[HADOOP-15267] S3A multipart upload fails when SSE-C encryption is enabled - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.9.0, 3.0.0, 3.1.0
Fix Version/s: 3.1.0, 2.10.0, 3.0.3
Component/s: fs/s3
Labels:
None
Environment:

Hadoop 3.1 Snapshot

Target Version/s:

3.1.0
Flags:

Patch

Description

When I enable SSE-C encryption in Hadoop 3.1 and set fs.s3a.multipart.size to 5 Mb, storing data in AWS doesn't work anymore. For example, running the following code:

>>> df1 = spark.read.json('/home/user/people.json')
>>> df1.write.mode("overwrite").json("s3a://testbucket/people.json")

shows the following exception:

com.amazonaws.services.s3.model.AmazonS3Exception: The multipart upload initiate requested encryption. Subsequent part requests must include the appropriate encryption parameters.

After some investigation, I discovered that hadoop-aws doesn't send SSE-C headers in Put Object Part as stated in AWS specification: https://docs.aws.amazon.com/AmazonS3/latest/API/mpUploadUploadPart.html

If you requested server-side encryption using a customer-provided encryption key in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following headers.

You can find a patch attached to this issue for a better clarification of the problem.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-15267-001.patch
05/Mar/18 15:08
2 kB
Anis Elleuch
HADOOP-15267-002.patch
05/Mar/18 23:26
2 kB
Anis Elleuch
HADOOP-15267-003.patch
06/Mar/18 13:14
5 kB
Steve Loughran

Activity

People

Assignee:: Anis Elleuch

Reporter:: Anis Elleuch

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 27/Feb/18 01:17

Updated:: 25/Jun/18 16:34

Resolved:: 07/Mar/18 18:56