[
https://issues.apache.org/jira/browse/HDFS-12400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HDFS-12400:
-------------------------------
Fix Version/s: 3.0.0-beta1
> Provide a way for NN to drain the local key cache before re-encryption
> ----------------------------------------------------------------------
>
> Key: HDFS-12400
> URL: https://issues.apache.org/jira/browse/HDFS-12400
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption
> Affects Versions: 3.0.0-beta1
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Fix For: 3.0.0-beta1
>
> Attachments: HDFS-12400.01.patch, HDFS-12400.02.patch
>
>
> In HDFS-12359, a fix for the KMS ACLs required for re-encryption was done. As
> part of the fix, the following code is used to make sure the local provider
> cache in the NN is drained.
> {code:java}
> if (dir.getProvider() instanceof CryptoExtension) {
> ((CryptoExtension) dir.getProvider()).drain(keyName);
> }
> {code}
> This doesn't work, because the provider is {{KeyProviderCryptoExtension}}
> instead of {{CryptoExtension}} - the latter is composite of the former.
> Unfortunately unit test didn't catch this, because it conveniently rolled the
> from the NN's provider.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
