[ https://issues.apache.org/jira/browse/HDFS-6474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Wang updated HDFS-6474: ------------------------------ Attachment: hdfs-6474.001.patch Here's a mildly tested patch that implements the EDEK scheme with the new KeyProvider operations. - New ezKeyVersionName field in FileEncryptionInfo - Somewhat complicated retry logic in startFileInt because we don't want to hold a lock while doing KeyProvider operations - EncryptionZoneManager now has its own lock so it can do background operations without holding other locks. The lock hierarchy is always FSN -> FSD -> EZM, so EZM never tries to take any locks upwards - A single basic test with end-to-end encryption > Namenode needs to get the actual keys and iv from the KeyProvider > ----------------------------------------------------------------- > > Key: HDFS-6474 > URL: https://issues.apache.org/jira/browse/HDFS-6474 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode, security > Reporter: Charles Lamb > Assignee: Andrew Wang > Attachments: hdfs-6474.001.patch > > > The Namenode has code to connect to the KeyProvider, but it needs to actually > get the keys and return them to the client at the right time. -- This message was sent by Atlassian JIRA (v6.2#6252)