hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6546) Add non-superuser capability to get the encryption zone for a specific path
Date Thu, 14 Aug 2014 00:34:12 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14096350#comment-14096350
] 

Colin Patrick McCabe commented on HDFS-6546:
--------------------------------------------

Nice idea.  

Returning just a path seems a bit inflexible.  Can we also return an encryption zone id of
sorts?  I think the inode ID of the EZ would work pretty nicely (based on some offline discussion
with Andrew).  That way we can also add more stuff if we want later... we're not locked into
just what fields Path has.

Also, I noticed a few places in the test where you inverted "expected" and "provided".  The
expected thing should come first in Assert.assert, so if the test fails, you don't get confusing
error messages...

One last thing... I modified the test slightly to call this API on something in a snapshot,
and it failed with this exception:
{code}
Running org.apache.hadoop.hdfs.TestEncryptionZones
Tests run: 9, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 18.539 sec <<< FAILURE!
- in org.apache.hadoop.hdfs.TestEncryptionZones
testGetEZRootAsNonSuperUser(org.apache.hadoop.hdfs.TestEncryptionZones)  Time elapsed: 3.876
sec  <<< ERROR!
org.apache.hadoop.ipc.RemoteException: Modification on a read-only snapshot is disallowed
        at org.apache.hadoop.hdfs.server.namenode.FSDirectory.getINodesInPath4Write(FSDirectory.java:3071)
        at org.apache.hadoop.hdfs.server.namenode.FSDirectory.getINodesInPath4Write(FSDirectory.java:1490)
        at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getEZRootForPath(FSNamesystem.java:8598)
{code}

This should work on snapshotted files... probably a good idea to add a unit test for that.
 Similarly, we should test what happens when both the file and the EZ have been deleted, but
are still in a snapshot.  Thanks

> Add non-superuser capability to get the encryption zone for a specific path
> ---------------------------------------------------------------------------
>
>                 Key: HDFS-6546
>                 URL: https://issues.apache.org/jira/browse/HDFS-6546
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6546.001.patch
>
>
> Need to add protocol, api, and CLI that allows a non super user to ask whether a path
is part of an EZ, and if so, which one.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message