[
https://issues.apache.org/jira/browse/HDFS-6474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HDFS-6474:
------------------------------
Attachment: hdfs-6474.001.patch
Here's a mildly tested patch that implements the EDEK scheme with the new
KeyProvider operations.
- New ezKeyVersionName field in FileEncryptionInfo
- Somewhat complicated retry logic in startFileInt because we don't want to
hold a lock while doing KeyProvider operations
- EncryptionZoneManager now has its own lock so it can do background operations
without holding other locks. The lock hierarchy is always FSN -> FSD -> EZM, so
EZM never tries to take any locks upwards
- A single basic test with end-to-end encryption
> Namenode needs to get the actual keys and iv from the KeyProvider
> -----------------------------------------------------------------
>
> Key: HDFS-6474
> URL: https://issues.apache.org/jira/browse/HDFS-6474
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode, security
> Reporter: Charles Lamb
> Assignee: Andrew Wang
> Attachments: hdfs-6474.001.patch
>
>
> The Namenode has code to connect to the KeyProvider, but it needs to actually
> get the keys and return them to the client at the right time.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
