Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SSE-C option on native-filesystem security mapping #24566

Merged

Conversation

anusudarsan
Copy link
Member

@anusudarsan anusudarsan commented Dec 23, 2024

Description

Additional context and related issues

Release notes

(x) Release notes are required, with the following suggested text:

Add support for SSE-C in S3 security mapping

@anusudarsan anusudarsan requested a review from electrum December 23, 2024 21:08
@cla-bot cla-bot bot added the cla-signed label Dec 23, 2024
@anusudarsan anusudarsan requested a review from ssheikin December 23, 2024 21:09
@github-actions github-actions bot added the docs label Dec 23, 2024
@anusudarsan anusudarsan requested review from marcinsbd and wendigo and removed request for ssheikin December 23, 2024 21:09
@anusudarsan anusudarsan force-pushed the anu/sse-c-native-fs-security-mapping branch from 33d2e81 to be26d6d Compare December 27, 2024 20:00

// selected Customer key must match default or be allowed
if (!selected.equals(mapping.customerKey().orElse(null)) &&
!mapping.allowedCustomerKeys().contains(selected) &&
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're missing docs that would explain the relationship between customerKey and allowedCustomerKeys. customerKey is optional, but if users only set customerKey without any allowedCustomerKeys, this will always silently fail. Maybe we should throw an exception in this case?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a check for sseCustomerKey().isPresent() and allowedSseCustomerKeys().isEmpty()

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! But we're still missing docs that would describe it. KMS is well documented.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added! thanks

Copy link
Contributor

@wendigo wendigo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skimmed. Overall LGTM % naming and such

@anusudarsan anusudarsan force-pushed the anu/sse-c-native-fs-security-mapping branch 2 times, most recently from d218fbc to a83052b Compare December 30, 2024 17:49
Copy link
Contributor

@marcinsbd marcinsbd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@wendigo wendigo force-pushed the anu/sse-c-native-fs-security-mapping branch from a83052b to 686d724 Compare December 31, 2024 12:18
Copy link
Contributor

@wendigo wendigo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've pushed remaining fixes

@wendigo wendigo force-pushed the anu/sse-c-native-fs-security-mapping branch from 686d724 to d33d19b Compare December 31, 2024 12:48
@wendigo
Copy link
Contributor

wendigo commented Dec 31, 2024

@anusudarsan I think that we can merge it if the docs are fine (or follow up with the docs before the next release)

@anusudarsan anusudarsan force-pushed the anu/sse-c-native-fs-security-mapping branch from d33d19b to 14f0f04 Compare December 31, 2024 16:17
@anusudarsan
Copy link
Member Author

pushed one more doc update

@wendigo wendigo merged commit cdd0a9f into trinodb:master Jan 2, 2025
62 checks passed
@github-actions github-actions bot added this to the 469 milestone Jan 2, 2025
@anusudarsan anusudarsan deleted the anu/sse-c-native-fs-security-mapping branch January 2, 2025 14:01
@mosabua
Copy link
Member

mosabua commented Jan 2, 2025

I assume this needs a release notes entry .. suggestions @anusudarsan and @wendigo ?

@wendigo
Copy link
Contributor

wendigo commented Jan 2, 2025

Add support for SSE-C in S3 security mapping

@mosabua
Copy link
Member

mosabua commented Jan 2, 2025

Added

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

6 participants