[jira] [Commented] (HDFS-12400) Provide a way for NN to drain the local key cache before re-encryption

Thu, 07 Sep 2017 21:17:18 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-12400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16158093#comment-16158093
 ] 

Hudson commented on HDFS-12400:
-------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #12820 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/12820/])
HDFS-12400. Provide a way for NN to drain the local key cache before (xiao: rev 
b3a4d7d2a01051e166c06ee78e8c6e8df1341948)
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestReencryptionWithKMS.java
* (edit) 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestReencryption.java


> Provide a way for NN to drain the local key cache before re-encryption
> ----------------------------------------------------------------------
>
>                 Key: HDFS-12400
>                 URL: https://issues.apache.org/jira/browse/HDFS-12400
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 3.0.0-beta1
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HDFS-12400.01.patch, HDFS-12400.02.patch
>
>
> In HDFS-12359, a fix for the KMS ACLs required for re-encryption was done. As 
> part of the fix,  the following code is used to make sure the local provider 
> cache in the NN is drained.
> {code:java}
> if (dir.getProvider() instanceof CryptoExtension) {
>   ((CryptoExtension) dir.getProvider()).drain(keyName);
> }
> {code}
> This doesn't work, because the provider is {{KeyProviderCryptoExtension}} 
> instead of {{CryptoExtension}} - the latter is composite of the former.
> Unfortunately unit test didn't catch this, because it conveniently rolled the 
> from the NN's provider.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to