hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6509) create a /.reserved/raw filesystem namespace
Date Tue, 29 Jul 2014 00:01:45 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14077163#comment-14077163

Andrew Wang commented on HDFS-6509:

As a meta-comment for watchers, Charles, Colin and I had a discussion about whether this resolution
logic belongs in FSDirectory#resolvePath (i.e., strip the /.reserved/raw prefix early on in
RPC handling), or down in InodesInPath#resolvePath (which preserves the original path string,
meaning better logging, and no contortions for the audit log). I think we agreed that the
latter would be better, but there are still a lot of places that use path-based rather than
inode-based logic. One example is the lease manager, all the leases are based on a path. Fixing
these is a large effort and outside of scope of these immediate changes. If these improvements
to happen later, we can refactor this code to use it.

Couple more review questions on the current patch:

* Do we need the same isRawPath logic for createLocatedFileStatus, for exposing the feInfo?
* FSDirectory still has the AccessControlException import, and FSDir#resolvePath still throws
* Can fold FSN#checkAccessForReservedRaw into FSN#resolvePath
* Let's add some basic javadoc to FSN#resolvePath

That's it though, the rest looks good.

> create a /.reserved/raw filesystem namespace
> --------------------------------------------
>                 Key: HDFS-6509
>                 URL: https://issues.apache.org/jira/browse/HDFS-6509
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6509.001.patch, HDFS-6509.002.patch, HDFS-6509distcpandDataatRestEncryption-2.pdf,
HDFS-6509distcpandDataatRestEncryption-3.pdf, HDFS-6509distcpandDataatRestEncryption.pdf
> This is part of the work for making distcp work with Data at Rest Encryption. Per the
attached document, create a /.reserved/raw HDFS filesystem namespace that allows access to
the encrypted bytes of a file.

This message was sent by Atlassian JIRA

View raw message