[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16729511#comment-16729511 ] Uday Kale commented on IGNITE-7054: --- [~dpavlov], [~vkulichenko], thanks for all the efforts and help. > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16729510#comment-16729510 ] Dmitriy Pavlov commented on IGNITE-7054: [~vkulichenko] thank you for your efforts while reviewing this patch > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16729227#comment-16729227 ] Valentin Kulichenko commented on IGNITE-7054: - [~dpavlov], yes, I merged the changes to master. [~uday], thanks for your contribution! > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16729228#comment-16729228 ] ASF GitHub Bot commented on IGNITE-7054: Github user asfgit closed the pull request at: https://github.com/apache/ignite/pull/4555 > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16721426#comment-16721426 ] Dmitriy Pavlov commented on IGNITE-7054: [~vkulichenko] are you agree with the fix now? > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16647528#comment-16647528 ] Uday Kale commented on IGNITE-7054: --- [~vkulichenko], Yes adding an {{init()}} method makes sense. I have made all the changes and updated the PR. Please have a look. > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16647211#comment-16647211 ] Valentin Kulichenko commented on IGNITE-7054: - [~uday], Agree with #4 and #5. Please do the changes for #1-3 and resubmit the PR. Regarding #3: I think it makes sense to add {{init()}} method to the {{EncryptionService}} and use it for the initialization step. This way you will avoid complicated synchronization and simplify the implementation. Makes sense? > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16646918#comment-16646918 ] Uday Kale commented on IGNITE-7054: --- [~vkulichenko], Thanks for the review. Following are the replies to the requested changes: # I will change this to take a single argument {{KeyPair}} which holds both {{PrivateKey}} and {{PublicKey}}. Didn't find any other such cases. # [No questions] # I have implemented this on the same lines as {{TcpDiscoveryS3IpFinder#initClient()}}. Here since, the setters are used to pass the initialisation params, I will have to check for them and lazy initialise the clients. If its OK to pass these params from constructor instead of setters, I can remove such code. # I have made them package-private for unit test purposes. See {{AwsKmsEncryptionServiceTest#testEncryptDecrypt() Line:54}}. # The encrypted bytes under the default java character encoding is returning some special characters. These special characters are illegal in S3. See characters to avoid under [https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html]. Base32 encoding has all characters that are acceptable by AWS S3. See [https://en.wikipedia.org/wiki/Base32]. > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16644233#comment-16644233 ] Valentin Kulichenko commented on IGNITE-7054: - [~uday], I looked through your changes and here are my comments. # In most cases Ignite is configured via XML, not in code, so you should make sure all the classes that can be part of configuration are Spring compatible. For example, {{AsymmetricKeyEncryptionService}} has {{setKeyPair}} method, which takes two parameters and therefore can't be provided as a bean property. Please fix this one and check others for similar issues. # I don't like that {{AsymmetricKeyEncryptionService}} uses {{SymmetricKeyEncryptionService}} under the hood, this is a bit confusing. I think it would be better to move common code to {{IgniteUtils}} and make service implementations independent from each other. # Try to minimize amount of actions that happen in {{encrypt}} and {{decrypt}} methods. For example, do you need to create new {{Cipher}} every time in {{SymmetricKeyEncryptionService}}? Do you need to call {{AwsKmsEncryptionService#initClientAndKmsMasterKeyProvider()}} every time you encrypt/decrypt? Please check all the implementations for this kind of things. # Some methods are package-private, while they can (and should) be private. E.g., {{AwsKmsEncryptionService#createClient()}}. # What is the purpose of {{Base32}} encryption on top of encryption provided by the service? Let me know if you have questions. > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.8 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16624277#comment-16624277 ] Valentin Kulichenko commented on IGNITE-7054: - [~NIzhikov], I'm going to look at this next week. If all is good, will merge it. Otherwise, will move to 2.8. > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.7 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16623508#comment-16623508 ] Nikolay Izhikov commented on IGNITE-7054: - [~uday], [~vkulichenko] Do we have a chance to resolve this ticket until the code freeze of 2.7? > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.7 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16584394#comment-16584394 ] Valentin Kulichenko commented on IGNITE-7054: - [~uday], thanks for create a PR. I will review it in the next few days and will provide my feedback. > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.7 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16582163#comment-16582163 ] ASF GitHub Bot commented on IGNITE-7054: GitHub user udaykale opened a pull request: https://github.com/apache/ignite/pull/4555 IGNITE-7054 S3 IP finder: support client side encryption You can merge this pull request into a Git repository by running: $ git pull https://github.com/udaykale/ignite IGNITE-7054 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/ignite/pull/4555.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #4555 commit 3e5c3018807ae1eb04154e71c54c399e82b9a641 Author: uday Date: 2018-08-16T07:32:23Z IGNITE-7054 S3 IP finder: support client side encryption > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.7 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16570930#comment-16570930 ] Valentin Kulichenko commented on IGNITE-7054: - [~uday], well, any data that IP finder wants to write into a bucket. To my knowledge, this means only IPs and port numbers, yes. > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Assignee: Uday Kale >Priority: Major > Fix For: 2.7 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[ https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16569480#comment-16569480 ] Uday Kale commented on IGNITE-7054: --- [~vkulichenko] is the intention of this task to encryption the node addresses? > S3 IP finder: support client side encryption > > > Key: IGNITE-7054 > URL: https://issues.apache.org/jira/browse/IGNITE-7054 > Project: Ignite > Issue Type: Improvement > Components: s3 >Affects Versions: 2.3 >Reporter: Valentin Kulichenko >Priority: Major > Fix For: 2.7 > > > In case client side encryption [1] is used, it may be required to use > {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need > to add this option to the S3 IP finder, along with any applicable > configuration parameters. > [1] > http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)