[ https://issues.apache.org/jira/browse/HADOOP-17912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17655966#comment-17655966 ]
ASF GitHub Bot commented on HADOOP-17912: ----------------------------------------- pranavsaxena-microsoft commented on PR #3440: URL: https://github.com/apache/hadoop/pull/3440#issuecomment-1375240277 > There, i've just spent a couple of hours going through it. big piece of work. > > In this current design, the EncryptionAdapter is either null or non null; if non null it is used to do the encryption/decryption, which is a bit scattered through the code > > There's another strategy: move the work into the EncryptionAdapter itself, with a an abstract EncryptionAdapter base class, a NoEncryptionAdapter for when its not used (make this a singleton) and then the ContextEncryptionAdapter which uses the EncryptionContextProvider, conains the keys etc and where you can push the work > > I'm worried that AbfsClient will call getPathStatus() on any operation when it things it needs the header, including getPathStatus itself. I think that code needs to be restricted only to those calls where it absolutely needs that header (do delete and flush really need it?), and that getPathStatus is explicitly excluded. > > Finally, is the new api live? In the method addEncryptionKeyRequestHeaders of AbfsClient.java, encrptionAdapter is always going to be non-null object. when encryptionType==ENCRYPTION_CONTEXT. Hence, we would not need to call getPathStatus in this method. And as there is no logic when encryptionAdapter is null, have not made the change for EncryptionAdapter base class and having NoEncryptionAdapter child class. > ABFS: Support for Encryption Context > ------------------------------------ > > Key: HADOOP-17912 > URL: https://issues.apache.org/jira/browse/HADOOP-17912 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/azure > Affects Versions: 3.3.1 > Reporter: Sumangala Patki > Assignee: Pranav Saxena > Priority: Major > Labels: pull-request-available > Time Spent: 1h > Remaining Estimate: 0h > > Support for customer-provided encryption keys at the file level, superceding > the global (account-level) key use in HADOOP-17536. > ABFS driver will support an "EncryptionContext" plugin for retrieving > encryption information, the implementation for which should be provided by > the client. The keys/context retrieved will be sent via request headers to > the server, which will store the encryption context. Subsequent REST calls to > server that access data/user metadata of the file will require fetching the > encryption context through a GetFileProperties call and retrieving the key > from the custom provider, before sending the request. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org