ggershinsky commented on code in PR #15272:
URL: https://github.com/apache/iceberg/pull/15272#discussion_r2787858660
##########
core/src/main/java/org/apache/iceberg/encryption/EncryptionUtil.java:
##########
@@ -53,8 +54,18 @@ public static KeyManagementClient
createKmsClient(Map<String, String> catalogPro
kmsType,
kmsImpl);
- // TODO: Add KMS implementations
- Preconditions.checkArgument(kmsType == null, "Unsupported KMS type: %s",
kmsType);
+ if (kmsType != null) {
+ kmsImpl =
+ switch (kmsType.toLowerCase(Locale.ROOT)) {
+ case CatalogProperties.ENCRYPTION_KMS_TYPE_AWS ->
+ CatalogProperties.ENCRYPTION_KMS_IMPL_AWS;
+ case CatalogProperties.ENCRYPTION_KMS_TYPE_AZURE ->
+ CatalogProperties.ENCRYPTION_KMS_IMPL_AZURE;
+ case CatalogProperties.ENCRYPTION_KMS_TYPE_GCP ->
+ CatalogProperties.ENCRYPTION_KMS_IMPL_GCP;
+ default -> throw new IllegalStateException("Unsupported KMS type:
" + kmsType);
+ };
Review Comment:
The other (`encryption.kms-impl`) parameter is designed for a pluggable
support of the 3rd party KMS systems.
We need it since there is a lot of KMS options out there, basically an
undefined number.
The `encryption.kms-type` parameter is only for a few highly popular KMS
platforms that Iceberg plans to actively support, inc security leak fixes,
version updates, bug fixes etc.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
