[GitHub] [incubator-pinot] mcvsubbu commented on a change in pull request #5617: Add segment encryption on Controller based on table config

Wed, 01 Jul 2020 10:59:21 -0700 


mcvsubbu commented on a change in pull request #5617:
URL: https://github.com/apache/incubator-pinot/pull/5617#discussion_r448527618



##########
File path: 
pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotSegmentUploadDownloadRestletResource.java
##########
@@ -290,6 +296,39 @@ private String extractHttpHeader(HttpHeaders headers, 
String name) {
     return value;
   }
 
+  Pair<String, File> encryptSegmentIfNeeded(File tempDecryptedFile, File 
tempEncryptedFile,
+      boolean isUploadedSegmentEncrypted, String crypterUsedInUploadedSegment, 
String crypterClassNameInTableConfig,
+      String segmentName, String tableName) {
+
+    boolean segmentNeedsEncryption = 
!Strings.isNullOrEmpty(crypterClassNameInTableConfig);
+
+    // form the output
+    File finalSegmentFile =
+        (isUploadedSegmentEncrypted || segmentNeedsEncryption) ? 
tempEncryptedFile : tempDecryptedFile;
+    String crypterClassName = 
Strings.isNullOrEmpty(crypterClassNameInTableConfig) ? 
crypterUsedInUploadedSegment
+        : crypterClassNameInTableConfig;
+    ImmutablePair<String, File> out = ImmutablePair.of(crypterClassName, 
finalSegmentFile);
+
+    if (!segmentNeedsEncryption) {
+      return out;
+    }
+
+    if (isUploadedSegmentEncrypted && 
!crypterClassNameInTableConfig.equals(crypterUsedInUploadedSegment)) {
+      throw new ControllerApplicationException(LOGGER, String.format(
+          "Uploaded segment is encrypted with '%s' while table config requires 
'%s' as crypter "
+              + "(segment name = '%s', table name = '%s').", 
crypterUsedInUploadedSegment,
+          crypterClassNameInTableConfig, segmentName, tableName), 
Response.Status.INTERNAL_SERVER_ERROR);
+    }
+
+    // encrypt segment
+    PinotCrypter pinotCrypter = 
PinotCrypterFactory.create(crypterClassNameInTableConfig);
+    LOGGER.info("Using crypter class '{}' for encrypting '{}' to '{}' (segment 
name = '{}}', table name = '{}').",

Review comment:
       ```suggestion
       LOGGER.info("Using crypter class '{}' for encrypting '{}' to '{}' 
(segment name = '{}', table name = '{}').",
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

Reply via email to