[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption

Valentin Kulichenko (JIRA) Tue, 09 Oct 2018 16:27:58 -0700


    [ 
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16644233#comment-16644233
 ]


Valentin Kulichenko commented on IGNITE-7054:
---------------------------------------------

[~uday], I looked through your changes and here are my comments.

# In most cases Ignite is configured via XML, not in code, so you should make 
sure all the classes that can be part of configuration are Spring compatible. 
For example, {{AsymmetricKeyEncryptionService}} has {{setKeyPair}} method, 
which takes two parameters and therefore can't be provided as a bean property. 
Please fix this one and check others for similar issues.
# I don't like that {{AsymmetricKeyEncryptionService}} uses 
{{SymmetricKeyEncryptionService}} under the hood, this is a bit confusing. I 
think it would be better to move common code to {{IgniteUtils}} and make 
service implementations independent from each other.
# Try to minimize amount of actions that happen in {{encrypt}} and {{decrypt}} 
methods. For example, do you need to create new {{Cipher}} every time in 
{{SymmetricKeyEncryptionService}}? Do you need to call 
{{AwsKmsEncryptionService#initClientAndKmsMasterKeyProvider()}} every time you 
encrypt/decrypt? Please check all the implementations for this kind of things.
# Some methods are package-private, while they can (and should) be private. 
E.g., {{AwsKmsEncryptionService#createClient()}}.
# What is the purpose of {{Base32}} encryption on top of encryption provided by 
the service?

Let me know if you have questions.

> S3 IP finder: support client side encryption
> --------------------------------------------
>
>                 Key: IGNITE-7054
>                 URL: https://issues.apache.org/jira/browse/IGNITE-7054
>             Project: Ignite
>          Issue Type: Improvement
>          Components: s3
>    Affects Versions: 2.3
>            Reporter: Valentin Kulichenko
>            Assignee: Uday Kale
>            Priority: Major
>             Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use 
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need 
> to add this option to the S3 IP finder, along with any applicable 
> configuration parameters.
> [1] 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption

Reply via email to