[
https://issues.apache.org/jira/browse/HDFS-8451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14553995#comment-14553995
]
Steve Loughran commented on HDFS-8451:
--------------------------------------
Here's the check for HDFS encryption
{code}
public boolean isHDFSEncryptionEnabled() {
return conf.get(
DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null) != null;
}
{code}
The presence of an empty {{<dfs.encryption.key.provider.uri>}} is enough to
fail this test, because the result isn't null, it is "".
It's not enough to have an empty property (as ramya verified) —the property
must be completely deleted.
So: I think it's a bug in the DFSClient check; it should be something like:
{code}
public boolean isHDFSEncryptionEnabled() {
String provider = conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI,
"")
return !provider.isEmpty();
}
{code}
That is: if the provider URI is "" then there's no key provider, hence no
encryption.
Fix is trivial, writing tests to verify that everything work will take slightly
longer.
> DFSClient probe for encryption testing interprets empty URI property for
> "enabled"
> ----------------------------------------------------------------------------------
>
> Key: HDFS-8451
> URL: https://issues.apache.org/jira/browse/HDFS-8451
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption
> Affects Versions: 2.7.1
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Blocker
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> HDFS-7931 added a check in DFSClient for encryption
> {{isHDFSEncryptionEnabled()}}, looking for the property
> {{"dfs.encryption.key.provider.uri"}.
> This probe returns true even if the property is empty.
> If there is an empty provider.uri property, you get an NPE when a YARN client
> tries to set up the tokens to deploy an AM.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
