[ 
https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14031979#comment-14031979
 ] 

Uma Maheswara Rao G commented on HADOOP-10604:
----------------------------------------------

Thanks a lot Yi for the patch!

I just went throught the patch. Below are my very initial comments and I will 
go through the patch in detail tomorrow.

{code}
if (isNestedEncryptionZone(p)) {
+          throw new IOException("Doen't support nested encryption dirs");
+        }
{code}
typo.  Doen't -> Doesn't ?

Seems like we are not allowing nested encryption zones, but cfs will take 
client side configuration, one client would have configured one dir and other 
client could configure the sub dir of it. In this case how would we avoid 
nested encryption zones to configure from the checks?

decodeCFSURI is doing the some special decoding stuff for replacing @ with :// 
etc. But there is no encode method and I think its done directly in 
getAuthority, instead can we make like encode and decode method?

Also is it good to document about how to create ezs in other fs? ( I mean to 
tell the info about what is the qualification to consider as ez? ex if 
underlying fs is hdfs, HdfsAdmin has api to creae EZs)

> CryptoFileSystem decorator using xAttrs and KeyProvider
> -------------------------------------------------------
>
>                 Key: HADOOP-10604
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10604
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Alejandro Abdelnur
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HADOOP-10604.patch
>
>
> A FileSystem implementation that wraps an existing filesystem and provides 
> encryption. It will require the underlying filesystem to support xAttrs. It  
> will use the KeyProvider API to retrieve encryption keys.
> This is mostly the work in the patch HADOOP-10150 minus the crypto streams



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to