RussellSpitzer commented on code in PR #5544:
URL: https://github.com/apache/iceberg/pull/5544#discussion_r1607047529


##########
hive-metastore/src/main/java/org/apache/iceberg/hive/HiveTableOperations.java:
##########
@@ -137,17 +162,88 @@ protected String tableName() {
 
   @Override
   public FileIO io() {
-    return fileIO;
+    if (encryptionManager == null) {
+      encryptionManager = encryption();
+    }
+
+    if (!encryptedTable) {
+      return fileIO;
+    }
+
+    if (encryptingFileIO != null) {
+      return encryptingFileIO;
+    }
+
+    encryptingFileIO = EncryptingFileIO.combine(fileIO, encryptionManager);
+    return encryptingFileIO;
+  }
+
+  @Override
+  public EncryptionManager encryption() {
+    if (encryptionManager != null) {
+      return encryptionManager;
+    }
+
+    String tableKeyID = encryptionKeyIdFromProps();
+
+    if (tableKeyID == null) {
+      tableKeyID = encryptionKeyIdFromHms();
+    }
+
+    if (tableKeyID != null) {
+      if (keyManagementClient == null) {
+        throw new RuntimeException(
+            "Cant create encryption manager, because key management client is 
not set");
+      }
+
+      encryptedTable = true;
+      encryptionManager =
+          EncryptionUtil.createEncryptionManager(tableKeyID, dekLength(), 
keyManagementClient);
+    } else {
+      encryptionManager = PlaintextEncryptionManager.instance();
+    }
+
+    return encryptionManager;
+  }
+
+  private String encryptionKeyIdFromHms() {
+    String keyID;
+    try {
+      Table table = loadHmsTable();
+      if (table == null) {
+        return null;
+      }
+
+      keyID = table.getParameters().get(TableProperties.ENCRYPTION_TABLE_KEY);
+    } catch (TException e) {
+      String errMsg =
+          String.format("Failed to get table info from metastore %s.%s", 
database, tableName);
+      throw new RuntimeException(errMsg, e);
+    } catch (InterruptedException e) {
+      Thread.currentThread().interrupt();
+      throw new RuntimeException("Interrupted during encryption key id 
retrieval", e);
+    }
+
+    return keyID;
   }
 
   @Override
   protected void doRefresh() {
     String metadataLocation = null;
+    String metadataKeyMetadata = null;
+    long metadataSize = 0L;
     try {
       Table table = metaClients.run(client -> client.getTable(database, 
tableName));
       HiveOperationsBase.validateTableIsIceberg(table, fullName);
 
       metadataLocation = table.getParameters().get(METADATA_LOCATION_PROP);
+      // TODO do we need to lock/unlock Hive table, to get all 3 params in one 
atomic operation?

Review Comment:
   We probably don't need to lock but we do want to retry if we fail because we 
got non-synchronized values here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to