From 476b90f3e5d8ca341fe2e39d1557cd532c6a82ce Mon Sep 17 00:00:00 2001 From: Steve Loughran Date: Fri, 24 Nov 2023 17:24:12 +0000 Subject: [PATCH] HADOOP-18965. ITestS3AHugeFilesEncryption failure (#6261) Followup to: HADOOP-18850 Enable dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) Contributed by Steve Loughran --- .../scale/ITestS3AHugeFilesEncryption.java | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/scale/ITestS3AHugeFilesEncryption.java b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/scale/ITestS3AHugeFilesEncryption.java index 404a9684f4..f2c549bf81 100644 --- a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/scale/ITestS3AHugeFilesEncryption.java +++ b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/scale/ITestS3AHugeFilesEncryption.java @@ -25,6 +25,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.s3a.Constants; import org.apache.hadoop.fs.s3a.EncryptionTestUtils; +import org.apache.hadoop.fs.s3a.S3AEncryptionMethods; import org.apache.hadoop.fs.s3a.S3AFileSystem; import static org.apache.hadoop.fs.s3a.Constants.S3_ENCRYPTION_ALGORITHM; @@ -32,6 +33,7 @@ import static org.apache.hadoop.fs.s3a.S3AEncryptionMethods.DSSE_KMS; import static org.apache.hadoop.fs.s3a.S3AEncryptionMethods.SSE_KMS; import static org.apache.hadoop.fs.s3a.S3ATestUtils.getTestBucketName; import static org.apache.hadoop.fs.s3a.S3ATestUtils.skipIfEncryptionNotSet; +import static org.apache.hadoop.fs.s3a.S3AUtils.getEncryptionAlgorithm; import static org.apache.hadoop.fs.s3a.S3AUtils.getS3EncryptionKey; /** @@ -61,20 +63,30 @@ public class ITestS3AHugeFilesEncryption extends AbstractSTestS3AHugeFiles { */ @Override protected boolean isEncrypted(S3AFileSystem fileSystem) { - Configuration c = new Configuration(); - return StringUtils.isNotBlank(getS3EncryptionKey(getTestBucketName(c), c)); + Configuration conf = new Configuration(); + return StringUtils.isNotBlank(getS3EncryptionKey(getTestBucketName(conf), conf)); } + /** + * This test suite will run if the algorithm is set to SSE_KMS or DSSE_KMS; + * the assertions validate this. + * @param hugeFile file to validate. + * @throws IOException problems with encryption lookup. + * @throws AssertionError if the encryption is not as expected. + */ @Override protected void assertEncrypted(Path hugeFile) throws IOException { - Configuration c = new Configuration(); - String kmsKey = getS3EncryptionKey(getTestBucketName(c), c); - if (SSE_KMS.getMethod().equals(c.get(S3_ENCRYPTION_ALGORITHM))) { + Configuration conf = new Configuration(); + + final String bucket = getTestBucketName(conf); + String kmsKey = getS3EncryptionKey(bucket, conf); + final S3AEncryptionMethods algorithm = getEncryptionAlgorithm(bucket, conf); + if (SSE_KMS.equals(algorithm)) { EncryptionTestUtils.assertEncrypted(getFileSystem(), hugeFile, SSE_KMS, kmsKey); - } else if (DSSE_KMS.getMethod().equals(c.get(S3_ENCRYPTION_ALGORITHM))) { + } else if (DSSE_KMS.equals(algorithm)) { EncryptionTestUtils.assertEncrypted(getFileSystem(), hugeFile, DSSE_KMS, kmsKey); } else { - throw new AssertionError("Invalid encryption configured"); + throw new AssertionError("Invalid encryption configured: " + algorithm); } } }