[jira] [Commented] (HDFS-12574) Add CryptoInputStream to WebHdfsFileSystem read call.

Wed, 17 Jan 2018 10:25:17 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-12574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329149#comment-16329149
 ] 

Daryn Sharp commented on HDFS-12574:
------------------------------------

I think it generally looks good.  ReadRunner is getting pretty complex but 
simplifying that is beyond the scope of this feature.

Only substantive comment is I think you can revert the changes in 
{{NamenodeWebHdfsMethods#redirectURI}}.  Instead of passing in a 
{{ResponseBuilder}} and {{FileStatus}} just for the sole purpose of letting 
OPEN set a header, push the logic up into the open call.  That will also avoid 
introducing a new unnecessary {{getFileInfo}} for creates.

Very trivial comment is instead of {{donotFollowRedirect}}, perhaps use 
{{followRedirects}} to match the name of the {{HttpURLConnection}} method name. 
 It's a bit clumsy to read logic that negates a negative.

––

[~andrew.wang], what's your thought on the approach?  The main compatibility 
case is supporting sites that allow DNs to stream back unencrypted data (DNs 
are KMS proxy users).  Current/old webhdfs clients will continue to rely on 
that behavior.  New webhdfs clients will request end-to-end encryption by:
 # EZ-aware webhdfs client sends header to indicate EZ support
 # If client indicates support, NN will add FE info header into OPEN response 
 # If client indicates support, NN will prefix the redirect path with 
/.reserved/raw so DNs will stream the encrypted bytes.  Supports RU when 
there's a mix of old/new DNs.
 # Webhdfs client wraps a crypto stream using the FE info.

 

> Add CryptoInputStream to WebHdfsFileSystem read call.
> -----------------------------------------------------
>
>                 Key: HDFS-12574
>                 URL: https://issues.apache.org/jira/browse/HDFS-12574
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: encryption, kms, webhdfs
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>            Priority: Major
>         Attachments: HDFS-12574.001.patch, HDFS-12574.002.patch, 
> HDFS-12574.003.patch, HDFS-12574.004.patch, HDFS-12574.005.patch, 
> HDFS-12574.006.patch, HDFS-12574.007.patch, HDFS-12574.008.patch, 
> HDFS-12574.009.patch
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to