[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Priyank Rastogi updated HADOOP-10604: - Fix Version/s: (was: fs-encryption (HADOOP-10150 and HDFS-6134)) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: New Feature Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Attachments: HADOOP-10604.1.patch, HADOOP-10604.patch A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Issue Type: New Feature (was: Sub-task) Parent: (was: HADOOP-10150) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: New Feature Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) Attachments: HADOOP-10604.1.patch, HADOOP-10604.patch A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Attachment: HADOOP-10604.1.patch Hi Uma, the new patch includes update for your comments. {quote} typo. Doen't - Doesn't ? {quote} Right, let’s modify it. {quote} Seems like we are not allowing nested encryption zones, but cfs will take client side configuration, one client would have configured one dir and other client could configure the sub dir of it. In this case how would we avoid nested encryption zones to configure from the checks? {quote} Nice, I consider this more later, and we can support nested encryption zones. So let’s remove the restriction of nested encryption zones. Typically encryption zones are used to stored sensitive data, user should be aware of the configuration. {quote} decodeCFSURI is doing the some special decoding stuff for replacing @ with :// etc. But there is no encode method and I think it’s done directly in getAuthority, instead can we make like encode and decode method? {quote} I try to do as your suggest, and the url is specified by user, in {{getAuthority}} we just need to get the authority, so I think we don’t need {{encode}} method. {quote} Also is it good to document about how to create ezs in other fs? ( I mean to tell the info about what is the qualification to consider as ez? ex if underlying fs is hdfs, HdfsAdmin has api to creae EZs) {quote} If using {{CryptoFileSystem}}, the encryption zone and corresponding key name are configured in configuration file, it will not utilize underlying fs command, such as DFSAdmin. CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: Sub-task Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) Attachments: HADOOP-10604.1.patch, HADOOP-10604.patch A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Attachment: HADOOP-10604.patch {{CryptoFileSystem}} is used to decorate an existing filesystem and providers encryption. To use the crypto filesystem, user needs: * configure a key provider. * configuration encryption zones. (comma list, and each zone is “encryptionpath\{keyid\}”) * use {{cfs://scheme@host:port/encryption-dir/file}} or {{cfs:///encryption-dir/file}} to read and write encryption file; this uri can be used as MapReduce input or output, and in other upper layer applications. For HDFS transparent encryption, please use the approach in HDFS-6134 (even though {{CryptoFileSystem}} can be used to decorate HDFS and provider encryption), it supplies better support. {{CryptoFileSystem}} targets other filesystems. CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: Sub-task Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) Attachments: HADOOP-10604.patch A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Affects Version/s: fs-encryption (HADOOP-10150 and HDFS-6134) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: Sub-task Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Fix Version/s: (was: 3.0.0) fs-encryption (HADOOP-10150 and HDFS-6134) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: Sub-task Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)