Code to read the data trying to access non encrypted nested field by opening > a new spark-shell > > {code:java} > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > spark.sqlContext.read.parquet(encryptedParquetPath).createOrReplaceTempView("test") > spark.sql("select nestedCol.sic from test").show(){code} > As you can see that nestedCol.sic is not encrypted , I was expecting the > results, but > I get the below error > > {code:java} > Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: > [square_int_column]. Null File Decryptor > at > org.apache.parquet.hadoop.metadata.EncryptedColumnChunkMetaData.decryptIfNeeded(ColumnChunkMetaData.java:602) > at > org.apache.parquet.hadoop.metadata.ColumnChunkMetaData.getEncodings(ColumnChunkMetaData.java:348) > at > org.apache.parquet.hadoop.ParquetRecordReader.checkDeltaByteArrayProblem(ParquetRecordReader.java:191) > at > org.apache.parquet.hadoop.ParquetRecordReader.initializeInternalReader(ParquetRecordReader.java:177) > at > org.apache.parquet.hadoop.ParquetRecordReader.initialize(ParquetRecordReader.java:140) > at > org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat.$anonfun$buildReaderWithPartitionValues$1(ParquetFileFormat.scala:375) > at >
[jira] [Commented] (PARQUET-2193) Encrypting only one field in nested field prevents reading of other fields in nested field without keys
[ https://issues.apache.org/jira/browse/PARQUET-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17718567#comment-17718567 ] Vignesh Nageswaran commented on PARQUET-2193: - [~gershinsky] Sir, could you please let us know will there be any permanent fix, without setting the parameter `parquet.split.files` to false > Encrypting only one field in nested field prevents reading of other fields in > nested field without keys > --- > > Key: PARQUET-2193 > URL: https://issues.apache.org/jira/browse/PARQUET-2193 > Project: Parquet > Issue Type: New Feature > Components: parquet-mr >Affects Versions: 1.12.0 >Reporter: Vignesh Nageswaran >Priority: Major > > Hi Team, > While exploring parquet encryption, it is found that, if a field in nested > column is encrypted , and If I want to read this parquet directory from other > applications which does not have encryption keys to decrypt it, I cannot read > the remaining fields of the nested column without keys. > Example > ` > {code:java} > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > `{code} > In the case class `SquareItem` , `nestedCol` field is nested field and I want > to encrypt a field `ic` within it. > > I also want the footer to be non encrypted , so that I can use the encrypted > parquet file by legacy applications. > > Encryption is successful, however, when I query the parquet file using spark > 3.3.0 without having any configuration for parquet encryption set up , I > cannot non encrypted fields of `nestedCol` `sic`. I was expecting that only > `nestedCol` `ic` field will not be querable. > > > Reproducer. > Spark 3.3.0 Using Spark-shell > Downloaded the file > [parquet-hadoop-1.12.0-tests.jar|https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] > and added it to spark-jars folder > Code to create encrypted data. # > > {code:java} > sc.hadoopConfiguration.set("parquet.crypto.factory.class" > ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") > sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" > ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") > sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: > BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: > BAECAAECAAECAAECAAECAA==") > sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > valpartitionCol = 1 > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > val dataRange = (1 to 100).toList > val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, > scala.math.pow(i,2), partitionCol,nestedItem(i,i > squares.toDS().show() > squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", > > "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).option("parquet.encryption.footer.key", > "keyz").parquet(encryptedParquetPath) > {code} > Code to read the data trying to access non encrypted nested field by opening > a new spark-shell > > {code:java} > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > spark.sqlContext.read.parquet(encryptedParquetPath).createOrReplaceTempView("test") > spark.sql("select nestedCol.sic from test").show(){code} > As you can see that nestedCol.sic is not encrypted , I was expecting the > results, but > I get the below error > > {code:java} > Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: > [square_int_column]. Null File Decryptor > at > org.apache.parquet.hadoop.metadata.EncryptedColumnChunkMetaData.decryptIfNeeded(ColumnChunkMetaData.java:602) > at > org.apache.parquet.hadoop.metadata.ColumnChunkMetaData.getEncodings(ColumnChunkMetaData.java:348) > at > org.apache.parquet.hadoop.ParquetRecordReader.checkDeltaByteArrayProblem(ParquetRecordReader.java:191) > at > org.apache.parquet.hadoop.ParquetRecordReader.initializeInternalReader(ParquetRecordReader.java:177) > at > org.apache.parquet.hadoop.ParquetRecordReader.initialize(ParquetRecordReader.java:140) > at > org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat.$anonfun$buildReaderWithPartitionValues$1(ParquetFileFormat.scala:375) > at >
[jira] [Comment Edited] (PARQUET-2193) Encrypting only one field in nested field prevents reading of other fields in nested field without keys
[ https://issues.apache.org/jira/browse/PARQUET-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17612636#comment-17612636 ] Vignesh Nageswaran edited comment on PARQUET-2193 at 10/4/22 3:05 PM: -- [~gershinsky] thanks sir, it worked. Could you also please help me to understand about any adverse effects of setting is parameter was (Author: JIRAUSER295967): [~gershinsky] thanks sir, it worked. > Encrypting only one field in nested field prevents reading of other fields in > nested field without keys > --- > > Key: PARQUET-2193 > URL: https://issues.apache.org/jira/browse/PARQUET-2193 > Project: Parquet > Issue Type: New Feature > Components: parquet-mr >Affects Versions: 1.12.0 >Reporter: Vignesh Nageswaran >Priority: Major > > Hi Team, > While exploring parquet encryption, it is found that, if a field in nested > column is encrypted , and If I want to read this parquet directory from other > applications which does not have encryption keys to decrypt it, I cannot read > the remaining fields of the nested column without keys. > Example > ` > {code:java} > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > `{code} > In the case class `SquareItem` , `nestedCol` field is nested field and I want > to encrypt a field `ic` within it. > > I also want the footer to be non encrypted , so that I can use the encrypted > parquet file by legacy applications. > > Encryption is successful, however, when I query the parquet file using spark > 3.3.0 without having any configuration for parquet encryption set up , I > cannot non encrypted fields of `nestedCol` `sic`. I was expecting that only > `nestedCol` `ic` field will not be querable. > > > Reproducer. > Spark 3.3.0 Using Spark-shell > Downloaded the file > [parquet-hadoop-1.12.0-tests.jar|https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] > and added it to spark-jars folder > Code to create encrypted data. # > > {code:java} > sc.hadoopConfiguration.set("parquet.crypto.factory.class" > ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") > sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" > ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") > sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: > BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: > BAECAAECAAECAAECAAECAA==") > sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > valpartitionCol = 1 > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > val dataRange = (1 to 100).toList > val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, > scala.math.pow(i,2), partitionCol,nestedItem(i,i > squares.toDS().show() > squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", > > "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).option("parquet.encryption.footer.key", > "keyz").parquet(encryptedParquetPath) > {code} > Code to read the data trying to access non encrypted nested field by opening > a new spark-shell > > {code:java} > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > spark.sqlContext.read.parquet(encryptedParquetPath).createOrReplaceTempView("test") > spark.sql("select nestedCol.sic from test").show(){code} > As you can see that nestedCol.sic is not encrypted , I was expecting the > results, but > I get the below error > > {code:java} > Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: > [square_int_column]. Null File Decryptor > at > org.apache.parquet.hadoop.metadata.EncryptedColumnChunkMetaData.decryptIfNeeded(ColumnChunkMetaData.java:602) > at > org.apache.parquet.hadoop.metadata.ColumnChunkMetaData.getEncodings(ColumnChunkMetaData.java:348) > at > org.apache.parquet.hadoop.ParquetRecordReader.checkDeltaByteArrayProblem(ParquetRecordReader.java:191) > at > org.apache.parquet.hadoop.ParquetRecordReader.initializeInternalReader(ParquetRecordReader.java:177) > at > org.apache.parquet.hadoop.ParquetRecordReader.initialize(ParquetRecordReader.java:140) > at > org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat.$anonfun$buildReaderWithPartitionValues$1(ParquetFileFormat.scala:375) > at >
[jira] [Commented] (PARQUET-2193) Encrypting only one field in nested field prevents reading of other fields in nested field without keys
[ https://issues.apache.org/jira/browse/PARQUET-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17612636#comment-17612636 ] Vignesh Nageswaran commented on PARQUET-2193: - [~gershinsky] thanks sir, it worked. > Encrypting only one field in nested field prevents reading of other fields in > nested field without keys > --- > > Key: PARQUET-2193 > URL: https://issues.apache.org/jira/browse/PARQUET-2193 > Project: Parquet > Issue Type: New Feature > Components: parquet-mr >Affects Versions: 1.12.0 >Reporter: Vignesh Nageswaran >Priority: Major > > Hi Team, > While exploring parquet encryption, it is found that, if a field in nested > column is encrypted , and If I want to read this parquet directory from other > applications which does not have encryption keys to decrypt it, I cannot read > the remaining fields of the nested column without keys. > Example > ` > {code:java} > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > `{code} > In the case class `SquareItem` , `nestedCol` field is nested field and I want > to encrypt a field `ic` within it. > > I also want the footer to be non encrypted , so that I can use the encrypted > parquet file by legacy applications. > > Encryption is successful, however, when I query the parquet file using spark > 3.3.0 without having any configuration for parquet encryption set up , I > cannot non encrypted fields of `nestedCol` `sic`. I was expecting that only > `nestedCol` `ic` field will not be querable. > > > Reproducer. > Spark 3.3.0 Using Spark-shell > Downloaded the file > [parquet-hadoop-1.12.0-tests.jar|https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] > and added it to spark-jars folder > Code to create encrypted data. # > > {code:java} > sc.hadoopConfiguration.set("parquet.crypto.factory.class" > ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") > sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" > ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") > sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: > BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: > BAECAAECAAECAAECAAECAA==") > sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > valpartitionCol = 1 > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > val dataRange = (1 to 100).toList > val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, > scala.math.pow(i,2), partitionCol,nestedItem(i,i > squares.toDS().show() > squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", > > "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).option("parquet.encryption.footer.key", > "keyz").parquet(encryptedParquetPath) > {code} > Code to read the data trying to access non encrypted nested field by opening > a new spark-shell > > {code:java} > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > spark.sqlContext.read.parquet(encryptedParquetPath).createOrReplaceTempView("test") > spark.sql("select nestedCol.sic from test").show(){code} > As you can see that nestedCol.sic is not encrypted , I was expecting the > results, but > I get the below error > > {code:java} > Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: > [square_int_column]. Null File Decryptor > at > org.apache.parquet.hadoop.metadata.EncryptedColumnChunkMetaData.decryptIfNeeded(ColumnChunkMetaData.java:602) > at > org.apache.parquet.hadoop.metadata.ColumnChunkMetaData.getEncodings(ColumnChunkMetaData.java:348) > at > org.apache.parquet.hadoop.ParquetRecordReader.checkDeltaByteArrayProblem(ParquetRecordReader.java:191) > at > org.apache.parquet.hadoop.ParquetRecordReader.initializeInternalReader(ParquetRecordReader.java:177) > at > org.apache.parquet.hadoop.ParquetRecordReader.initialize(ParquetRecordReader.java:140) > at > org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat.$anonfun$buildReaderWithPartitionValues$1(ParquetFileFormat.scala:375) > at > org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.org$apache$spark$sql$execution$datasources$FileScanRDD$$anon$$readCurrentFile(FileScanRDD.scala:209) > at >
[jira] [Updated] (PARQUET-2194) parquet.encryption.plaintext.footer parameter being true, code expects parquet.encryption.footer.key
[ https://issues.apache.org/jira/browse/PARQUET-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vignesh Nageswaran updated PARQUET-2194: Description: Hi Team, I want my footer in parquet file to be non encrypted. so I set the _parquet.encryption.plaintext.footer_ to be {_}true{_}, but when I tried to run my code, parquet-mr is expecting __ value __ for the __ property _parquet.encryption.footer.key **_ Reproducer Spark 3.3.0 Download the [file|[https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] ] and place it in spark - jar directory using spark-shell {code:java} sc.hadoopConfiguration.set("parquet.crypto.factory.class" ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: BAECAAECAAECAAECAAECAA==") sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" val partitionCol = 1 case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) case class SquareItem(int_column: Int, square_int_column : Double, partitionCol: Int, nestedCol :nestedItem) val dataRange = (1 to 100).toList val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, scala.math.pow(i,2), partitionCol,nestedItem(i,i squares.toDS().show() squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).parquet(encryptedParquetPath){code} I get the below error, my expectation is if I set properties for my footer to be plain text, why do we need keys for footer. {code:java} Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: Undefined footer key at org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory.getFileEncryptionProperties(PropertiesDrivenCryptoFactory.java:88) at org.apache.parquet.hadoop.ParquetOutputFormat.createEncryptionProperties(ParquetOutputFormat.java:554) at org.apache.parquet.hadoop.ParquetOutputFormat.getRecordWriter(ParquetOutputFormat.java:478) at org.apache.parquet.hadoop.ParquetOutputFormat.getRecordWriter(ParquetOutputFormat.java:420) at org.apache.parquet.hadoop.ParquetOutputFormat.getRecordWriter(ParquetOutputFormat.java:409) at org.apache.spark.sql.execution.datasources.parquet.ParquetOutputWriter.(ParquetOutputWriter.scala:36) at org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat$$anon$1.newInstance(ParquetFileFormat.scala:155) at org.apache.spark.sql.execution.datasources.BaseDynamicPartitionDataWriter.renewCurrentWriter(FileFormatDataWriter.scala:298) at org.apache.spark.sql.execution.datasources.DynamicPartitionDataSingleWriter.write(FileFormatDataWriter.scala:365) at org.apache.spark.sql.execution.datasources.FileFormatDataWriter.writeWithMetrics(FileFormatDataWriter.scala:85) at org.apache.spark.sql.execution.datasources.FileFormatDataWriter.writeWithIterator(FileFormatDataWriter.scala:92) at org.apache.spark.sql.execution.datasources.FileFormatWriter$.$anonfun$executeTask$1(FileFormatWriter.scala:331) at org.apache.spark.util.Utils$.tryWithSafeFinallyAndFailureCallbacks(Utils.scala:1538) at org.apache.spark.sql.execution.datasources.FileFormatWriter$.executeTask(FileFormatWriter.scala:338) ... 9 more {code} was: Hi Team, I want my footer in parquet file to be non encrypted. so I set the _parquet.encryption.plaintext.footer_ to be {_}true{_}, but when I tried to run my code, parquet-mr is expecting __ value __ for the __ property _parquet.encryption.footer.key **_ Reproducer Spark 3.3.0 Download the [file|[https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] ] and place it in spark - jar directory using spark-shell {code:java} sc.hadoopConfiguration.set("parquet.crypto.factory.class" ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: BAECAAECAAECAAECAAECAA==") sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" val partitionCol = 1 case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) case class SquareItem(int_column: Int, square_int_column : Double, partitionCol: Int, nestedCol :nestedItem) val
[jira] [Created] (PARQUET-2194) parquet.encryption.plaintext.footer parameter being true, code expects parquet.encryption.footer.key
Vignesh Nageswaran created PARQUET-2194: --- Summary: parquet.encryption.plaintext.footer parameter being true, code expects parquet.encryption.footer.key Key: PARQUET-2194 URL: https://issues.apache.org/jira/browse/PARQUET-2194 Project: Parquet Issue Type: Bug Components: parquet-mr Affects Versions: 1.12.0 Reporter: Vignesh Nageswaran Hi Team, I want my footer in parquet file to be non encrypted. so I set the _parquet.encryption.plaintext.footer_ to be {_}true{_}, but when I tried to run my code, parquet-mr is expecting __ value __ for the __ property _parquet.encryption.footer.key **_ Reproducer Spark 3.3.0 Download the [file|[https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] ] and place it in spark - jar directory using spark-shell {code:java} sc.hadoopConfiguration.set("parquet.crypto.factory.class" ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: BAECAAECAAECAAECAAECAA==") sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" val partitionCol = 1 case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) case class SquareItem(int_column: Int, square_int_column : Double, partitionCol: Int, nestedCol :nestedItem) val dataRange = (1 to 100).toList val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, scala.math.pow(i,2), partitionCol,nestedItem(i,i squares.toDS().show() squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).parquet(encryptedParquetPath){code} I get the below error, my expectation is if I set properties for my footer to be plain text, why do we need keys for footer. {code:java} Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: Undefined footer key at org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory.getFileEncryptionProperties(PropertiesDrivenCryptoFactory.java:88) at org.apache.parquet.hadoop.ParquetOutputFormat.createEncryptionProperties(ParquetOutputFormat.java:554) at org.apache.parquet.hadoop.ParquetOutputFormat.getRecordWriter(ParquetOutputFormat.java:478) at org.apache.parquet.hadoop.ParquetOutputFormat.getRecordWriter(ParquetOutputFormat.java:420) at org.apache.parquet.hadoop.ParquetOutputFormat.getRecordWriter(ParquetOutputFormat.java:409) at org.apache.spark.sql.execution.datasources.parquet.ParquetOutputWriter.(ParquetOutputWriter.scala:36) at org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat$$anon$1.newInstance(ParquetFileFormat.scala:155) at org.apache.spark.sql.execution.datasources.BaseDynamicPartitionDataWriter.renewCurrentWriter(FileFormatDataWriter.scala:298) at org.apache.spark.sql.execution.datasources.DynamicPartitionDataSingleWriter.write(FileFormatDataWriter.scala:365) at org.apache.spark.sql.execution.datasources.FileFormatDataWriter.writeWithMetrics(FileFormatDataWriter.scala:85) at org.apache.spark.sql.execution.datasources.FileFormatDataWriter.writeWithIterator(FileFormatDataWriter.scala:92) at org.apache.spark.sql.execution.datasources.FileFormatWriter$.$anonfun$executeTask$1(FileFormatWriter.scala:331) at org.apache.spark.util.Utils$.tryWithSafeFinallyAndFailureCallbacks(Utils.scala:1538) at org.apache.spark.sql.execution.datasources.FileFormatWriter$.executeTask(FileFormatWriter.scala:338) ... 9 more {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (PARQUET-2193) Encrypting only one field in nested field prevents reading of other fields in nested field without keys
[ https://issues.apache.org/jira/browse/PARQUET-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vignesh Nageswaran updated PARQUET-2193: Issue Type: New Feature (was: Bug) > Encrypting only one field in nested field prevents reading of other fields in > nested field without keys > --- > > Key: PARQUET-2193 > URL: https://issues.apache.org/jira/browse/PARQUET-2193 > Project: Parquet > Issue Type: New Feature > Components: parquet-mr >Affects Versions: 1.12.0 >Reporter: Vignesh Nageswaran >Priority: Critical > > Hi Team, > While exploring parquet encryption, it is found that, if a field in nested > column is encrypted , and If I want to read this parquet directory from other > applications which does not have encryption keys to decrypt it, I cannot read > the remaining fields of the nested column without keys. > Example > ` > {code:java} > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > `{code} > In the case class `SquareItem` , `nestedCol` field is nested field and I want > to encrypt a field `ic` within it. > > I also want the footer to be non encrypted , so that I can use the encrypted > parquet file by legacy applications. > > Encryption is successful, however, when I query the parquet file using spark > 3.3.0 without having any configuration for parquet encryption set up , I > cannot non encrypted fields of `nestedCol` `sic`. I was expecting that only > `nestedCol` `ic` field will not be querable. > > > Reproducer. > Spark 3.3.0 Using Spark-shell > Downloaded the file > [parquet-hadoop-1.12.0-tests.jar|https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] > and added it to spark-jars folder > Code to create encrypted data. # > > {code:java} > sc.hadoopConfiguration.set("parquet.crypto.factory.class" > ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") > sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" > ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") > sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: > BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: > BAECAAECAAECAAECAAECAA==") > sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > valpartitionCol = 1 > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > val dataRange = (1 to 100).toList > val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, > scala.math.pow(i,2), partitionCol,nestedItem(i,i > squares.toDS().show() > squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", > > "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).option("parquet.encryption.footer.key", > "keyz").parquet(encryptedParquetPath) > {code} > Code to read the data trying to access non encrypted nested field by opening > a new spark-shell > > {code:java} > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > spark.sqlContext.read.parquet(encryptedParquetPath).createOrReplaceTempView("test") > spark.sql("select nestedCol.sic from test").show(){code} > As you can see that nestedCol.sic is not encrypted , I was expecting the > results, but > I get the below error > > {code:java} > Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: > [square_int_column]. Null File Decryptor > at > org.apache.parquet.hadoop.metadata.EncryptedColumnChunkMetaData.decryptIfNeeded(ColumnChunkMetaData.java:602) > at > org.apache.parquet.hadoop.metadata.ColumnChunkMetaData.getEncodings(ColumnChunkMetaData.java:348) > at > org.apache.parquet.hadoop.ParquetRecordReader.checkDeltaByteArrayProblem(ParquetRecordReader.java:191) > at > org.apache.parquet.hadoop.ParquetRecordReader.initializeInternalReader(ParquetRecordReader.java:177) > at > org.apache.parquet.hadoop.ParquetRecordReader.initialize(ParquetRecordReader.java:140) > at > org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat.$anonfun$buildReaderWithPartitionValues$1(ParquetFileFormat.scala:375) > at > org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.org$apache$spark$sql$execution$datasources$FileScanRDD$$anon$$readCurrentFile(FileScanRDD.scala:209) > at > org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.nextIterator(FileScanRDD.scala:270) > at >
[jira] [Updated] (PARQUET-2193) Encrypting only one field in nested field prevents reading of other fields in nested field without keys
[ https://issues.apache.org/jira/browse/PARQUET-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vignesh Nageswaran updated PARQUET-2193: Priority: Major (was: Critical) > Encrypting only one field in nested field prevents reading of other fields in > nested field without keys > --- > > Key: PARQUET-2193 > URL: https://issues.apache.org/jira/browse/PARQUET-2193 > Project: Parquet > Issue Type: New Feature > Components: parquet-mr >Affects Versions: 1.12.0 >Reporter: Vignesh Nageswaran >Priority: Major > > Hi Team, > While exploring parquet encryption, it is found that, if a field in nested > column is encrypted , and If I want to read this parquet directory from other > applications which does not have encryption keys to decrypt it, I cannot read > the remaining fields of the nested column without keys. > Example > ` > {code:java} > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > `{code} > In the case class `SquareItem` , `nestedCol` field is nested field and I want > to encrypt a field `ic` within it. > > I also want the footer to be non encrypted , so that I can use the encrypted > parquet file by legacy applications. > > Encryption is successful, however, when I query the parquet file using spark > 3.3.0 without having any configuration for parquet encryption set up , I > cannot non encrypted fields of `nestedCol` `sic`. I was expecting that only > `nestedCol` `ic` field will not be querable. > > > Reproducer. > Spark 3.3.0 Using Spark-shell > Downloaded the file > [parquet-hadoop-1.12.0-tests.jar|https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] > and added it to spark-jars folder > Code to create encrypted data. # > > {code:java} > sc.hadoopConfiguration.set("parquet.crypto.factory.class" > ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") > sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" > ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") > sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: > BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: > BAECAAECAAECAAECAAECAA==") > sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > valpartitionCol = 1 > case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) > case class SquareItem(int_column: Int, square_int_column : Double, > partitionCol: Int, nestedCol :nestedItem) > val dataRange = (1 to 100).toList > val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, > scala.math.pow(i,2), partitionCol,nestedItem(i,i > squares.toDS().show() > squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", > > "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).option("parquet.encryption.footer.key", > "keyz").parquet(encryptedParquetPath) > {code} > Code to read the data trying to access non encrypted nested field by opening > a new spark-shell > > {code:java} > val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" > spark.sqlContext.read.parquet(encryptedParquetPath).createOrReplaceTempView("test") > spark.sql("select nestedCol.sic from test").show(){code} > As you can see that nestedCol.sic is not encrypted , I was expecting the > results, but > I get the below error > > {code:java} > Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: > [square_int_column]. Null File Decryptor > at > org.apache.parquet.hadoop.metadata.EncryptedColumnChunkMetaData.decryptIfNeeded(ColumnChunkMetaData.java:602) > at > org.apache.parquet.hadoop.metadata.ColumnChunkMetaData.getEncodings(ColumnChunkMetaData.java:348) > at > org.apache.parquet.hadoop.ParquetRecordReader.checkDeltaByteArrayProblem(ParquetRecordReader.java:191) > at > org.apache.parquet.hadoop.ParquetRecordReader.initializeInternalReader(ParquetRecordReader.java:177) > at > org.apache.parquet.hadoop.ParquetRecordReader.initialize(ParquetRecordReader.java:140) > at > org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat.$anonfun$buildReaderWithPartitionValues$1(ParquetFileFormat.scala:375) > at > org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.org$apache$spark$sql$execution$datasources$FileScanRDD$$anon$$readCurrentFile(FileScanRDD.scala:209) > at > org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.nextIterator(FileScanRDD.scala:270) > at >
[jira] [Created] (PARQUET-2193) Encrypting only one field in nested field prevents reading of other fields in nested field without keys
Vignesh Nageswaran created PARQUET-2193: --- Summary: Encrypting only one field in nested field prevents reading of other fields in nested field without keys Key: PARQUET-2193 URL: https://issues.apache.org/jira/browse/PARQUET-2193 Project: Parquet Issue Type: Bug Components: parquet-mr Affects Versions: 1.12.0 Reporter: Vignesh Nageswaran Hi Team, While exploring parquet encryption, it is found that, if a field in nested column is encrypted , and If I want to read this parquet directory from other applications which does not have encryption keys to decrypt it, I cannot read the remaining fields of the nested column without keys. Example ` {code:java} case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) case class SquareItem(int_column: Int, square_int_column : Double, partitionCol: Int, nestedCol :nestedItem) `{code} In the case class `SquareItem` , `nestedCol` field is nested field and I want to encrypt a field `ic` within it. I also want the footer to be non encrypted , so that I can use the encrypted parquet file by legacy applications. Encryption is successful, however, when I query the parquet file using spark 3.3.0 without having any configuration for parquet encryption set up , I cannot non encrypted fields of `nestedCol` `sic`. I was expecting that only `nestedCol` `ic` field will not be querable. Reproducer. Spark 3.3.0 Using Spark-shell Downloaded the file [parquet-hadoop-1.12.0-tests.jar|https://repo1.maven.org/maven2/org/apache/parquet/parquet-hadoop/1.12.0/parquet-hadoop-1.12.0-tests.jar] and added it to spark-jars folder Code to create encrypted data. # {code:java} sc.hadoopConfiguration.set("parquet.crypto.factory.class" ,"org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory") sc.hadoopConfiguration.set("parquet.encryption.kms.client.class" ,"org.apache.parquet.crypto.keytools.mocks.InMemoryKMS") sc.hadoopConfiguration.set("parquet.encryption.key.list","key1a: BAECAwQFBgcICQoLDA0ODw==, key2a: BAECAAECAAECAAECAAECAA==, keyz: BAECAAECAAECAAECAAECAA==") sc.hadoopConfiguration.set("parquet.encryption.key.material.store.internally","false") val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" valpartitionCol = 1 case class nestedItem(ic: Int = 0, sic : Double, pc: Int = 0) case class SquareItem(int_column: Int, square_int_column : Double, partitionCol: Int, nestedCol :nestedItem) val dataRange = (1 to 100).toList val squares = sc.parallelize(dataRange.map(i => new SquareItem(i, scala.math.pow(i,2), partitionCol,nestedItem(i,i squares.toDS().show() squares.toDS().write.partitionBy("partitionCol").mode("overwrite").option("parquet.encryption.column.keys", "key1a:square_int_column,nestedCol.ic;").option("parquet.encryption.plaintext.footer",true).option("parquet.encryption.footer.key", "keyz").parquet(encryptedParquetPath) {code} Code to read the data trying to access non encrypted nested field by opening a new spark-shell {code:java} val encryptedParquetPath = "/tmp/par_enc_footer_non_encrypted" spark.sqlContext.read.parquet(encryptedParquetPath).createOrReplaceTempView("test") spark.sql("select nestedCol.sic from test").show(){code} As you can see that nestedCol.sic is not encrypted , I was expecting the results, but I get the below error {code:java} Caused by: org.apache.parquet.crypto.ParquetCryptoRuntimeException: [square_int_column]. Null File Decryptor at org.apache.parquet.hadoop.metadata.EncryptedColumnChunkMetaData.decryptIfNeeded(ColumnChunkMetaData.java:602) at org.apache.parquet.hadoop.metadata.ColumnChunkMetaData.getEncodings(ColumnChunkMetaData.java:348) at org.apache.parquet.hadoop.ParquetRecordReader.checkDeltaByteArrayProblem(ParquetRecordReader.java:191) at org.apache.parquet.hadoop.ParquetRecordReader.initializeInternalReader(ParquetRecordReader.java:177) at org.apache.parquet.hadoop.ParquetRecordReader.initialize(ParquetRecordReader.java:140) at org.apache.spark.sql.execution.datasources.parquet.ParquetFileFormat.$anonfun$buildReaderWithPartitionValues$1(ParquetFileFormat.scala:375) at org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.org$apache$spark$sql$execution$datasources$FileScanRDD$$anon$$readCurrentFile(FileScanRDD.scala:209) at org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.nextIterator(FileScanRDD.scala:270) at org.apache.spark.sql.execution.datasources.FileScanRDD$$anon$1.hasNext(FileScanRDD.scala:116) at scala.collection.Iterator$$anon$10.hasNext(Iterator.scala:460) at org.apache.spark.sql.catalyst.expressions.GeneratedClass$GeneratedIteratorForCodegenStage1.processNext(Unknown Source) at org.apache.spark.sql.execution.BufferedRowIterator.hasNext(BufferedRowIterator.java:43) at