hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Lamb (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HDFS-6785) Should not be able to create encryption zone using path to a non-directory file
Date Wed, 30 Jul 2014 20:02:39 GMT

     [ https://issues.apache.org/jira/browse/HDFS-6785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Charles Lamb resolved HDFS-6785.
--------------------------------

       Resolution: Fixed
    Fix Version/s: fs-encryption (HADOOP-10150 and HDFS-6134)

Committed to fs-encryption.

> Should not be able to create encryption zone using path to a non-directory file
> -------------------------------------------------------------------------------
>
>                 Key: HDFS-6785
>                 URL: https://issues.apache.org/jira/browse/HDFS-6785
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Stephen Chu
>            Assignee: Charles Lamb
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HDFS-6785.001.patch, HDFS-6785.002.patch
>
>
> Currently, users can create an encryption zone while specifying a path to a file, as
seen below.
> {code}
> [hdfs@schu-enc2 ~]$ cat hi
> hi
> [hdfs@schu-enc2 ~]$ hadoop fs -put hi /hi
> [hdfs@schu-enc2 ~]$ hadoop key create testKey
> testKey has been successfully created.
> KMSClientProvider[http://schu-enc2.vpc.com:16000/kms/v1/] has been updated.
> [hdfs@schu-enc2 ~]$ hdfs crypto -createZone -keyName testKey -path /hi
> Added encryption zone /hi
> [hdfs@schu-enc2 ~]$ hdfs crypto -listZones
> /hi  testKey
> {code}
> Based on my understanding, admins should be able to create encryption zones only on empty
directories, not files.
> If the design changed to allow creating EZ on files, then we should change the javadoc
of {{HdfsAdmin#createEncryptionZone}}, which currently states, "Create an encryption zone
rooted at an empty existing directory, using the specified encryption key. An encryption zone
has an associated encryption key used when reading and writing files within the zone."



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message