[ https://issues.apache.org/jira/browse/HDFS-12574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329149#comment-16329149 ]
Daryn Sharp commented on HDFS-12574: ------------------------------------ I think it generally looks good. ReadRunner is getting pretty complex but simplifying that is beyond the scope of this feature. Only substantive comment is I think you can revert the changes in {{NamenodeWebHdfsMethods#redirectURI}}. Instead of passing in a {{ResponseBuilder}} and {{FileStatus}} just for the sole purpose of letting OPEN set a header, push the logic up into the open call. That will also avoid introducing a new unnecessary {{getFileInfo}} for creates. Very trivial comment is instead of {{donotFollowRedirect}}, perhaps use {{followRedirects}} to match the name of the {{HttpURLConnection}} method name. It's a bit clumsy to read logic that negates a negative. –– [~andrew.wang], what's your thought on the approach? The main compatibility case is supporting sites that allow DNs to stream back unencrypted data (DNs are KMS proxy users). Current/old webhdfs clients will continue to rely on that behavior. New webhdfs clients will request end-to-end encryption by: # EZ-aware webhdfs client sends header to indicate EZ support # If client indicates support, NN will add FE info header into OPEN response # If client indicates support, NN will prefix the redirect path with /.reserved/raw so DNs will stream the encrypted bytes. Supports RU when there's a mix of old/new DNs. # Webhdfs client wraps a crypto stream using the FE info. > Add CryptoInputStream to WebHdfsFileSystem read call. > ----------------------------------------------------- > > Key: HDFS-12574 > URL: https://issues.apache.org/jira/browse/HDFS-12574 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: encryption, kms, webhdfs > Reporter: Rushabh S Shah > Assignee: Rushabh S Shah > Priority: Major > Attachments: HDFS-12574.001.patch, HDFS-12574.002.patch, > HDFS-12574.003.patch, HDFS-12574.004.patch, HDFS-12574.005.patch, > HDFS-12574.006.patch, HDFS-12574.007.patch, HDFS-12574.008.patch, > HDFS-12574.009.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org