HADOOP-17817. HADOOP-17823. S3A to raise IOE if both S3-CSE and S3Guard enabled (#3239) #3506

mehakmeet · 2021-10-01T08:17:59Z

S3A S3Guard tests to skip if S3-CSE are enabled (#3263)

    Follow on to
    * HADOOP-13887. Encrypt S3A data client-side with AWS SDK (S3-CSE)

    If the S3A bucket is set up to use S3-CSE encryption, all tests which turn
    on S3Guard are skipped, so they don't raise any exceptions about
    incompatible configurations.

Contributed by Mehakmeet Singh

apache#2706) This (big!) patch adds support for client side encryption in AWS S3, with keys managed by AWS-KMS. Read the documentation in encryption.md very, very carefully before use and consider it unstable. S3-CSE is enabled in the existing configuration option "fs.s3a.server-side-encryption-algorithm": fs.s3a.server-side-encryption-algorithm=CSE-KMS fs.s3a.server-side-encryption.key=<KMS_KEY_ID> You cannot enable CSE and SSE in the same client, although you can still enable a default SSE option in the S3 console. * Filesystem list/get status operations subtract 16 bytes from the length of all files >= 16 bytes long to compensate for the padding which CSE adds. * The SDK always warns about the specific algorithm chosen being deprecated. It is critical to use this algorithm for ranged GET requests to work (i.e. random IO). Ignore. * Unencrypted files CANNOT BE READ. The entire bucket SHOULD be encrypted with S3-CSE. * Uploading files may be a bit slower as blocks are now written sequentially. * The Multipart Upload API is disabled when S3-CSE is active. Contributed by Mehakmeet Singh

…d enabled (apache#3239) S3A S3Guard tests to skip if S3-CSE are enabled (apache#3263) Follow on to * HADOOP-13887. Encrypt S3A data client-side with AWS SDK (S3-CSE) If the S3A bucket is set up to use S3-CSE encryption, all tests which turn on S3Guard are skipped, so they don't raise any exceptions about incompatible configurations. Contributed by Mehakmeet Singh

hadoop-yetus · 2021-10-01T11:18:46Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	11m 31s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	markdownlint	0m 1s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 26 new or modified test files.
			_ branch-3.3 Compile Tests _
+0 🆗	mvndep	12m 24s		Maven dependency ordering for branch
+1 💚	mvninstall	23m 27s		branch-3.3 passed
+1 💚	compile	18m 41s		branch-3.3 passed
+1 💚	checkstyle	2m 30s		branch-3.3 passed
+1 💚	mvnsite	2m 28s		branch-3.3 passed
+1 💚	javadoc	2m 24s		branch-3.3 passed
+1 💚	spotbugs	3m 51s		branch-3.3 passed
+1 💚	shadedclient	25m 3s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 29s		Maven dependency ordering for patch
+1 💚	mvninstall	1m 30s		the patch passed
+1 💚	compile	16m 46s		the patch passed
-1 ❌	javac	16m 46s	/results-compile-javac-root.txt	root generated 2 new + 1943 unchanged - 1 fixed = 1945 total (was 1944)
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	2m 41s		root: The patch generated 0 new + 37 unchanged - 1 fixed = 37 total (was 38)
+1 💚	mvnsite	2m 32s		the patch passed
+1 💚	javadoc	2m 30s		the patch passed
+1 💚	spotbugs	4m 1s		the patch passed
+1 💚	shadedclient	24m 5s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	17m 2s	/patch-unit-hadoop-common-project_hadoop-common.txt	hadoop-common in the patch passed.
+1 💚	unit	2m 24s		hadoop-aws in the patch passed.
+1 💚	asflicense	0m 59s		The patch does not generate ASF License warnings.
		179m 48s

Reason	Tests
Failed junit tests	hadoop.ha.TestZKFailoverController

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3506/1/artifact/out/Dockerfile
GITHUB PR	#3506
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell markdownlint
uname	Linux 5dec177be409 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	branch-3.3 / `573af8b`
Default Java	Private Build-1.8.0_292-8u292-b10-0ubuntu1~18.04-b10
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3506/1/testReport/
Max. process+thread count	2994 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3506/1/console
versions	git=2.17.1 maven=3.6.0 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

mehakmeet · 2021-10-05T11:13:16Z

Merged in branch-3.3

mehakmeet added 2 commits August 10, 2021 16:29

mehakmeet mentioned this pull request Oct 1, 2021

HADOOP-17922. move to fs.s3a.encryption.algorithm - JCEKS integration (#3466) #3508

Closed

mehakmeet closed this Oct 5, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

HADOOP-17817. HADOOP-17823. S3A to raise IOE if both S3-CSE and S3Guard enabled (#3239) #3506

HADOOP-17817. HADOOP-17823. S3A to raise IOE if both S3-CSE and S3Guard enabled (#3239) #3506

Uh oh!

mehakmeet commented Oct 1, 2021

Uh oh!

hadoop-yetus commented Oct 1, 2021

Uh oh!

mehakmeet commented Oct 5, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

HADOOP-17817. HADOOP-17823. S3A to raise IOE if both S3-CSE and S3Guard enabled (#3239) #3506

HADOOP-17817. HADOOP-17823. S3A to raise IOE if both S3-CSE and S3Guard enabled (#3239) #3506

Uh oh!

Conversation

mehakmeet commented Oct 1, 2021

Uh oh!

hadoop-yetus commented Oct 1, 2021

Uh oh!

mehakmeet commented Oct 5, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants