Skip to content

feat: Parquet modular encryption #16351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 53 commits into from
Jun 28, 2025
Merged

feat: Parquet modular encryption #16351

merged 53 commits into from
Jun 28, 2025

Conversation

corwinjoy
Copy link
Contributor

@corwinjoy corwinjoy commented Jun 10, 2025
edited
Loading

Which issue does this PR close?

What changes are included in this PR?

This PR adds support for encryption in DataFusion’s Parquet implementation. The changes introduce new configuration options for file encryption and decryption properties, update various components (including proto conversion, file reading/writing, and tests), and add an end-to-end encrypted Parquet example.

Are these changes tested?

Tests and examples have been added to demonstrate and test functionality versus Parquet modular encryption. These could use feedback since there may be additional DataFusion usage cases that should be covered.

Are there any user-facing changes?

Additional options have been added to allow encryption/decryption configuration. We are soliciting additional feedback on how to handle key columns in a way that best fits the existing API.

Catalog of changes via copilot

Show a summary per file
File Description
docs/source/user-guide/configs.md Added documentation for new encryption and decryption properties.
datafusion/sqllogictest/test_files/information_schema.slt Updated SQL logic tests to include encryption/decryption settings.
datafusion/proto/src/logical_plan/file_formats.rs Added default None values for encryption properties in proto.
datafusion/proto-common/src/from_proto/mod.rs Updated conversion to set encryption properties to None.
datafusion/datasource-parquet/src/source.rs Passed file decryption properties from table options.
datafusion/datasource-parquet/src/opener.rs Disabled page index when encryption is enabled.
datafusion/datasource-parquet/src/file_format.rs Propagated decryption properties in schema and statistics fetching.
datafusion/core/tests/parquet/mod.rs Added the encryption test module reference.
datafusion/core/tests/parquet/encryption.rs Added tests for round-trip encryption.
datafusion/core/tests/parquet/custom_reader.rs Updated custom reader to pass None for decryption properties.
datafusion/core/src/datasource/file_format/parquet.rs Added extra parameters for decryption in metadata/statistics fetching.
datafusion/core/src/dataframe/parquet.rs Added roundtrip test for encrypted Parquet files.
datafusion/common/src/file_options/parquet_writer.rs Updated writer options to support encryption properties.
datafusion/common/Cargo.toml Added the hex dependency.
datafusion-examples/examples/parquet_encrypted.rs Introduced an example that reads/writes encrypted Parquet files.
datafusion-examples/README.md Updated examples list to include the encrypted Parquet demo.
Cargo.toml Enabled encryption feature for the parquet crate.

corwinjoy and others added 30 commits May 29, 2025 19:04
@corwinjoy
Initial commit to form PR for datafusion encryption support
e668b99
@corwinjoy
Add tests for encryption configuration
d38dba4
@corwinjoy
Apply cargo fmt
5a2b456
@corwinjoy
Add a roundtrip encryption test to the parquet tests.
c972676
@corwinjoy
cargo fmt
ec3f828
@corwinjoy
Update test to add decryption parameter to called functions.
3538a27
@corwinjoy
Try to get DataFrame.write_parquet to work with encryption. Doesn't q…
a754992 
…uite, column encryption is broken.
@corwinjoy @adamreeve
Update datafusion/datasource-parquet/src/opener.rs
e430672 
Co-authored-by: Adam Reeve <[email protected]>
@corwinjoy @adamreeve
Update datafusion/datasource-parquet/src/source.rs
7fcba70 
Co-authored-by: Adam Reeve <[email protected]>
@corwinjoy
Fix write test in parquet.rs
d6b1fca
@corwinjoy
Simplify encryption test. Remove unused imports.
3353186
@corwinjoy
Run cargo fmt.
e4bc0e3
@corwinjoy
Further streamline roundtrip test.
f52e79c
@corwinjoy
Change From methods for FileEncryptionProperties and FileDecryptionPr…
5615ac8 
…operties to use references.
@corwinjoy
Change encryption config to directly hold column keys using custom co…
61bc78e 
…nfig fields.
@corwinjoy
Fix generated field names in visit for encryptor and decryptor to use…
a81855f 
… "." instead of "::"
@corwinjoy
1. Disable parallel writes with enccryption.
4cf12b3 
2. Fixed unused header warning in config.rs.
3. Fix test case in encryption.rs to call conversion to ConfigFileDecryption properties correctly.
@corwinjoy
cargo fmt
f29bec3
@corwinjoy @Copilot
Update datafusion/common/src/file_options/parquet_writer.rs
86fe04b 
Co-authored-by: Copilot <[email protected]>
@corwinjoy
fix variables shown in information schema test.
d4ea63f
@corwinjoy
Merge remote-tracking branch 'origin/parquet_encryption' into parquet…
0fcc4a5 
…_encryption
@corwinjoy
Backout bad suggestion from copilot
86db3a5
@corwinjoy
Remove unused serde reference
b34441a 
Add an example to read and write encrypted parquet files.
@corwinjoy
cargo fmt
668d728
@corwinjoy
change file_format.rs to use global encryption options in struct.
ec1e8da
@corwinjoy
Turn off page_index for encrypted example. Get encrypted example work…
e233408 
…ing with filter.
@corwinjoy
Tidy up example output.
9ffaae4
@corwinjoy
Add missing license. Run taplo format
8e244e9
@corwinjoy
Update configs.md by running dev/update_config_docs.sh
2871d51
@corwinjoy
Cargo fmt + clippy changes.
c405167
@corwinjoy corwinjoy force-pushed the parquet_encryption branch from a3f0721 to 6a77842 Compare June 25, 2025 22:12
@github-actions github-actions bot added the documentation Improvements or additions to documentation label Jun 26, 2025
adamreeve
adamreeve reviewed Jun 26, 2025
View reviewed changes
datafusion/datasource-parquet/src/file_format.rs
store: &dyn ObjectStore,
meta: &ObjectMeta,
size_hint: Option<usize>,
decryption_properties: Option<&FileDecryptionProperties>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a breaking change (and same for fetch_statistics). Should we introduce a new method with this parameter added to avoid breaking the API? It is documented as "subject to change" though so maybe this is ok...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this probably needs to change anyway to handle having an encryption feature.

datafusion/proto-common/src/from_proto/mod.rs
.unwrap(),
column_specific_options,
key_value_metadata: Default::default(),
crypto: Default::default(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we aren't going to support conversion to protobuf yet, we should probably raise an error in impl TryFrom<&TableParquetOptions> for protobuf::TableParquetOptions if any crypto options are set.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we? I see that key_value_metadata is always set to empty here despite being defined in datafusion/proto-common/src/generated/prost.rs. So, it's not clear to me that we should throw an error here.

corwinjoy added 3 commits June 25, 2025 21:07
@corwinjoy
Merge pull request #6 from adamreeve/parquet_encryption_fix
d79fdf2 
Use ConfigFileDecryptionProperties in ParquetReadOptions

Signed-off-by: Corwin Joy <[email protected]>
@corwinjoy
Implement default for ConfigFileEncryptionProperties
f3e6945 
Signed-off-by: Corwin Joy <[email protected]>
@corwinjoy
Add sqllogictest for parquet with encryption
a7005a3 
Signed-off-by: Corwin Joy <[email protected]>
@github-actions github-actions bot added the sqllogictest SQL Logic Tests (.slt) label Jun 26, 2025
@alamb
Copy link
Contributor

alamb commented Jun 27, 2025

I merged up to resolve a conflict

alamb
alamb reviewed Jun 27, 2025
View reviewed changes
datafusion/common/src/config.rs
/// See ConfigFileEncryptionProperties and ConfigFileDecryptionProperties in datafusion/common/src/config.rs
/// These can be set via 'format.crypto', for example:
/// ```sql
/// OPTIONS (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very nice

alamb
alamb approved these changes Jun 27, 2025
View reviewed changes
Copy link
Contributor

@alamb alamb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @corwinjoy -- this looks wonderful to me

@alamb
Copy link
Contributor

alamb commented Jun 27, 2025

https://github.com/apache/datafusion/actions/runs/15936215612/job/44956521967?pr=16351

That is a new failure for me

     Running bin/sqllogictests.rs (target/ci/deps/sqllogictests-19519efa72c14141)
External error: 1 errors in file /Users/runner/work/datafusion/datafusion/datafusion/sqllogictest/test_files/union_by_name.slt

1. query is expected to fail, but actually succeed:
[SQL] select x, y, z from t3 union all by name select z, y, x, 'd' as zz from t3;
at /Users/runner/work/datafusion/datafusion/datafusion/sqllogictest/test_files/union_by_name.slt:343

I'll trigger it again and see if I can reproduce

@alamb alamb merged commit d66d6b9 into apache:main Jun 28, 2025
30 checks passed
@alamb
Copy link
Contributor

alamb commented Jun 28, 2025

Thanks again @corwinjoy / @adamreeve and everyone else. This is great

@corwinjoy
Copy link
Contributor Author

Thanks @alamb much appreciated for the review and helpful feedback! We hope to have a followup PR soon with a config to make encryption optional.

@alamb
Copy link
Contributor

alamb commented Jul 1, 2025

Thank you @corwinjoy

This was referenced Jul 2, 2025
Merged
Open
This was referenced Jul 10, 2025
Closed
Merged
@alamb alamb mentioned this pull request Jul 12, 2025
Closed
34 tasks
@adamreeve adamreeve mentioned this pull request Jul 15, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alamb alamb alamb approved these changes

+1 more reviewer

@adamreeve adamreeve adamreeve left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
common Related to common crate core Core DataFusion crate datasource Changes to the datasource crate documentation Improvements or additions to documentation proto Related to proto crate sqllogictest SQL Logic Tests (.slt)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support integration with Parquet modular encryption
4 participants
@corwinjoy @mbutrovich @alamb @adamreeve