[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16729511#comment-16729511
]
Uday Kale commented on IGNITE-7054:
---
[~dpavlov], [~vkulichenko], thanks for all the efforts and help.
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16729510#comment-16729510
]
Dmitriy Pavlov commented on IGNITE-7054:
[~vkulichenko] thank you for your efforts while reviewing this patch
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16729227#comment-16729227
]
Valentin Kulichenko commented on IGNITE-7054:
-
[~dpavlov], yes, I merged the changes to master.
[~uday], thanks for your contribution!
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16729228#comment-16729228
]
ASF GitHub Bot commented on IGNITE-7054:
Github user asfgit closed the pull request at:
https://github.com/apache/ignite/pull/4555
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16721426#comment-16721426
]
Dmitriy Pavlov commented on IGNITE-7054:
[~vkulichenko] are you agree with the fix now?
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16647528#comment-16647528
]
Uday Kale commented on IGNITE-7054:
---
[~vkulichenko],
Yes adding an {{init()}} method makes sense. I have made all the changes and
updated the PR. Please have a look.
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16647211#comment-16647211
]
Valentin Kulichenko commented on IGNITE-7054:
-
[~uday],
Agree with #4 and #5. Please do the changes for #1-3 and resubmit the PR.
Regarding #3: I think it makes sense to add {{init()}} method to the
{{EncryptionService}} and use it for the initialization step. This way you will
avoid complicated synchronization and simplify the implementation. Makes sense?
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16646918#comment-16646918
]
Uday Kale commented on IGNITE-7054:
---
[~vkulichenko],
Thanks for the review. Following are the replies to the requested changes:
# I will change this to take a single argument {{KeyPair}} which holds both
{{PrivateKey}} and {{PublicKey}}. Didn't find any other such cases.
# [No questions]
# I have implemented this on the same lines as
{{TcpDiscoveryS3IpFinder#initClient()}}. Here since, the setters are used to
pass the initialisation params, I will have to check for them and lazy
initialise the clients. If its OK to pass these params from constructor instead
of setters, I can remove such code.
# I have made them package-private for unit test purposes. See
{{AwsKmsEncryptionServiceTest#testEncryptDecrypt() Line:54}}.
# The encrypted bytes under the default java character encoding is returning
some special characters. These special characters are illegal in S3. See
characters to avoid under
[https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html]. Base32
encoding has all characters that are acceptable by AWS S3. See
[https://en.wikipedia.org/wiki/Base32].
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16644233#comment-16644233
]
Valentin Kulichenko commented on IGNITE-7054:
-
[~uday], I looked through your changes and here are my comments.
# In most cases Ignite is configured via XML, not in code, so you should make
sure all the classes that can be part of configuration are Spring compatible.
For example, {{AsymmetricKeyEncryptionService}} has {{setKeyPair}} method,
which takes two parameters and therefore can't be provided as a bean property.
Please fix this one and check others for similar issues.
# I don't like that {{AsymmetricKeyEncryptionService}} uses
{{SymmetricKeyEncryptionService}} under the hood, this is a bit confusing. I
think it would be better to move common code to {{IgniteUtils}} and make
service implementations independent from each other.
# Try to minimize amount of actions that happen in {{encrypt}} and {{decrypt}}
methods. For example, do you need to create new {{Cipher}} every time in
{{SymmetricKeyEncryptionService}}? Do you need to call
{{AwsKmsEncryptionService#initClientAndKmsMasterKeyProvider()}} every time you
encrypt/decrypt? Please check all the implementations for this kind of things.
# Some methods are package-private, while they can (and should) be private.
E.g., {{AwsKmsEncryptionService#createClient()}}.
# What is the purpose of {{Base32}} encryption on top of encryption provided by
the service?
Let me know if you have questions.
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.8
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16624277#comment-16624277
]
Valentin Kulichenko commented on IGNITE-7054:
-
[~NIzhikov], I'm going to look at this next week. If all is good, will merge
it. Otherwise, will move to 2.8.
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.7
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16623508#comment-16623508
]
Nikolay Izhikov commented on IGNITE-7054:
-
[~uday], [~vkulichenko] Do we have a chance to resolve this ticket until the
code freeze of 2.7?
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.7
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16584394#comment-16584394
]
Valentin Kulichenko commented on IGNITE-7054:
-
[~uday], thanks for create a PR. I will review it in the next few days and will
provide my feedback.
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.7
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582163#comment-16582163
]
ASF GitHub Bot commented on IGNITE-7054:
GitHub user udaykale opened a pull request:
https://github.com/apache/ignite/pull/4555
IGNITE-7054 S3 IP finder: support client side encryption
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/udaykale/ignite IGNITE-7054
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/ignite/pull/4555.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #4555
commit 3e5c3018807ae1eb04154e71c54c399e82b9a641
Author: uday
Date: 2018-08-16T07:32:23Z
IGNITE-7054 S3 IP finder: support client side encryption
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.7
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16570930#comment-16570930
]
Valentin Kulichenko commented on IGNITE-7054:
-
[~uday], well, any data that IP finder wants to write into a bucket. To my
knowledge, this means only IPs and port numbers, yes.
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Assignee: Uday Kale
>Priority: Major
> Fix For: 2.7
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (IGNITE-7054) S3 IP finder: support client side encryption
[
https://issues.apache.org/jira/browse/IGNITE-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16569480#comment-16569480
]
Uday Kale commented on IGNITE-7054:
---
[~vkulichenko] is the intention of this task to encryption the node addresses?
> S3 IP finder: support client side encryption
>
>
> Key: IGNITE-7054
> URL: https://issues.apache.org/jira/browse/IGNITE-7054
> Project: Ignite
> Issue Type: Improvement
> Components: s3
>Affects Versions: 2.3
>Reporter: Valentin Kulichenko
>Priority: Major
> Fix For: 2.7
>
>
> In case client side encryption [1] is used, it may be required to use
> {{AmazonS3EncryptionClient}} instead of regular {{AmazonS3Client}}. We need
> to add this option to the S3 IP finder, along with any applicable
> configuration parameters.
> [1]
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
