HDFS-8451. DFSClient probe for encryption testing interprets empty URI property for enabled. Contributed by Steve Loughran.
This commit is contained in:
parent
2b6bcfdafa
commit
05e04f34f2
@ -886,6 +886,9 @@ Release 2.7.1 - UNRELEASED
|
|||||||
HDFS-8404. Pending block replication can get stuck using older genstamp
|
HDFS-8404. Pending block replication can get stuck using older genstamp
|
||||||
(Nathan Roberts via kihwal)
|
(Nathan Roberts via kihwal)
|
||||||
|
|
||||||
|
HDFS-8451. DFSClient probe for encryption testing interprets empty URI
|
||||||
|
property for "enabled". (Steve Loughran via xyao)
|
||||||
|
|
||||||
Release 2.7.0 - 2015-04-20
|
Release 2.7.0 - 2015-04-20
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -3205,10 +3205,15 @@ public void setKeyProvider(KeyProvider provider) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Probe for encryption enabled on this filesystem.
|
||||||
|
* See {@link DFSUtil#isHDFSEncryptionEnabled(Configuration)}
|
||||||
|
* @return true if encryption is enabled
|
||||||
|
*/
|
||||||
public boolean isHDFSEncryptionEnabled() {
|
public boolean isHDFSEncryptionEnabled() {
|
||||||
return conf.get(
|
return DFSUtil.isHDFSEncryptionEnabled(this.conf);
|
||||||
DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null) != null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the SaslDataTransferClient configured for this DFSClient.
|
* Returns the SaslDataTransferClient configured for this DFSClient.
|
||||||
*
|
*
|
||||||
|
@ -145,8 +145,8 @@ public int compare(DatanodeInfo a, DatanodeInfo b) {
|
|||||||
a.isDecommissioned() ? 1 : -1;
|
a.isDecommissioned() ? 1 : -1;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Comparator for sorting DataNodeInfo[] based on decommissioned/stale states.
|
* Comparator for sorting DataNodeInfo[] based on decommissioned/stale states.
|
||||||
* Decommissioned/stale nodes are moved to the end of the array on sorting
|
* Decommissioned/stale nodes are moved to the end of the array on sorting
|
||||||
@ -1460,9 +1460,9 @@ public static void assertAllResultsEqual(Collection<?> objects)
|
|||||||
public static KeyProvider createKeyProvider(
|
public static KeyProvider createKeyProvider(
|
||||||
final Configuration conf) throws IOException {
|
final Configuration conf) throws IOException {
|
||||||
final String providerUriStr =
|
final String providerUriStr =
|
||||||
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
|
conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
|
||||||
// No provider set in conf
|
// No provider set in conf
|
||||||
if (providerUriStr == null) {
|
if (providerUriStr.isEmpty()) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
final URI providerUri;
|
final URI providerUri;
|
||||||
@ -1513,4 +1513,18 @@ public static int getIoFileBufferSize(Configuration conf) {
|
|||||||
public static int getSmallBufferSize(Configuration conf) {
|
public static int getSmallBufferSize(Configuration conf) {
|
||||||
return Math.min(getIoFileBufferSize(conf) / 2, 512);
|
return Math.min(getIoFileBufferSize(conf) / 2, 512);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Probe for HDFS Encryption being enabled; this uses the value of
|
||||||
|
* the option {@link DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI},
|
||||||
|
* returning true if that property contains a non-empty, non-whitespace
|
||||||
|
* string.
|
||||||
|
* @param conf configuration to probe
|
||||||
|
* @return true if encryption is considered enabled.
|
||||||
|
*/
|
||||||
|
public static boolean isHDFSEncryptionEnabled(Configuration conf) {
|
||||||
|
return !conf.getTrimmed(
|
||||||
|
DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "").isEmpty();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -83,9 +83,9 @@ public KeyProvider call() throws Exception {
|
|||||||
|
|
||||||
private URI createKeyProviderURI(Configuration conf) {
|
private URI createKeyProviderURI(Configuration conf) {
|
||||||
final String providerUriStr =
|
final String providerUriStr =
|
||||||
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
|
conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
|
||||||
// No provider set in conf
|
// No provider set in conf
|
||||||
if (providerUriStr == null) {
|
if (providerUriStr.isEmpty()) {
|
||||||
LOG.error("Could not find uri with key ["
|
LOG.error("Could not find uri with key ["
|
||||||
+ DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI
|
+ DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI
|
||||||
+ "] to create a keyProvider !!");
|
+ "] to create a keyProvider !!");
|
||||||
|
@ -897,4 +897,22 @@ public void testGetNNServiceRpcAddressesForNsIds() throws IOException {
|
|||||||
} catch (IOException ignored) {
|
} catch (IOException ignored) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEncryptionProbe() throws Throwable {
|
||||||
|
Configuration conf = new Configuration(false);
|
||||||
|
conf.unset(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI);
|
||||||
|
assertFalse("encryption enabled on no provider key",
|
||||||
|
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||||
|
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
|
||||||
|
assertFalse("encryption enabled on empty provider key",
|
||||||
|
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||||
|
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "\n\t\n");
|
||||||
|
assertFalse("encryption enabled on whitespace provider key",
|
||||||
|
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||||
|
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "http://hadoop.apache.org");
|
||||||
|
assertTrue("encryption disabled on valid provider key",
|
||||||
|
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -699,7 +699,7 @@ public void testVersionAndSuiteNegotiation() throws Exception {
|
|||||||
// Flushing the KP on the NN, since it caches, and init a test one
|
// Flushing the KP on the NN, since it caches, and init a test one
|
||||||
cluster.getNamesystem().getProvider().flush();
|
cluster.getNamesystem().getProvider().flush();
|
||||||
KeyProvider provider = KeyProviderFactory
|
KeyProvider provider = KeyProviderFactory
|
||||||
.get(new URI(conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)),
|
.get(new URI(conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)),
|
||||||
conf);
|
conf);
|
||||||
List<String> keys = provider.getKeys();
|
List<String> keys = provider.getKeys();
|
||||||
assertEquals("Expected NN to have created one key per zone", 1,
|
assertEquals("Expected NN to have created one key per zone", 1,
|
||||||
|
Loading…
Reference in New Issue
Block a user