[
https://issues.apache.org/jira/browse/HDFS-13281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16418441#comment-16418441
]
Xiao Chen commented on HDFS-13281:
----------------------------------
Makes sense, so this patch only applies if step #1 does a {{startFile}} with
/.reserved/raw, in which case there will be no step #3, and will be assumed
that encrypted bytes are streamed to DN. And step#5 also only applies to files
created with /.reserved/raw.
Could you rebase the patch? Doesn't apply to trunk.
Code comments:
* The test doesn't verify that there was no intermediate EDEK consumed and set
on the file. Probably need to set a customer provider with some counters to
make sure the startfile didn't go through it
* Because reading /.reserved/raw is supposed to be returning the raw bytes,
shouldn't {{encryptedReservedStream}} be different than {{unEncryptedBytes}}?
* Can you add a distcp test as you mentioned before? Best if it's between 2
zones with different keys, so the test can verify the decryption with the
correct key.
Please link this to the webhdfs umbrella jira.
> Namenode#createFile should be /.reserved/raw/ aware.
> ----------------------------------------------------
>
> Key: HDFS-13281
> URL: https://issues.apache.org/jira/browse/HDFS-13281
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption
> Affects Versions: 2.8.3
> Reporter: Rushabh S Shah
> Assignee: Rushabh S Shah
> Priority: Critical
> Attachments: HDFS-13281.001.patch
>
>
> If I want to write to /.reserved/raw/<dir> and if that directory happens to
> be in EZ, then namenode *should not* create edek and just copy the raw bytes
> from the source.
> Namenode#startFileInt should be /.reserved/raw/ aware.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
