[jira] [Commented] (HDFS-6546) Add non-superuser capability to get the encryption zone for a specific path

Wed, 13 Aug 2014 17:35:00 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14096350#comment-14096350
 ] 

Colin Patrick McCabe commented on HDFS-6546:
--------------------------------------------

Nice idea.  

Returning just a path seems a bit inflexible.  Can we also return an encryption 
zone id of sorts?  I think the inode ID of the EZ would work pretty nicely 
(based on some offline discussion with Andrew).  That way we can also add more 
stuff if we want later... we're not locked into just what fields Path has.

Also, I noticed a few places in the test where you inverted "expected" and 
"provided".  The expected thing should come first in Assert.assert, so if the 
test fails, you don't get confusing error messages...

One last thing... I modified the test slightly to call this API on something in 
a snapshot, and it failed with this exception:
{code}
Running org.apache.hadoop.hdfs.TestEncryptionZones
Tests run: 9, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 18.539 sec <<< 
FAILURE! - in org.apache.hadoop.hdfs.TestEncryptionZones
testGetEZRootAsNonSuperUser(org.apache.hadoop.hdfs.TestEncryptionZones)  Time 
elapsed: 3.876 sec  <<< ERROR!
org.apache.hadoop.ipc.RemoteException: Modification on a read-only snapshot is 
disallowed
        at 
org.apache.hadoop.hdfs.server.namenode.FSDirectory.getINodesInPath4Write(FSDirectory.java:3071)
        at 
org.apache.hadoop.hdfs.server.namenode.FSDirectory.getINodesInPath4Write(FSDirectory.java:1490)
        at 
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getEZRootForPath(FSNamesystem.java:8598)
{code}

This should work on snapshotted files... probably a good idea to add a unit 
test for that.  Similarly, we should test what happens when both the file and 
the EZ have been deleted, but are still in a snapshot.  Thanks

> Add non-superuser capability to get the encryption zone for a specific path
> ---------------------------------------------------------------------------
>
>                 Key: HDFS-6546
>                 URL: https://issues.apache.org/jira/browse/HDFS-6546
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6546.001.patch
>
>
> Need to add protocol, api, and CLI that allows a non super user to ask 
> whether a path is part of an EZ, and if so, which one.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to