[
https://issues.apache.org/jira/browse/HADOOP-17255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17226947#comment-17226947
]
Daryn Sharp commented on HADOOP-17255:
--------------------------------------
When you re-do this, I'd rather not have file context involved when the rest of
the implementation is filesystem based.
I'll echo earlier statements on security. Storing EZ secret keys in
unencrypted hdfs is a horrible idea. Esp. if you are storing them on the same
NN that has the EZs protected by the keys, I'm not sure why you are even using
EZs...
> JavaKeyStoreProvider fails to create a new key if the keystore is HDFS
> ----------------------------------------------------------------------
>
> Key: HADOOP-17255
> URL: https://issues.apache.org/jira/browse/HADOOP-17255
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Reporter: Akira Ajisaka
> Assignee: Akira Ajisaka
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> The caller of JavaKeyStoreProvider#renameOrFail assumes that it throws
> FileNotFoundException if the src does not exist. However,
> JavaKeyStoreProvider#renameOrFail calls the old rename API. In
> DistributedFileSystem, the old API returns false if the src does not exist.
> That way JavaKeyStoreProvider fails to create a new key if the keystore is
> HDFS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
