hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <j...@apache.org>
Subject [jira] [Work logged] (HDDS-2140) Add robot test for GDPR feature
Date Fri, 04 Oct 2019 04:28:00 GMT

     [ https://issues.apache.org/jira/browse/HDDS-2140?focusedWorklogId=323182&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-323182
]

ASF GitHub Bot logged work on HDDS-2140:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 04/Oct/19 04:27
            Start Date: 04/Oct/19 04:27
    Worklog Time Spent: 10m 
      Work Description: dineshchitlangia commented on issue #1542: HDDS-2140. Add robot test
for GDPR feature
URL: https://github.com/apache/hadoop/pull/1542#issuecomment-538226560
 
 
   > Unrelated to this patch (as this patch tests the CLI arguments) but I am wondering
how the core GDPR feature can be tested. I mean how can we be sure that the data is _really_
unreadable (grep to the chunk files for a specific strings??). To be honest, I have no idea,
but putting this interesting question to here ;-)
   
   Recap: GDPR talk in Vegas ;)
   - When putting a key in a GDPR enforced bucket, Ozone will create a symmetric key and Client
will use that to encrypt and write to key.
   - This encryption key is stored in KeyInfo Metadata
   - When reading the key, the encryption key is fetched from KeyInfo Metadata and used to
decrypt the key.
   
   After our Vegas conference, we modified the delete path (HDDS-2174):
   - When user asks Ozone to delete a Key, we first delete the encryption key details from
KeyInfo Metadata, then we move the KeyInfo to DeletedTable in OM.
   - Since the encryption key is lost, there is no way you can read that data(except if you
restore a back/snapshot of your entire system from before deletion, which will also be address
in version 2)
   - HDDS-2174 included a test to confirm the key metadata in DeletedTable does not have the
GDPR Encryption Key details. Thereby, even if you get your hands on chunks, you will still
read encrypted junk :)
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 323182)
    Time Spent: 1h 10m  (was: 1h)

> Add robot test for GDPR feature
> -------------------------------
>
>                 Key: HDDS-2140
>                 URL: https://issues.apache.org/jira/browse/HDDS-2140
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>          Components: test
>            Reporter: Dinesh Chitlangia
>            Assignee: Dinesh Chitlangia
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Add robot test for GDPR feature so it can be run during smoke tests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message