[
https://issues.apache.org/jira/browse/HDFS-6516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14042766#comment-14042766
]
Colin Patrick McCabe commented on HDFS-6516:
--------------------------------------------
Is the {{system.hdfs.crypto.key-id}} xattr used to store information about an
encryption zone on a directory? It seems like "encryption zone" should be in
the name somewhere if so.
Also, why do we even allow the CRYPTO_XATTR_KEY_ID to be removed from an inode?
I thought the only way to remove an encryption zone is to empty out the whole
subtree, and then to delete the inode. If that's the case, we should not even
allow CRYPTO_XATTR_KEY_ID to be deleted, but simply check for the whole
directory inode to be deleted. So the hook should be inside "delete" (what is
normally called rmdir).
Simiarly, this patch doesn't seem to deal with encryption xattrs that come into
existence through a create op with an xattr attached. If I understand
correctly, that's going to be the main way we try to do things in the future to
avoid races.
> Persist and Restore the List of Encryption Zones
> ------------------------------------------------
>
> Key: HDFS-6516
> URL: https://issues.apache.org/jira/browse/HDFS-6516
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Reporter: Charles Lamb
> Assignee: Charles Lamb
> Attachments: HDFS-6516.001.patch
>
>
> The list Encryption Zones command (CLI) and backend implementation
> (FSNamesystem) needs to be implemented. As part of this, the tests in
> TestEncryptionZonesAPI should be updated to use that to validate the results
> of the various CreateEZ and DeleteEZ tests.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
