[
https://issues.apache.org/jira/browse/HDFS-15979?focusedWorklogId=586675&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-586675
]
ASF GitHub Bot logged work on HDFS-15979:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 21/Apr/21 15:30
Start Date: 21/Apr/21 15:30
Worklog Time Spent: 10m
Work Description: daryn-sharp commented on a change in pull request #2919:
URL: https://github.com/apache/hadoop/pull/2919#discussion_r617656673
##########
File path:
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNestedEncryptionZones.java
##########
@@ -210,6 +214,80 @@ public void testNestedEZWithRoot() throws Exception {
"File not in trash : " + nestedTrashFile, fs.exists(nestedTrashFile));
}
+ @Test(timeout = 60000)
+ public void testRenameBetweenEncryptionZones() throws Exception {
+ String key1 = TOP_EZ_KEY;
+ String key2 = NESTED_EZ_KEY;
+ Path top = new Path("/dir");
+ Path ez1 = new Path(top, "ez1");
+ Path ez2 = new Path(top, "ez2");
+ Path ez3 = new Path(top, "ez3");
+ Path p = new Path(ez1, "file");
+ fs.mkdirs(ez1, FsPermission.getDirDefault());
+ fs.mkdirs(ez2, FsPermission.getDirDefault());
+ fs.mkdirs(ez3, FsPermission.getDirDefault());
+ fs.createEncryptionZone(ez1, key1);
+ fs.createEncryptionZone(ez2, key2);
+ fs.createEncryptionZone(ez3, key1);
+ fs.create(p).close();
+
+ // cannot rename between 2 EZs with different keys.
+ try {
+ fs.rename(p, new Path(ez2, "file"));
+ } catch (RemoteException re) {
+ Assert.assertEquals(
+ p + " can't be moved from encryption zone " + ez1 +
+ " to encryption zone " + ez2 + ".",
+ re.getMessage().split("\n")[0]);
+ }
+ // can rename between 2 EZs with the same key.
+ Assert.assertTrue(fs.rename(p, new Path(ez3, "file")));
+ }
+
+ @Test(timeout = 60000)
+ public void testRemoveEncryptionZoneWithAncestorKey() throws Exception {
+ removeEZDirUnderAncestor(TOP_EZ_KEY);
+ }
+
+ @Test(timeout = 60000)
+ public void testRemoveEncryptionZoneWithNoAncestorKey() throws Exception {
+ removeEZDirUnderAncestor(null);
+ }
+
+ private void removeEZDirUnderAncestor(String parentKey) throws Exception {
Review comment:
As further clarification, the use case for removing a nested EZ that
shares the same key is: user wants to test EZ on a subtree of a large directory
so they request an EZ on /big-dir/I-want-to-test-EZ/. They are satisfied it
works so they request the EZ to be moved up to /big-dir to cover the entire
tree.
The current impl won't allow the EZ xattr on /big-dir/I-want-to-test-EZ to
be removed – even though it shares the same key with the EZ on /big-dir. It
also won't allow moving files from /big-dir/I-want-to-test-EZ to other places
in /big-dir – even though they share the same key.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 586675)
Time Spent: 1h (was: 50m)
> Move within EZ fails and cannot remove nested EZs
> -------------------------------------------------
>
> Key: HDFS-15979
> URL: https://issues.apache.org/jira/browse/HDFS-15979
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption, hdfs
> Reporter: Ahmed Hussein
> Assignee: Ahmed Hussein
> Priority: Major
> Labels: pull-request-available
> Attachments: HDFS-15979.001.patch
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Moving between EZ directories should work fine if the EZ key for the
> directories is identical. If the key is name identical then no
> decrypt/re-encrypt is necessary.
> However, the rename operation checks more than the key name. It compares the
> inode number (unique identifier) of the source and dest dirs which will never
> be the same for 2 dirs resulting in the cited failure. Note it also
> incorrectly compares the key version.
> A related issue is if an ancestor of a EZ share the same key (ie.
> /projects/foo and /projects/foo/bar/blah both use same key), files also
> cannot be moved from the child to a parent dir, plus the child EZ cannot be
> removed even though it's now covered by the ancestor.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
