Bug 1473430

Summary: [TestOnly] Test S3 encryption support added to S3A in Hadoop 2.8.0 with Ceph RGW
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Kyle Bader <kbader>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED CURRENTRELEASE QA Contact: Tejas <tchandra>
Severity: low Docs Contact:
Priority: low    
Version: 3.0CC: anharris, cbodley, ceph-eng-bugs, ceph-qe-bugs, hnallurv, kbader, kdreyer, mbenjamin, sweil, tchandra, tserlin, uboppana, vakulkar
Target Milestone: z1Keywords: TestOnly
Target Release: 3.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-21 05:17:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1473188    

Description Kyle Bader 2017-07-20 19:52:02 UTC 
Up to date all testing with S3A has been with unencrypted objects. This is because our testing has been against Jewel based downstream releases that did not support any of the S3 encryption features. We should begin verifying that S3 encryption features, as invoked by the S3A filesystem client, work correctly with Luminous, as we will want these features to be available in RHCS 3.0

1. Verify SSE-KMS works properly when configured with a Barbican backend.
2. Verify SSE-C works properly
3. Verify per-bucket encryption is supported
4. Verify our bucket policy implementation supports examples in [1]

References:

[1] https://hortonworks.github.io/hdp-aws/s3-encryption/index.html
[2] http://docs.ceph.com/docs/master/radosgw/encryption/
Comment 2 Vasu Kulkarni 2017-07-20 19:56:59 UTC 
This should be part of rhcs 3.0 trello card first?
Comment 17 Giridhar Ramaraju 2019-08-05 13:06:10 UTC 
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. 

Regards,
Giri
Comment 18 Giridhar Ramaraju 2019-08-05 13:08:52 UTC 
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. 

Regards,
Giri