[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Priyank Rastogi updated HADOOP-10604: - Fix Version/s: (was: fs-encryption (HADOOP-10150 and HDFS-6134)) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: New Feature Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Attachments: HADOOP-10604.1.patch, HADOOP-10604.patch A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Issue Type: New Feature (was: Sub-task) Parent: (was: HADOOP-10150) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: New Feature Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) Attachments: HADOOP-10604.1.patch, HADOOP-10604.patch A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[
https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yi Liu updated HADOOP-10604:
Attachment: HADOOP-10604.1.patch
Hi Uma, the new patch includes update for your comments.
{quote}
typo. Doen't - Doesn't ?
{quote}
Right, let’s modify it.
{quote}
Seems like we are not allowing nested encryption zones, but cfs will take
client side configuration, one client would have configured one dir and other
client could configure the sub dir of it. In this case how would we avoid
nested encryption zones to configure from the checks?
{quote}
Nice, I consider this more later, and we can support nested encryption zones.
So let’s remove the restriction of nested encryption zones. Typically
encryption zones are used to stored sensitive data, user should be aware of the
configuration.
{quote}
decodeCFSURI is doing the some special decoding stuff for replacing @ with ://
etc. But there is no encode method and I think it’s done directly in
getAuthority, instead can we make like encode and decode method?
{quote}
I try to do as your suggest, and the url is specified by user, in
{{getAuthority}} we just need to get the authority, so I think we don’t need
{{encode}} method.
{quote}
Also is it good to document about how to create ezs in other fs? ( I mean to
tell the info about what is the qualification to consider as ez? ex if
underlying fs is hdfs, HdfsAdmin has api to creae EZs)
{quote}
If using {{CryptoFileSystem}}, the encryption zone and corresponding key name
are configured in configuration file, it will not utilize underlying fs
command, such as DFSAdmin.
CryptoFileSystem decorator using xAttrs and KeyProvider
---
Key: HADOOP-10604
URL: https://issues.apache.org/jira/browse/HADOOP-10604
Project: Hadoop Common
Issue Type: Sub-task
Components: fs
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Alejandro Abdelnur
Assignee: Yi Liu
Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
Attachments: HADOOP-10604.1.patch, HADOOP-10604.patch
A FileSystem implementation that wraps an existing filesystem and provides
encryption. It will require the underlying filesystem to support xAttrs. It
will use the KeyProvider API to retrieve encryption keys.
This is mostly the work in the patch HADOOP-10150 minus the crypto streams
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[
https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yi Liu updated HADOOP-10604:
Attachment: HADOOP-10604.patch
{{CryptoFileSystem}} is used to decorate an existing filesystem and providers
encryption. To use the crypto filesystem, user needs:
* configure a key provider.
* configuration encryption zones. (comma list, and each zone is
“encryptionpath\{keyid\}”)
* use {{cfs://scheme@host:port/encryption-dir/file}} or
{{cfs:///encryption-dir/file}} to read and write encryption file; this uri can
be used as MapReduce input or output, and in other upper layer applications.
For HDFS transparent encryption, please use the approach in HDFS-6134 (even
though {{CryptoFileSystem}} can be used to decorate HDFS and provider
encryption), it supplies better support. {{CryptoFileSystem}} targets other
filesystems.
CryptoFileSystem decorator using xAttrs and KeyProvider
---
Key: HADOOP-10604
URL: https://issues.apache.org/jira/browse/HADOOP-10604
Project: Hadoop Common
Issue Type: Sub-task
Components: fs
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Alejandro Abdelnur
Assignee: Yi Liu
Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
Attachments: HADOOP-10604.patch
A FileSystem implementation that wraps an existing filesystem and provides
encryption. It will require the underlying filesystem to support xAttrs. It
will use the KeyProvider API to retrieve encryption keys.
This is mostly the work in the patch HADOOP-10150 minus the crypto streams
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Affects Version/s: fs-encryption (HADOOP-10150 and HDFS-6134) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: Sub-task Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
[ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10604: Fix Version/s: (was: 3.0.0) fs-encryption (HADOOP-10150 and HDFS-6134) CryptoFileSystem decorator using xAttrs and KeyProvider --- Key: HADOOP-10604 URL: https://issues.apache.org/jira/browse/HADOOP-10604 Project: Hadoop Common Issue Type: Sub-task Components: fs Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It will use the KeyProvider API to retrieve encryption keys. This is mostly the work in the patch HADOOP-10150 minus the crypto streams -- This message was sent by Atlassian JIRA (v6.2#6252)
