hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-10899) Add functionality to re-encrypt EDEKs
Date Mon, 21 Aug 2017 21:18:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-10899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16135853#comment-16135853

Wei-Chiu Chuang commented on HDFS-10899:

Still part way through the rev014 patch. This time with more focus on ReencryptionUpdater:

It looks like ReencryptionTask.batch does not need to use file name as the key; instead, it
can use INode id as key, and this way it reduces the overhead to translate inode to file name
 back and forth.


It looks like this method is better part of ReencryptionTask instead of ReencryptionUpdater.
(Other than dir, none of member variables is used)

final FileEdekInfo rt = entry.getValue();
Could you use a more descriptive variable name than “rt”?

LOG.info("Updated xattrs on {}({}) files in zone {} for re-encryption,"
        + " starting:{}.",
task.numFilesUpdated, task.batch.size(),
    startingFile, zonePath);
I think you got startingFile and zonePath reversed.

Does task.numFilesUpdated equal task.batch.size()?

This variable name is a little cryptic:
final ZoneSubmissionTracker zst

There are a few TODOs
} catch (RetriableException re) {

  // TODO

} catch (IOException ioe) {

  // TODO

> Add functionality to re-encrypt EDEKs
> -------------------------------------
>                 Key: HDFS-10899
>                 URL: https://issues.apache.org/jira/browse/HDFS-10899
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: encryption, kms
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: editsStored, HDFS-10899.01.patch, HDFS-10899.02.patch, HDFS-10899.03.patch,
HDFS-10899.04.patch, HDFS-10899.05.patch, HDFS-10899.06.patch, HDFS-10899.07.patch, HDFS-10899.08.patch,
HDFS-10899.09.patch, HDFS-10899.10.patch, HDFS-10899.10.wip.patch, HDFS-10899.11.patch, HDFS-10899.12.patch,
HDFS-10899.13.patch, HDFS-10899.14.patch, HDFS-10899.wip.2.patch, HDFS-10899.wip.patch, Re-encrypt
edek design doc.pdf, Re-encrypt edek design doc V2.pdf
> Currently when an encryption zone (EZ) key is rotated, it only takes effect on new EDEKs.
We should provide a way to re-encrypt EDEKs after the EZ key rotation, for improved security.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message