steveloughran commented on a change in pull request #1823: HADOOP-16794 S3
Encryption keys not propagating correctly during copy operation
URL: https://github.com/apache/hadoop/pull/1823#discussion_r384725607
##########
File path:
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java
##########
@@ -3394,6 +3396,42 @@ private CopyResult copyFile(String srcKey, String
dstKey, long size,
});
}
+ /**
+ * Propagate encryption parameters from source file if set else use the
+ * current file system encryption settings.
+ * @param srcom
+ * @param copyObjectRequest
+ */
+ private void propagateEncryptionParams(ObjectMetadata srcom,
+ CopyObjectRequest copyObjectRequest) {
+ Optional<SSEAwsKeyManagementParams> kmsParams = Optional.empty();
+ String sourceKMSId = srcom.getSSEAwsKmsKeyId();
+ if (isNotEmpty(sourceKMSId)) {
+ // source KMS ID is propagated
+ LOG.debug("Propagating SSE-KMS settings from source {}",
+ sourceKMSId);
+ kmsParams = Optional.of(new SSEAwsKeyManagementParams(sourceKMSId));
+ }
+ kmsParams.ifPresent(
+ copyObjectRequest::setSSEAwsKeyManagementParams);
+ switch(encryptionSecrets.getEncryptionMethod()) {
Review comment:
use getServerSideEncryptionAlgorithm() as before
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
