Skip to content

Commit

Permalink
HADOOP-17912. ABFS: Support for Encryption Context (apache#6221)
Browse files Browse the repository at this point in the history
Contributed by Pranav Saxena and others.
  • Loading branch information
saxenapranav authored and jiajunmao committed Feb 6, 2024
1 parent 793dc38 commit 7bde67e
Show file tree
Hide file tree
Showing 34 changed files with 1,801 additions and 1,216 deletions.
1 change: 1 addition & 0 deletions hadoop-tools/hadoop-azure/.gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
.checkstyle
bin/
src/test/resources/combinationConfigFiles
src/test/resources/abfs-combination-test-configs.xml
dev-support/testlogs
src/test/resources/accountSettings/*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
import org.apache.hadoop.fs.azurebfs.diagnostics.StringConfigurationBasicValidator;
import org.apache.hadoop.fs.azurebfs.enums.Trilean;
import org.apache.hadoop.fs.azurebfs.extensions.CustomTokenProviderAdaptee;
import org.apache.hadoop.fs.azurebfs.extensions.EncryptionContextProvider;
import org.apache.hadoop.fs.azurebfs.extensions.SASTokenProvider;
import org.apache.hadoop.fs.azurebfs.oauth2.AccessTokenProvider;
import org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider;
Expand Down Expand Up @@ -337,6 +338,10 @@ public class AbfsConfiguration{
FS_AZURE_ABFS_RENAME_RESILIENCE, DefaultValue = DEFAULT_ENABLE_ABFS_RENAME_RESILIENCE)
private boolean renameResilience;

private String clientProvidedEncryptionKey;

private String clientProvidedEncryptionKeySHA;

public AbfsConfiguration(final Configuration rawConfig, String accountName)
throws IllegalAccessException, InvalidConfigurationValueException, IOException {
this.rawConfig = ProviderUtils.excludeIncompatibleCredentialProviders(
Expand Down Expand Up @@ -957,6 +962,32 @@ public SASTokenProvider getSASTokenProvider() throws AzureBlobFileSystemExceptio
}
}

public EncryptionContextProvider createEncryptionContextProvider() {
try {
String configKey = FS_AZURE_ENCRYPTION_CONTEXT_PROVIDER_TYPE;
if (get(configKey) == null) {
return null;
}
Class<? extends EncryptionContextProvider> encryptionContextClass =
getAccountSpecificClass(configKey, null,
EncryptionContextProvider.class);
Preconditions.checkArgument(encryptionContextClass != null, String.format(
"The configuration value for %s is invalid, or config key is not account-specific",
configKey));

EncryptionContextProvider encryptionContextProvider =
ReflectionUtils.newInstance(encryptionContextClass, rawConfig);
Preconditions.checkArgument(encryptionContextProvider != null,
String.format("Failed to initialize %s", encryptionContextClass));

LOG.trace("{} init complete", encryptionContextClass.getName());
return encryptionContextProvider;
} catch (Exception e) {
throw new IllegalArgumentException(
"Unable to load encryption context provider class: ", e);
}
}

public boolean isReadAheadEnabled() {
return this.enabledReadAhead;
}
Expand Down Expand Up @@ -1068,9 +1099,22 @@ public boolean enableAbfsListIterator() {
return this.enableAbfsListIterator;
}

public String getClientProvidedEncryptionKey() {
String accSpecEncKey = accountConf(FS_AZURE_CLIENT_PROVIDED_ENCRYPTION_KEY);
return rawConfig.get(accSpecEncKey, null);
public String getEncodedClientProvidedEncryptionKey() {
if (clientProvidedEncryptionKey == null) {
String accSpecEncKey = accountConf(
FS_AZURE_ENCRYPTION_ENCODED_CLIENT_PROVIDED_KEY);
clientProvidedEncryptionKey = rawConfig.get(accSpecEncKey, null);
}
return clientProvidedEncryptionKey;
}

public String getEncodedClientProvidedEncryptionKeySHA() {
if (clientProvidedEncryptionKeySHA == null) {
String accSpecEncKey = accountConf(
FS_AZURE_ENCRYPTION_ENCODED_CLIENT_PROVIDED_KEY_SHA);
clientProvidedEncryptionKeySHA = rawConfig.get(accSpecEncKey, null);
}
return clientProvidedEncryptionKeySHA;
}

@VisibleForTesting
Expand Down
Loading

0 comments on commit 7bde67e

Please sign in to comment.