PARQUET-1229: Parquet MR encryption

[ggershinsky]

Make sure you have checked all steps below.

Jira

• My PR addresses the following Parquet Jira issues and references them in the PR title. For example, "PARQUET-1234: My Parquet PR"
  • https://issues.apache.org/jira/browse/PARQUET-XXX
  • In case you are adding a dependency, check if the license complies with the ASF 3rd Party License Policy.

Tests

• My PR adds the following unit tests OR does not need testing for this extremely good reason:

Commits

• My commits all reference Jira issues in their subject lines. In addition, my commits follow the guidelines from "How to write a good git commit message":
  1. Subject is separated from body by a blank line
  2. Subject is limited to 50 characters (not including Jira issue reference)
  3. Subject does not end with a period
  4. Subject uses the imperative mood ("add", not "adding")
  5. Body wraps at 72 characters
  6. Body explains "what" and "why", not "how"

Documentation

• In case of new functionality, my PR adds documentation that describes how to use it.
  • All the public functions and the classes in the PR contain Javadoc that explain what it does

[ggershinsky]

@gszadovszky The encryption pull request is submitted, with changes in "hadoop" and "column" modules. Travis fails on "The job exceeded the maximum log length, and has been terminated". All tests up that point pass successfully (including the tests in hadoop and column modules).

[gszadovszky]

FYI: Created PARQUET-1832. I'll try to fix this issue ASAP.

[ggershinsky]

Thank you

[shangxinli]

Is this ready to review? Since there is no comment yet, can you squash it to one single commit to make the review easier?

[ggershinsky]

preferably reviewed after the Travis fix is in. @gszadovszky @shangxinli can you apply #777 to the encryption branch.

[ggershinsky]

can you squash it to one single commit to make the review easier?

This can be reviewed as a single commit at
https://github.com/apache/parquet-mr/pull/776/files

[ggershinsky]

the PR is ready for review

[shangxinli]

preferably reviewed after the Travis fix is in. @gszadovszky @shangxinli can you apply #777 to the encryption branch.

It seems I still don't have permission to do so. @gszadovszky, I did 'git cherry-pick' and then git push to encryption branch', but got permission error. Do I have to create a PR for it?

[shangxinli]

Should we keep original addRowGroup() intact and just add a new one with InternalFileEncryptor to isolate the change's impact? There is not much duplicate code if doing so and we can refactor the existing code with helper functions. In the majority use cases, they are non-encryption cases.

[ggershinsky]

encryption is isolated there, with if (null != fileEncryptor) and if (encryptMetaData) - similar to the if (columnIndexRef != null) and if (offsetIndexRef != null) in the same function.

[shangxinli]

Not all the changes are isolated. Generally, adding 'if/else' will add diverge the code and add the complexity. One other thing is regression thinking. If fileEncryptor is null, which would be most of the case, then it just executes the existing method without change. It would be less error prone.

[ggershinsky]

Many functions can be run either with or without encryption. Duplicating them will result in hundreds or thousands of duplicate code lines. This will make code maintenance (changes/fixes) a headache. Instead, we isolate encryption with if switches, without duplicating the existing code.

The same goes for other recent new features (column indexes and bloom filters) - they are isolated with an if switch, instead of code duplication. See if (columnIndexRef != null) and if (offsetIndexRef != null) in this addRowGroup function.

[shangxinli]

It is not a blocking comment and I am fine with it. But generally speaking, adding too much nested if/else diverges the code path and causes the complexity for reading. One way to avoid duplicating is to wrap them up in helper functions. I understand column indexes and bloom filters already did that but if we keep adding features like this, the code will become less and less readable.

[shangxinli]

Move comments up

[ggershinsky]

is there a requirement in the code formatting rules in this community to keep comments in separate lines?

[shangxinli]

No. I see most of them on up line but a few on the same line. It is not a must.

[gszadovszky]

Actually, based on parquet-mr README:

Generally speaking, stick to the Sun Java Code Conventions

Based on the related section both should be fine.

[gszadovszky]

preferably reviewed after the Travis fix is in. @gszadovszky @shangxinli can you apply #777 to the encryption branch.

It seems I still don't have permission to do so. @gszadovszky, I did 'git cherry-pick' and then git push to encryption branch', but got permission error. Do I have to create a PR for it?

@shangxinli, I've done a rebase on the branch encryption. Maybe, that's why you were unable to push a commit because after the rebase it would not be a fast forward commit (would need a force-push).
(Because of the rebase the Travis fix is already in.)
If you have any problems with manual push to the repo, let's bring it offline. I'm happy to help.

[shangxinli]

@ggershinsky Do you have time to review the code?

[ggershinsky]

@ggershinsky Do you have time to review the code?

You probably meant @gszadovszky

[gszadovszky]

I have a couple of comments but did not review all yet.

[gszadovszky]

Actually, based on parquet-mr README:

Generally speaking, stick to the Sun Java Code Conventions

Based on the related section both should be fine.

[gszadovszky]

Second round. Still not finished. :(

[gszadovszky]

Some other comments. This time, I've reached the end. :)

I know, this is not the whole feature yet but would like to ensure that at the end we will have proper test coverity. So, the question is do we have or planning to have tests to verify the working of semi-encrypted files (some columns and the footer are plaintext) with previous readers.

[gszadovszky]

Now, we are in sync. I will try to keep it this way. ;)

[ggershinsky]

I know, this is not the whole feature yet but would like to ensure that at the end we will have proper test coverity. So, the question is do we have or planning to have tests to verify the working of semi-encrypted files (some columns and the footer are plaintext) with previous readers.

We test this manually. We also have an automatic test that runs the current reader code on files that were previously created with other writers (such as parquet-cpp with encryption; these files are kept in parquet-testing repo and fetched from there). But I don't know how to automate running of previous readers on the files written by the current code - ?

[ggershinsky]

Now, we are in sync. I will try to keep it this way. ;)

Appreciated!
Addressing today's comments will keep me busy for a while :), I'll get back next week.

[gszadovszky]

I know, this is not the whole feature yet but would like to ensure that at the end we will have proper test coverity. So, the question is do we have or planning to have tests to verify the working of semi-encrypted files (some columns and the footer are plaintext) with previous readers.

We test this manually. We also have an automatic test that runs the current reader code on files that were previously created with other writers (such as parquet-cpp with encryption; these files are kept in parquet-testing repo and fetched from there). But I don't know how to automate running of previous readers on the files written by the current code - ?

Good question. We should have the tooling to provide such tests but not sure if we already have it. I am fine with testing it manually for now just document it in details (e.g. adding to the git comment of the test PR).

[ggershinsky]

The current review round is addressed; the checks pass.