[
https://issues.apache.org/jira/browse/HADOOP-18708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17870692#comment-17870692
]
ASF GitHub Bot commented on HADOOP-18708:
-----------------------------------------
shameersss1 commented on code in PR #6884:
URL: https://github.com/apache/hadoop/pull/6884#discussion_r1702678008
##########
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/Constants.java:
##########
@@ -746,6 +746,69 @@ private Constants() {
public static final String S3_ENCRYPTION_CONTEXT =
"fs.s3a.encryption.context";
+ /**
+ * Client side encryption (CSE-CUSTOM) with custom cryptographic material
manager class name.
+ * Custom keyring class name for CSE-KMS.
+ * value:{@value}
+ */
+ public static final String S3_ENCRYPTION_CSE_CUSTOM_KEYRING_CLASS_NAME =
+ "fs.s3a.encryption.cse.custom.keyring.class.name";
+
+ /**
+ * This config initializes unencrypted s3 client will be used to access
unencrypted
+ * s3 object. This is to provide backward compatibility.
+ * Config to support reading unencrypted s3 objects when CSE is enabled.
+ * This is to provide backward compatibility with V1/V2 client.
+ * value:{@value}
+ */
+ public static final String S3_ENCRYPTION_CSE_READ_UNENCRYPTED_OBJECTS =
+ "fs.s3a.encryption.cse.read.unencrypted.objects";
+
+ /**
+ * Default value : {@value}.
+ */
+ public static final boolean
S3_ENCRYPTION_CSE_READ_UNENCRYPTED_OBJECTS_DEFAULT = false;
+
+ /**
+ * Config to calculate the size of unencrypted object size using ranged S3
calls.
+ * This is to provide backward compatability with objects encrypted with V1
client.
+ * Unlike V2 and V3 client which always pads 16 bytes, V1 client pads bytes
till the
+ * object size reaches next multiple of 16.
+ * This is to provide backward compatibility.
+ * This is to provide backward compatibility with V1 client.
+ * value:{@value}
+ */
+ public static final String
S3_ENCRYPTION_CSE_OBJECT_SIZE_FROM_RANGED_GET_ENABLED =
Review Comment:
It makes sense. Currently there are three configurations for v1 backward
compatibility
1. Read unencrypted object
2. To identify the plaintext length
3. skipping of instruction file
i agree this makes user experience difficult. I agree with a single flag `
fs.s3a.encryption.cse.v1.compatibility.enabled ` to do all the operations.
> AWS SDK V2 - Implement CSE
> --------------------------
>
> Key: HADOOP-18708
> URL: https://issues.apache.org/jira/browse/HADOOP-18708
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.4.0
> Reporter: Ahmar Suhail
> Assignee: Syed Shameerur Rahman
> Priority: Major
> Labels: pull-request-available
>
> S3 Encryption client for SDK V2 is now available, so add client side
> encryption back in.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
