hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6509) create a /.reserved/raw filesystem namespace
Date Sat, 26 Jul 2014 00:01:41 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14075150#comment-14075150

Andrew Wang commented on HDFS-6509:

FSN and FSDir:
* You can just do {{isReservedRawName(src)}} in place rather than declaring a new variable
if it's not being reused. Very cheap function too.
* Lines longer than 80 chars
* Need <p/> to line break in a javadoc comment.
* I shy away from the term "namespace" for raw, can we just say "directory"? It is just a
directory after all.
* FSDirectory, not a fan of even mildly complicated ternary statements. Can we turn these
into ifs, or at least not inline them into method calls?
* Calling up to FSNamesystem from FSDirectory is a no-no, since we want to separate FSD and
FSN locks and promote a lock hierarchy. Can we do the superuser check in FSNamesystem?
* Stripping the prefix off is scary because we lose context. At the very least, we should
log the original path in the audit log. Various log messages will be more confusing. I think
using the stripped path is okay in the edit log.
* Some javadocs needs updating for the new isRawPath parameter.

* Helper methods look duplicated from TestEncryptionZones. Let's extract the common code somewhere
like DFSTestUtil or GenericTestUtils.
* Why is the special casing necessary in TestDFSUtil for mkdirs? If mkdirs behaves incorrectly
on a raw path, then we should fix mkdirs. A normal user could call mkdirs on a raw path after
* Can we name the test "TestReservedRawPaths"?
* The ".." tests, let's do some tests where the ".." is in between .reserved and raw.
* There's a dfsadmin defined for the class, why create a new one in each test? The dfsAdmin
in testRelativePathnames also isn't used.
* Why can't we list /.reserved? Seems like it should work. Should also assert the entry that
we get back is the entry we expect, not just the length.

> create a /.reserved/raw filesystem namespace
> --------------------------------------------
>                 Key: HDFS-6509
>                 URL: https://issues.apache.org/jira/browse/HDFS-6509
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6509.001.patch, HDFS-6509distcpandDataatRestEncryption-2.pdf,
HDFS-6509distcpandDataatRestEncryption-3.pdf, HDFS-6509distcpandDataatRestEncryption.pdf
> This is part of the work for making distcp work with Data at Rest Encryption. Per the
attached document, create a /.reserved/raw HDFS filesystem namespace that allows access to
the encrypted bytes of a file.

This message was sent by Atlassian JIRA

View raw message