[
https://issues.apache.org/jira/browse/HDFS-8451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HDFS-8451:
---------------------------------
Attachment: HDFS-8451-001.patch
Patch 001
# moves the probe to a static method in {{DFSUtils}}
# changes the logic so that if the trimmed value is "" then there's no
encryption. This includes changing the default from {{null}} to "" so the
{{getTrimmed()}} never returns null.
# adds a test which validates the logic.
# went through all references to the key
{{DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI}} to enforce the same logic:
{{getTrimmed( KEY, "")}} with "" meaning "no provider"
I'm tagging this as critical as in its current state you can't include an empty
property in the configuration.
> DFSClient probe for encryption testing interprets empty URI property for
> "enabled"
> ----------------------------------------------------------------------------------
>
> Key: HDFS-8451
> URL: https://issues.apache.org/jira/browse/HDFS-8451
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption
> Affects Versions: 2.7.1
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Blocker
> Attachments: HDFS-8451-001.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> HDFS-7931 added a check in DFSClient for encryption
> {{isHDFSEncryptionEnabled()}}, looking for the property
> {{"dfs.encryption.key.provider.uri"}.
> This probe returns true even if the property is empty.
> If there is an empty provider.uri property, you get an NPE when a YARN client
> tries to set up the tokens to deploy an AM.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
