hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-12574) Add CryptoInputStream to WebHdfsFileSystem read call.
Date Wed, 17 Jan 2018 18:25:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329149#comment-16329149

Daryn Sharp commented on HDFS-12574:

I think it generally looks good.  ReadRunner is getting pretty complex but simplifying that
is beyond the scope of this feature.

Only substantive comment is I think you can revert the changes in {{NamenodeWebHdfsMethods#redirectURI}}. 
Instead of passing in a {{ResponseBuilder}} and {{FileStatus}} just for the sole purpose of
letting OPEN set a header, push the logic up into the open call.  That will also avoid introducing
a new unnecessary {{getFileInfo}} for creates.

Very trivial comment is instead of {{donotFollowRedirect}}, perhaps use {{followRedirects}}
to match the name of the {{HttpURLConnection}} method name.  It's a bit clumsy to read logic
that negates a negative.


[~andrew.wang], what's your thought on the approach?  The main compatibility case is supporting
sites that allow DNs to stream back unencrypted data (DNs are KMS proxy users).  Current/old
webhdfs clients will continue to rely on that behavior.  New webhdfs clients will request
end-to-end encryption by:
 # EZ-aware webhdfs client sends header to indicate EZ support
 # If client indicates support, NN will add FE info header into OPEN response 
 # If client indicates support, NN will prefix the redirect path with /.reserved/raw so DNs
will stream the encrypted bytes.  Supports RU when there's a mix of old/new DNs.
 # Webhdfs client wraps a crypto stream using the FE info.


> Add CryptoInputStream to WebHdfsFileSystem read call.
> -----------------------------------------------------
>                 Key: HDFS-12574
>                 URL: https://issues.apache.org/jira/browse/HDFS-12574
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: encryption, kms, webhdfs
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>            Priority: Major
>         Attachments: HDFS-12574.001.patch, HDFS-12574.002.patch, HDFS-12574.003.patch,
HDFS-12574.004.patch, HDFS-12574.005.patch, HDFS-12574.006.patch, HDFS-12574.007.patch, HDFS-12574.008.patch,

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message