PARQUET-1817: Crypto Properties Factory

[shangxinli]

Make sure you have checked all steps below.

Jira

• My PR addresses the following Parquet Jira issues and references them in the PR title. For example, "PARQUET-1234: My Parquet PR"
  • https://issues.apache.org/jira/browse/PARQUET-XXX
  • In case you are adding a dependency, check if the license complies with the ASF 3rd Party License Policy.

Tests

• My PR adds the following unit tests OR does not need testing for this extremely good reason:

Commits

• My commits all reference Jira issues in their subject lines. In addition, my commits follow the guidelines from "How to write a good git commit message":
  1. Subject is separated from body by a blank line
  2. Subject is limited to 50 characters (not including Jira issue reference)
  3. Subject does not end with a period
  4. Subject uses the imperative mood ("add", not "adding")
  5. Body wraps at 72 characters
  6. Body explains "what" and "why", not "how"

Documentation

• In case of new functionality, my PR adds documentation that describes how to use it.
  • All the public functions and the classes in the PR contain Javadoc that explain what it does

[ggershinsky]

Travis fails because the branch is broken (on parquet-format-structures - unhandled mix of encryption and bloom filters). A known problem, I'll send a fix for that today.

[ggershinsky]

the branch is fixed by #771 . Once it is merged, your pr should pass CI checks after rebase.

[gszadovszky]

#771 is merged, Travis restarted.

[ggershinsky]

"[WARNING] Files with unapproved licenses:
/home/travis/build/apache/parquet-mr/parquet-hadoop/src/main/java/org/apache/parquet/crypto/CryptoPropertiesFactory.java"

[shangxinli]

Fixed it. Thanks Gidon and Gabor!

[ggershinsky]

@shangxinli @gszadovszky my pull request is ready, but now it depends on this one. I'll send it after 769 is merged.

[shangxinli]

@shangxinli @gszadovszky my pull request is ready, but now it depends on this one. I'll send it after 769 is merged.

The build is green now. Once @gszadovszky review the code, he or myself can merge it and you are ready to go.

[gszadovszky]

I assume we will see some implementations of this class in the unit tests of the crypto feature. Just double check...

[shangxinli]

I assume we will see some implementations of this class in the unit tests of the crypto feature. Just double check...

Yes.

[shangxinli]

@ggershinsky, can you make comments about what to be used by this field? Our implementation doesn't need it so far.

[ggershinsky]

I'd suggest also to add a comment to the interface itself, to remind about its purpose (this helps to understand the method parameters), something like "CryptoPropertiesFactory interface enables transparent activation of Parquet encryption. It's custom implementations produce encryption and decryption properties for each Parquet file, using the information available in Parquet file writers and readers: file path, file extended schema (in writers only) - and also Hadoop configuration properties that can pass custom parameters required by a crypto factory. A factory implementation can use or ignore any of these parameters."

As for the "tempFilePath" - "File path of the parquet file being written. Can be used for AAD prefix creation, key material management, etc. Implementations must not presume the path is permanent, as the file can be moved or renamed later"

[shangxinli]

Good point

[ggershinsky]

this import is not needed

[shangxinli]

removed.

[ggershinsky]

strange. All Travis checks are green,
https://travis-ci.org/github/apache/parquet-mr/builds/666364206?utm_source=github_status&utm_medium=notification
but the PR is stuck on yellow.

[chenjunjiedada]

@ggershinsky , FYI, Iceberg has a PR that has the same status.

[gszadovszky]

Last time I've forgot about one major thing. (Sorry for the late idea.)
parquet-mr library is usually used for either reading or writing at a time but not both. I think, it is not a good practice to expect both encryption and decryption properties while only one would be required.
What do you guys think?

[ggershinsky]

Last time I've forgot about one major thing. (Sorry for the late idea.)
parquet-mr library is usually used for either reading or writing at a time but not both. I think, it is not a good practice to expect both encryption and decryption properties while only one would be required.
What do you guys think?

On one hand, its certainly possible to split this into two interfaces, to make it fit the parquet-mr practices. On the other hand, a person working with encryption in eg Spark shell might want to both write and read the files. He would define two Hadoop config params for that, "parquet.encryption.factory.class" and "parquet.decryption.factory.class", which is a bit cumbersome. Or maybe one parameter is enough - if the class implements both interfaces, and we'll load it as either encryption or decryption as needed (from writer or reader, respectively). If this works in Java (currently can't see why not), then could be the right thing to do.

[gszadovszky]

Last time I've forgot about one major thing. (Sorry for the late idea.)
parquet-mr library is usually used for either reading or writing at a time but not both. I think, it is not a good practice to expect both encryption and decryption properties while only one would be required.
What do you guys think?

On one hand, its certainly possible to split this into two interfaces, to make it fit the parquet-mr practices. On the other hand, a person working with encryption in eg Spark shell might want to both write and read the files. He would define two Hadoop config params for that, "parquet.encryption.factory.class" and "parquet.decryption.factory.class", which is a bit cumbersome. Or maybe one parameter is enough - if the class implements both interfaces, and we'll load it as either encryption or decryption as needed (from writer or reader, respectively). If this works in Java (currently can't see why not), then could be the right thing to do.

I like this idea. It should work just fine.

[shangxinli]

Last time I've forgot about one major thing. (Sorry for the late idea.)
parquet-mr library is usually used for either reading or writing at a time but not both. I think, it is not a good practice to expect both encryption and decryption properties while only one would be required.
What do you guys think?

On one hand, its certainly possible to split this into two interfaces, to make it fit the parquet-mr practices. On the other hand, a person working with encryption in eg Spark shell might want to both write and read the files. He would define two Hadoop config params for that, "parquet.encryption.factory.class" and "parquet.decryption.factory.class", which is a bit cumbersome. Or maybe one parameter is enough - if the class implements both interfaces, and we'll load it as either encryption or decryption as needed (from writer or reader, respectively). If this works in Java (currently can't see why not), then could be the right thing to do.

I agree with Gidon. Aside from that, some ETL transform jobs need to decrypt raw data Parquet files and encrypt transformed Parquet files.

[shangxinli]

@gszadovszky, The latest commit needs to be changed and I think it would be better to add unit tests now than TBD. You can hold off for now and I will let you know when it is ready for review.

[shangxinli]

@gszadovszky, I think the change is ready to review now.