HDFS-8451. DFSClient probe for encryption testing interprets empty URI property for enabled. Contributed by Steve Loughran.

This commit is contained in:
Xiaoyu Yao 2015-05-21 11:58:00 -07:00
parent 2b6bcfdafa
commit 05e04f34f2
6 changed files with 49 additions and 9 deletions

View File

@ -886,6 +886,9 @@ Release 2.7.1 - UNRELEASED
HDFS-8404. Pending block replication can get stuck using older genstamp HDFS-8404. Pending block replication can get stuck using older genstamp
(Nathan Roberts via kihwal) (Nathan Roberts via kihwal)
HDFS-8451. DFSClient probe for encryption testing interprets empty URI
property for "enabled". (Steve Loughran via xyao)
Release 2.7.0 - 2015-04-20 Release 2.7.0 - 2015-04-20
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -3205,10 +3205,15 @@ public void setKeyProvider(KeyProvider provider) {
} }
} }
/**
* Probe for encryption enabled on this filesystem.
* See {@link DFSUtil#isHDFSEncryptionEnabled(Configuration)}
* @return true if encryption is enabled
*/
public boolean isHDFSEncryptionEnabled() { public boolean isHDFSEncryptionEnabled() {
return conf.get( return DFSUtil.isHDFSEncryptionEnabled(this.conf);
DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null) != null;
} }
/** /**
* Returns the SaslDataTransferClient configured for this DFSClient. * Returns the SaslDataTransferClient configured for this DFSClient.
* *

View File

@ -145,8 +145,8 @@ public int compare(DatanodeInfo a, DatanodeInfo b) {
a.isDecommissioned() ? 1 : -1; a.isDecommissioned() ? 1 : -1;
} }
}; };
/** /**
* Comparator for sorting DataNodeInfo[] based on decommissioned/stale states. * Comparator for sorting DataNodeInfo[] based on decommissioned/stale states.
* Decommissioned/stale nodes are moved to the end of the array on sorting * Decommissioned/stale nodes are moved to the end of the array on sorting
@ -1460,9 +1460,9 @@ public static void assertAllResultsEqual(Collection<?> objects)
public static KeyProvider createKeyProvider( public static KeyProvider createKeyProvider(
final Configuration conf) throws IOException { final Configuration conf) throws IOException {
final String providerUriStr = final String providerUriStr =
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null); conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
// No provider set in conf // No provider set in conf
if (providerUriStr == null) { if (providerUriStr.isEmpty()) {
return null; return null;
} }
final URI providerUri; final URI providerUri;
@ -1513,4 +1513,18 @@ public static int getIoFileBufferSize(Configuration conf) {
public static int getSmallBufferSize(Configuration conf) { public static int getSmallBufferSize(Configuration conf) {
return Math.min(getIoFileBufferSize(conf) / 2, 512); return Math.min(getIoFileBufferSize(conf) / 2, 512);
} }
/**
* Probe for HDFS Encryption being enabled; this uses the value of
* the option {@link DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI},
* returning true if that property contains a non-empty, non-whitespace
* string.
* @param conf configuration to probe
* @return true if encryption is considered enabled.
*/
public static boolean isHDFSEncryptionEnabled(Configuration conf) {
return !conf.getTrimmed(
DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "").isEmpty();
}
} }

View File

@ -83,9 +83,9 @@ public KeyProvider call() throws Exception {
private URI createKeyProviderURI(Configuration conf) { private URI createKeyProviderURI(Configuration conf) {
final String providerUriStr = final String providerUriStr =
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null); conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
// No provider set in conf // No provider set in conf
if (providerUriStr == null) { if (providerUriStr.isEmpty()) {
LOG.error("Could not find uri with key [" LOG.error("Could not find uri with key ["
+ DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI + DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI
+ "] to create a keyProvider !!"); + "] to create a keyProvider !!");

View File

@ -897,4 +897,22 @@ public void testGetNNServiceRpcAddressesForNsIds() throws IOException {
} catch (IOException ignored) { } catch (IOException ignored) {
} }
} }
@Test
public void testEncryptionProbe() throws Throwable {
Configuration conf = new Configuration(false);
conf.unset(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI);
assertFalse("encryption enabled on no provider key",
DFSUtil.isHDFSEncryptionEnabled(conf));
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
assertFalse("encryption enabled on empty provider key",
DFSUtil.isHDFSEncryptionEnabled(conf));
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "\n\t\n");
assertFalse("encryption enabled on whitespace provider key",
DFSUtil.isHDFSEncryptionEnabled(conf));
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "http://hadoop.apache.org");
assertTrue("encryption disabled on valid provider key",
DFSUtil.isHDFSEncryptionEnabled(conf));
}
} }

View File

@ -699,7 +699,7 @@ public void testVersionAndSuiteNegotiation() throws Exception {
// Flushing the KP on the NN, since it caches, and init a test one // Flushing the KP on the NN, since it caches, and init a test one
cluster.getNamesystem().getProvider().flush(); cluster.getNamesystem().getProvider().flush();
KeyProvider provider = KeyProviderFactory KeyProvider provider = KeyProviderFactory
.get(new URI(conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)), .get(new URI(conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)),
conf); conf);
List<String> keys = provider.getKeys(); List<String> keys = provider.getKeys();
assertEquals("Expected NN to have created one key per zone", 1, assertEquals("Expected NN to have created one key per zone", 1,