HDFS-6516. List of Encryption Zones should be based on inodes (clamb)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/fs-encryption@1607770 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
03c858dad4
commit
c386652828
@ -35,6 +35,8 @@ fs-encryption (Unreleased)
|
|||||||
|
|
||||||
HDFS-6625. Remove the Delete Encryption Zone function (clamb)
|
HDFS-6625. Remove the Delete Encryption Zone function (clamb)
|
||||||
|
|
||||||
|
HDFS-6516. List of Encryption Zones should be based on inodes (clamb)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
@ -27,8 +27,10 @@
|
|||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.EnumSet;
|
import java.util.EnumSet;
|
||||||
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.ListIterator;
|
import java.util.ListIterator;
|
||||||
|
import java.util.Map;
|
||||||
import java.util.concurrent.locks.ReentrantReadWriteLock;
|
import java.util.concurrent.locks.ReentrantReadWriteLock;
|
||||||
|
|
||||||
import com.google.protobuf.InvalidProtocolBufferException;
|
import com.google.protobuf.InvalidProtocolBufferException;
|
||||||
@ -124,6 +126,9 @@ private static INodeDirectorySnapshottable createRoot(FSNamesystem namesystem) {
|
|||||||
public final static String DOT_INODES_STRING = ".inodes";
|
public final static String DOT_INODES_STRING = ".inodes";
|
||||||
public final static byte[] DOT_INODES =
|
public final static byte[] DOT_INODES =
|
||||||
DFSUtil.string2Bytes(DOT_INODES_STRING);
|
DFSUtil.string2Bytes(DOT_INODES_STRING);
|
||||||
|
private final XAttr KEYID_XATTR =
|
||||||
|
XAttrHelper.buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, null);
|
||||||
|
|
||||||
INodeDirectory rootDir;
|
INodeDirectory rootDir;
|
||||||
FSImage fsImage;
|
FSImage fsImage;
|
||||||
private final FSNamesystem namesystem;
|
private final FSNamesystem namesystem;
|
||||||
@ -136,6 +141,35 @@ private static INodeDirectorySnapshottable createRoot(FSNamesystem namesystem) {
|
|||||||
private long yieldCount = 0; // keep track of lock yield count.
|
private long yieldCount = 0; // keep track of lock yield count.
|
||||||
private final int inodeXAttrsLimit; //inode xattrs max limit
|
private final int inodeXAttrsLimit; //inode xattrs max limit
|
||||||
|
|
||||||
|
/*
|
||||||
|
* EncryptionZoneInt is the internal representation of an encryption
|
||||||
|
* zone. The external representation of an EZ is embodied in an
|
||||||
|
* EncryptionZone and contains the EZ's pathname.
|
||||||
|
*/
|
||||||
|
private class EncryptionZoneInt {
|
||||||
|
private final String keyId;
|
||||||
|
private final long inodeId;
|
||||||
|
|
||||||
|
EncryptionZoneInt(String keyId, long inodeId) {
|
||||||
|
this.keyId = keyId;
|
||||||
|
this.inodeId = inodeId;
|
||||||
|
}
|
||||||
|
|
||||||
|
String getKeyId() {
|
||||||
|
return keyId;
|
||||||
|
}
|
||||||
|
|
||||||
|
long getINodeId() {
|
||||||
|
return inodeId;
|
||||||
|
}
|
||||||
|
|
||||||
|
String getFullPathName() {
|
||||||
|
return getInode(inodeId).getFullPathName();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private final Map<Long, EncryptionZoneInt> encryptionZones;
|
||||||
|
|
||||||
// lock to protect the directory and BlockMap
|
// lock to protect the directory and BlockMap
|
||||||
private final ReentrantReadWriteLock dirLock;
|
private final ReentrantReadWriteLock dirLock;
|
||||||
|
|
||||||
@ -221,6 +255,7 @@ public int getWriteHoldCount() {
|
|||||||
+ " times");
|
+ " times");
|
||||||
nameCache = new NameCache<ByteArray>(threshold);
|
nameCache = new NameCache<ByteArray>(threshold);
|
||||||
namesystem = ns;
|
namesystem = ns;
|
||||||
|
encryptionZones = new HashMap<Long, EncryptionZoneInt>();
|
||||||
}
|
}
|
||||||
|
|
||||||
private FSNamesystem getFSNamesystem() {
|
private FSNamesystem getFSNamesystem() {
|
||||||
@ -545,7 +580,7 @@ boolean unprotectedRenameTo(String src, String dst, long timestamp)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
checkEncryptionZoneMoveValidity(src, dst);
|
checkEncryptionZoneMoveValidity(srcIIP, dstIIP, src);
|
||||||
// Ensure dst has quota to accommodate rename
|
// Ensure dst has quota to accommodate rename
|
||||||
verifyFsLimitsForRename(srcIIP, dstIIP);
|
verifyFsLimitsForRename(srcIIP, dstIIP);
|
||||||
verifyQuotaForRename(srcIIP.getINodes(), dstIIP.getINodes());
|
verifyQuotaForRename(srcIIP.getINodes(), dstIIP.getINodes());
|
||||||
@ -750,7 +785,7 @@ boolean unprotectedRenameTo(String src, String dst, long timestamp,
|
|||||||
throw new IOException(error);
|
throw new IOException(error);
|
||||||
}
|
}
|
||||||
|
|
||||||
checkEncryptionZoneMoveValidity(src, dst);
|
checkEncryptionZoneMoveValidity(srcIIP, dstIIP, src);
|
||||||
final INode dstInode = dstIIP.getLastINode();
|
final INode dstInode = dstIIP.getLastINode();
|
||||||
List<INodeDirectorySnapshottable> snapshottableDirs =
|
List<INodeDirectorySnapshottable> snapshottableDirs =
|
||||||
new ArrayList<INodeDirectorySnapshottable>();
|
new ArrayList<INodeDirectorySnapshottable>();
|
||||||
@ -974,14 +1009,36 @@ boolean unprotectedRenameTo(String src, String dst, long timestamp,
|
|||||||
throw new IOException("rename from " + src + " to " + dst + " failed.");
|
throw new IOException("rename from " + src + " to " + dst + " failed.");
|
||||||
}
|
}
|
||||||
|
|
||||||
private void checkEncryptionZoneMoveValidity(String src, String dst)
|
boolean isInAnEZ(INodesInPath iip)
|
||||||
|
throws UnresolvedLinkException, SnapshotAccessControlException {
|
||||||
|
readLock();
|
||||||
|
try {
|
||||||
|
return (getEncryptionZoneForPath(iip) != null);
|
||||||
|
} finally {
|
||||||
|
readUnlock();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private EncryptionZoneInt getEncryptionZoneForPath(INodesInPath iip) {
|
||||||
|
Preconditions.checkNotNull(iip);
|
||||||
|
final INode[] inodes = iip.getINodes();
|
||||||
|
for (int i = inodes.length -1; i >= 0; i--) {
|
||||||
|
final INode inode = inodes[i];
|
||||||
|
if (inode != null) {
|
||||||
|
final EncryptionZoneInt ezi = encryptionZones.get(inode.getId());
|
||||||
|
if (ezi != null) {
|
||||||
|
return ezi;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void checkEncryptionZoneMoveValidity(INodesInPath srcIIP,
|
||||||
|
INodesInPath dstIIP, String src)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
final EncryptionZone srcEZ =
|
final boolean srcInEZ = (getEncryptionZoneForPath(srcIIP) != null);
|
||||||
getFSNamesystem().getEncryptionZoneForPath(src);
|
final boolean dstInEZ = (getEncryptionZoneForPath(dstIIP) != null);
|
||||||
final EncryptionZone dstEZ =
|
|
||||||
getFSNamesystem().getEncryptionZoneForPath(dst);
|
|
||||||
final boolean srcInEZ = srcEZ != null;
|
|
||||||
final boolean dstInEZ = dstEZ != null;
|
|
||||||
if (srcInEZ) {
|
if (srcInEZ) {
|
||||||
if (!dstInEZ) {
|
if (!dstInEZ) {
|
||||||
throw new IOException(src + " can't be moved from an encryption zone.");
|
throw new IOException(src + " can't be moved from an encryption zone.");
|
||||||
@ -993,12 +1050,18 @@ private void checkEncryptionZoneMoveValidity(String src, String dst)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (srcInEZ || dstInEZ) {
|
if (srcInEZ || dstInEZ) {
|
||||||
if (!srcEZ.getPath().equals(dstEZ.getPath())) {
|
final EncryptionZoneInt srcEZI = getEncryptionZoneForPath(srcIIP);
|
||||||
|
final EncryptionZoneInt dstEZI = getEncryptionZoneForPath(dstIIP);
|
||||||
|
Preconditions.checkArgument(srcEZI != null, "couldn't find src EZ?");
|
||||||
|
Preconditions.checkArgument(dstEZI != null, "couldn't find dst EZ?");
|
||||||
|
if (srcEZI != dstEZI) {
|
||||||
|
final String srcEZPath = srcEZI.getFullPathName();
|
||||||
|
final String dstEZPath = dstEZI.getFullPathName();
|
||||||
final StringBuilder sb = new StringBuilder(src);
|
final StringBuilder sb = new StringBuilder(src);
|
||||||
sb.append(" can't be moved from encryption zone ");
|
sb.append(" can't be moved from encryption zone ");
|
||||||
sb.append(srcEZ.getPath());
|
sb.append(srcEZPath);
|
||||||
sb.append(" to encryption zone ");
|
sb.append(" to encryption zone ");
|
||||||
sb.append(dstEZ.getPath());
|
sb.append(dstEZPath);
|
||||||
sb.append(".");
|
sb.append(".");
|
||||||
throw new IOException(sb.toString());
|
throw new IOException(sb.toString());
|
||||||
}
|
}
|
||||||
@ -2167,6 +2230,18 @@ public INodeMap getINodeMap() {
|
|||||||
public final void addToInodeMap(INode inode) {
|
public final void addToInodeMap(INode inode) {
|
||||||
if (inode instanceof INodeWithAdditionalFields) {
|
if (inode instanceof INodeWithAdditionalFields) {
|
||||||
inodeMap.put(inode);
|
inodeMap.put(inode);
|
||||||
|
final XAttrFeature xaf = inode.getXAttrFeature();
|
||||||
|
if (xaf != null) {
|
||||||
|
final List<XAttr> xattrs = xaf.getXAttrs();
|
||||||
|
for (XAttr xattr : xattrs) {
|
||||||
|
final String xaName = XAttrHelper.getPrefixName(xattr);
|
||||||
|
if (CRYPTO_XATTR_ENCRYPTION_ZONE.equals(xaName)) {
|
||||||
|
encryptionZones.put(inode.getId(),
|
||||||
|
new EncryptionZoneInt(new String(xattr.getValue()),
|
||||||
|
inode.getId()));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2178,6 +2253,7 @@ public final void removeFromInodeMap(List<? extends INode> inodes) {
|
|||||||
for (INode inode : inodes) {
|
for (INode inode : inodes) {
|
||||||
if (inode != null && inode instanceof INodeWithAdditionalFields) {
|
if (inode != null && inode instanceof INodeWithAdditionalFields) {
|
||||||
inodeMap.remove(inode);
|
inodeMap.remove(inode);
|
||||||
|
encryptionZones.remove(inode.getId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2682,6 +2758,8 @@ List<XAttr> filterINodeXAttrs(final List<XAttr> existingXAttrs,
|
|||||||
for (ListIterator<XAttr> it = toFilter.listIterator(); it.hasNext()
|
for (ListIterator<XAttr> it = toFilter.listIterator(); it.hasNext()
|
||||||
;) {
|
;) {
|
||||||
XAttr filter = it.next();
|
XAttr filter = it.next();
|
||||||
|
Preconditions.checkArgument(!KEYID_XATTR.equalsIgnoreValue(filter),
|
||||||
|
"The encryption zone xattr should never be deleted.");
|
||||||
if (a.equalsIgnoreValue(filter)) {
|
if (a.equalsIgnoreValue(filter)) {
|
||||||
add = false;
|
add = false;
|
||||||
it.remove();
|
it.remove();
|
||||||
@ -2705,17 +2783,42 @@ XAttr createEncryptionZone(String src, String keyId)
|
|||||||
throw new IOException(
|
throw new IOException(
|
||||||
"Attempt to create an encryption zone for a non-empty directory.");
|
"Attempt to create an encryption zone for a non-empty directory.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
final INodesInPath srcIIP = getINodesInPath4Write(src, false);
|
||||||
|
final EncryptionZoneInt ezi = getEncryptionZoneForPath(srcIIP);
|
||||||
|
if (ezi != null) {
|
||||||
|
throw new IOException("Directory " + src +
|
||||||
|
" is already in an encryption zone. (" + ezi.getFullPathName() + ")");
|
||||||
|
}
|
||||||
|
|
||||||
final XAttr keyIdXAttr =
|
final XAttr keyIdXAttr =
|
||||||
XAttrHelper.buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, keyId.getBytes());
|
XAttrHelper.buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, keyId.getBytes());
|
||||||
List<XAttr> xattrs = Lists.newArrayListWithCapacity(1);
|
final List<XAttr> xattrs = Lists.newArrayListWithCapacity(1);
|
||||||
xattrs.add(keyIdXAttr);
|
xattrs.add(keyIdXAttr);
|
||||||
unprotectedSetXAttrs(src, xattrs, EnumSet.of(XAttrSetFlag.CREATE));
|
final INode inode = unprotectedSetXAttrs(src, xattrs,
|
||||||
|
EnumSet.of(XAttrSetFlag.CREATE));
|
||||||
|
encryptionZones.put(inode.getId(),
|
||||||
|
new EncryptionZoneInt(keyId, inode.getId()));
|
||||||
return keyIdXAttr;
|
return keyIdXAttr;
|
||||||
} finally {
|
} finally {
|
||||||
writeUnlock();
|
writeUnlock();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
List<EncryptionZone> listEncryptionZones() throws IOException {
|
||||||
|
readLock();
|
||||||
|
try {
|
||||||
|
final List<EncryptionZone> ret =
|
||||||
|
Lists.newArrayListWithExpectedSize(encryptionZones.size());
|
||||||
|
for (EncryptionZoneInt ezi : encryptionZones.values()) {
|
||||||
|
ret.add(new EncryptionZone(ezi.getFullPathName(), ezi.getKeyId()));
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
} finally {
|
||||||
|
readUnlock();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the FileEncryptionInfo for an INode.
|
* Set the FileEncryptionInfo for an INode.
|
||||||
*/
|
*/
|
||||||
@ -2782,7 +2885,7 @@ void setXAttrs(final String src, final List<XAttr> xAttrs,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void unprotectedSetXAttrs(final String src, final List<XAttr> xAttrs,
|
INode unprotectedSetXAttrs(final String src, final List<XAttr> xAttrs,
|
||||||
final EnumSet<XAttrSetFlag> flag)
|
final EnumSet<XAttrSetFlag> flag)
|
||||||
throws QuotaExceededException, IOException {
|
throws QuotaExceededException, IOException {
|
||||||
assert hasWriteLock();
|
assert hasWriteLock();
|
||||||
@ -2791,7 +2894,22 @@ void unprotectedSetXAttrs(final String src, final List<XAttr> xAttrs,
|
|||||||
int snapshotId = iip.getLatestSnapshotId();
|
int snapshotId = iip.getLatestSnapshotId();
|
||||||
List<XAttr> existingXAttrs = XAttrStorage.readINodeXAttrs(inode);
|
List<XAttr> existingXAttrs = XAttrStorage.readINodeXAttrs(inode);
|
||||||
List<XAttr> newXAttrs = setINodeXAttrs(existingXAttrs, xAttrs, flag);
|
List<XAttr> newXAttrs = setINodeXAttrs(existingXAttrs, xAttrs, flag);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If we're adding the encryption zone xattr, then add src to the list
|
||||||
|
* of encryption zones.
|
||||||
|
*/
|
||||||
|
for (XAttr xattr : newXAttrs) {
|
||||||
|
final String xaName = XAttrHelper.getPrefixName(xattr);
|
||||||
|
if (CRYPTO_XATTR_ENCRYPTION_ZONE.equals(xaName)) {
|
||||||
|
final EncryptionZoneInt ez =
|
||||||
|
new EncryptionZoneInt(new String(xattr.getValue()), inode.getId());
|
||||||
|
encryptionZones.put(inode.getId(), ez);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
XAttrStorage.updateINodeXAttrs(inode, newXAttrs, snapshotId);
|
XAttrStorage.updateINodeXAttrs(inode, newXAttrs, snapshotId);
|
||||||
|
return inode;
|
||||||
}
|
}
|
||||||
|
|
||||||
List<XAttr> setINodeXAttrs(final List<XAttr> existingXAttrs,
|
List<XAttr> setINodeXAttrs(final List<XAttr> existingXAttrs,
|
||||||
|
@ -270,7 +270,6 @@
|
|||||||
|
|
||||||
import com.google.common.annotations.VisibleForTesting;
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
import com.google.common.base.Charsets;
|
import com.google.common.base.Charsets;
|
||||||
import com.google.common.base.Joiner;
|
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
import com.google.common.collect.ImmutableMap;
|
import com.google.common.collect.ImmutableMap;
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
@ -528,7 +527,6 @@ private void logAuditEvent(boolean succeeded,
|
|||||||
private KeyProvider provider = null;
|
private KeyProvider provider = null;
|
||||||
private KeyProvider.Options providerOptions = null;
|
private KeyProvider.Options providerOptions = null;
|
||||||
|
|
||||||
private final Map<String, EncryptionZone> encryptionZones;
|
|
||||||
private final CryptoCodec codec;
|
private final CryptoCodec codec;
|
||||||
|
|
||||||
private volatile boolean imageLoaded = false;
|
private volatile boolean imageLoaded = false;
|
||||||
@ -855,7 +853,6 @@ static FSNamesystem loadFromDisk(Configuration conf) throws IOException {
|
|||||||
auditLoggers.get(0) instanceof DefaultAuditLogger;
|
auditLoggers.get(0) instanceof DefaultAuditLogger;
|
||||||
this.retryCache = ignoreRetryCache ? null : initRetryCache(conf);
|
this.retryCache = ignoreRetryCache ? null : initRetryCache(conf);
|
||||||
this.nnConf = new NNConf(conf);
|
this.nnConf = new NNConf(conf);
|
||||||
this.encryptionZones = new HashMap<String, EncryptionZone>();
|
|
||||||
} catch(IOException e) {
|
} catch(IOException e) {
|
||||||
LOG.error(getClass().getSimpleName() + " initialization failed.", e);
|
LOG.error(getClass().getSimpleName() + " initialization failed.", e);
|
||||||
close();
|
close();
|
||||||
@ -2308,11 +2305,12 @@ private void verifyParentDir(String src) throws FileNotFoundException,
|
|||||||
* @return chosen CipherSuite, or null if file is not in an EncryptionZone
|
* @return chosen CipherSuite, or null if file is not in an EncryptionZone
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
private CipherSuite chooseCipherSuite(String src, List<CipherSuite>
|
private CipherSuite chooseCipherSuite(INodesInPath srcIIP, List<CipherSuite>
|
||||||
cipherSuites) throws UnknownCipherSuiteException {
|
cipherSuites)
|
||||||
EncryptionZone zone = getEncryptionZoneForPath(src);
|
throws UnknownCipherSuiteException, UnresolvedLinkException,
|
||||||
|
SnapshotAccessControlException {
|
||||||
// Not in an EZ
|
// Not in an EZ
|
||||||
if (zone == null) {
|
if (!dir.isInAnEZ(srcIIP)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
CipherSuite chosen = null;
|
CipherSuite chosen = null;
|
||||||
@ -2469,7 +2467,7 @@ private void startFileInternal(FSPermissionChecker pc, String src,
|
|||||||
}
|
}
|
||||||
|
|
||||||
FileEncryptionInfo feInfo = null;
|
FileEncryptionInfo feInfo = null;
|
||||||
CipherSuite suite = chooseCipherSuite(src, cipherSuites);
|
CipherSuite suite = chooseCipherSuite(iip, cipherSuites);
|
||||||
if (suite != null) {
|
if (suite != null) {
|
||||||
Preconditions.checkArgument(!suite.equals(CipherSuite.UNKNOWN),
|
Preconditions.checkArgument(!suite.equals(CipherSuite.UNKNOWN),
|
||||||
"Chose an UNKNOWN CipherSuite!");
|
"Chose an UNKNOWN CipherSuite!");
|
||||||
@ -3651,11 +3649,6 @@ private boolean deleteInternal(String src, boolean recursive,
|
|||||||
FsAction.ALL, true, false);
|
FsAction.ALL, true, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
final EncryptionZone ez = getEncryptionZoneForPath(src);
|
|
||||||
if (ez != null) {
|
|
||||||
encryptionZones.remove(src);
|
|
||||||
}
|
|
||||||
|
|
||||||
long mtime = now();
|
long mtime = now();
|
||||||
// Unlink the target directory from directory tree
|
// Unlink the target directory from directory tree
|
||||||
long filesRemoved = dir.delete(src, collectedBlocks, removedINodes,
|
long filesRemoved = dir.delete(src, collectedBlocks, removedINodes,
|
||||||
@ -8365,17 +8358,10 @@ private void createEncryptionZoneInt(final String srcArg, String keyId,
|
|||||||
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
|
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
|
||||||
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
||||||
|
|
||||||
EncryptionZone ez = getEncryptionZoneForPath(src);
|
|
||||||
if (ez != null) {
|
|
||||||
throw new IOException("Directory " + src +
|
|
||||||
" is already in an encryption zone. (" + ez.getPath() + ")");
|
|
||||||
}
|
|
||||||
|
|
||||||
final XAttr keyIdXAttr = dir.createEncryptionZone(src, keyId);
|
final XAttr keyIdXAttr = dir.createEncryptionZone(src, keyId);
|
||||||
List<XAttr> xAttrs = Lists.newArrayListWithCapacity(1);
|
List<XAttr> xAttrs = Lists.newArrayListWithCapacity(1);
|
||||||
xAttrs.add(keyIdXAttr);
|
xAttrs.add(keyIdXAttr);
|
||||||
getEditLog().logSetXAttrs(src, xAttrs, logRetryCache);
|
getEditLog().logSetXAttrs(src, xAttrs, logRetryCache);
|
||||||
encryptionZones.put(src, new EncryptionZone(src, keyId));
|
|
||||||
resultingStat = getAuditFileInfo(src, false);
|
resultingStat = getAuditFileInfo(src, false);
|
||||||
} finally {
|
} finally {
|
||||||
writeUnlock();
|
writeUnlock();
|
||||||
@ -8400,7 +8386,6 @@ private String createNewKey(String src)
|
|||||||
}
|
}
|
||||||
|
|
||||||
List<EncryptionZone> listEncryptionZones() throws IOException {
|
List<EncryptionZone> listEncryptionZones() throws IOException {
|
||||||
|
|
||||||
boolean success = false;
|
boolean success = false;
|
||||||
checkSuperuserPrivilege();
|
checkSuperuserPrivilege();
|
||||||
checkOperation(OperationCategory.READ);
|
checkOperation(OperationCategory.READ);
|
||||||
@ -8408,8 +8393,7 @@ List<EncryptionZone> listEncryptionZones() throws IOException {
|
|||||||
try {
|
try {
|
||||||
checkSuperuserPrivilege();
|
checkSuperuserPrivilege();
|
||||||
checkOperation(OperationCategory.READ);
|
checkOperation(OperationCategory.READ);
|
||||||
final List<EncryptionZone> ret =
|
final List<EncryptionZone> ret = dir.listEncryptionZones();
|
||||||
Lists.newArrayList(encryptionZones.values());
|
|
||||||
success = true;
|
success = true;
|
||||||
return ret;
|
return ret;
|
||||||
} finally {
|
} finally {
|
||||||
@ -8418,21 +8402,6 @@ List<EncryptionZone> listEncryptionZones() throws IOException {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Lookup the encryption zone of a path. */
|
|
||||||
EncryptionZone getEncryptionZoneForPath(String src) {
|
|
||||||
assert hasReadLock();
|
|
||||||
final String[] components = INode.getPathNames(src);
|
|
||||||
for (int i = components.length; i > 0; i--) {
|
|
||||||
final List<String> l = Arrays.asList(Arrays.copyOfRange(components, 0, i));
|
|
||||||
String p = Joiner.on(Path.SEPARATOR).join(l);
|
|
||||||
final EncryptionZone ret = encryptionZones.get(p);
|
|
||||||
if (ret != null) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set xattr for a file or directory.
|
* Set xattr for a file or directory.
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user