adds CSE materials class

Author: ahmarsuhail

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/DefaultS3ClientFactory.java

@@ -40,16 +40,15 @@
 import software.amazon.awssdk.services.s3.S3Configuration;
 import software.amazon.awssdk.services.s3.multipart.MultipartConfiguration;
 import software.amazon.awssdk.transfer.s3.S3TransferManager;
-import software.amazon.awssdk.services.kms.KmsClient;
 import software.amazon.encryption.s3.S3AsyncEncryptionClient;
 import software.amazon.encryption.s3.S3EncryptionClient;
-import software.amazon.encryption.s3.materials.KmsKeyring;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.conf.Configured;
+import org.apache.hadoop.fs.s3a.impl.CSEMaterials;
 import org.apache.hadoop.fs.s3a.statistics.impl.AwsStatisticsCollector;
 import org.apache.hadoop.fs.store.LogExactlyOnce;
 
@@ -99,39 +98,33 @@ public S3Client createS3Client(
 
   @Override
   public S3Client createS3EncryptionClient(final S3AsyncClient s3AsyncClient,
-      final S3Client s3Client, final KmsKeyring keyring) {
+      final S3Client s3Client, final CSEMaterials cseMaterials) {
 
-    return S3EncryptionClient.builder()
-        .wrappedAsyncClient(s3AsyncClient)
-        .wrappedClient(s3Client)
-        .enableLegacyUnauthenticatedModes(true)
-        .keyring(keyring)
-        .build();
+    S3EncryptionClient.Builder s3EncryptionClientBuilder =
+        S3EncryptionClient.builder().wrappedAsyncClient(s3AsyncClient).wrappedClient(s3Client)
+            .enableLegacyUnauthenticatedModes(true);
+
+    if (cseMaterials.getCseKeyType().equals(CSEMaterials.CSEKeyType.KMS)) {
+      s3EncryptionClientBuilder.kmsKeyId(cseMaterials.getKmsKeyId());
+    }
+
+    return s3EncryptionClientBuilder.build();
   }
 
 
   @Override
   public S3AsyncClient createS3AsyncEncryptionClient(final S3AsyncClient s3AsyncClient,
-      final KmsKeyring kmsKeyring) {
+      final CSEMaterials cseMaterials) {
 
-    return S3AsyncEncryptionClient.builder()
-        .wrappedClient(s3AsyncClient)
-        .enableLegacyUnauthenticatedModes(true)
-        .keyring(kmsKeyring)
-        .build();
-  }
+    S3AsyncEncryptionClient.Builder s3EncryptionAsyncClientBuilder =
+        S3AsyncEncryptionClient.builder().wrappedClient(s3AsyncClient)
+            .enableLegacyUnauthenticatedModes(true);
 
-  public KmsKeyring createKmsKeyring(final S3ClientCreationParameters parameters,
-      final String kmsKeyId) {
-    // TODO: Figure out how to handle region here
-    KmsClient kmsClient = KmsClient.builder()
-        .credentialsProvider(parameters.getCredentialSet())
-        .build();
+    if (cseMaterials.getCseKeyType().equals(CSEMaterials.CSEKeyType.KMS)) {
+      s3EncryptionAsyncClientBuilder.kmsKeyId(cseMaterials.getKmsKeyId());
+    }
 
-    return KmsKeyring.builder()
-        .kmsClient(kmsClient)
-        .wrappingKeyId(kmsKeyId)
-        .build();
+    return s3EncryptionAsyncClientBuilder.build();
   }
 
   @Override

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java

@@ -126,6 +126,7 @@
 import org.apache.hadoop.fs.s3a.impl.AWSCannedACL;
 import org.apache.hadoop.fs.s3a.impl.AWSHeaders;
 import org.apache.hadoop.fs.s3a.impl.BulkDeleteRetryHandler;
+import org.apache.hadoop.fs.s3a.impl.CSEMaterials;
 import org.apache.hadoop.fs.s3a.impl.ChangeDetectionPolicy;
 import org.apache.hadoop.fs.s3a.impl.ContextAccessors;
 import org.apache.hadoop.fs.s3a.impl.CopyFromLocalOperation;
@@ -1004,9 +1005,14 @@ private void bindAWSClient(URI name, boolean dtEnabled) throws IOException {
 
     if (isCSEEnabled) {
       String kmsKeyId = getS3EncryptionKey(bucket, conf, true);
-      KmsKeyring kmsKeyring = clientFactory.createKmsKeyring(parameters, kmsKeyId);
-      s3Client = clientFactory.createS3EncryptionClient(s3AsyncClient, s3Client, kmsKeyring);
-      s3AsyncClient = clientFactory.createS3AsyncEncryptionClient(s3AsyncClient, kmsKeyring);
+
+      CSEMaterials cseMaterials = new CSEMaterials()
+          .withCSEKeyType(CSEMaterials.CSEKeyType.KMS)
+          .withKmsKeyId(kmsKeyId);
+
+
+      s3Client = clientFactory.createS3EncryptionClient(s3AsyncClient, s3Client, cseMaterials);
+      s3AsyncClient = clientFactory.createS3AsyncEncryptionClient(s3AsyncClient, cseMaterials);
     }
 
     transferManager =  clientFactory.createS3TransferManager(getS3AsyncClient());

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3ClientFactory.java

@@ -32,10 +32,10 @@
 import software.amazon.awssdk.services.s3.S3AsyncClient;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.transfer.s3.S3TransferManager;
-import software.amazon.encryption.s3.materials.KmsKeyring;
 
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.fs.s3a.impl.CSEMaterials;
 import org.apache.hadoop.fs.s3a.statistics.StatisticsFromAwsSdk;
 
 import static org.apache.hadoop.fs.s3a.Constants.DEFAULT_ENDPOINT;
@@ -90,31 +90,23 @@ S3AsyncClient createS3AsyncClient(URI uri,
    *
    * @param s3AsyncClient The asynchronous S3  client, will be used for cryptographic operations.
    * @param s3Client The synchronous S3 client, will be used for non cryptographic operations.
-   * @param kmsKeyring kms wrapping key to be used
+   * @param cseMaterials cse key and type to use
    * @return S3EncryptionClient
    */
   S3Client createS3EncryptionClient(S3AsyncClient s3AsyncClient, S3Client s3Client,
-      KmsKeyring kmsKeyring);
+      CSEMaterials cseMaterials);
 
 
   /**
    * Creates a new {@link software.amazon.encryption.s3.S3AsyncEncryptionClient}.
    * Used when client side encryption is enabled.
    *
    * @param s3AsyncClient The asynchronous S3  client, will be used for cryptographic operations.
-   * @param kmsKeyring kms wrapping key to be used
+   * @param cseMaterials cse key and type to use
    * @return S3AsyncEncryptionClient
    */
-  S3AsyncClient createS3AsyncEncryptionClient(S3AsyncClient s3AsyncClient, KmsKeyring kmsKeyring);
+  S3AsyncClient createS3AsyncEncryptionClient(S3AsyncClient s3AsyncClient, CSEMaterials cseMaterials);
 
-  /**
-   * Creates KmsKeyring to be used by the encryption clients.
-   *
-   * @param parameters parameter object
-   * @param kmsKeyId kms wrapping key to be used
-   * @return KmsKeyring
-   */
-  KmsKeyring createKmsKeyring(S3ClientCreationParameters parameters, String kmsKeyId);
 
   /**
    * Creates a new {@link S3TransferManager}.

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/impl/CSEMaterials.java

@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.s3a.impl;
+
+/**
+ * This class is for storing information about key type and corresponding key
+ * to be used for client side encryption.
+ */
+public class CSEMaterials {
+
+  /**
+   * Enum for CSE key types.
+   */
+  public enum CSEKeyType {
+    KMS,
+    AES,
+    RSA
+  }
+
+  /**
+   * The KMS key Id.
+   */
+  private String kmsKeyId;
+
+  /**
+   * The CSE key type to use.
+   */
+  private CSEKeyType cseKeyType;
+
+  /**
+   * Kms key id to use.
+   * @param value new value
+   * @return the builder
+   */
+  public CSEMaterials withKmsKeyId(
+      final String value) {
+    kmsKeyId = value;
+    return this;
+  }
+
+  /**
+   * Get the Kms key id to use.
+   * @return the kms key id.
+   */
+  public String getKmsKeyId() {
+    return kmsKeyId;
+  }
+
+  /**
+   * CSE key type to use.
+   * @param value new value
+   * @return the builder
+   */
+  public CSEMaterials withCSEKeyType(
+      final CSEKeyType value) {
+    cseKeyType = value;
+    return this;
+  }
+
+  /**
+   * Get the CSE key type.
+   * @return CSE key type
+   */
+  public CSEKeyType getCseKeyType() {
+    return cseKeyType;
+  }
+
+}

hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/MockS3ClientFactory.java

@@ -31,7 +31,8 @@
 import software.amazon.awssdk.services.s3.model.ListMultipartUploadsRequest;
 import software.amazon.awssdk.services.s3.model.ListMultipartUploadsResponse;
 import software.amazon.awssdk.transfer.s3.S3TransferManager;
-import software.amazon.encryption.s3.materials.KmsKeyring;
+
+import org.apache.hadoop.fs.s3a.impl.CSEMaterials;
 
 /**
  * An {@link S3ClientFactory} that returns Mockito mocks of the {@link S3Client}
@@ -64,25 +65,18 @@ public S3AsyncClient createS3AsyncClient(URI uri, final S3ClientCreationParamete
 
   @Override
   public S3Client createS3EncryptionClient(final S3AsyncClient s3AsyncClient,
-      final S3Client s3Client, final KmsKeyring keyring) {
+      final S3Client s3Client, final CSEMaterials cseMaterials) {
     S3Client s3 = mock(S3Client.class);
     return s3;
   }
 
-
   @Override
   public S3AsyncClient createS3AsyncEncryptionClient(final S3AsyncClient s3AsyncClient,
-      final KmsKeyring kmsKeyring) {
+      final CSEMaterials cseMaterials) {
     S3AsyncClient s3 = mock(S3AsyncClient.class);
     return s3;
   }
 
-  @Override
-  public KmsKeyring createKmsKeyring(final S3ClientCreationParameters parameters,
-      final String kmsKeyId) {
-    KmsKeyring kmsKeyring = mock(KmsKeyring.class);
-    return kmsKeyring;
-  };
 
   @Override
   public S3TransferManager createS3TransferManager(S3AsyncClient s3AsyncClient) {