[jira] [Commented] (HADOOP-14324) Switch to fs.s3a.server-side-encryption.key as property for encryption secret; load via credential provider

2017-04-20 Thread Steve Loughran (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15977343#comment-15977343
 ] 

Steve Loughran commented on HADOOP-14324:
-

I'm going to highlight that pickup via getPassword() doesn't seem to pick up 
property deprecation. This is going to be consistent across all uses...probably 
something nobody has noticed
before.

> Switch to fs.s3a.server-side-encryption.key as property for encryption 
> secret; load via credential provider
> ---
>
> Key: HADOOP-14324
> URL: https://issues.apache.org/jira/browse/HADOOP-14324
> Project: Hadoop Common
>  Issue Type: Sub-task
>  Components: fs/s3
>Affects Versions: 2.9.0
>Reporter: Steve Loughran
>Assignee: Steve Loughran
>Priority: Blocker
> Attachments: HADOOP-14324-branch-2-001.patch, 
> HADOOP-14324-branch-2-002.patch
>
>
> Before this ships, can we rename {{fs.s3a.server-side-encryption-key}} to 
> {{fs.s3a.server-side-encryption.key}}.
> This makes it consistent with all other .key secrets in S3A. so
> * simplifies documentation
> * reduces confusion "is it a - or a ."? This confusion is going to surface in 
> config and support
> I know that CDH is shipping with the old key, but it'll be easy for them to 
> add a deprecation property to handle the migration. I do at least what the 
> ASF release to be stable before it ships.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-14324) Switch to fs.s3a.server-side-encryption.key as property for encryption secret; load via credential provider

2017-04-20 Thread John Zhuge (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15977066#comment-15977066
 ] 

John Zhuge commented on HADOOP-14324:
-

bq.  didn't know about that reload thing. Makes we think: should we move the 
deprecation listings into hadoop-common, just to save on the hit of a reload of 
everything?

Unfortunately moving deprecation listing to hadoop-common will force us to use 
a string literal for the new key because the constant for the new key is 
defined in hadoop-tools.

> Switch to fs.s3a.server-side-encryption.key as property for encryption 
> secret; load via credential provider
> ---
>
> Key: HADOOP-14324
> URL: https://issues.apache.org/jira/browse/HADOOP-14324
> Project: Hadoop Common
>  Issue Type: Sub-task
>  Components: fs/s3
>Affects Versions: 2.9.0
>Reporter: Steve Loughran
>Assignee: Steve Loughran
>Priority: Blocker
> Attachments: HADOOP-14324-branch-2-001.patch, 
> HADOOP-14324-branch-2-002.patch
>
>
> Before this ships, can we rename {{fs.s3a.server-side-encryption-key}} to 
> {{fs.s3a.server-side-encryption.key}}.
> This makes it consistent with all other .key secrets in S3A. so
> * simplifies documentation
> * reduces confusion "is it a - or a ."? This confusion is going to surface in 
> config and support
> I know that CDH is shipping with the old key, but it'll be easy for them to 
> add a deprecation property to handle the migration. I do at least what the 
> ASF release to be stable before it ships.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-14324) Switch to fs.s3a.server-side-encryption.key as property for encryption secret; load via credential provider

2017-04-20 Thread John Zhuge (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15977021#comment-15977021
 ] 

John Zhuge commented on HADOOP-14324:
-

There is a known issue tracked by HADOOP-14251: if an old key is stored in cred 
store, it can not be read by a new key.

> Switch to fs.s3a.server-side-encryption.key as property for encryption 
> secret; load via credential provider
> ---
>
> Key: HADOOP-14324
> URL: https://issues.apache.org/jira/browse/HADOOP-14324
> Project: Hadoop Common
>  Issue Type: Sub-task
>  Components: fs/s3
>Affects Versions: 2.9.0
>Reporter: Steve Loughran
>Assignee: Steve Loughran
>Priority: Blocker
> Attachments: HADOOP-14324-branch-2-001.patch, 
> HADOOP-14324-branch-2-002.patch
>
>
> Before this ships, can we rename {{fs.s3a.server-side-encryption-key}} to 
> {{fs.s3a.server-side-encryption.key}}.
> This makes it consistent with all other .key secrets in S3A. so
> * simplifies documentation
> * reduces confusion "is it a - or a ."? This confusion is going to surface in 
> config and support
> I know that CDH is shipping with the old key, but it'll be easy for them to 
> add a deprecation property to handle the migration. I do at least what the 
> ASF release to be stable before it ships.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-14324) Switch to fs.s3a.server-side-encryption.key as property for encryption secret; load via credential provider

2017-04-20 Thread Steve Loughran (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15976959#comment-15976959
 ] 

Steve Loughran commented on HADOOP-14324:
-

+need to make sure that {{getServerSideEncryptionKey}} goes via the credential 
provider, ideally through a test.

it looks like it does, but given I had to read the code 2x to make sure, I'd 
like the test. Easiest if I pull out the whole config validation logic into 
S3AUtils for isolated testage

> Switch to fs.s3a.server-side-encryption.key as property for encryption 
> secret; load via credential provider
> ---
>
> Key: HADOOP-14324
> URL: https://issues.apache.org/jira/browse/HADOOP-14324
> Project: Hadoop Common
>  Issue Type: Sub-task
>  Components: fs/s3
>Affects Versions: 2.9.0
>Reporter: Steve Loughran
>Assignee: Steve Loughran
>Priority: Blocker
> Attachments: HADOOP-14324-branch-2-001.patch, 
> HADOOP-14324-branch-2-002.patch
>
>
> Before this ships, can we rename {{fs.s3a.server-side-encryption-key}} to 
> {{fs.s3a.server-side-encryption.key}}.
> This makes it consistent with all other .key secrets in S3A. so
> * simplifies documentation
> * reduces confusion "is it a - or a ."? This confusion is going to surface in 
> config and support
> I know that CDH is shipping with the old key, but it'll be easy for them to 
> add a deprecation property to handle the migration. I do at least what the 
> ASF release to be stable before it ships.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org