Hadoop 17912 pr review 2 #12
Conversation
…nKeyRequestHeaders
…is of type ENCYPTION_CONTEXT.
…tion: javadocs in createEncryptedFile, tearDown() impl.
| DelegatingSSLSocketFactory.SSLChannelMode. The default value will be | ||
| DelegatingSSLSocketFactory.SSLChannelMode.Default. | ||
|
|
||
| ### <a name="encryptionconfigoptions"></a> Encryption Options |
There was a problem hiding this comment.
Removed the documentation added for 'Customer-Provided Global Key', 'Encryption Context Provider'.
| LOG.debug("Get root ACL status"); | ||
| try (AbfsPerfInfo perfInfo = startTracking("getIsNamespaceEnabled", | ||
| "getAclStatus")) { | ||
| AbfsRestOperation op = client | ||
| .getAclStatus(AbfsHttpConstants.ROOT_PATH, tracingContext); | ||
| perfInfo.registerResult(op.getResult()); | ||
| isNamespaceEnabled = Trilean.getTrilean(true); | ||
| perfInfo.registerSuccess(true); | ||
| } catch (AbfsRestOperationException ex) { | ||
| // Get ACL status is a HEAD request, its response doesn't contain | ||
| // errorCode | ||
| // So can only rely on its status code to determine its account type. | ||
| if (HttpURLConnection.HTTP_BAD_REQUEST != ex.getStatusCode()) { | ||
| throw ex; | ||
| } | ||
|
|
||
| isNamespaceEnabled = Trilean.getTrilean(false); | ||
| } | ||
|
|
There was a problem hiding this comment.
Have moved this piece of utility code to a new utility class: https://github.com/pranavsaxena-microsoft/hadoop/blob/HADOOP-17912-PR-Review-2/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/utils/NamespaceUtil.java
| tracingContext); | ||
| final AbfsRestOperation op = client | ||
| .getPathStatus(getRelativePath(path), true, tracingContext); | ||
| .getPathStatus(relativePath, true, tracingContext, encryptionAdapter); |
There was a problem hiding this comment.
This is in-line with apache#3440 (review), where we don't want AbfsClient to have logic to get an encryptionAdapter: https://github.com/sumangala-patki/hadoop/blob/HADOOP-17912/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsClient.java#L251-L262
| final AbfsRestOperation op = client | ||
| .setPathProperties(getRelativePath(path), commaSeparatedProperties, | ||
| tracingContext); | ||
| tracingContext, encryptionAdapter); |
There was a problem hiding this comment.
This is in-line with apache#3440 (review), where we don't want AbfsClient to have logic to get an encryptionAdapter: https://github.com/sumangala-patki/hadoop/blob/HADOOP-17912/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsClient.java#L251-L262
| * have encryptionContext field when client's encryptionType is | ||
| * ENCRYPTION_CONTEXT. | ||
| * */ | ||
| if ((fileStatus instanceof VersionedFileStatus) && ( |
There was a problem hiding this comment.
In-line with apache#3440 (comment). Here the expectation is that the:
- Fetch List of VersionFileStatus objects by listStatus API of the AzureBlobFileSystem.
- Use the fetchedStatus to be sent as an option while doing openWithOptions().
| eTag); | ||
| eTag, | ||
| encryptionContext); | ||
| } |
There was a problem hiding this comment.
Inline with apache#3440 (comment). Need to have encryptionContext in VersionedFileStatus object.
| entryPath, | ||
| entry.eTag())); | ||
| entry.eTag(), | ||
| encryptionContext)); |
There was a problem hiding this comment.
Inline with apache#3440 (comment). Need to have encryptionContext in VersionedFileStatus object.
| hasAcl, false, false); | ||
|
|
||
| this.version = version; | ||
| this.encryptionContext = encryptionContext; |
There was a problem hiding this comment.
Inline with apache#3440 (comment). Need to have encryptionContext in the VersionedFileStatus object.
| List<AbfsHttpHeader> requestHeaders, boolean isCreateFileRequest, | ||
| EncryptionAdapter encryptionAdapter, TracingContext tracingContext) | ||
| throws IOException { | ||
| if(!getIsNamespaceEnabled(tracingContext)) { |
There was a problem hiding this comment.
Only to work with HNS account.
| } else if (encryptionAdapter == null) { | ||
| // get encryption context from GetPathStatus response header | ||
| byte[] encryptionContext; | ||
| try { | ||
| encryptionContext = getPathStatus(path, false, tracingContext) | ||
| .getResult().getResponseHeader(X_MS_ENCRYPTION_CONTEXT) | ||
| .getBytes(StandardCharsets.UTF_8); | ||
| } catch (NullPointerException e) { | ||
| LOG.debug("EncryptionContext not present in GetPathStatus response."); | ||
| throw new IOException( | ||
| "EncryptionContext not present in GetPathStatus response", e); | ||
| } | ||
| try { | ||
| encryptionAdapter = new EncryptionAdapter(encryptionContextProvider, | ||
| new Path(path).toUri().getPath(), encryptionContext); | ||
| encryptionAdapterCreated = true; | ||
| } catch (IOException e) { | ||
| LOG.debug("Could not initialize EncryptionAdapter"); | ||
| throw e; | ||
| } |
There was a problem hiding this comment.
Inline with apache#3440 (review). AbfsClient to not have heuristic to create encryptionAdapter.
| final List<AbfsHttpHeader> requestHeaders = createDefaultHeaders(); | ||
| addEncryptionKeyRequestHeaders(path, requestHeaders, false, | ||
| null, tracingContext); | ||
| encryptionAdapter, tracingContext); |
| operation = SASTokenProvider.GET_STATUS_OPERATION; | ||
| } else { | ||
| addEncryptionKeyRequestHeaders(path, requestHeaders, false, null, | ||
| addEncryptionKeyRequestHeaders(path, requestHeaders, false, encryptionAdapter, |
There was a problem hiding this comment.
Inline with apache#3440 (review). AbfsClient to not heuristic on creating encryptionAdapter.
| public Boolean isCpkResponseKeyExpected = false; | ||
|
|
||
| @Parameterized.Parameter(8) | ||
| public Boolean fileSystemListStatusResultToBeUsedForOpeningFile = false; |
There was a problem hiding this comment.
To test the integration where azureBlobFileSystem.listStatus api response is used as an option for openToReadWithOptions.
Inline with apache#3440 (comment)
| {GLOBAL_KEY, NONE, FSOperationType.DELETE, false, false, false, false}, | ||
| {GLOBAL_KEY, NONE, FSOperationType.SET_PERMISSION, false, false, false, false}, | ||
| {ENCRYPTION_CONTEXT, ENCRYPTION_CONTEXT, FSOperationType.READ, true, false, false, true, false, false}, | ||
| {ENCRYPTION_CONTEXT, ENCRYPTION_CONTEXT, FSOperationType.READ, true, false, false, true, false, true}, |
There was a problem hiding this comment.
Using fileSystemListStatusResultToBeUsedForOpeningFile as true.
| {ENCRYPTION_CONTEXT, ENCRYPTION_CONTEXT, FSOperationType.SET_ACL, false, false, false, false, false, false}, | ||
| {ENCRYPTION_CONTEXT, ENCRYPTION_CONTEXT, FSOperationType.GET_ATTR, true, false, false, true, false, false}, | ||
| {ENCRYPTION_CONTEXT, ENCRYPTION_CONTEXT, FSOperationType.SET_ATTR, false, true, false, true, false, false}, | ||
| {ENCRYPTION_CONTEXT, ENCRYPTION_CONTEXT, FSOperationType.LISTSTATUS, false, false, false, false, true, false}, |
There was a problem hiding this comment.
Having isCpkResponseKeyExpected as true.
| public boolean isCpkResponseHdrExpected; | ||
|
|
||
| @Parameterized.Parameter(7) | ||
| public Boolean isCpkResponseKeyExpected = false; |
There was a problem hiding this comment.
if response is going to have cpk related values. Will be used in case of listsStatus. Ref: learn.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/path/list#pathlist
This reverts commit bb45ae9.
…ckage-protected methods for setting these fields.
|
:::: AGGREGATED TEST RESULT :::: HNS-OAuth[INFO] Results: HNS-SharedKey[INFO] Results: NonHNS-SharedKey[INFO] Results: AppendBlob-HNS-OAuth[INFO] Results: |
| import org.apache.hadoop.fs.azurebfs.contracts.exceptions.AzureBlobFileSystemException; | ||
| import org.apache.hadoop.fs.azurebfs.services.AbfsClient; | ||
|
|
||
| public class NamespaceUtil { |
There was a problem hiding this comment.
Javadocs for class and function.
| } | ||
| } | ||
|
|
||
| private EncryptionAdapter createEncryptionAdapterFromServerStoreContext(final String path, |
|
|
||
| private EncryptionAdapter createEncryptionAdapterFromServerStoreContext(final String path, | ||
| final TracingContext tracingContext) throws IOException { | ||
| if(client.getEncryptionType() != EncryptionType.ENCRYPTION_CONTEXT) { |
| .getPathStatus(getRelativePath(path), true, tracingContext); | ||
| .getPathStatus(relativePath, true, tracingContext, encryptionAdapter); | ||
| perfInfo.registerResult(op.getResult()); | ||
| if(encryptionAdapter != null) { |
| EncryptionAdapter encryptionAdapter = new EncryptionAdapter( | ||
| client.getEncryptionContextProvider(), getRelativePath(path)); | ||
| EncryptionAdapter encryptionAdapter = null; | ||
| if(client.getEncryptionType() == EncryptionType.ENCRYPTION_CONTEXT) { |
| public String getCustomerProvidedKeySha256() { | ||
| return customerProvidedKeySha256; | ||
| } | ||
| } |
| List<AbfsHttpHeader> requestHeaders, boolean isCreateFileRequest, | ||
| EncryptionAdapter encryptionAdapter, TracingContext tracingContext) | ||
| throws IOException { | ||
| if(!getIsNamespaceEnabled(tracingContext)) { |
|
|
||
| /** | ||
| * Enum EncryptionType to represent the level of encryption applied | ||
| * Enum EncryptionType to represent the level of encryption applied. |
There was a problem hiding this comment.
Add . at the end of each sentence.
| public boolean isCpkResponseHdrExpected; | ||
|
|
||
| @Parameterized.Parameter(7) | ||
| public Boolean isCpkResponseKeyExpected = false; |
There was a problem hiding this comment.
Add javadocs for use case of params
| import org.apache.hadoop.fs.azurebfs.security.EncryptionAdapter; | ||
| import org.apache.hadoop.fs.azurebfs.utils.EncryptionType; | ||
| import org.apache.hadoop.classification.VisibleForTesting; | ||
| import org.apache.hadoop.fs.azurebfs.utils.NamespaceUtil; |
There was a problem hiding this comment.
Is import order alright? org.apache.hadoop.classification should go before fs.
| * The etag is included in the java serialization. | ||
| */ | ||
| private static final class VersionedFileStatus extends FileStatus | ||
| static final class VersionedFileStatus extends FileStatus |
There was a problem hiding this comment.
why are we removing the access modifier?
There was a problem hiding this comment.
The class is still package-protected. Have removed private as there is an addition of assertion on the values of VersionedFileStatus objects in ITestAbfsCustomEncryption. The constructor to this class is still private -> so only AzureBlobFileSystemStore(parent class of VersionedFileStatus) can create object of this class.
4 participants
Uh oh!
There was an error while loading. Please reload this page.