hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rushabh S Shah (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14104) Client should always ask namenode for kms provider path.
Date Fri, 31 Mar 2017 19:12:41 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rushabh S Shah updated HADOOP-14104:
    Attachment: HADOOP-14104-trunk-v3.patch

Thanks [~daryn] [~andrew.wang] [~yzhangal] for your valuable reviews.
I tried to address most of the review comments.
For the following comment:
bq. basically I wanted a unit test that did an encrypted read/write using the KP URI from
the credentials.
I added another unit test {{TestEncryptionZones#testEncryptedReadWriteUsingDiffKeyProvider}}
This test tried to read/write a file from/to encrypted zone.
The test adds key provider uri to credentials object and then unsets the local conf.
While reading the file, it gets the key provider uri from the credentials object.
The way we try to resolve the provider uri is first credentials map, then from namenode and
then from conf.
So among this chain, the testcase can get the key provider uri from namenode but I verified
by adding a log line that it got from credentials map.

Note: I haven't resolved the checkstyle warnings from the previous patch since the precommit
build logs were removed from jenkins server.
Once the precommit build runs, I will fix all the checkstyle warnings and then upload another
Request for reviews.

> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>                 Key: HADOOP-14104
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14104
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>         Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch, HADOOP-14104-trunk-v2.patch,
> According to current implementation of kms provider in client conf, there can only be
one kms.
> In multi-cluster environment, if a client is reading encrypted data from multiple clusters
it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message