[jira] [Commented] (HADOOP-13887) Support for client-side encryption in S3A file system

Tue, 01 Aug 2017 14:53:24 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16109860#comment-16109860
 ] 

Steve Moist commented on HADOOP-13887:
--------------------------------------

[~steve_l] I do like object tags to store the OEMI on, but the thing that 
worries about it for me is users modifying the tags.  I don't think there is an 
IAM policy to prevent users from modifying say a Hadoop tag unless they are an 
admin.  I worry about accidental data loss by either a user accidentally 
deleting/editing the EDEK or a rogue actor deleting tags.  We would still need 
a place to store the BEZI, but we could just use a tag on the bucket.  

I'll have to take a look into HADOOP-13786.  If you do have time, do take a 
look deeper into it.  I wanted to get the idea out there and start getting 
feedback.  I'm certain I'll have many revisions to do.

> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>
>                 Key: HADOOP-13887
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13887
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.0
>            Reporter: Jeeyoung Kim
>            Assignee: Igor Mazur
>            Priority: Minor
>         Attachments: HADOOP-13887-002.patch, HADOOP-13887-007.patch, 
> HADOOP-13887-branch-2-003.patch, HADOOP-13897-branch-2-004.patch, 
> HADOOP-13897-branch-2-005.patch, HADOOP-13897-branch-2-006.patch, 
> HADOOP-13897-branch-2-008.patch, HADOOP-13897-branch-2-009.patch, 
> HADOOP-13897-branch-2-010.patch, HADOOP-13897-branch-2-012.patch, 
> HADOOP-13897-branch-2-014.patch, HADOOP-13897-trunk-011.patch, 
> HADOOP-13897-trunk-013.patch, HADOOP-14171-001.patch, S3-CSE Proposal.pdf
>
>
> Expose the client-side encryption option documented in Amazon S3 
> documentation  - 
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS 
> Java SDK, which Hadoop currently includes. It should be trivial to propagate 
> this as a parameter passed to the S3client used in S3AFileSystem.java



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to