[
https://issues.apache.org/jira/browse/HDFS-7243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14171934#comment-14171934
]
Yi Liu commented on HDFS-7243:
------------------------------
Thanks Clarles for post the patch.
*1.*
{quote}
target.substring(0, target.lastIndexOf(Path.SEPARATOR_CHAR))
{quote}
could be empty string (if the parent if root), then will cause {{getEZForPath}}
failed.
*2.*
Don't invoke FSN#getEZForPath directly, it's a bit heavy, more importantly it
has own permission check which will cause some issues: For example, concat just
needs "write" permission for target, and "read, parent write" permission for
srcs. If we invoke {{getEZForPath}} on target or parent directly, it requires
"read" permission of the path.
Why not do a lite check of whether target is in an encryption zone in
{{concatInternal}}.
> HDFS concat operation should not be allowed in Encryption Zone
> --------------------------------------------------------------
>
> Key: HDFS-7243
> URL: https://issues.apache.org/jira/browse/HDFS-7243
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption, namenode
> Affects Versions: 2.6.0
> Reporter: Yi Liu
> Assignee: Charles Lamb
> Attachments: HDFS-7243.001.patch
>
>
> For HDFS encryption at rest, files in an encryption zone are using different
> data encryption keys, so concat should be disallowed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
