Skip to content

Add support for server-side encryption with customer key to S3#23533

Merged
wendigo merged 2 commits intomasterfrom
serafin/filesystem-encryption
Sep 24, 2024
Merged

Add support for server-side encryption with customer key to S3#23533
wendigo merged 2 commits intomasterfrom
serafin/filesystem-encryption

Conversation

@wendigo
Copy link
Contributor

@wendigo wendigo commented Sep 23, 2024

Description

Additional context and related issues

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

@cla-bot cla-bot bot added the cla-signed label Sep 23, 2024
@wendigo wendigo force-pushed the serafin/filesystem-encryption branch from 0d5f7f9 to c363fe9 Compare September 23, 2024 18:01
@wendigo wendigo requested a review from electrum September 23, 2024 18:05
@wendigo wendigo force-pushed the serafin/filesystem-encryption branch from c363fe9 to c13f7c0 Compare September 23, 2024 18:17
electrum
electrum reviewed Sep 23, 2024
View reviewed changes
@wendigo wendigo force-pushed the serafin/filesystem-encryption branch from c13f7c0 to 6628ffc Compare September 23, 2024 18:56
@wendigo wendigo requested a review from electrum September 23, 2024 18:56
@wendigo
Copy link
Contributor Author

wendigo commented Sep 23, 2024

AC @electrum

electrum
electrum approved these changes Sep 23, 2024
View reviewed changes
@wendigo wendigo force-pushed the serafin/filesystem-encryption branch from 6628ffc to 200cbf6 Compare September 24, 2024 09:22
@wendigo wendigo merged commit 47a1753 into master Sep 24, 2024
@wendigo wendigo deleted the serafin/filesystem-encryption branch September 24, 2024 10:31
@github-actions github-actions bot added this to the 459 milestone Sep 24, 2024
@mosabua
Copy link
Member

mosabua commented Sep 24, 2024
edited
Loading

No RN @wendigo .. right? Kinda feels like we might want some..

@mosabua mosabua mentioned this pull request Sep 24, 2024
Merged
@wendigo
Copy link
Contributor Author

wendigo commented Sep 24, 2024

@mosabua No, this is used only for spooling

@mosabua
Copy link
Member

mosabua commented Sep 24, 2024

Thanks @wendigo

marcinsbd
marcinsbd reviewed Sep 27, 2024
View reviewed changes
lib/trino-filesystem-s3/src/main/java/io/trino/filesystem/s3/S3OutputStream.java
this.cannedAcl = getCannedAcl(context.cannedAcl());
this.key = requireNonNull(key, "key is null");

verify(key.isEmpty() || sseType == S3SseType.NONE, "Encryption key cannot be used with sse configuration");
Copy link
Contributor

@marcinsbd marcinsbd Sep 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is the only one place when you touch sseType config variable
As I understand, this line states that if we provide key the sseType needs to be set to S3SseType.NONE to allow further processing? is this correct ?
imho, judging by the rest of the code in this PR, the PR seems to be irrelevant to the settings of sseType config variable at all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@electrum electrum electrum approved these changes

@anusudarsan anusudarsan Awaiting requested review from anusudarsan

+2 more reviewers

@findinpath findinpath findinpath left review comments

@marcinsbd marcinsbd marcinsbd left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed

Milestone

459

Development

Successfully merging this pull request may close these issues.

5 participants

@wendigo @mosabua @electrum @findinpath @marcinsbd