You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Uma Maheswara Rao G (JIRA)" <ji...@apache.org> on 2014/06/15 19:30:03 UTC

[jira] [Commented] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider

    [ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14031979#comment-14031979 ] 

Uma Maheswara Rao G commented on HADOOP-10604:
----------------------------------------------

Thanks a lot Yi for the patch!

I just went throught the patch. Below are my very initial comments and I will go through the patch in detail tomorrow.

{code}
if (isNestedEncryptionZone(p)) {
+          throw new IOException("Doen't support nested encryption dirs");
+        }
{code}
typo.  Doen't -> Doesn't ?

Seems like we are not allowing nested encryption zones, but cfs will take client side configuration, one client would have configured one dir and other client could configure the sub dir of it. In this case how would we avoid nested encryption zones to configure from the checks?

decodeCFSURI is doing the some special decoding stuff for replacing @ with :// etc. But there is no encode method and I think its done directly in getAuthority, instead can we make like encode and decode method?

Also is it good to document about how to create ezs in other fs? ( I mean to tell the info about what is the qualification to consider as ez? ex if underlying fs is hdfs, HdfsAdmin has api to creae EZs)

> CryptoFileSystem decorator using xAttrs and KeyProvider
> -------------------------------------------------------
>
>                 Key: HADOOP-10604
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10604
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Alejandro Abdelnur
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HADOOP-10604.patch
>
>
> A FileSystem implementation that wraps an existing filesystem and provides encryption. It will require the underlying filesystem to support xAttrs. It  will use the KeyProvider API to retrieve encryption keys.
> This is mostly the work in the patch HADOOP-10150 minus the crypto streams



--
This message was sent by Atlassian JIRA
(v6.2#6252)