[jira] [Commented] (HDFS-6389) Rename restrictions for encryption zones

Tue, 24 Jun 2014 14:35:41 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14042718#comment-14042718
 ] 

Colin Patrick McCabe commented on HDFS-6389:
--------------------------------------------

Looks good overall.

{code}
+    final EncryptionZone srcEZ = getEncryptionZoneForPath(src);
+    final EncryptionZone dstEZ = getEncryptionZoneForPath(dst);
+    final boolean srcInEZ = srcEZ != null;
+    final boolean dstInEZ = dstEZ != null;
+    if (srcInEZ ^ dstInEZ) {
+      final StringBuilder sb = new StringBuilder(src);
+      sb.append(" can't be moved ");
+      sb.append(srcInEZ ? "from" : "into");
+      sb.append(" an encryption zone.");
+      throw new IOException(sb.toString());
+    }
+
+    if (srcInEZ || dstInEZ) {
+      if (!srcEZ.getPath().equals(dstEZ.getPath())) {
+        final StringBuilder sb = new StringBuilder(src);
+        sb.append(" can't be moved from encryption zone ");
+        sb.append(srcEZ.getPath());
+        sb.append(" to encryption zone ");
+        sb.append(dstEZ.getPath());
+        sb.append(".");
+        throw new IOException(sb.toString());
+      }
+    }
{code}

It seems like it would be easier to do this with nested if statements rather 
than xor.

Also, I don't think this is the right place to do this check.  We have two 
rename implementations in {{FSNamesystem}}.  They both call into 
{{FSDirectory}}, so that's where the check should be.

Finally, let's have a unit test for this one.  It seems pretty easy to do if 
you just do some createEncryptionZone + mkdir underneath + rename.  We should 
test both the old and the new rename to avoid regressions here.

> Rename restrictions for encryption zones
> ----------------------------------------
>
>                 Key: HDFS-6389
>                 URL: https://issues.apache.org/jira/browse/HDFS-6389
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>            Reporter: Alejandro Abdelnur
>            Assignee: Charles Lamb
>         Attachments: HDFS-6389.001.patch, HDFS-6389.tests.patch
>
>
> Files and directories should not be moved in or out an encryption zone. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to