GH-48337: [C++][Parquet] Improve column encryption API (#48338)

### Rationale for this change

While working on PR #48336 I quickly got irritated by the clumsiness of the Parquet encryption configuration API. This issue attempts to reduce the verbosity of `ColumnEncryptionProperties` construction.

### What changes are included in this PR?

1. Remove unused `column_path` member in `ColumnEncryptionProperties`
2. Add convenience `ColumnEncryptionProperties` factory functions to avoid going through the clumsy `Builder` API

### Are these changes tested?

Yes

### Are there any user-facing changes?

Two deprecated constructors and a removed accessor for an useless property.

**This PR includes breaking changes to public APIs.** (If there are any breaking changes to public APIs, please explain which changes are breaking. If not, you can remove this.)

* GitHub Issue: #48337

Authored-by: Antoine Pitrou <[email protected]>
Signed-off-by: Antoine Pitrou <[email protected]>

Author: pitrou

cpp/examples/parquet/low_level_api/encryption_reader_writer.cc

@@ -68,13 +68,10 @@ int main(int argc, char** argv) {
     auto column_path1 = schema_desc.Column(5)->path()->ToDotString();
     auto column_path2 = schema_desc.Column(4)->path()->ToDotString();
 
-    parquet::ColumnEncryptionProperties::Builder encryption_col_builder0(column_path1);
-    parquet::ColumnEncryptionProperties::Builder encryption_col_builder1(column_path2);
-    encryption_col_builder0.key(kColumnEncryptionKey1)->key_id("kc1");
-    encryption_col_builder1.key(kColumnEncryptionKey2)->key_id("kc2");
-
-    encryption_cols[column_path1] = encryption_col_builder0.build();
-    encryption_cols[column_path2] = encryption_col_builder1.build();
+    encryption_cols[column_path1] =
+        parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+    encryption_cols[column_path2] =
+        parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey2, "kc2");
 
     parquet::FileEncryptionProperties::Builder file_encryption_builder(
         kFooterEncryptionKey);

cpp/examples/parquet/low_level_api/encryption_reader_writer_all_crypto_options.cc

@@ -173,13 +173,10 @@ void InteropTestWriteEncryptedParquetFiles(std::string root_path) {
       encryption_cols2;
   std::string path1 = "double_field";
   std::string path2 = "float_field";
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_20(path1);
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_21(path2);
-  encryption_col_builder_20.key(kColumnEncryptionKey1)->key_id("kc1");
-  encryption_col_builder_21.key(kColumnEncryptionKey2)->key_id("kc2");
-
-  encryption_cols2[path1] = encryption_col_builder_20.build();
-  encryption_cols2[path2] = encryption_col_builder_21.build();
+  encryption_cols2[path1] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+  encryption_cols2[path2] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc2");
 
   parquet::FileEncryptionProperties::Builder file_encryption_builder_2(
       kFooterEncryptionKey);
@@ -194,13 +191,11 @@ void InteropTestWriteEncryptedParquetFiles(std::string root_path) {
   // (plaintext footer mode, readable by legacy readers)
   std::map<std::string, std::shared_ptr<parquet::ColumnEncryptionProperties>>
       encryption_cols3;
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_30(path1);
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_31(path2);
-  encryption_col_builder_30.key(kColumnEncryptionKey1)->key_id("kc1");
-  encryption_col_builder_31.key(kColumnEncryptionKey2)->key_id("kc2");
+  encryption_cols3[path1] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+  encryption_cols3[path2] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc2");
 
-  encryption_cols3[path1] = encryption_col_builder_30.build();
-  encryption_cols3[path2] = encryption_col_builder_31.build();
   parquet::FileEncryptionProperties::Builder file_encryption_builder_3(
       kFooterEncryptionKey);
 
@@ -214,13 +209,11 @@ void InteropTestWriteEncryptedParquetFiles(std::string root_path) {
   // Use aad_prefix.
   std::map<std::string, std::shared_ptr<parquet::ColumnEncryptionProperties>>
       encryption_cols4;
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_40(path1);
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_41(path2);
-  encryption_col_builder_40.key(kColumnEncryptionKey1)->key_id("kc1");
-  encryption_col_builder_41.key(kColumnEncryptionKey2)->key_id("kc2");
+  encryption_cols4[path1] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+  encryption_cols4[path2] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc2");
 
-  encryption_cols4[path1] = encryption_col_builder_40.build();
-  encryption_cols4[path2] = encryption_col_builder_41.build();
   parquet::FileEncryptionProperties::Builder file_encryption_builder_4(
       kFooterEncryptionKey);
 
@@ -234,13 +227,11 @@ void InteropTestWriteEncryptedParquetFiles(std::string root_path) {
   // Use aad_prefix and disable_aad_prefix_storage.
   std::map<std::string, std::shared_ptr<parquet::ColumnEncryptionProperties>>
       encryption_cols5;
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_50(path1);
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_51(path2);
-  encryption_col_builder_50.key(kColumnEncryptionKey1)->key_id("kc1");
-  encryption_col_builder_51.key(kColumnEncryptionKey2)->key_id("kc2");
+  encryption_cols5[path1] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+  encryption_cols5[path2] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc2");
 
-  encryption_cols5[path1] = encryption_col_builder_50.build();
-  encryption_cols5[path2] = encryption_col_builder_51.build();
   parquet::FileEncryptionProperties::Builder file_encryption_builder_5(
       kFooterEncryptionKey);
 
@@ -255,13 +246,11 @@ void InteropTestWriteEncryptedParquetFiles(std::string root_path) {
   // Use AES_GCM_CTR_V1 algorithm.
   std::map<std::string, std::shared_ptr<parquet::ColumnEncryptionProperties>>
       encryption_cols6;
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_60(path1);
-  parquet::ColumnEncryptionProperties::Builder encryption_col_builder_61(path2);
-  encryption_col_builder_60.key(kColumnEncryptionKey1)->key_id("kc1");
-  encryption_col_builder_61.key(kColumnEncryptionKey2)->key_id("kc2");
+  encryption_cols6[path1] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+  encryption_cols6[path2] =
+      parquet::ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc2");
 
-  encryption_cols6[path1] = encryption_col_builder_60.build();
-  encryption_cols6[path2] = encryption_col_builder_61.build();
   parquet::FileEncryptionProperties::Builder file_encryption_builder_6(
       kFooterEncryptionKey);
 

cpp/src/parquet/encryption/crypto_factory.cc

@@ -156,7 +156,7 @@ ColumnPathToEncryptionPropertiesMap CryptoFactory::GetColumnEncryptionProperties
           key_wrapper->GetEncryptionKeyMetadata(column_key, column_key_id, false);
 
       std::shared_ptr<ColumnEncryptionProperties> cmd =
-          ColumnEncryptionProperties::Builder(column_name)
+          ColumnEncryptionProperties::Builder()
               .key(column_key)
               ->key_metadata(column_key_key_metadata)
               ->build();

cpp/src/parquet/encryption/encryption.cc

@@ -179,16 +179,12 @@ FileEncryptionProperties::Builder::disable_aad_prefix_storage() {
   return this;
 }
 
-ColumnEncryptionProperties::ColumnEncryptionProperties(bool encrypted,
-                                                       std::string column_path,
-                                                       SecureString key,
+ColumnEncryptionProperties::ColumnEncryptionProperties(bool encrypted, SecureString key,
                                                        std::string key_metadata)
-    : column_path_(std::move(column_path)),
-      encrypted_(encrypted),
+    : encrypted_(encrypted),
       encrypted_with_footer_key_(encrypted && key.empty()),
       key_(std::move(key)),
       key_metadata_(std::move(key_metadata)) {
-  DCHECK(!column_path_.empty());
   if (!encrypted) {
     DCHECK(key_.empty() && key_metadata_.empty());
   }
@@ -200,6 +196,22 @@ ColumnEncryptionProperties::ColumnEncryptionProperties(bool encrypted,
   }
 }
 
+std::shared_ptr<ColumnEncryptionProperties> ColumnEncryptionProperties::Unencrypted() {
+  return std::shared_ptr<ColumnEncryptionProperties>(
+      new ColumnEncryptionProperties(/*encrypted=*/false, {}, {}));
+}
+
+std::shared_ptr<ColumnEncryptionProperties> ColumnEncryptionProperties::WithFooterKey() {
+  return std::shared_ptr<ColumnEncryptionProperties>(
+      new ColumnEncryptionProperties(/*encrypted=*/true, {}, {}));
+}
+
+std::shared_ptr<ColumnEncryptionProperties> ColumnEncryptionProperties::WithColumnKey(
+    ::arrow::util::SecureString key, std::string key_metadata) {
+  return std::shared_ptr<ColumnEncryptionProperties>(new ColumnEncryptionProperties(
+      /*encrypted=*/true, std::move(key), std::move(key_metadata)));
+}
+
 ColumnDecryptionProperties::ColumnDecryptionProperties(std::string column_path,
                                                        SecureString key)
     : column_path_(std::move(column_path)), key_(std::move(key)) {

cpp/src/parquet/encryption/encryption.h

@@ -114,12 +114,13 @@ class PARQUET_EXPORT ColumnEncryptionProperties {
  public:
   class PARQUET_EXPORT Builder {
    public:
-    /// Convenience builder for encrypted columns.
-    explicit Builder(std::string name) : Builder(std::move(name), true) {}
+    PARQUET_DEPRECATED("name argument is ignored, use default constructor instead")
+    explicit Builder(const std::string& name) : encrypted_(true) {}
 
-    /// Convenience builder for encrypted columns.
-    explicit Builder(const schema::ColumnPath& path)
-        : Builder(path.ToDotString(), true) {}
+    PARQUET_DEPRECATED("path argument is ignored, use default constructor instead")
+    explicit Builder(const schema::ColumnPath& path) : encrypted_(true) {}
+
+    Builder() = default;
 
     /// Set a column-specific key.
     /// If key is not set on an encrypted column, the column will
@@ -140,33 +141,31 @@ class PARQUET_EXPORT ColumnEncryptionProperties {
 
     std::shared_ptr<ColumnEncryptionProperties> build() {
       return std::shared_ptr<ColumnEncryptionProperties>(
-          new ColumnEncryptionProperties(encrypted_, column_path_, key_, key_metadata_));
+          new ColumnEncryptionProperties(encrypted_, key_, key_metadata_));
     }
 
    private:
-    std::string column_path_;
-    bool encrypted_;
+    bool encrypted_ = true;
     ::arrow::util::SecureString key_;
     std::string key_metadata_;
-
-    Builder(std::string path, bool encrypted)
-        : column_path_(std::move(path)), encrypted_(encrypted) {}
   };
 
-  const std::string& column_path() const { return column_path_; }
   bool is_encrypted() const { return encrypted_; }
   bool is_encrypted_with_footer_key() const { return encrypted_with_footer_key_; }
   const ::arrow::util::SecureString& key() const { return key_; }
   const std::string& key_metadata() const { return key_metadata_; }
 
+  static std::shared_ptr<ColumnEncryptionProperties> Unencrypted();
+  static std::shared_ptr<ColumnEncryptionProperties> WithFooterKey();
+  static std::shared_ptr<ColumnEncryptionProperties> WithColumnKey(
+      ::arrow::util::SecureString key, std::string key_metadata = "");
+
  private:
-  std::string column_path_;
   bool encrypted_;
   bool encrypted_with_footer_key_;
   ::arrow::util::SecureString key_;
   std::string key_metadata_;
-  explicit ColumnEncryptionProperties(bool encrypted, std::string column_path,
-                                      ::arrow::util::SecureString key,
+  explicit ColumnEncryptionProperties(bool encrypted, ::arrow::util::SecureString key,
                                       std::string key_metadata);
 };
 

cpp/src/parquet/encryption/properties_test.cc

@@ -25,29 +25,46 @@
 namespace parquet::encryption::test {
 
 TEST(TestColumnEncryptionProperties, ColumnEncryptedWithOwnKey) {
-  std::string column_path_1 = "column_1";
-  ColumnEncryptionProperties::Builder column_builder_1(column_path_1);
+  ColumnEncryptionProperties::Builder column_builder_1;
   column_builder_1.key(kColumnEncryptionKey1);
   column_builder_1.key_id("kc1");
   std::shared_ptr<ColumnEncryptionProperties> column_props_1 = column_builder_1.build();
 
-  ASSERT_EQ(column_path_1, column_props_1->column_path());
+  ASSERT_EQ(true, column_props_1->is_encrypted());
+  ASSERT_EQ(false, column_props_1->is_encrypted_with_footer_key());
+  ASSERT_EQ(kColumnEncryptionKey1, column_props_1->key());
+  ASSERT_EQ("kc1", column_props_1->key_metadata());
+
+  // Same with shorthand API
+  column_props_1 =
+      ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
   ASSERT_EQ(true, column_props_1->is_encrypted());
   ASSERT_EQ(false, column_props_1->is_encrypted_with_footer_key());
   ASSERT_EQ(kColumnEncryptionKey1, column_props_1->key());
   ASSERT_EQ("kc1", column_props_1->key_metadata());
 }
 
 TEST(TestColumnEncryptionProperties, ColumnEncryptedWithFooterKey) {
-  std::string column_path_1 = "column_1";
-  ColumnEncryptionProperties::Builder column_builder_1(column_path_1);
+  ColumnEncryptionProperties::Builder column_builder_1;
   std::shared_ptr<ColumnEncryptionProperties> column_props_1 = column_builder_1.build();
 
-  ASSERT_EQ(column_path_1, column_props_1->column_path());
+  ASSERT_EQ(true, column_props_1->is_encrypted());
+  ASSERT_EQ(true, column_props_1->is_encrypted_with_footer_key());
+
+  // Same with shorthand API
+  column_props_1 = ColumnEncryptionProperties::WithFooterKey();
   ASSERT_EQ(true, column_props_1->is_encrypted());
   ASSERT_EQ(true, column_props_1->is_encrypted_with_footer_key());
 }
 
+TEST(TestColumnEncryptionProperties, UnencryptedColumn) {
+  ColumnEncryptionProperties::Builder column_builder_1;
+
+  auto column_props_1 = ColumnEncryptionProperties::Unencrypted();
+  ASSERT_EQ(false, column_props_1->is_encrypted());
+  ASSERT_EQ(false, column_props_1->is_encrypted_with_footer_key());
+}
+
 // Encrypt all columns and the footer with the same key.
 // (uniform encryption)
 TEST(TestEncryptionProperties, UniformEncryption) {
@@ -74,19 +91,14 @@ TEST(TestEncryptionProperties, UniformEncryption) {
 TEST(TestEncryptionProperties, EncryptFooterAndTwoColumns) {
   std::shared_ptr<parquet::schema::ColumnPath> column_path_1 =
       parquet::schema::ColumnPath::FromDotString("column_1");
-  ColumnEncryptionProperties::Builder column_builder_1(column_path_1->ToDotString());
-  column_builder_1.key(kColumnEncryptionKey1);
-  column_builder_1.key_id("kc1");
-
   std::shared_ptr<parquet::schema::ColumnPath> column_path_2 =
       parquet::schema::ColumnPath::FromDotString("column_2");
-  ColumnEncryptionProperties::Builder column_builder_2(column_path_2->ToDotString());
-  column_builder_2.key(kColumnEncryptionKey2);
-  column_builder_2.key_id("kc2");
 
   std::map<std::string, std::shared_ptr<ColumnEncryptionProperties>> encrypted_columns;
-  encrypted_columns[column_path_1->ToDotString()] = column_builder_1.build();
-  encrypted_columns[column_path_2->ToDotString()] = column_builder_2.build();
+  encrypted_columns[column_path_1->ToDotString()] =
+      ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+  encrypted_columns[column_path_2->ToDotString()] =
+      ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey2, "kc2");
 
   FileEncryptionProperties::Builder builder(kFooterEncryptionKey);
   builder.footer_key_metadata("kf");
@@ -100,7 +112,6 @@ TEST(TestEncryptionProperties, EncryptFooterAndTwoColumns) {
   std::shared_ptr<ColumnEncryptionProperties> out_col_props_1 =
       props->column_encryption_properties(column_path_1->ToDotString());
 
-  ASSERT_EQ(column_path_1->ToDotString(), out_col_props_1->column_path());
   ASSERT_EQ(true, out_col_props_1->is_encrypted());
   ASSERT_EQ(false, out_col_props_1->is_encrypted_with_footer_key());
   ASSERT_EQ(kColumnEncryptionKey1, out_col_props_1->key());
@@ -109,7 +120,6 @@ TEST(TestEncryptionProperties, EncryptFooterAndTwoColumns) {
   std::shared_ptr<ColumnEncryptionProperties> out_col_props_2 =
       props->column_encryption_properties(column_path_2->ToDotString());
 
-  ASSERT_EQ(column_path_2->ToDotString(), out_col_props_2->column_path());
   ASSERT_EQ(true, out_col_props_2->is_encrypted());
   ASSERT_EQ(false, out_col_props_2->is_encrypted_with_footer_key());
   ASSERT_EQ(kColumnEncryptionKey2, out_col_props_2->key());
@@ -128,19 +138,14 @@ TEST(TestEncryptionProperties, EncryptFooterAndTwoColumns) {
 TEST(TestEncryptionProperties, EncryptTwoColumnsNotFooter) {
   std::shared_ptr<parquet::schema::ColumnPath> column_path_1 =
       parquet::schema::ColumnPath::FromDotString("column_1");
-  ColumnEncryptionProperties::Builder column_builder_1(*column_path_1);
-  column_builder_1.key(kColumnEncryptionKey1);
-  column_builder_1.key_id("kc1");
-
   std::shared_ptr<parquet::schema::ColumnPath> column_path_2 =
       parquet::schema::ColumnPath::FromDotString("column_2");
-  ColumnEncryptionProperties::Builder column_builder_2(*column_path_2);
-  column_builder_2.key(kColumnEncryptionKey2);
-  column_builder_2.key_id("kc2");
 
   std::map<std::string, std::shared_ptr<ColumnEncryptionProperties>> encrypted_columns;
-  encrypted_columns[column_path_1->ToDotString()] = column_builder_1.build();
-  encrypted_columns[column_path_2->ToDotString()] = column_builder_2.build();
+  encrypted_columns[column_path_1->ToDotString()] =
+      ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey1, "kc1");
+  encrypted_columns[column_path_2->ToDotString()] =
+      ColumnEncryptionProperties::WithColumnKey(kColumnEncryptionKey2, "kc2");
 
   FileEncryptionProperties::Builder builder(kFooterEncryptionKey);
   builder.footer_key_metadata("kf");
@@ -155,7 +160,6 @@ TEST(TestEncryptionProperties, EncryptTwoColumnsNotFooter) {
   std::shared_ptr<ColumnEncryptionProperties> out_col_props_1 =
       props->column_encryption_properties(column_path_1->ToDotString());
 
-  ASSERT_EQ(column_path_1->ToDotString(), out_col_props_1->column_path());
   ASSERT_EQ(true, out_col_props_1->is_encrypted());
   ASSERT_EQ(false, out_col_props_1->is_encrypted_with_footer_key());
   ASSERT_EQ(kColumnEncryptionKey1, out_col_props_1->key());
@@ -164,7 +168,6 @@ TEST(TestEncryptionProperties, EncryptTwoColumnsNotFooter) {
   std::shared_ptr<ColumnEncryptionProperties> out_col_props_2 =
       props->column_encryption_properties(column_path_2->ToDotString());
 
-  ASSERT_EQ(column_path_2->ToDotString(), out_col_props_2->column_path());
   ASSERT_EQ(true, out_col_props_2->is_encrypted());
   ASSERT_EQ(false, out_col_props_2->is_encrypted_with_footer_key());
   ASSERT_EQ(kColumnEncryptionKey2, out_col_props_2->key());