[jira] [Commented] (NIFI-1769) Add support for SSE-KMS and S3 Signature Version 4 Authentication AWS

Mon, 20 Jun 2016 22:00:07 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-1769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15341093#comment-15341093
 ] 

ASF GitHub Bot commented on NIFI-1769:
--------------------------------------

Github user jvwing commented on the issue:

    https://github.com/apache/nifi/pull/362
  
    @miquillo , what do you think about using 
[ClientConfiguration::setSignerOverride()](http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#setSignerOverride(java.lang.String))
 to control the signature version?  One of the advantages I see to it is better 
isolation for the processor vs. any other NiFi AWS processors.  I'm a bit 
worried that one PutS3Object processor using SSE-KMS would change the settings 
other processors running at the same time.  I believe an appropriate location 
to do this would be in AbstractS3Processor::createClient().  That would allow 
the configuration code to be shared, while the configured value would remain 
specific to individual processors.
    
    But I'm not sure I agree with configuring the version as a true/false 
setting for signature version 4.  I would recommend a list of values:
    
    * AWS SDK default (as the default selection)
    * Signature v2
    * Signature v4
    
    That leaves room for the AWS SDK default to change if/when we upgrade to a 
newer SDK, and it would allow for users to explicitly request either v4 or v2 
to match whatever features and endpoint they are using.  What do you think?



> Add support for SSE-KMS and S3 Signature Version 4 Authentication AWS
> ---------------------------------------------------------------------
>
>                 Key: NIFI-1769
>                 URL: https://issues.apache.org/jira/browse/NIFI-1769
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 0.5.1
>            Reporter: Michiel Moonen
>            Priority: Minor
>              Labels: newbie, patch, security
>             Fix For: 1.0.0
>
>
> Currently there is no support for SSE-KMS S3 Signature Version 4 
> Authentication. This is necessary for enhanced security features



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to