[ https://issues.apache.org/jira/browse/HDFS-13009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16334973#comment-16334973 ]
Andrew Wang commented on HDFS-13009: ------------------------------------ Hi Rushabh, The original design intent of the zone was to make the security properties easier to reason about, since the entire directory is encrypted, and with the same encryption key. Many of our security-conscious users want everything in HDFS encrypted, and the presence of any unencrypted data would be a compliance issue. So, I don't think we can change the default semantics of the zone, though possibly we could add a flag or new concept to support the usecase you describe. IIUC, the motivation is to make the initial encryption process easier, with the goal of encrypting everything within the directory? In any case, the encryption of existing data still happens via copies which might blow quotas. I think this change helps with encrypting the newly written data, but not that much with the quota problem when converting existing data. > Creation of Encryption zone should succeed even if directory is not empty. > -------------------------------------------------------------------------- > > Key: HDFS-13009 > URL: https://issues.apache.org/jira/browse/HDFS-13009 > Project: Hadoop HDFS > Issue Type: Improvement > Components: encryption > Reporter: Rushabh S Shah > Assignee: Rushabh S Shah > Priority: Major > > Currently we have a restriction that creation of encryption zone can be done > only on an empty directory. > This jira is to remove that restriction. > Motivation: > New customers who wants to start using Encryption zone can make an existing > directory encrypted. > They will be able to read the old data as it is and will be decrypting the > newly written data. > Internally we have many customers asking for this feature. > Currently they have to ask for more space quota, encrypt the old data. > This will make their life much more easier. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org