HADOOP-18850 Enable dual-layer server-side encryption with AWS KMS keys #6140

virajjasani · 2023-10-02T06:37:53Z

virajjasani · 2023-10-02T06:39:12Z

us-west-2:

Bucket with DSSE encryption enabled.

mvn clean verify -Dparallel-tests -DtestsThreadCount=8 -Dscale -Dprefetch

hadoop-yetus · 2023-10-02T07:04:43Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 0s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 6 new or modified test files.
			_ trunk Compile Tests _
-1 ❌	mvninstall	3m 50s	/branch-mvninstall-root.txt	root in trunk failed.
-1 ❌	compile	0m 10s	/branch-compile-hadoop-tools_hadoop-aws-jdkUbuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.txt	hadoop-aws in trunk failed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.
-1 ❌	compile	2m 47s	/branch-compile-hadoop-tools_hadoop-aws-jdkPrivateBuild-1.8.0_382-8u382-ga-1~20.04.1-b05.txt	hadoop-aws in trunk failed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05.
-0 ⚠️	checkstyle	0m 30s	/buildtool-branch-checkstyle-hadoop-tools_hadoop-aws.txt	The patch fails to run checkstyle in hadoop-aws
-1 ❌	mvnsite	0m 24s	/branch-mvnsite-hadoop-tools_hadoop-aws.txt	hadoop-aws in trunk failed.
-1 ❌	javadoc	0m 20s	/branch-javadoc-hadoop-tools_hadoop-aws-jdkUbuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.txt	hadoop-aws in trunk failed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.
-1 ❌	javadoc	0m 21s	/branch-javadoc-hadoop-tools_hadoop-aws-jdkPrivateBuild-1.8.0_382-8u382-ga-1~20.04.1-b05.txt	hadoop-aws in trunk failed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05.
-1 ❌	spotbugs	0m 29s	/branch-spotbugs-hadoop-tools_hadoop-aws.txt	hadoop-aws in trunk failed.
-1 ❌	shadedclient	3m 4s		branch has errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	2m 13s		the patch passed
-1 ❌	compile	0m 24s	/patch-compile-hadoop-tools_hadoop-aws-jdkUbuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.txt	hadoop-aws in the patch failed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.
-1 ❌	javac	0m 24s	/patch-compile-hadoop-tools_hadoop-aws-jdkUbuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.txt	hadoop-aws in the patch failed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.
-1 ❌	compile	0m 25s	/patch-compile-hadoop-tools_hadoop-aws-jdkPrivateBuild-1.8.0_382-8u382-ga-1~20.04.1-b05.txt	hadoop-aws in the patch failed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05.
-1 ❌	javac	0m 25s	/patch-compile-hadoop-tools_hadoop-aws-jdkPrivateBuild-1.8.0_382-8u382-ga-1~20.04.1-b05.txt	hadoop-aws in the patch failed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05.
+1 💚	blanks	0m 0s		The patch has no blanks issues.
-0 ⚠️	checkstyle	0m 22s	/buildtool-patch-checkstyle-hadoop-tools_hadoop-aws.txt	The patch fails to run checkstyle in hadoop-aws
-1 ❌	mvnsite	0m 25s	/patch-mvnsite-hadoop-tools_hadoop-aws.txt	hadoop-aws in the patch failed.
-1 ❌	javadoc	0m 24s	/patch-javadoc-hadoop-tools_hadoop-aws-jdkUbuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.txt	hadoop-aws in the patch failed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04.
-1 ❌	javadoc	0m 23s	/patch-javadoc-hadoop-tools_hadoop-aws-jdkPrivateBuild-1.8.0_382-8u382-ga-1~20.04.1-b05.txt	hadoop-aws in the patch failed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05.
-1 ❌	spotbugs	0m 25s	/patch-spotbugs-hadoop-tools_hadoop-aws.txt	hadoop-aws in the patch failed.
+1 💚	shadedclient	4m 54s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	0m 25s	/patch-unit-hadoop-tools_hadoop-aws.txt	hadoop-aws in the patch failed.
+0 🆗	asflicense	0m 25s		ASF License check generated no output?
		25m 7s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/1/artifact/out/Dockerfile
GITHUB PR	#6140
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux 552fa8f44638 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `811ddca`
Default Java	Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/1/testReport/
Max. process+thread count	56 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-aws U: hadoop-tools/hadoop-aws
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/1/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

steveloughran

had a quick review; one request for production code as that factory method is getting complex; minor cleanups for tests.

will need docs too

steveloughran · 2023-10-02T17:25:01Z

hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/EncryptionTestUtils.java

@@ -94,6 +96,13 @@ public static void assertEncrypted(S3AFileSystem fs,
              kmsKeyArn,
              md.ssekmsKeyId());
      break;
+    case DSSE_KMS:
+      assertEquals("Wrong algorithm in " + details,


prefer assertJ for all new test cases. save time by doing it first time round

steveloughran · 2023-10-02T17:26:19Z

...-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3ADSSEEncryptionWithDefaultS3Settings.java

+   */
+  private void skipIfBucketNotKmsEncrypted() throws IOException {
+    S3AFileSystem fs = getFileSystem();
+    Path path = path(getMethodName() + "find-encryption-algo");


just use methodPath()

steveloughran · 2023-10-02T17:28:17Z

...doop-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3AEncryptionDSSEKMSUserDefinedKey.java

+    String kmsKey = S3AUtils.getS3EncryptionKey(getTestBucketName(c), c);
+    // skip the test if DSSE-KMS or KMS key not set.
+    if (StringUtils.isBlank(kmsKey)) {
+      skip(S3_ENCRYPTION_KEY + " is not set for " +


maybe S3ATestUtils.skipIfEncryptionNotSet(); else assume(string, bool)

steveloughran · 2023-10-02T17:29:16Z

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/impl/RequestFactoryImpl.java

@@ -354,6 +358,10 @@ private void putEncryptionParameters(PutObjectRequest.Builder putObjectRequestBu
      // Set the KMS key if present, else S3 uses AWS managed key.
      EncryptionSecretOperations.getSSEAwsKMSKey(encryptionSecrets)
          .ifPresent(kmsKey -> putObjectRequestBuilder.ssekmsKeyId(kmsKey));
+    } else if (S3AEncryptionMethods.DSSE_KMS == algorithm) {


how about we move to a switch() here and add a default for unknown stuff

hadoop-yetus · 2023-10-03T09:47:09Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 37s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+0 🆗	markdownlint	0m 0s		markdownlint was not available.
+1 💚	@author	0m 1s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 6 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	14m 29s		Maven dependency ordering for branch
+1 💚	mvninstall	32m 23s		trunk passed
+1 💚	compile	17m 25s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	compile	16m 19s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	checkstyle	4m 21s		trunk passed
+1 💚	mvnsite	2m 51s		trunk passed
+1 💚	javadoc	2m 8s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 54s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	4m 5s		trunk passed
+1 💚	shadedclient	34m 31s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 33s		Maven dependency ordering for patch
+1 💚	mvninstall	1m 31s		the patch passed
+1 💚	compile	16m 39s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javac	16m 39s		the patch passed
+1 💚	compile	16m 7s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	javac	16m 7s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	4m 15s		the patch passed
+1 💚	mvnsite	2m 45s		the patch passed
+1 💚	javadoc	2m 3s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 56s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	4m 18s		the patch passed
+1 💚	shadedclient	35m 23s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	19m 18s		hadoop-common in the patch passed.
+1 💚	unit	3m 5s		hadoop-aws in the patch passed.
+1 💚	asflicense	1m 11s		The patch does not generate ASF License warnings.
		247m 50s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/2/artifact/out/Dockerfile
GITHUB PR	#6140
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint spotbugs checkstyle markdownlint
uname	Linux a3ed54b63968 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `0b5af5f`
Default Java	Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/2/testReport/
Max. process+thread count	2083 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/2/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

virajjasani · 2023-10-03T17:29:57Z

us-west-2:

Bucket with DSSE encryption enabled.

mvn clean verify -Dparallel-tests -DtestsThreadCount=8 -Dscale -Dprefetch

Re-tested with latest revision

hadoop-yetus · 2023-10-13T03:13:50Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 37s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+0 🆗	markdownlint	0m 1s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 6 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	16m 13s		Maven dependency ordering for branch
+1 💚	mvninstall	32m 8s		trunk passed
+1 💚	compile	16m 48s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	compile	16m 12s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	checkstyle	5m 0s		trunk passed
+1 💚	mvnsite	2m 51s		trunk passed
+1 💚	javadoc	2m 8s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 55s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	4m 2s		trunk passed
+1 💚	shadedclient	34m 57s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 33s		Maven dependency ordering for patch
+1 💚	mvninstall	1m 28s		the patch passed
+1 💚	compile	16m 30s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javac	16m 30s		the patch passed
+1 💚	compile	16m 11s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	javac	16m 11s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	4m 18s		the patch passed
+1 💚	mvnsite	2m 47s		the patch passed
+1 💚	javadoc	2m 3s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 54s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	4m 16s		the patch passed
+1 💚	shadedclient	34m 7s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	19m 19s		hadoop-common in the patch passed.
+1 💚	unit	3m 7s		hadoop-aws in the patch passed.
+1 💚	asflicense	1m 12s		The patch does not generate ASF License warnings.
		248m 37s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/3/artifact/out/Dockerfile
GITHUB PR	#6140
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint spotbugs checkstyle markdownlint
uname	Linux 044cd570f916 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `0b5af5f`
Default Java	Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/3/testReport/
Max. process+thread count	2570 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/3/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2023-10-21T18:00:26Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 25s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+0 🆗	markdownlint	0m 0s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 6 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	15m 47s		Maven dependency ordering for branch
+1 💚	mvninstall	23m 34s		trunk passed
+1 💚	compile	11m 55s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	compile	9m 15s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	checkstyle	2m 21s		trunk passed
+1 💚	mvnsite	1m 43s		trunk passed
+1 💚	javadoc	1m 29s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 19s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	2m 34s		trunk passed
+1 💚	shadedclient	25m 30s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 28s		Maven dependency ordering for patch
+1 💚	mvninstall	1m 23s		the patch passed
+1 💚	compile	10m 29s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javac	10m 29s		the patch passed
+1 💚	compile	9m 30s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	javac	9m 30s		the patch passed
+1 💚	blanks	0m 1s		The patch has no blanks issues.
+1 💚	checkstyle	2m 35s		the patch passed
+1 💚	mvnsite	1m 57s		the patch passed
+1 💚	javadoc	1m 34s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 24s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	3m 18s		the patch passed
+1 💚	shadedclient	23m 26s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	16m 31s		hadoop-common in the patch passed.
+1 💚	unit	2m 39s		hadoop-aws in the patch passed.
+1 💚	asflicense	0m 51s		The patch does not generate ASF License warnings.
		177m 0s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6140/1/artifact/out/Dockerfile
GITHUB PR	#6140
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint spotbugs checkstyle markdownlint
uname	Linux efc32acc87fa 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `0b5af5f`
Default Java	Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6140/1/testReport/
Max. process+thread count	3159 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6140/1/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

steveloughran

looks good; some minor changes but +1 pending those

steveloughran · 2023-10-25T18:08:40Z

...doop-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3AEncryptionDSSEKMSUserDefinedKey.java

+    try {
+      skipIfEncryptionNotSet(c, DSSE_KMS);
+    } catch (IOException e) {
+      throw new RuntimeException(e);


if this was production i'd ask for an UncheckedIOException(); not so worried here

steveloughran · 2023-10-25T18:10:50Z

hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/encryption.md

+
+4. As a result, S3 will only decode the data if the user has been granted access to the key.
+
+


can you add a "further reading" link to the aws docs on this; its a complicated topic

hadoop-yetus · 2023-10-26T11:36:36Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 54s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+0 🆗	markdownlint	0m 1s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 6 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	16m 7s		Maven dependency ordering for branch
+1 💚	mvninstall	33m 1s		trunk passed
+1 💚	compile	18m 29s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	compile	17m 26s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	checkstyle	4m 32s		trunk passed
+1 💚	mvnsite	2m 40s		trunk passed
+1 💚	javadoc	2m 6s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 44s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	3m 58s		trunk passed
+1 💚	shadedclient	34m 26s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 31s		Maven dependency ordering for patch
+1 💚	mvninstall	1m 28s		the patch passed
+1 💚	compile	17m 11s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javac	17m 11s		the patch passed
+1 💚	compile	16m 59s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	javac	16m 59s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	4m 39s		the patch passed
+1 💚	mvnsite	2m 29s		the patch passed
+1 💚	javadoc	1m 57s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 46s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	4m 37s		the patch passed
+1 💚	shadedclient	36m 5s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	19m 44s		hadoop-common in the patch passed.
+1 💚	unit	3m 4s		hadoop-aws in the patch passed.
+1 💚	asflicense	1m 11s		The patch does not generate ASF License warnings.
		254m 34s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/4/artifact/out/Dockerfile
GITHUB PR	#6140
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint spotbugs checkstyle markdownlint
uname	Linux 5196c5c3a247 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `a195f0e`
Default Java	Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/4/testReport/
Max. process+thread count	1302 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/4/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2023-10-26T11:37:00Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 38s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+0 🆗	markdownlint	0m 1s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 6 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	15m 54s		Maven dependency ordering for branch
+1 💚	mvninstall	31m 11s		trunk passed
+1 💚	compile	18m 19s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	compile	16m 51s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	checkstyle	4m 28s		trunk passed
+1 💚	mvnsite	2m 45s		trunk passed
+1 💚	javadoc	2m 6s		trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 42s		trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	4m 4s		trunk passed
+1 💚	shadedclient	35m 45s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 30s		Maven dependency ordering for patch
+1 💚	mvninstall	1m 26s		the patch passed
+1 💚	compile	18m 4s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javac	18m 4s		the patch passed
+1 💚	compile	16m 25s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	javac	16m 25s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	4m 28s		the patch passed
+1 💚	mvnsite	2m 44s		the patch passed
+1 💚	javadoc	1m 57s		the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 39s		the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚	spotbugs	4m 20s		the patch passed
+1 💚	shadedclient	33m 57s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	19m 28s		hadoop-common in the patch passed.
+1 💚	unit	3m 7s		hadoop-aws in the patch passed.
+1 💚	asflicense	1m 6s		The patch does not generate ASF License warnings.
		250m 51s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/5/artifact/out/Dockerfile
GITHUB PR	#6140
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint spotbugs checkstyle markdownlint
uname	Linux e4966b8e95aa 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `a195f0e`
Default Java	Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/5/testReport/
Max. process+thread count	1302 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6140/5/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

virajjasani · 2023-10-27T17:18:12Z

us-west-2:

Bucket with DSSE encryption enabled.

mvn clean verify -Dparallel-tests -DtestsThreadCount=8 -Dscale -Dprefetch

Re-tested with latest revision

steveloughran

LGTM
+1

…KMS keys (apache#6140) Contributed by Viraj Jasani

HADOOP-18850 Enable dual-layer server-side encryption with AWS KMS keys

811ddca

github-actions bot added trunk TOOLS AWS labels Oct 2, 2023

steveloughran requested changes Oct 2, 2023

View reviewed changes

addendum - doc, test, source changes

0b5af5f

github-actions bot added the Common label Oct 3, 2023

steveloughran requested changes Oct 25, 2023

View reviewed changes

virajjasani added 2 commits October 26, 2023 00:20

addendum - doc links

ed0c59a

addendum

a195f0e

steveloughran approved these changes Nov 1, 2023

View reviewed changes

steveloughran merged commit cf3a4b3 into apache:trunk Nov 1, 2023
4 checks passed

ahmarsuhail pushed a commit to ahmarsuhail/hadoop that referenced this pull request Nov 29, 2023

HADOOP-18850. S3A: Enable dual-layer server-side encryption with AWS …

1aeae7a

…KMS keys (apache#6140) Contributed by Viraj Jasani

ahmarsuhail mentioned this pull request Nov 29, 2023

HADOOP-18073. Backport of SDK V2 upgrade. #6303

Closed

jiajunmao pushed a commit to jiajunmao/hadoop-MLEC that referenced this pull request Feb 6, 2024

HADOOP-18850. S3A: Enable dual-layer server-side encryption with AWS …

a3b39aa

…KMS keys (apache#6140) Contributed by Viraj Jasani

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HADOOP-18850 Enable dual-layer server-side encryption with AWS KMS keys #6140

HADOOP-18850 Enable dual-layer server-side encryption with AWS KMS keys #6140

virajjasani commented Oct 2, 2023 •

edited

virajjasani commented Oct 2, 2023

hadoop-yetus commented Oct 2, 2023

steveloughran left a comment

steveloughran Oct 2, 2023

steveloughran Oct 2, 2023

steveloughran Oct 2, 2023

steveloughran Oct 2, 2023

hadoop-yetus commented Oct 3, 2023

virajjasani commented Oct 3, 2023

hadoop-yetus commented Oct 13, 2023

hadoop-yetus commented Oct 21, 2023

steveloughran left a comment

steveloughran Oct 25, 2023

steveloughran Oct 25, 2023

virajjasani Oct 26, 2023

hadoop-yetus commented Oct 26, 2023

hadoop-yetus commented Oct 26, 2023

virajjasani commented Oct 27, 2023

steveloughran left a comment


		4. As a result, S3 will only decode the data if the user has been granted access to the key.

HADOOP-18850 Enable dual-layer server-side encryption with AWS KMS keys #6140

HADOOP-18850 Enable dual-layer server-side encryption with AWS KMS keys #6140

Conversation

virajjasani commented Oct 2, 2023 • edited

virajjasani commented Oct 2, 2023

hadoop-yetus commented Oct 2, 2023

steveloughran left a comment

Choose a reason for hiding this comment

steveloughran Oct 2, 2023

Choose a reason for hiding this comment

steveloughran Oct 2, 2023

Choose a reason for hiding this comment

steveloughran Oct 2, 2023

Choose a reason for hiding this comment

steveloughran Oct 2, 2023

Choose a reason for hiding this comment

hadoop-yetus commented Oct 3, 2023

virajjasani commented Oct 3, 2023

hadoop-yetus commented Oct 13, 2023

hadoop-yetus commented Oct 21, 2023

steveloughran left a comment

Choose a reason for hiding this comment

steveloughran Oct 25, 2023

Choose a reason for hiding this comment

steveloughran Oct 25, 2023

Choose a reason for hiding this comment

virajjasani Oct 26, 2023

Choose a reason for hiding this comment

hadoop-yetus commented Oct 26, 2023

hadoop-yetus commented Oct 26, 2023

virajjasani commented Oct 27, 2023

steveloughran left a comment

Choose a reason for hiding this comment

virajjasani commented Oct 2, 2023 •

edited