RussellSpitzer commented on code in PR #5544:
URL: https://github.com/apache/iceberg/pull/5544#discussion_r1607047529
##########
hive-metastore/src/main/java/org/apache/iceberg/hive/HiveTableOperations.java:
##########
@@ -137,17 +162,88 @@ protected String tableName() {
@Override
public FileIO io() {
- return fileIO;
+ if (encryptionManager == null) {
+ encryptionManager = encryption();
+ }
+
+ if (!encryptedTable) {
+ return fileIO;
+ }
+
+ if (encryptingFileIO != null) {
+ return encryptingFileIO;
+ }
+
+ encryptingFileIO = EncryptingFileIO.combine(fileIO, encryptionManager);
+ return encryptingFileIO;
+ }
+
+ @Override
+ public EncryptionManager encryption() {
+ if (encryptionManager != null) {
+ return encryptionManager;
+ }
+
+ String tableKeyID = encryptionKeyIdFromProps();
+
+ if (tableKeyID == null) {
+ tableKeyID = encryptionKeyIdFromHms();
+ }
+
+ if (tableKeyID != null) {
+ if (keyManagementClient == null) {
+ throw new RuntimeException(
+ "Cant create encryption manager, because key management client is
not set");
+ }
+
+ encryptedTable = true;
+ encryptionManager =
+ EncryptionUtil.createEncryptionManager(tableKeyID, dekLength(),
keyManagementClient);
+ } else {
+ encryptionManager = PlaintextEncryptionManager.instance();
+ }
+
+ return encryptionManager;
+ }
+
+ private String encryptionKeyIdFromHms() {
+ String keyID;
+ try {
+ Table table = loadHmsTable();
+ if (table == null) {
+ return null;
+ }
+
+ keyID = table.getParameters().get(TableProperties.ENCRYPTION_TABLE_KEY);
+ } catch (TException e) {
+ String errMsg =
+ String.format("Failed to get table info from metastore %s.%s",
database, tableName);
+ throw new RuntimeException(errMsg, e);
+ } catch (InterruptedException e) {
+ Thread.currentThread().interrupt();
+ throw new RuntimeException("Interrupted during encryption key id
retrieval", e);
+ }
+
+ return keyID;
}
@Override
protected void doRefresh() {
String metadataLocation = null;
+ String metadataKeyMetadata = null;
+ long metadataSize = 0L;
try {
Table table = metaClients.run(client -> client.getTable(database,
tableName));
HiveOperationsBase.validateTableIsIceberg(table, fullName);
metadataLocation = table.getParameters().get(METADATA_LOCATION_PROP);
+ // TODO do we need to lock/unlock Hive table, to get all 3 params in one
atomic operation?
Review Comment:
We probably don't need to lock but we do want to retry if we fail because we
got non-synchronized values here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
