Bug 1473430 - Test S3 encryption support added to S3A in Hadoop 2.8.0 with Ceph RGW
Test S3 encryption support added to S3A in Hadoop 2.8.0 with Ceph RGW
Status: ASSIGNED
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: RGW (Show other bugs)
3.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: 3.0
Assigned To: Matt Benjamin (redhat)
ceph-qe-bugs
:
Depends On:
Blocks: 1473188
  Show dependency treegraph
 
Reported: 2017-07-20 15:52 EDT by Kyle Bader
Modified: 2017-07-30 11:43 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kyle Bader 2017-07-20 15:52:02 EDT
Up to date all testing with S3A has been with unencrypted objects. This is because our testing has been against Jewel based downstream releases that did not support any of the S3 encryption features. We should begin verifying that S3 encryption features, as invoked by the S3A filesystem client, work correctly with Luminous, as we will want these features to be available in RHCS 3.0

1. Verify SSE-KMS works properly when configured with a Barbican backend.
2. Verify SSE-C works properly
3. Verify per-bucket encryption is supported
4. Verify our bucket policy implementation supports examples in [1]

References:

[1] https://hortonworks.github.io/hdp-aws/s3-encryption/index.html
[2] http://docs.ceph.com/docs/master/radosgw/encryption/
Comment 2 Vasu Kulkarni 2017-07-20 15:56:59 EDT
This should be part of rhcs 3.0 trello card first?

Note You need to log in before you can comment on or make changes to this bug.