[ 
https://issues.apache.org/jira/browse/HDFS-6843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115980#comment-14115980
 ] 

Alejandro Abdelnur commented on HDFS-6843:
------------------------------------------

errrhhhh, don't like it for the following reasons:

* it requires to open a file to see if it is encrypted 
* it does not work on directories
* it requires the HDFS client to contact the KMS to decrypt the encryption key 
(which won't be used)

Regarding TOCTOU concerns, this is not different than computing the splits for 
an MR job and then running the MR job, if the files change between the split 
computation and the task execution, the job is doomed. We are already under 
immutability assumptions.

I would put it in the FileStatus, most of the time I'll have a filestatus at 
hand, so checking if it is encrypted will be 0 cost (no extra RPC).


> Create FSDataInputStream & FSDataOutputStream isEncrypted() method
> ------------------------------------------------------------------
>
>                 Key: HDFS-6843
>                 URL: https://issues.apache.org/jira/browse/HDFS-6843
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>    Affects Versions: 3.0.0
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6843.001.patch, HDFS-6843.002.patch, 
> HDFS-6843.003.patch
>
>
> FileStatus should have a 'boolean isEncrypted()' method. (it was in the 
> context of discussing with AndreW about FileStatus being a Writable).
> Having this method would allow MR JobSubmitter do the following:
> -----
> BOOLEAN intermediateEncryption = false
> IF jobconf.contains("mr.intermidate.encryption") THEN
>   intermediateEncryption = jobConf.getBoolean("mr.intermidate.encryption")
> ELSE
>   IF (I/O)Format INSTANCEOF File(I/O)Format THEN
>     intermediateEncryption = ANY File(I/O)Format HAS a Path with status 
> isEncrypted()==TRUE
>   FI
>   jobConf.setBoolean("mr.intermidate.encryption", intermediateEncryption)
> FI



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to