[
https://issues.apache.org/jira/browse/HADOOP-13075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15856321#comment-15856321
]
Sean Mackrory commented on HADOOP-13075:
----------------------------------------
Can we gracefully skip the SSE-KMS tests when it is not configured? As it is
right now, if you run these tests with a configuration that currently works on
trunk or with SEE-C configured, a bunch of tests will fail. Things ought to
work as best they can with the minimal configuration, and if people configure
additional things, fewer tests get skipped.
Other than that it's looking pretty good in tests. I've tested in the US and
Frankfurt. ITestS3AAWSCredentialsProvider.testAnonymousProvider fails any time
you specify a region other than it expects (us-west-2, I think), which is
definitely not related. I've had a couple of transient failures in the scale
tests against Frankfurt, where operations are failing with 400 Bad Request, but
it's not all the time, so my guess would be it's not related to a change in
encryption. Gonna keep rerunning a bit to see if I can discern any other
pattern there...
> Add support for SSE-KMS and SSE-C in s3a filesystem
> ---------------------------------------------------
>
> Key: HADOOP-13075
> URL: https://issues.apache.org/jira/browse/HADOOP-13075
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 2.8.0
> Reporter: Andrew Olson
> Assignee: Steve Moist
> Attachments: HADOOP-13075-001.patch, HADOOP-13075-002.patch
>
>
> S3 provides 3 types of server-side encryption [1],
> * SSE-S3 (Amazon S3-Managed Keys) [2]
> * SSE-KMS (AWS KMS-Managed Keys) [3]
> * SSE-C (Customer-Provided Keys) [4]
> Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3
> (HADOOP-10568) -- the underlying aws-java-sdk makes that very simple [5].
> With native support in aws-java-sdk already available it should be fairly
> straightforward [6],[7] to support the other two types of SSE with some
> additional fs.s3a configuration properties.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
> [2]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
> [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
> [4]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
> [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html
> [6]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java
> [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
