rdblue commented on code in PR #7770:
URL: https://github.com/apache/iceberg/pull/7770#discussion_r1701016459
##########
core/src/main/java/org/apache/iceberg/encryption/StandardEncryptionManager.java:
##########
@@ -20,28 +20,46 @@
import java.nio.ByteBuffer;
import java.security.SecureRandom;
+import java.util.Base64;
+import java.util.Map;
+import org.apache.iceberg.CatalogProperties;
import org.apache.iceberg.TableProperties;
import org.apache.iceberg.io.InputFile;
import org.apache.iceberg.io.OutputFile;
import org.apache.iceberg.io.SeekableInputStream;
import org.apache.iceberg.relocated.com.google.common.base.Preconditions;
import org.apache.iceberg.relocated.com.google.common.collect.Iterables;
+import org.apache.iceberg.relocated.com.google.common.collect.Maps;
import org.apache.iceberg.util.ByteBuffers;
public class StandardEncryptionManager implements EncryptionManager {
+ public static final int KEK_ID_LENGTH = 16;
+
private final transient KeyManagementClient kmsClient;
private final String tableKeyId;
private final int dataKeyLength;
-
+ private final long kekCacheTimeout;
+ private Map<String, KeyEncryptionKey> kekCache;
private transient volatile SecureRandom lazyRNG = null;
+ /**
+ * @deprecated will be removed in 2.0.0. use {@link
#StandardEncryptionManager(String, int,
+ * KeyManagementClient, long)} instead.
+ */
+ @Deprecated
+ public StandardEncryptionManager(
+ String tableKeyId, int dataKeyLength, KeyManagementClient kmsClient) {
+ this(tableKeyId, dataKeyLength, kmsClient,
CatalogProperties.KEK_CACHE_TIMEOUT_MS_DEFAULT);
+ }
+
/**
* @param tableKeyId table encryption key id
* @param dataKeyLength length of data encryption key (16/24/32 bytes)
* @param kmsClient Client of KMS used to wrap/unwrap keys in envelope
encryption
+ * @param kekCacheTimeout timeout of kek (key encryption key) cache entries
*/
public StandardEncryptionManager(
- String tableKeyId, int dataKeyLength, KeyManagementClient kmsClient) {
+ String tableKeyId, int dataKeyLength, KeyManagementClient kmsClient,
long kekCacheTimeout) {
Review Comment:
Do we need a new constructor? Seems like we're just going to use a default
value and almost never change it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
