Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-1848

ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID defaults to search keys in us-east-1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 0.6.2
    • 0.7.0
    • zeppelin-zengine
    • None

    • EMR

    Description

      Hi,

      I am trying to setup Zeppelin to store encrypted notebooks in S3 with KMS in us-west-2. I have KMS key in us-west-2 as well.
      However when I tried to add ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID pointing to that key, I got the following error in logs

       WARN [2016-12-22 11:48:53,275] ({main} NotebookRepoSync.java[<init>]:95) - Failed to sync with secondary storage on start {}
java.io.IOException: Unable to store note in S3: com.amazonaws.services.kms.model.NotFoundException: Key 'arn:aws:kms:us-east-1:174485552022:key/a0d06e55-efdd-4f5a-aec6-03a64b08278b' does not exist (Service: AWSKMS; Status Code: 400; Error Code: NotFoundException; Request ID: 9c919bac-c83c-11e6-9b8a-250e451234bf)
	at org.apache.zeppelin.notebook.repo.S3NotebookRepo.save(S3NotebookRepo.java:223)
	at org.apache.zeppelin.notebook.repo.NotebookRepoSync.pushNotes(NotebookRepoSync.java:215)
	at org.apache.zeppelin.notebook.repo.NotebookRepoSync.sync(NotebookRepoSync.java:200)
	at org.apache.zeppelin.notebook.repo.NotebookRepoSync.<init>(NotebookRepoSync.java:93)
	at org.apache.zeppelin.server.ZeppelinServer.<init>(ZeppelinServer.java:83)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
... truncated

      Notice that it tries to look up key in us-east-1 (default region) instead of us-west-2.
      I believe it is about that code https://github.com/apache/zeppelin/blob/master/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java#L100 and the patch will look more or less like here http://stackoverflow.com/a/27173676/484050
      I think this can be solved by introducing additional environment variable like ZEPPELIN_NOTEBOOK_S3_KMS_KEY_REGION.
      Sorry, can't fix that myself.

      Thanks,
      Mikhail

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. ZEPPELIN-848 Add support for encrypted data stored in S3

          • Major - Major loss of function.
          • Open
          links to

          Web Link GitHub Pull Request #1860

          Activity

            People

              khalidhnv Khalid Huseynov
              alabax Mikhail
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: