[
https://issues.apache.org/jira/browse/HDFS-6785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Charles Lamb resolved HDFS-6785.
--------------------------------
Resolution: Fixed
Fix Version/s: fs-encryption (HADOOP-10150 and HDFS-6134)
Committed to fs-encryption.
> Should not be able to create encryption zone using path to a non-directory
> file
> -------------------------------------------------------------------------------
>
> Key: HDFS-6785
> URL: https://issues.apache.org/jira/browse/HDFS-6785
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Stephen Chu
> Assignee: Charles Lamb
> Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
> Attachments: HDFS-6785.001.patch, HDFS-6785.002.patch
>
>
> Currently, users can create an encryption zone while specifying a path to a
> file, as seen below.
> {code}
> [hdfs@schu-enc2 ~]$ cat hi
> hi
> [hdfs@schu-enc2 ~]$ hadoop fs -put hi /hi
> [hdfs@schu-enc2 ~]$ hadoop key create testKey
> testKey has been successfully created.
> KMSClientProvider[http://schu-enc2.vpc.com:16000/kms/v1/] has been updated.
> [hdfs@schu-enc2 ~]$ hdfs crypto -createZone -keyName testKey -path /hi
> Added encryption zone /hi
> [hdfs@schu-enc2 ~]$ hdfs crypto -listZones
> /hi testKey
> {code}
> Based on my understanding, admins should be able to create encryption zones
> only on empty directories, not files.
> If the design changed to allow creating EZ on files, then we should change
> the javadoc of {{HdfsAdmin#createEncryptionZone}}, which currently states,
> "Create an encryption zone rooted at an empty existing directory, using the
> specified encryption key. An encryption zone has an associated encryption key
> used when reading and writing files within the zone."
--
This message was sent by Atlassian JIRA
(v6.2#6252)
