HDDS-6349. IncompleteReadError on get MPU key from TDE bucket

[adoroszlai]

What changes were proposed in this pull request?

MultipartCryptoKeyInputStream may need to adjust read position and/or length to make sure it reads enough data to fill the crypto buffer. Position adjustment means read starts at a location before the actual requested position. Length adjustment means more data is read at the end. Extra data is discarded in both cases.

This PR fixes a bug in length adjustment: the position of the underlying stream was left at the position after the discarded part, this is where the next read started. Thus this part was missing from the final data at the client side.

The bug can be reproduced with MPU parts that are not whole multiples of the crypto buffer size, which defaults to 8KB. Hence test case is added where the first part has 1KB more, to trigger length adjustment in the second part.

The PR also adds the KMS configs necessary to test S3 Gateway with encrypted bucket, and runs all S3 tests with encrypted bucket, too (in non-HA case for now).

https://issues.apache.org/jira/browse/HDDS-6349

How was this patch tested?

Added Robot test to reproduce the problem:
https://github.com/adoroszlai/hadoop-ozone/runs/5263846303#step:5:528

And verified the fix:
https://github.com/adoroszlai/hadoop-ozone/runs/5265040205#step:5:524

[avijayanhwx]

cc @kerneltime for review.

[hanishakoneru]

Thanks @adoroszlai for fixing this.
Patch LGTM.

I have a minor suggestion. The acceptance test looks great. Can we also add a check in the integration test TestOzoneAtRestEncryption#testMultipartUploadWithEncryption to verify that the inputStream position is as expected after a read.
Something like this at line 531:

diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java
index 4ebcc8745..a247b0e79 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java
@@ -528,6 +528,9 @@ public void testMultipartUploadWithEncryption(OzoneBucket bucket,
         inputStream.read(readData, 0, readDataLen);

         assertReadContent(inputData, readData, readFromPosition);
+        Assert.assertEquals("Position of CryptoInputStream after a read is " +
+                "not as expected", readFromPosition + readDataLen,
+            cryptoInputStream.getPos());
       }
     }
   }

It would be good if this test also checked reading the file consecutively without reseting position. If not this, at least a check for verifying position would be good to have.

[adoroszlai]

Thanks @hanishakoneru for the review and the pointer to TestOzoneAtRestEncryption. Added checks as suggested.

[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 55.158 s - in org.apache.hadoop.ozone.client.rpc.TestOzoneAtRestEncryption

while same test on master:

[ERROR]   TestOzoneAtRestEncryption.testMPUwithLinkBucket:458->testMultipartUploadWithEncryption:538 expected:<263462> but was:<265108>
[ERROR]   TestOzoneAtRestEncryption.testMPUwithLinkBucket:458->testMultipartUploadWithEncryption:538 expected:<266843> but was:<270090>
[ERROR]   TestOzoneAtRestEncryption.testMPUwithOnePart:425->testMultipartUploadWithEncryption:538 expected:<89586> but was:<90112>
[ERROR]   TestOzoneAtRestEncryption.testMPUwithOnePart:425->testMultipartUploadWithEncryption:538 expected:<89455> but was:<90112>
[ERROR]   TestOzoneAtRestEncryption.testMPUwithThreePartsOverride:441->testMultipartUploadWithEncryption:538 expected:<528440> but was:<528739>
[ERROR]   TestOzoneAtRestEncryption.testMPUwithThreePartsOverride:441->testMultipartUploadWithEncryption:538 expected:<527370> but was:<534235>
[ERROR]   TestOzoneAtRestEncryption.testMPUwithTwoParts:433->testMultipartUploadWithEncryption:538 expected:<264508> but was:<267719>
[ERROR]   TestOzoneAtRestEncryption.testMPUwithTwoParts:433->testMultipartUploadWithEncryption:538 expected:<264261> but was:<270519>

[hanishakoneru]

Thanks @adoroszlai. LGTM. +1 for merge.

[adoroszlai]

Thanks @hanishakoneru for the review.