[jira] [Commented] (HDFS-6509) create a /.reserved/raw filesystem namespace

Mon, 28 Jul 2014 17:02:32 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14077163#comment-14077163
 ] 

Andrew Wang commented on HDFS-6509:
-----------------------------------

As a meta-comment for watchers, Charles, Colin and I had a discussion about 
whether this resolution logic belongs in FSDirectory#resolvePath (i.e., strip 
the /.reserved/raw prefix early on in RPC handling), or down in 
InodesInPath#resolvePath (which preserves the original path string, meaning 
better logging, and no contortions for the audit log). I think we agreed that 
the latter would be better, but there are still a lot of places that use 
path-based rather than inode-based logic. One example is the lease manager, all 
the leases are based on a path. Fixing these is a large effort and outside of 
scope of these immediate changes. If these improvements to happen later, we can 
refactor this code to use it.

Couple more review questions on the current patch:

* Do we need the same isRawPath logic for createLocatedFileStatus, for exposing 
the feInfo?
* FSDirectory still has the AccessControlException import, and 
FSDir#resolvePath still throws it
* Can fold FSN#checkAccessForReservedRaw into FSN#resolvePath
* Let's add some basic javadoc to FSN#resolvePath

That's it though, the rest looks good.

> create a /.reserved/raw filesystem namespace
> --------------------------------------------
>
>                 Key: HDFS-6509
>                 URL: https://issues.apache.org/jira/browse/HDFS-6509
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6509.001.patch, HDFS-6509.002.patch, 
> HDFS-6509distcpandDataatRestEncryption-2.pdf, 
> HDFS-6509distcpandDataatRestEncryption-3.pdf, 
> HDFS-6509distcpandDataatRestEncryption.pdf
>
>
> This is part of the work for making distcp work with Data at Rest Encryption. 
> Per the attached document, create a /.reserved/raw HDFS filesystem namespace 
> that allows access to the encrypted bytes of a file.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to