Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic manifest encryption #8252

Merged
merged 9 commits into from
Mar 13, 2024
Merged

Basic manifest encryption #8252

merged 9 commits into from
Mar 13, 2024

Conversation

ggershinsky
Copy link
Contributor

@ggershinsky ggershinsky commented Aug 8, 2023
edited
Loading

The basics, and support for Spark core. No support yet for Flink or for Spark actions, benchmarks or procedures.

@ggershinsky ggershinsky changed the title Manifest encryption Basic manifest encryption Aug 10, 2023
@github-actions github-actions bot removed the API label Feb 19, 2024
@ggershinsky
initial commit
d0d9d28 
update unitest

cleanup

update comments

update manifest encryption

fix benchmark compilation

undo spark 3.4 changes

wrong constructor

add constructor for old spark tests

leverage EncryptingFileIO
@github-actions github-actions bot added the API label Feb 28, 2024
ggershinsky
ggershinsky commented Feb 28, 2024
View reviewed changes
core/src/main/java/org/apache/iceberg/ManifestWriter.java Outdated
@@ -290,7 +295,7 @@ static class V1Writer extends ManifestWriter<DataFile> {
private final V1Metadata.IndexedManifestEntry entryWrapper;

V1Writer(PartitionSpec spec, OutputFile file, Long snapshotId) {
super(spec, file, snapshotId);
super(spec, EncryptedFiles.plainAsEncryptedOutput(file), snapshotId);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

todo: accept EncryptedOutputFile, and throw exception if key metadata is not null / empty.

@ggershinsky ggershinsky reopened this Feb 29, 2024
@ggershinsky
Copy link
Contributor Author

@rdblue @RussellSpitzer thanks for the comments. The last commit addresses them.

RussellSpitzer
RussellSpitzer reviewed Mar 11, 2024
View reviewed changes
core/src/main/java/org/apache/iceberg/SnapshotProducer.java Outdated
@@ -499,21 +500,34 @@ protected OutputFile manifestListPath() {
"snap-%d-%d-%s", snapshotId(), attempt.incrementAndGet(), commitUUID))));
}

/**
* @deprecated since 1.6.0 . Will be removed in 1.7.0. Use {@link
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we usually add in the deprecation notes right before release (I don't think there will be a 1.6 or 1.7

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we do want to add these right away. If we don't have a 1.7 then we'll rewrite to "removed in 2.0"

rdblue
rdblue approved these changes Mar 11, 2024
View reviewed changes
Copy link
Contributor

@rdblue rdblue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a few comments for issues to fix, but overall I don't think there is anything major. There's a potential NPE and I don't think we should disallow encryption for v1 tables.

rdblue
rdblue reviewed Mar 13, 2024
View reviewed changes
core/src/test/java/org/apache/iceberg/TestManifestEncryption.java

private static final DataFile DATA_FILE =
new GenericDataFile(
0,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: this should also be SPEC.specId()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, I'll fix this in the next patch.

@rdblue rdblue merged commit d6c8358 into apache:main Mar 13, 2024
42 checks passed
@ggershinsky ggershinsky mentioned this pull request Apr 1, 2024
Open
@bk-mz bk-mz mentioned this pull request Jun 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RussellSpitzer RussellSpitzer RussellSpitzer left review comments

@rdblue rdblue rdblue approved these changes

Assignees
No one assigned
Labels
API core spark
Projects
[Priority 2] Spec v3: Encryption
Status: In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ggershinsky @rdblue @RussellSpitzer