hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-8451) DFSClient probe for encryption testing interprets empty URI property for "enabled"
Date Thu, 21 May 2015 09:50:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-8451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14553995#comment-14553995
] 

Steve Loughran commented on HDFS-8451:
--------------------------------------

Here's the check for HDFS encryption
{code}
  public boolean isHDFSEncryptionEnabled() {
    return conf.get(
        DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null) != null;
  }
{code}

The presence of an empty {{<dfs.encryption.key.provider.uri>}} is enough to fail this
test, because the result isn't null, it is "".

It's not enough to have an empty property (as ramya verified) —the property must be completely
deleted.

So: I think it's a bug in the DFSClient check; it should be something like:

{code}
  public boolean isHDFSEncryptionEnabled() {
   String provider = conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "") 
    return !provider.isEmpty();
  }
{code}

That is: if the provider URI is "" then there's no key provider, hence no encryption.

Fix is trivial, writing tests to verify that everything work will take slightly longer.

> DFSClient probe for encryption testing interprets empty URI property for "enabled"
> ----------------------------------------------------------------------------------
>
>                 Key: HDFS-8451
>                 URL: https://issues.apache.org/jira/browse/HDFS-8451
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 2.7.1
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Blocker
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> HDFS-7931 added a check in DFSClient for encryption {{isHDFSEncryptionEnabled()}}, looking
for the property {{"dfs.encryption.key.provider.uri"}.
> This probe returns true even if the property is empty.
> If there is an empty provider.uri property, you get an NPE when a YARN client tries to
set up the tokens to deploy an AM.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message