[jira] [Updated] (HADOOP-14104) Client should always ask namenode for kms provider path.

Fri, 31 Mar 2017 12:13:29 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rushabh S Shah updated HADOOP-14104:
------------------------------------
    Attachment: HADOOP-14104-trunk-v3.patch

Thanks [~daryn] [~andrew.wang] [~yzhangal] for your valuable reviews.
I tried to address most of the review comments.
For the following comment:
bq. basically I wanted a unit test that did an encrypted read/write using the 
KP URI from the credentials.
I added another unit test 
{{TestEncryptionZones#testEncryptedReadWriteUsingDiffKeyProvider}}
This test tried to read/write a file from/to encrypted zone.
The test adds key provider uri to credentials object and then unsets the local 
conf.
While reading the file, it gets the key provider uri from the credentials 
object.
The way we try to resolve the provider uri is first credentials map, then from 
namenode and then from conf.
So among this chain, the testcase can get the key provider uri from namenode 
but I verified by adding a log line that it got from credentials map.

Note: I haven't resolved the checkstyle warnings from the previous patch since 
the precommit build logs were removed from jenkins server.
Once the precommit build runs, I will fix all the checkstyle warnings and then 
upload another patch.
Request for reviews.

> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>
>                 Key: HADOOP-14104
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14104
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>         Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch, 
> HADOOP-14104-trunk-v2.patch, HADOOP-14104-trunk-v3.patch
>
>
> According to current implementation of kms provider in client conf, there can 
> only be one kms.
> In multi-cluster environment, if a client is reading encrypted data from 
> multiple clusters it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to