Return-Path: X-Original-To: apmail-hadoop-hdfs-commits-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EFA2B11EF7 for ; Tue, 22 Jul 2014 17:57:31 +0000 (UTC) Received: (qmail 33040 invoked by uid 500); 22 Jul 2014 17:57:31 -0000 Delivered-To: apmail-hadoop-hdfs-commits-archive@hadoop.apache.org Received: (qmail 32984 invoked by uid 500); 22 Jul 2014 17:57:31 -0000 Mailing-List: contact hdfs-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-dev@hadoop.apache.org Delivered-To: mailing list hdfs-commits@hadoop.apache.org Received: (qmail 32969 invoked by uid 99); 22 Jul 2014 17:57:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 17:57:31 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 17:57:28 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 649FD23889D5; Tue, 22 Jul 2014 17:57:08 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1612632 - in /hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs: ./ src/main/java/org/apache/hadoop/hdfs/ src/main/java/org/apache/hadoop/hdfs/client/ src/main/java/org/apache/hadoop/hdfs/protocol/ src/main/java/org/apac... Date: Tue, 22 Jul 2014 17:57:07 -0000 To: hdfs-commits@hadoop.apache.org From: wang@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140722175708.649FD23889D5@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: wang Date: Tue Jul 22 17:57:06 2014 New Revision: 1612632 URL: http://svn.apache.org/r1612632 Log: HDFS-6720. Remove KeyProvider in EncryptionZoneManager. (wang) Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DistributedFileSystem.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/client/HdfsAdmin.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/ClientProtocol.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/EncryptionZone.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolServerSideTranslatorPB.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolTranslatorPB.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/PBHelper.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/CryptoAdmin.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/encryption.proto hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/cli/TestCryptoCLI.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testCryptoConf.xml Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt Tue Jul 22 17:57:06 2014 @@ -54,6 +54,8 @@ fs-encryption (Unreleased) HDFS-6718. Remove EncryptionZoneManager lock. (wang) + HDFS-6720. Remove KeyProvider in EncryptionZoneManager. (wang) + OPTIMIZATIONS BUG FIXES Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java Tue Jul 22 17:57:06 2014 @@ -2807,11 +2807,11 @@ public class DFSClient implements java.i } } - public void createEncryptionZone(String src, String keyId) + public void createEncryptionZone(String src, String keyName) throws IOException { checkOpen(); try { - namenode.createEncryptionZone(src, keyId); + namenode.createEncryptionZone(src, keyName); } catch (RemoteException re) { throw re.unwrapRemoteException(AccessControlException.class, SafeModeException.class, Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DistributedFileSystem.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DistributedFileSystem.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DistributedFileSystem.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DistributedFileSystem.java Tue Jul 22 17:57:06 2014 @@ -1799,9 +1799,9 @@ public class DistributedFileSystem exten } /* HDFS only */ - public void createEncryptionZone(Path path, String keyId) + public void createEncryptionZone(Path path, String keyName) throws IOException { - dfs.createEncryptionZone(getPathName(path), keyId); + dfs.createEncryptionZone(getPathName(path), keyName); } /* HDFS only */ Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/client/HdfsAdmin.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/client/HdfsAdmin.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/client/HdfsAdmin.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/client/HdfsAdmin.java Tue Jul 22 17:57:06 2014 @@ -231,21 +231,16 @@ public class HdfsAdmin { } /** - * Create an encryption zone rooted at path using the optional encryption key - * id. An encryption zone is a portion of the HDFS file system hierarchy in - * which all files are encrypted with the same key, but possibly different - * key versions per file. - *

- * Path must refer to an empty, existing directory. Otherwise an IOException - * will be thrown. keyId specifies the id of an encryption key in the - * KeyProvider that the Namenode has been configured to use. If keyId is - * null, then a key is generated in the KeyProvider using {@link - * java.util.UUID} to generate a key id. + * Create an encryption zone rooted at an empty existing directory. An + * encryption zone has an associated encryption key used when reading and + * writing files within the zone. An existing key can be specified, + * else a new key will be generated for the encryption zone. * - * @param path The path of the root of the encryption zone. + * @param path The path of the root of the encryption zone. Must refer to + * an empty, existing directory. * - * @param keyId An optional keyId in the KeyProvider. If null, then - * a key is generated. + * @param keyName Optional name of key available at the KeyProvider. If null, + * then a key is generated. * * @throws IOException if there was a general IO exception * @@ -253,18 +248,15 @@ public class HdfsAdmin { * * @throws FileNotFoundException if the path does not exist */ - public void createEncryptionZone(Path path, String keyId) + public void createEncryptionZone(Path path, String keyName) throws IOException, AccessControlException, FileNotFoundException { - dfs.createEncryptionZone(path, keyId); + dfs.createEncryptionZone(path, keyName); } /** - * Return a list of all {@EncryptionZone}s in the HDFS hierarchy which are - * visible to the caller. If the caller is the HDFS admin, then the returned - * EncryptionZone instances will have the key id field filled in. If the - * caller is not the HDFS admin, then the EncryptionZone instances will only - * have the path field filled in and only those zones that are visible to the - * user are returned. + * Return a list of all {@link EncryptionZone}s in the HDFS hierarchy which + * are visible to the caller. If the caller is an HDFS superuser, + * then the key name of each encryption zone will also be provided. * * @throws IOException if there was a general IO exception * Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/ClientProtocol.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/ClientProtocol.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/ClientProtocol.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/ClientProtocol.java Tue Jul 22 17:57:06 2014 @@ -1263,7 +1263,7 @@ public interface ClientProtocol { * Create an encryption zone */ @AtMostOnce - public void createEncryptionZone(String src, String keyId) + public void createEncryptionZone(String src, String keyName) throws IOException; /** Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/EncryptionZone.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/EncryptionZone.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/EncryptionZone.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/EncryptionZone.java Tue Jul 22 17:57:06 2014 @@ -24,32 +24,32 @@ import org.apache.hadoop.classification. /** * A simple class for representing an encryption zone. Presently an encryption - * zone only has a path (the root of the encryption zone) and a key id. + * zone only has a path (the root of the encryption zone) and a key name. */ @InterfaceAudience.Public @InterfaceStability.Evolving public class EncryptionZone { private final String path; - private final String keyId; + private final String keyName; - public EncryptionZone(String path, String keyId) { + public EncryptionZone(String path, String keyName) { this.path = path; - this.keyId = keyId; + this.keyName = keyName; } public String getPath() { return path; } - public String getKeyId() { - return keyId; + public String getKeyName() { + return keyName; } @Override public int hashCode() { return new HashCodeBuilder(13, 31). - append(path).append(keyId). + append(path).append(keyName). toHashCode(); } @@ -68,12 +68,12 @@ public class EncryptionZone { EncryptionZone rhs = (EncryptionZone) obj; return new EqualsBuilder(). append(path, rhs.path). - append(keyId, rhs.keyId). + append(keyName, rhs.keyName). isEquals(); } @Override public String toString() { - return "EncryptionZone [path=" + path + ", keyId=" + keyId + "]"; + return "EncryptionZone [path=" + path + ", keyName=" + keyName + "]"; } } Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolServerSideTranslatorPB.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolServerSideTranslatorPB.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolServerSideTranslatorPB.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolServerSideTranslatorPB.java Tue Jul 22 17:57:06 2014 @@ -1287,7 +1287,7 @@ public class ClientNamenodeProtocolServe RpcController controller, CreateEncryptionZoneRequestProto req) throws ServiceException { try { - server.createEncryptionZone(req.getSrc(), req.getKeyId()); + server.createEncryptionZone(req.getSrc(), req.getKeyName()); return CreateEncryptionZoneResponseProto.newBuilder().build(); } catch (IOException e) { throw new ServiceException(e); Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolTranslatorPB.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolTranslatorPB.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolTranslatorPB.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolTranslatorPB.java Tue Jul 22 17:57:06 2014 @@ -1284,13 +1284,13 @@ public class ClientNamenodeProtocolTrans } @Override - public void createEncryptionZone(String src, String keyId) + public void createEncryptionZone(String src, String keyName) throws IOException { final CreateEncryptionZoneRequestProto.Builder builder = CreateEncryptionZoneRequestProto.newBuilder(); builder.setSrc(src); - if (keyId != null && !keyId.isEmpty()) { - builder.setKeyId(keyId); + if (keyName != null && !keyName.isEmpty()) { + builder.setKeyName(keyName); } CreateEncryptionZoneRequestProto req = builder.build(); try { Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/PBHelper.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/PBHelper.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/PBHelper.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/PBHelper.java Tue Jul 22 17:57:06 2014 @@ -2209,7 +2209,7 @@ public class PBHelper { final EncryptionZoneProto.Builder builder = EncryptionZoneProto.newBuilder(); builder.setPath(a.getPath()); - builder.setKeyId(a.getKeyId()); + builder.setKeyName(a.getKeyName()); ret.add(builder.build()); } return ret; @@ -2221,7 +2221,7 @@ public class PBHelper { Lists.newArrayListWithCapacity(ezs.size()); for (EncryptionZoneProto a : ezs) { final EncryptionZone ez = - new EncryptionZone(a.getPath(), a.getKeyId()); + new EncryptionZone(a.getPath(), a.getKeyName()); ret.add(ez); } return ret; Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java Tue Jul 22 17:57:06 2014 @@ -5,11 +5,9 @@ import java.util.EnumSet; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.concurrent.locks.ReentrantReadWriteLock; import com.google.common.base.Preconditions; import com.google.common.collect.Lists; -import org.apache.hadoop.crypto.key.KeyProvider; import org.apache.hadoop.fs.UnresolvedLinkException; import org.apache.hadoop.fs.XAttr; import org.apache.hadoop.fs.XAttrSetFlag; @@ -20,7 +18,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import static org.apache.hadoop.crypto.key.KeyProvider.KeyVersion; import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants .CRYPTO_XATTR_ENCRYPTION_ZONE; @@ -62,16 +59,14 @@ public class EncryptionZoneManager { private final Map encryptionZones; private final FSDirectory dir; - private final KeyProvider provider; /** * Construct a new EncryptionZoneManager. * * @param dir Enclosing FSDirectory */ - public EncryptionZoneManager(FSDirectory dir, KeyProvider provider) { + public EncryptionZoneManager(FSDirectory dir) { this.dir = dir; - this.provider = provider; encryptionZones = new HashMap(); } @@ -81,11 +76,11 @@ public class EncryptionZoneManager { * Called while holding the FSDirectory lock. * * @param inodeId of the encryption zone - * @param keyId encryption zone key id + * @param keyName encryption zone key name */ - void addEncryptionZone(Long inodeId, String keyId) { + void addEncryptionZone(Long inodeId, String keyName) { assert dir.hasWriteLock(); - final EncryptionZoneInt ez = new EncryptionZoneInt(inodeId, keyId); + final EncryptionZoneInt ez = new EncryptionZoneInt(inodeId, keyName); encryptionZones.put(inodeId, ez); } @@ -209,7 +204,7 @@ public class EncryptionZoneManager { *

* Called while holding the FSDirectory lock. */ - XAttr createEncryptionZone(String src, String keyId, KeyVersion keyVersion) + XAttr createEncryptionZone(String src, String keyName) throws IOException { assert dir.hasWriteLock(); if (dir.isNonEmptyDirectory(src)) { @@ -224,17 +219,16 @@ public class EncryptionZoneManager { "encryption zone. (" + getFullPathName(ezi) + ")"); } - final XAttr keyIdXAttr = XAttrHelper - .buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, keyId.getBytes()); + final XAttr ezXAttr = XAttrHelper + .buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, keyName.getBytes()); final List xattrs = Lists.newArrayListWithCapacity(1); - xattrs.add(keyIdXAttr); + xattrs.add(ezXAttr); // updating the xattr will call addEncryptionZone, // done this way to handle edit log loading dir.unprotectedSetXAttrs(src, xattrs, EnumSet.of(XAttrSetFlag.CREATE)); - // Re-get the new encryption zone add the latest key version ezi = getEncryptionZoneForPath(srcIIP); - return keyIdXAttr; + return ezXAttr; } /** Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java Tue Jul 22 17:57:06 2014 @@ -17,7 +17,6 @@ */ package org.apache.hadoop.hdfs.server.namenode; -import static org.apache.hadoop.crypto.key.KeyProvider.KeyVersion; import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE; import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.CRYPTO_XATTR_FILE_ENCRYPTION_INFO; import static org.apache.hadoop.util.Time.now; @@ -36,7 +35,6 @@ import com.google.protobuf.InvalidProtoc import org.apache.hadoop.HadoopIllegalArgumentException; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.crypto.key.KeyProvider; import org.apache.hadoop.fs.ContentSummary; import org.apache.hadoop.fs.FileAlreadyExistsException; import org.apache.hadoop.fs.FileEncryptionInfo; @@ -227,7 +225,7 @@ public class FSDirectory implements Clos nameCache = new NameCache(threshold); namesystem = ns; - ezManager = new EncryptionZoneManager(this, ns.getProvider()); + ezManager = new EncryptionZoneManager(this); } private FSNamesystem getFSNamesystem() { @@ -2632,11 +2630,11 @@ public class FSDirectory implements Clos } } - XAttr createEncryptionZone(String src, String keyId, KeyVersion keyVersion) + XAttr createEncryptionZone(String src, String keyName) throws IOException { writeLock(); try { - return ezManager.createEncryptionZone(src, keyId, keyVersion); + return ezManager.createEncryptionZone(src, keyName); } finally { writeUnlock(); } Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java Tue Jul 22 17:57:06 2014 @@ -8421,13 +8421,13 @@ public class FSNamesystem implements Nam } /** - * Create an encryption zone on directory src either using keyIdArg if - * supplied or generating a keyId if it's null. + * Create an encryption zone on directory src. If provided, + * will use an existing key, else will generate a new key. * * @param src the path of a directory which will be the root of the * encryption zone. The directory must be empty. * - * @param keyIdArg an optional keyId of a key in the configured + * @param keyNameArg an optional name of a key in the configured * KeyProvider. If this is null, then a a new key is generated. * * @throws AccessControlException if the caller is not the superuser. @@ -8436,7 +8436,7 @@ public class FSNamesystem implements Nam * * @throws SafeModeException if the Namenode is in safe mode. */ - void createEncryptionZone(final String src, String keyIdArg) + void createEncryptionZone(final String src, String keyNameArg) throws IOException, UnresolvedLinkException, SafeModeException, AccessControlException { final CacheEntry cacheEntry = RetryCache.waitForCompletion(retryCache); @@ -8445,16 +8445,15 @@ public class FSNamesystem implements Nam } boolean createdKey = false; - String keyId = keyIdArg; + String keyName = keyNameArg; boolean success = false; try { - KeyVersion keyVersion; - if (keyId == null || keyId.isEmpty()) { - keyId = UUID.randomUUID().toString(); - keyVersion = createNewKey(keyId, src); + if (keyName == null || keyName.isEmpty()) { + keyName = UUID.randomUUID().toString(); + createNewKey(keyName, src); createdKey = true; } else { - keyVersion = provider.getCurrentKey(keyId); + KeyVersion keyVersion = provider.getCurrentKey(keyName); if (keyVersion == null) { /* * It would be nice if we threw something more specific than @@ -8464,10 +8463,10 @@ public class FSNamesystem implements Nam * update this to match it, or better yet, just rethrow the * KeyProvider's exception. */ - throw new IOException("Key " + keyId + " doesn't exist."); + throw new IOException("Key " + keyName + " doesn't exist."); } } - createEncryptionZoneInt(src, keyId, keyVersion, cacheEntry != null); + createEncryptionZoneInt(src, keyName, cacheEntry != null); success = true; } catch (AccessControlException e) { logAuditEvent(false, "createEncryptionZone", src); @@ -8476,14 +8475,13 @@ public class FSNamesystem implements Nam RetryCache.setState(cacheEntry, success); if (!success && createdKey) { /* Unwind key creation. */ - provider.deleteKey(keyId); + provider.deleteKey(keyName); } } } - private void createEncryptionZoneInt(final String srcArg, String keyId, - final KeyVersion keyVersion, final boolean logRetryCache) throws - IOException { + private void createEncryptionZoneInt(final String srcArg, String keyName, + final boolean logRetryCache) throws IOException { String src = srcArg; HdfsFileStatus resultingStat = null; checkSuperuserPrivilege(); @@ -8497,9 +8495,9 @@ public class FSNamesystem implements Nam checkNameNodeSafeMode("Cannot create encryption zone on " + src); src = FSDirectory.resolvePath(src, pathComponents, dir); - final XAttr keyIdXAttr = dir.createEncryptionZone(src, keyId, keyVersion); + final XAttr ezXAttr = dir.createEncryptionZone(src, keyName); List xAttrs = Lists.newArrayListWithCapacity(1); - xAttrs.add(keyIdXAttr); + xAttrs.add(ezXAttr); getEditLog().logSetXAttrs(src, xAttrs, logRetryCache); resultingStat = getAuditFileInfo(src, false); } finally { @@ -8512,14 +8510,14 @@ public class FSNamesystem implements Nam /** * Create a new key on the KeyProvider for an encryption zone. * - * @param keyIdArg id of the key + * @param keyNameArg name of the key * @param src path of the encryption zone. * @return KeyVersion of the created key * @throws IOException */ - private KeyVersion createNewKey(String keyIdArg, String src) + private KeyVersion createNewKey(String keyNameArg, String src) throws IOException { - Preconditions.checkNotNull(keyIdArg); + Preconditions.checkNotNull(keyNameArg); Preconditions.checkNotNull(src); final StringBuilder sb = new StringBuilder("hdfs://"); if (nameserviceId != null) { @@ -8529,14 +8527,14 @@ public class FSNamesystem implements Nam if (!src.endsWith("/")) { sb.append('/'); } - sb.append(keyIdArg); - final String keyId = sb.toString(); - providerOptions.setDescription(keyId); + sb.append(keyNameArg); + final String keyName = sb.toString(); + providerOptions.setDescription(keyName); providerOptions.setBitLength(codec.getCipherSuite() .getAlgorithmBlockSize()*8); KeyVersion version = null; try { - version = provider.createKey(keyIdArg, providerOptions); + version = provider.createKey(keyNameArg, providerOptions); } catch (NoSuchAlgorithmException e) { throw new IOException(e); } Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java Tue Jul 22 17:57:06 2014 @@ -1413,9 +1413,9 @@ class NameNodeRpcServer implements Namen } @Override - public void createEncryptionZone(String src, String keyId) + public void createEncryptionZone(String src, String keyName) throws IOException { - namesystem.createEncryptionZone(src, keyId); + namesystem.createEncryptionZone(src, keyName); } @Override Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/CryptoAdmin.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/CryptoAdmin.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/CryptoAdmin.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/CryptoAdmin.java Tue Jul 22 17:57:06 2014 @@ -124,7 +124,7 @@ public class CryptoAdmin extends Configu @Override public String getShortUsage() { - return "[" + getName() + " [-keyId ] -path " + "]\n"; + return "[" + getName() + " [-keyName ] -path " + "]\n"; } @Override @@ -132,7 +132,8 @@ public class CryptoAdmin extends Configu final TableListing listing = getOptionDescriptionListing(); listing.addRow("", "The path of the encryption zone to create. " + "It must be an empty directory."); - listing.addRow("", "The keyId of the new encryption zone."); + listing.addRow("", "Name of the key to use for the " + + "encryption zone. A new key will be generated if unspecified."); return getShortUsage() + "\n" + "Create a new encryption zone.\n\n" + listing.toString(); @@ -146,8 +147,8 @@ public class CryptoAdmin extends Configu return 1; } - final String keyId = - StringUtils.popOptionWithArgument("-keyId", args); + final String keyName = + StringUtils.popOptionWithArgument("-keyName", args); if (!args.isEmpty()) { System.err.println("Can't understand argument: " + args.get(0)); @@ -156,7 +157,7 @@ public class CryptoAdmin extends Configu final DistributedFileSystem dfs = getDFS(conf); try { - dfs.createEncryptionZone(new Path(path), keyId); + dfs.createEncryptionZone(new Path(path), keyName); System.out.println("Added encryption zone " + path); } catch (IOException e) { System.err.println(prettifyException(e)); @@ -198,7 +199,7 @@ public class CryptoAdmin extends Configu .wrapWidth(MAX_LINE_WIDTH).hideHeaders().build(); final List ezs = dfs.listEncryptionZones(); for (EncryptionZone ez : ezs) { - listing.addRow(ez.getPath(), ez.getKeyId()); + listing.addRow(ez.getPath(), ez.getKeyName()); } System.out.println(listing.toString()); } catch (IOException e) { Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/encryption.proto URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/encryption.proto?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/encryption.proto (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/encryption.proto Tue Jul 22 17:57:06 2014 @@ -35,7 +35,7 @@ import "hdfs.proto"; message CreateEncryptionZoneRequestProto { required string src = 1; - optional string keyId = 2; + optional string keyName = 2; } message CreateEncryptionZoneResponseProto { @@ -46,7 +46,7 @@ message ListEncryptionZonesRequestProto message EncryptionZoneProto { required string path = 1; - required string keyId = 2; + required string keyName = 2; } message ListEncryptionZonesResponseProto { Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/cli/TestCryptoCLI.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/cli/TestCryptoCLI.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/cli/TestCryptoCLI.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/cli/TestCryptoCLI.java Tue Jul 22 17:57:06 2014 @@ -93,12 +93,12 @@ public class TestCryptoCLI extends CLIT } /* Helper function to create a key in the Key Provider. */ - private void createAKey(String keyId, Configuration conf) + private void createAKey(String keyName, Configuration conf) throws NoSuchAlgorithmException, IOException { final KeyProvider provider = dfsCluster.getNameNode().getNamesystem().getProvider(); final KeyProvider.Options options = KeyProvider.options(conf); - provider.createKey(keyId, options); + provider.createKey(keyName, options); provider.flush(); } Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java Tue Jul 22 17:57:06 2014 @@ -105,18 +105,18 @@ public class TestEncryptionZones { } /** - * Checks that an encryption zone with the specified keyId and path (if not + * Checks that an encryption zone with the specified keyName and path (if not * null) is present. * * @throws IOException if a matching zone could not be found */ - public void assertZonePresent(String keyId, String path) throws IOException { + public void assertZonePresent(String keyName, String path) throws IOException { final List zones = dfsAdmin.listEncryptionZones(); boolean match = false; for (EncryptionZone zone : zones) { - boolean matchKey = (keyId == null); + boolean matchKey = (keyName == null); boolean matchPath = (path == null); - if (keyId != null && zone.getKeyId().equals(keyId)) { + if (keyName != null && zone.getKeyName().equals(keyName)) { matchKey = true; } if (path != null && zone.getPath().equals(path)) { @@ -127,7 +127,7 @@ public class TestEncryptionZones { break; } } - assertTrue("Did not find expected encryption zone with keyId " + keyId + + assertTrue("Did not find expected encryption zone with keyName " + keyName + " path " + path, match ); } @@ -135,11 +135,11 @@ public class TestEncryptionZones { /** * Helper function to create a key in the Key Provider. */ - private void createKey(String keyId) + private void createKey(String keyName) throws NoSuchAlgorithmException, IOException { KeyProvider provider = cluster.getNameNode().getNamesystem().getProvider(); final KeyProvider.Options options = KeyProvider.options(conf); - provider.createKey(keyId, options); + provider.createKey(keyName, options); provider.flush(); } @@ -204,9 +204,9 @@ public class TestEncryptionZones { /* Test failure of creating an EZ passing a key that doesn't exist. */ final Path zone2 = new Path("/zone2"); fsWrapper.mkdir(zone2, FsPermission.getDirDefault(), false); - final String myKeyId = "mykeyid"; + final String myKeyName = "mykeyname"; try { - dfsAdmin.createEncryptionZone(zone2, myKeyId); + dfsAdmin.createEncryptionZone(zone2, myKeyName); fail("expected key doesn't exist"); } catch (IOException e) { assertExceptionContains("doesn't exist.", e); @@ -214,10 +214,10 @@ public class TestEncryptionZones { assertNumZones(1); /* Test success of creating an EZ when they key exists. */ - createKey(myKeyId); - dfsAdmin.createEncryptionZone(zone2, myKeyId); + createKey(myKeyName); + dfsAdmin.createEncryptionZone(zone2, myKeyName); assertNumZones(++numZones); - assertZonePresent(myKeyId, zone2.toString()); + assertZonePresent(myKeyName, zone2.toString()); /* Test failure of create encryption zones as a non super user. */ final UserGroupInformation user = UserGroupInformation. @@ -345,8 +345,8 @@ public class TestEncryptionZones { // Roll the key of the encryption zone List zones = dfsAdmin.listEncryptionZones(); assertEquals("Expected 1 EZ", 1, zones.size()); - String keyId = zones.get(0).getKeyId(); - cluster.getNamesystem().getProvider().rollNewVersion(keyId); + String keyName = zones.get(0).getKeyName(); + cluster.getNamesystem().getProvider().rollNewVersion(keyName); // Read them back in and compare byte-by-byte validateFiles(baseFile, encFile1, len); // Write a new enc file and validate Modified: hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testCryptoConf.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testCryptoConf.xml?rev=1612632&r1=1612631&r2=1612632&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testCryptoConf.xml (original) +++ hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testCryptoConf.xml Tue Jul 22 17:57:06 2014 @@ -145,7 +145,7 @@ -fs NAMENODE -mkdir /foo -fs NAMENODE -ls /- - -createZone -path /foo -keyId doesntexist + -createZone -path /foo -keyName doesntexist -fs NAMENODE -rmdir /foo @@ -163,7 +163,7 @@ -fs NAMENODE -mkdir /foo -fs NAMENODE -ls /- - -createZone -path /foo -keyId mykey + -createZone -path /foo -keyName mykey -fs NAMENODE -rmdir /foo