[jira] [Commented] (HDFS-13009) Creation of Encryption zone should succeed even if directory is not empty.

Mon, 22 Jan 2018 15:27:48 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-13009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16335150#comment-16335150
 ] 

Andrew Wang commented on HDFS-13009:
------------------------------------

Thanks for the reply Daryn. If this option is only intended for encryption of 
new data, then this makes sense.

The current limitation is only a policy thing, and I think it'd be fine to have 
a flag that makes EZs behave like storage policies or EC policies. There are 
potential touchpoints with the rename restrictions and reencrypt EDEK 
functionality, so let's make sure to cover those in the test suite.

I think it'd also be useful to have a way of checking if all the data in an EZ 
is encrypted and "finalizing" it. This makes it easy for users to understand 
when 100% of the data is encrypted, which I assume is the end goal even with 
the retention policy. For example, a flag on the EZ xattr while it's in mixed 
mode, and after iterating it, removing the flag to indicate it's fully 
encrypted.

> Creation of Encryption zone should succeed even if directory is not empty.
> --------------------------------------------------------------------------
>
>                 Key: HDFS-13009
>                 URL: https://issues.apache.org/jira/browse/HDFS-13009
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: encryption
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>            Priority: Major
>
> Currently we have a restriction that creation of encryption zone can be done 
> only on an empty directory.
> This jira is to remove that restriction.
> Motivation:
> New customers who wants to start using Encryption zone can make an existing 
> directory encrypted.
> They will be able to read the old data as it is  and will be decrypting the 
> newly written data.
> Internally we have many customers asking for this feature.
> Currently they have to ask for more space quota, encrypt the old data.
> This will make their life much more easier.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to