hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-8451) DFSClient probe for encryption testing interprets empty URI property for "enabled"
Date Thu, 21 May 2015 09:50:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-8451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14553995#comment-14553995

Steve Loughran commented on HDFS-8451:

Here's the check for HDFS encryption
  public boolean isHDFSEncryptionEnabled() {
    return conf.get(
        DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null) != null;

The presence of an empty {{<dfs.encryption.key.provider.uri>}} is enough to fail this
test, because the result isn't null, it is "".

It's not enough to have an empty property (as ramya verified) —the property must be completely

So: I think it's a bug in the DFSClient check; it should be something like:

  public boolean isHDFSEncryptionEnabled() {
   String provider = conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "") 
    return !provider.isEmpty();

That is: if the provider URI is "" then there's no key provider, hence no encryption.

Fix is trivial, writing tests to verify that everything work will take slightly longer.

> DFSClient probe for encryption testing interprets empty URI property for "enabled"
> ----------------------------------------------------------------------------------
>                 Key: HDFS-8451
>                 URL: https://issues.apache.org/jira/browse/HDFS-8451
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 2.7.1
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Blocker
>   Original Estimate: 1h
>  Remaining Estimate: 1h
> HDFS-7931 added a check in DFSClient for encryption {{isHDFSEncryptionEnabled()}}, looking
for the property {{"dfs.encryption.key.provider.uri"}.
> This probe returns true even if the property is empty.
> If there is an empty provider.uri property, you get an NPE when a YARN client tries to
set up the tokens to deploy an AM.

This message was sent by Atlassian JIRA

View raw message