hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-6201) Get EncryptionKey from NN only if data transfer encryption is required
Date Tue, 08 Apr 2014 16:06:15 GMT
Benoy Antony created HDFS-6201:

             Summary: Get  EncryptionKey from NN only if data transfer encryption is required
                 Key: HDFS-6201
                 URL: https://issues.apache.org/jira/browse/HDFS-6201
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: security
            Reporter: Benoy Antony
            Assignee: Benoy Antony

HDFS-5910 allowed data transfer encryption to be decided by custom logic based on the Ip address
of client and datanode. This is on top of the _dfs.encrypt.data.transfer_ flag. 

There are some invocations where encryptionkey is fetched first and the datanode is identified
later. In these cases, encryptionkey is fetched after invoking the custom logic without the
ip address of the datanode. This might result in fetching fetching encryptionkey when it is
not required and vice versa. 

To correct this, a refactoring is required so that encryptionkey is fetched only when it is

Per [~arpitagarwal] on HDFS-5910

For the usage in getDataEncryptionKey(), we can refactor to pass a functor as the encryption
key to e.g. getFileChecksum. However I am okay with doing the refactoring in a separate change.
We can leave the parameter-less overload of isTrusted for now and just use it fromgetEcnryptionKey
and file a separate Jira to fix it.

This message was sent by Atlassian JIRA

View raw message