[GitHub] nifi pull request #1126: NIFI-1769: Implemented SSE with KMS.

2017-02-21 Thread asfgit
Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/1126


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---


[GitHub] nifi pull request #1126: NIFI-1769: Implemented SSE with KMS.

2016-10-18 Thread jvwing
Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1126#discussion_r83904092
  
--- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/s3/PutS3Object.java
 ---
@@ -458,6 +471,13 @@ public void process(final InputStream rawIn) throws 
IOException {
 // single part upload
 //
 final PutObjectRequest request = new 
PutObjectRequest(bucket, key, in, objectMetadata);
+if (keyId != null) {
+if 
(!context.getProperty(SIGNER_OVERRIDE).getValue().equals("AWSS3V4Signer")) {
--- End diff --

Would it be enough to check that it's not V2?  I don't think we need to 
make it impossible to get wrong, as long as we make a good faith attempt to 
help them get it right.  I'm thinking of a few things - 

1. The default should now be V4, I would prefer we not force users to nail 
down their signature version
1. AWS regions and SDK versions are complicated, for example we don't check 
if your region supports V4
1. If or when AWS comes out with signature V5, we would have to update this 
field


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---


[GitHub] nifi pull request #1126: NIFI-1769: Implemented SSE with KMS.

2016-10-18 Thread jvwing
Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1126#discussion_r83901899
  
--- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/s3/PutS3Object.java
 ---
@@ -200,15 +201,24 @@
 .displayName("Server Side Encryption")
 .description("Specifies the algorithm used for server side 
encryption.")
 .required(true)
-.allowableValues(NO_SERVER_SIDE_ENCRYPTION, 
ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION)
+.allowableValues(NO_SERVER_SIDE_ENCRYPTION, 
ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION, KMS_MANAGED)
 .defaultValue(NO_SERVER_SIDE_ENCRYPTION)
 .build();
 
+public static final PropertyDescriptor AWS_KMS_KEY = new 
PropertyDescriptor.Builder()
+.name("aws-kms-key")
+.displayName("Server Side Encryption using KMS")
--- End diff --

I recommend the displayName be a bit more direct, this field is the alias 
of a KMS key, and it's going to be used for SSE.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---


[GitHub] nifi pull request #1126: NIFI-1769: Implemented SSE with KMS.

2016-10-18 Thread jvwing
Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1126#discussion_r83901386
  
--- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/s3/PutS3Object.java
 ---
@@ -39,47 +80,6 @@
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 
-import com.amazonaws.services.s3.model.AmazonS3Exception;
--- End diff --

Would you please only commit changes to the imports, and not re-sort them?  
I assume your IDE is doing this to "help" you, but it makes the diffs harder to 
understand.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---


[GitHub] nifi pull request #1126: NIFI-1769: Implemented SSE with KMS.

2016-10-18 Thread jvwing
Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1126#discussion_r83902231
  
--- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/s3/ITPutS3Object.java
 ---
@@ -50,14 +44,19 @@
 import org.junit.Ignore;
 import org.junit.Test;
 
-import com.amazonaws.AmazonClientException;
--- End diff --

Same thing again about re-sorting imports.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---


[GitHub] nifi pull request #1126: NIFI-1769: Implemented SSE with KMS.

2016-10-18 Thread jvwing
Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1126#discussion_r83904222
  
--- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/s3/PutS3Object.java
 ---
@@ -458,6 +471,13 @@ public void process(final InputStream rawIn) throws 
IOException {
 // single part upload
 //
 final PutObjectRequest request = new 
PutObjectRequest(bucket, key, in, objectMetadata);
+if (keyId != null) {
+if 
(!context.getProperty(SIGNER_OVERRIDE).getValue().equals("AWSS3V4Signer")) {
+getLogger().error("Uploading 
with AWS:KMS requires S3V4 signature, please enable it");
+return;
--- End diff --

The `return` here routes the flowfile to success without going to S3.  Is 
that intended?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---


[GitHub] nifi pull request #1126: NIFI-1769: Implemented SSE with KMS.

2016-10-18 Thread jvwing
Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1126#discussion_r83904288
  
--- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/s3/PutS3Object.java
 ---
@@ -551,6 +571,13 @@ public void process(final InputStream rawIn) throws 
IOException {
 if (currentState.getUploadId().isEmpty()) {
 final InitiateMultipartUploadRequest 
initiateRequest =
 new 
InitiateMultipartUploadRequest(bucket, key, objectMetadata);
+if (keyId != null) {
+if 
(!context.getProperty(SIGNER_OVERRIDE).getValue().equals("AWSS3V4Signer")) {
+getLogger().error("Uploading 
with AWS:KMS requires S3V4 signature, please enable it");
+return;
--- End diff --

Same issue with return routing the flowfile to success.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---