HDFS-6625. Remove the Delete Encryption Zone function (clamb)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/fs-encryption@1607507 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
51b97a1396
commit
2a3bccddd9
|
@ -30,6 +30,8 @@ fs-encryption (Unreleased)
|
|||
|
||||
HDFS-6605. Client server negotiation of cipher suite. (wang)
|
||||
|
||||
HDFS-6625. Remove the Delete Encryption Zone function (clamb)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
BUG FIXES
|
||||
|
|
|
@ -2848,17 +2848,6 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory {
|
|||
}
|
||||
}
|
||||
|
||||
public void deleteEncryptionZone(String src) throws IOException {
|
||||
checkOpen();
|
||||
try {
|
||||
namenode.deleteEncryptionZone(src);
|
||||
} catch (RemoteException re) {
|
||||
throw re.unwrapRemoteException(AccessControlException.class,
|
||||
SafeModeException.class,
|
||||
UnresolvedPathException.class);
|
||||
}
|
||||
}
|
||||
|
||||
public List<EncryptionZone> listEncryptionZones() throws IOException {
|
||||
checkOpen();
|
||||
try {
|
||||
|
|
|
@ -1804,11 +1804,6 @@ public class DistributedFileSystem extends FileSystem {
|
|||
dfs.createEncryptionZone(getPathName(path), keyId);
|
||||
}
|
||||
|
||||
/* HDFS only */
|
||||
public void deleteEncryptionZone(Path path) throws IOException {
|
||||
dfs.deleteEncryptionZone(getPathName(path));
|
||||
}
|
||||
|
||||
/* HDFS only */
|
||||
public List<EncryptionZone> listEncryptionZones() throws IOException {
|
||||
return dfs.listEncryptionZones();
|
||||
|
|
|
@ -258,27 +258,6 @@ public class HdfsAdmin {
|
|||
dfs.createEncryptionZone(path, keyId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete the encryption zone rooted at path. Path must refer to an existing,
|
||||
* empty directory. Otherwise, an IOException is thrown. This method removes
|
||||
* those extended attributes on the directory which indicate that it is part
|
||||
* of an encryption zone. Following successful completion of this call, any
|
||||
* new files created in the directory (or it's children) will not be
|
||||
* encrypted. The directory is not removed by this method.
|
||||
*
|
||||
* @param path The path of the root of the encryption zone.
|
||||
*
|
||||
* @throws IOException if there was a general IO exception
|
||||
*
|
||||
* @throws AccessControlException if the caller does not have access to path
|
||||
*
|
||||
* @throws FileNotFoundException if the path does not exist
|
||||
*/
|
||||
public void deleteEncryptionZone(Path path)
|
||||
throws IOException, AccessControlException, FileNotFoundException {
|
||||
dfs.deleteEncryptionZone(path);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a list of all {@EncryptionZone}s in the HDFS hierarchy which are
|
||||
* visible to the caller. If the caller is the HDFS admin, then the returned
|
||||
|
|
|
@ -1266,13 +1266,6 @@ public interface ClientProtocol {
|
|||
public void createEncryptionZone(String src, String keyId)
|
||||
throws IOException;
|
||||
|
||||
/**
|
||||
* Delete an encryption zone
|
||||
*/
|
||||
@AtMostOnce
|
||||
public void deleteEncryptionZone(String src)
|
||||
throws IOException;
|
||||
|
||||
/**
|
||||
* Return a list of all {@EncryptionZone}s in the HDFS hierarchy which are
|
||||
* visible to the caller. If the caller is the HDFS admin, then the returned
|
||||
|
|
|
@ -173,14 +173,11 @@ import org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos.Update
|
|||
import org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos.UpdatePipelineResponseProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.CreateEncryptionZoneResponseProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.CreateEncryptionZoneRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.DeleteEncryptionZoneResponseProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.DeleteEncryptionZoneRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.ListEncryptionZonesResponseProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.ListEncryptionZonesRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.HdfsProtos.DatanodeIDProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.HdfsProtos.DatanodeInfoProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.HdfsProtos.LocatedBlockProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.XAttrProtos;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.XAttrProtos.GetXAttrsRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.XAttrProtos.GetXAttrsResponseProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.XAttrProtos.ListXAttrsRequestProto;
|
||||
|
@ -1297,18 +1294,6 @@ public class ClientNamenodeProtocolServerSideTranslatorPB implements
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public DeleteEncryptionZoneResponseProto deleteEncryptionZone(
|
||||
RpcController controller, DeleteEncryptionZoneRequestProto req)
|
||||
throws ServiceException {
|
||||
try {
|
||||
server.deleteEncryptionZone(req.getSrc());
|
||||
return DeleteEncryptionZoneResponseProto.newBuilder().build();
|
||||
} catch (IOException e) {
|
||||
throw new ServiceException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public ListEncryptionZonesResponseProto listEncryptionZones(
|
||||
RpcController controller, ListEncryptionZonesRequestProto req)
|
||||
|
|
|
@ -146,7 +146,6 @@ import org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos.SetTim
|
|||
import org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos.UpdateBlockForPipelineRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos.UpdatePipelineRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.CreateEncryptionZoneRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.DeleteEncryptionZoneRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.EncryptionZonesProtos.ListEncryptionZonesRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.XAttrProtos.GetXAttrsRequestProto;
|
||||
import org.apache.hadoop.hdfs.protocol.proto.XAttrProtos.ListXAttrsRequestProto;
|
||||
|
@ -1301,17 +1300,6 @@ public class ClientNamenodeProtocolTranslatorPB implements
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteEncryptionZone(String src) throws IOException {
|
||||
final DeleteEncryptionZoneRequestProto req =
|
||||
DeleteEncryptionZoneRequestProto.newBuilder().setSrc(src).build();
|
||||
try {
|
||||
rpcProxy.deleteEncryptionZone(null, req);
|
||||
} catch (ServiceException e) {
|
||||
throw ProtobufHelper.getRemoteException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<EncryptionZone> listEncryptionZones() throws IOException {
|
||||
final ListEncryptionZonesRequestProto req =
|
||||
|
|
|
@ -2716,29 +2716,6 @@ public class FSDirectory implements Closeable {
|
|||
}
|
||||
}
|
||||
|
||||
List<XAttr> deleteEncryptionZone(String src)
|
||||
throws IOException {
|
||||
writeLock();
|
||||
try {
|
||||
if (isNonEmptyDirectory(src)) {
|
||||
throw new IOException(
|
||||
"Attempt to delete an encryption zone for a non-empty directory.");
|
||||
}
|
||||
final XAttr keyIdXAttr =
|
||||
XAttrHelper.buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, null);
|
||||
List<XAttr> xattrs = Lists.newArrayListWithCapacity(1);
|
||||
xattrs.add(keyIdXAttr);
|
||||
final List<XAttr> removedXAttrs = unprotectedRemoveXAttrs(src, xattrs);
|
||||
if (removedXAttrs == null || removedXAttrs.isEmpty()) {
|
||||
throw new IOException(
|
||||
src + " does not appear to be the root of an encryption zone");
|
||||
}
|
||||
return removedXAttrs;
|
||||
} finally {
|
||||
writeUnlock();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the FileEncryptionInfo for an INode.
|
||||
*/
|
||||
|
|
|
@ -3650,6 +3650,12 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
checkPermission(pc, src, false, null, FsAction.WRITE, null,
|
||||
FsAction.ALL, true, false);
|
||||
}
|
||||
|
||||
final EncryptionZone ez = getEncryptionZoneForPath(src);
|
||||
if (ez != null) {
|
||||
encryptionZones.remove(src);
|
||||
}
|
||||
|
||||
long mtime = now();
|
||||
// Unlink the target directory from directory tree
|
||||
long filesRemoved = dir.delete(src, collectedBlocks, removedINodes,
|
||||
|
@ -8393,73 +8399,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
return keyId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete the encryption zone on directory src.
|
||||
*
|
||||
* @param src the path of a directory which is the root of the encryption
|
||||
* zone. The directory must be empty and must be marked as an encryption
|
||||
* zone.
|
||||
*
|
||||
* @throws AccessControlException if the caller is not the superuser.
|
||||
*
|
||||
* @throws UnresolvedLinkException if the path can't be resolved.
|
||||
*
|
||||
* @throws SafeModeException if the Namenode is in safe mode.
|
||||
*/
|
||||
void deleteEncryptionZone(final String src)
|
||||
throws IOException, UnresolvedLinkException,
|
||||
SafeModeException, AccessControlException {
|
||||
final CacheEntry cacheEntry = RetryCache.waitForCompletion(retryCache);
|
||||
if (cacheEntry != null && cacheEntry.isSuccess()) {
|
||||
return; // Return previous response
|
||||
}
|
||||
|
||||
boolean success = false;
|
||||
try {
|
||||
deleteEncryptionZoneInt(src, cacheEntry != null);
|
||||
encryptionZones.remove(src);
|
||||
success = true;
|
||||
} catch (AccessControlException e) {
|
||||
logAuditEvent(false, "deleteEncryptionZone", src);
|
||||
throw e;
|
||||
} finally {
|
||||
RetryCache.setState(cacheEntry, success);
|
||||
}
|
||||
}
|
||||
|
||||
private void deleteEncryptionZoneInt(final String srcArg,
|
||||
final boolean logRetryCache) throws IOException {
|
||||
String src = srcArg;
|
||||
HdfsFileStatus resultingStat = null;
|
||||
checkSuperuserPrivilege();
|
||||
checkOperation(OperationCategory.WRITE);
|
||||
final byte[][] pathComponents =
|
||||
FSDirectory.getPathComponentsForReservedPath(src);
|
||||
writeLock();
|
||||
try {
|
||||
checkSuperuserPrivilege();
|
||||
checkOperation(OperationCategory.WRITE);
|
||||
checkNameNodeSafeMode("Cannot delete encryption zone on " + src);
|
||||
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
||||
final EncryptionZone ez = encryptionZones.get(src);
|
||||
if (ez == null) {
|
||||
throw new IOException("Directory " + src +
|
||||
" is not the root of an encryption zone.");
|
||||
}
|
||||
final List<XAttr> removedXAttrs = dir.deleteEncryptionZone(src);
|
||||
if (removedXAttrs != null && !removedXAttrs.isEmpty()) {
|
||||
getEditLog().logRemoveXAttrs(src, removedXAttrs);
|
||||
}
|
||||
encryptionZones.remove(src);
|
||||
resultingStat = getAuditFileInfo(src, false);
|
||||
} finally {
|
||||
writeUnlock();
|
||||
}
|
||||
getEditLog().logSync();
|
||||
logAuditEvent(true, "deleteEncryptionZone", src, null, resultingStat);
|
||||
}
|
||||
|
||||
List<EncryptionZone> listEncryptionZones() throws IOException {
|
||||
|
||||
boolean success = false;
|
||||
checkSuperuserPrivilege();
|
||||
checkOperation(OperationCategory.READ);
|
||||
|
|
|
@ -1413,11 +1413,6 @@ class NameNodeRpcServer implements NamenodeProtocols {
|
|||
namesystem.createEncryptionZone(src, keyId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteEncryptionZone(String src) throws IOException {
|
||||
namesystem.deleteEncryptionZone(src);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<EncryptionZone> listEncryptionZones() throws IOException {
|
||||
return namesystem.listEncryptionZones();
|
||||
|
|
|
@ -32,8 +32,6 @@ import org.apache.hadoop.tools.TableListing;
|
|||
import org.apache.hadoop.util.StringUtils;
|
||||
import org.apache.hadoop.util.Tool;
|
||||
|
||||
import com.google.common.base.Joiner;
|
||||
|
||||
/**
|
||||
* This class implements crypto command-line operations.
|
||||
*/
|
||||
|
@ -169,53 +167,6 @@ public class CryptoAdmin extends Configured implements Tool {
|
|||
}
|
||||
}
|
||||
|
||||
private static class DeleteZoneCommand implements Command {
|
||||
@Override
|
||||
public String getName() {
|
||||
return "-deleteZone";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getShortUsage() {
|
||||
return "[" + getName() + " -path <path> " + "]\n";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getLongUsage() {
|
||||
final TableListing listing = getOptionDescriptionListing();
|
||||
listing.addRow("<path>", "The path of the encryption zone to delete. " +
|
||||
"It must be an empty directory and an existing encryption zone.");
|
||||
return getShortUsage() + "\n" +
|
||||
"Delete an encryption zone.\n\n" +
|
||||
listing.toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int run(Configuration conf, List<String> args) throws IOException {
|
||||
final String path = StringUtils.popOptionWithArgument("-path", args);
|
||||
if (path == null) {
|
||||
System.err.println("You must specify a path with -path.");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!args.isEmpty()) {
|
||||
System.err.println("Can't understand argument: " + args.get(0));
|
||||
return 1;
|
||||
}
|
||||
|
||||
final DistributedFileSystem dfs = getDFS(conf);
|
||||
try {
|
||||
dfs.deleteEncryptionZone(new Path(path));
|
||||
System.out.println("Deleted encryption zone " + path);
|
||||
} catch (IOException e) {
|
||||
System.err.println(prettifyException(e));
|
||||
return 2;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
private static class ListZonesCommand implements Command {
|
||||
@Override
|
||||
public String getName() {
|
||||
|
@ -315,7 +266,6 @@ public class CryptoAdmin extends Configured implements Tool {
|
|||
|
||||
private static final Command[] COMMANDS = {
|
||||
new CreateZoneCommand(),
|
||||
new DeleteZoneCommand(),
|
||||
new ListZonesCommand(),
|
||||
new HelpCommand(),
|
||||
};
|
||||
|
|
|
@ -772,8 +772,6 @@ service ClientNamenodeProtocol {
|
|||
returns(RemoveXAttrResponseProto);
|
||||
rpc createEncryptionZone(CreateEncryptionZoneRequestProto)
|
||||
returns(CreateEncryptionZoneResponseProto);
|
||||
rpc deleteEncryptionZone(DeleteEncryptionZoneRequestProto)
|
||||
returns(DeleteEncryptionZoneResponseProto);
|
||||
rpc listEncryptionZones(ListEncryptionZonesRequestProto)
|
||||
returns(ListEncryptionZonesResponseProto);
|
||||
}
|
||||
|
|
|
@ -41,13 +41,6 @@ message CreateEncryptionZoneRequestProto {
|
|||
message CreateEncryptionZoneResponseProto {
|
||||
}
|
||||
|
||||
message DeleteEncryptionZoneRequestProto {
|
||||
required string src = 1;
|
||||
}
|
||||
|
||||
message DeleteEncryptionZoneResponseProto {
|
||||
}
|
||||
|
||||
message ListEncryptionZonesRequestProto {
|
||||
}
|
||||
|
||||
|
|
|
@ -85,7 +85,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test failure of Create EZ on a directory that doesn't exist. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneDirectoryDoesntExist() throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
|
@ -98,7 +98,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test failure of Create EZ on a directory which is already an EZ. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneWhichAlreadyExists()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
|
@ -114,7 +114,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test success of Create EZ in which a key is created. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneAndGenerateKeyDirectoryEmpty()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
|
@ -124,7 +124,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test failure of Create EZ operation in an existing EZ. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneInExistingEncryptionZone()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
|
@ -142,7 +142,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test failure of creating an EZ using a non-empty directory. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneAndGenerateKeyDirectoryNotEmpty()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
|
@ -159,7 +159,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test failure of creating an EZ passing a key that doesn't exist. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneKeyDoesntExist() throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
|
@ -174,7 +174,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test success of creating an EZ when they key exists. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneKeyExist() throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
|
@ -198,9 +198,9 @@ public class TestEncryptionZonesAPI {
|
|||
provider.flush();
|
||||
}
|
||||
|
||||
/** Test failure of create/delete encryption zones as a non super user. */
|
||||
@Test(timeout = 30000)
|
||||
public void testCreateAndDeleteEncryptionZoneAsNonSuperUser()
|
||||
/** Test failure of create encryption zones as a non super user. */
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneAsNonSuperUser()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
|
@ -225,120 +225,28 @@ public class TestEncryptionZonesAPI {
|
|||
return null;
|
||||
}
|
||||
});
|
||||
dfsAdmin.createEncryptionZone(TEST_PATH, null);
|
||||
|
||||
user.doAs(new PrivilegedExceptionAction<Object>() {
|
||||
@Override
|
||||
public Object run() throws Exception {
|
||||
final HdfsAdmin userAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
try {
|
||||
userAdmin.deleteEncryptionZone(TEST_PATH);
|
||||
fail("deleteEncryptionZone is superuser-only operation");
|
||||
} catch (AccessControlException e) {
|
||||
GenericTestUtils.assertExceptionContains(
|
||||
"Superuser privilege is required", e);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/** Test failure of deleting an EZ passing a directory that doesn't exist. */
|
||||
@Test(timeout = 30000)
|
||||
public void testDeleteEncryptionZoneDirectoryDoesntExist() throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
try {
|
||||
dfsAdmin.deleteEncryptionZone(TEST_PATH);
|
||||
fail("Directory doesn't exist");
|
||||
} catch (IOException e) {
|
||||
GenericTestUtils.assertExceptionContains(
|
||||
"is not the root of an encryption zone", e);
|
||||
}
|
||||
}
|
||||
|
||||
/** Test failure of deleting an EZ which is not empty. */
|
||||
@Test(timeout = 30000)
|
||||
public void testDeleteEncryptionZoneAndGenerateKeyDirectoryNotEmpty()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
|
||||
dfsAdmin.createEncryptionZone(TEST_PATH, null);
|
||||
FileSystem.create(fs, new Path("/test/foo"),
|
||||
new FsPermission((short) 0777));
|
||||
try {
|
||||
dfsAdmin.deleteEncryptionZone(TEST_PATH);
|
||||
fail("Directory not empty");
|
||||
} catch (IOException e) {
|
||||
GenericTestUtils.assertExceptionContains("non-empty directory", e);
|
||||
}
|
||||
}
|
||||
|
||||
/** Test success of deleting an EZ. */
|
||||
@Test(timeout = 30000)
|
||||
public void testDeleteEncryptionZone()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
|
||||
dfsAdmin.createEncryptionZone(TEST_PATH, null);
|
||||
List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
|
||||
Preconditions.checkState(zones.size() == 1, "More than one zone found?");
|
||||
dfsAdmin.deleteEncryptionZone(TEST_PATH);
|
||||
zones = dfsAdmin.listEncryptionZones();
|
||||
Preconditions.checkState(zones.size() == 0, "More than one zone found?");
|
||||
}
|
||||
|
||||
/**
|
||||
* Test failure of deleting an EZ on a subdir that is not the root of an EZ.
|
||||
* Test success of creating an encryption zone a few levels down.
|
||||
*/
|
||||
@Test(timeout = 30000)
|
||||
public void testDeleteEncryptionZoneInExistingEncryptionZone()
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateEncryptionZoneDownAFewLevels()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
|
||||
dfsAdmin.createEncryptionZone(TEST_PATH, null);
|
||||
FileSystem.mkdirs(fs, TEST_PATH_WITH_CHILD, new FsPermission((short) 0777));
|
||||
try {
|
||||
dfsAdmin.deleteEncryptionZone(TEST_PATH_WITH_CHILD);
|
||||
fail("EZ in an EZ");
|
||||
} catch (IOException e) {
|
||||
GenericTestUtils.assertExceptionContains(
|
||||
"is not the root of an encryption zone", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test success of creating and deleting an encryption zone a few levels down.
|
||||
*/
|
||||
@Test(timeout = 30000)
|
||||
public void testCreateAndDeleteEncryptionZoneDownAFewLevels()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
|
||||
dfsAdmin.createEncryptionZone(TEST_PATH, null);
|
||||
FileSystem.mkdirs(fs, TEST_PATH_WITH_MULTIPLE_CHILDREN,
|
||||
new FsPermission((short) 0777));
|
||||
try {
|
||||
dfsAdmin.deleteEncryptionZone(TEST_PATH_WITH_MULTIPLE_CHILDREN);
|
||||
fail("EZ in an EZ");
|
||||
} catch (IOException e) {
|
||||
GenericTestUtils.assertExceptionContains(
|
||||
"is not the root of an encryption zone", e);
|
||||
}
|
||||
dfsAdmin.createEncryptionZone(TEST_PATH_WITH_MULTIPLE_CHILDREN, null);
|
||||
final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
|
||||
Preconditions.checkState(zones.size() == 1, "More than one zone found?");
|
||||
final EncryptionZone ez = zones.get(0);
|
||||
GenericTestUtils.assertMatches(ez.toString(),
|
||||
"EncryptionZone \\[path=/test, keyId=");
|
||||
"EncryptionZone \\[path=/test/foo/baz, keyId=");
|
||||
}
|
||||
|
||||
/** Test failure of creating an EZ using a non-empty directory. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testCreateFileInEncryptionZone() throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
|
@ -353,7 +261,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test listing encryption zones. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testListEncryptionZones() throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
|
@ -377,7 +285,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test listing encryption zones as a non super user. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testListEncryptionZonesAsNonSuperUser() throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
|
||||
|
@ -412,7 +320,7 @@ public class TestEncryptionZonesAPI {
|
|||
}
|
||||
|
||||
/** Test success of Rename EZ on a directory which is already an EZ. */
|
||||
@Test(timeout = 30000)
|
||||
@Test(timeout = 60000)
|
||||
public void testRenameEncryptionZone()
|
||||
throws Exception {
|
||||
final HdfsAdmin dfsAdmin =
|
||||
|
|
|
@ -71,7 +71,6 @@
|
|||
<crypto-admin-command>-createZone -path /foo</crypto-admin-command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /foo</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
|
@ -90,7 +89,6 @@
|
|||
<crypto-admin-command>-createZone -path /foo</crypto-admin-command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /foo</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
|
@ -112,7 +110,6 @@
|
|||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rmdir /foo/bar</command>
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /foo</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
|
@ -169,7 +166,6 @@
|
|||
<crypto-admin-command>-createZone -path /foo -keyId mykey</crypto-admin-command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /foo</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
|
@ -181,74 +177,13 @@
|
|||
</test>
|
||||
|
||||
<test>
|
||||
<description>Test failure of deleting an EZ passing a directory that doesn't exist.</description>
|
||||
<test-commands>
|
||||
<command>-fs NAMENODE -ls /</command>-
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>Directory /foo is not the root of an encryption zone.</expected-output>
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<description>Test failure of deleting an EZ which is not empty.</description>
|
||||
<test-commands>
|
||||
<command>-fs NAMENODE -mkdir /foo</command>
|
||||
<command>-fs NAMENODE -ls /</command>-
|
||||
<crypto-admin-command>-createZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -touchz /foo/bar</command>
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rm /foo/bar</command>
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /foo</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>Attempt to delete an encryption zone for a non-empty directory.</expected-output>
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<description>Test failure of deleting an EZ on a subdir that is not the root of an EZ.</description>
|
||||
<test-commands>
|
||||
<command>-fs NAMENODE -mkdir /foo</command>
|
||||
<command>-fs NAMENODE -ls /</command>-
|
||||
<crypto-admin-command>-createZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -mkdir /foo/bar</command>
|
||||
<crypto-admin-command>-deleteZone -path /foo/bar</crypto-admin-command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rmdir /foo/bar</command>
|
||||
<crypto-admin-command>-deleteZone -path /foo</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /foo</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>Directory /foo/bar is not the root of an encryption zone.</expected-output>
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<description>Test success of creating and deleting an encryption zone a few levels down.</description>
|
||||
<description>Test success of creating an encryption zone a few levels down.</description>
|
||||
<test-commands>
|
||||
<command>-fs NAMENODE -mkdir /foo</command>
|
||||
<command>-fs NAMENODE -mkdir /foo/bar</command>
|
||||
<command>-fs NAMENODE -mkdir /foo/bar/baz</command>
|
||||
<command>-fs NAMENODE -ls /</command>-
|
||||
<crypto-admin-command>-createZone -path /foo/bar/baz</crypto-admin-command>
|
||||
<crypto-admin-command>-deleteZone -path /foo/bar/baz</crypto-admin-command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rmdir /foo/bar/baz</command>
|
||||
|
@ -258,7 +193,7 @@
|
|||
<comparators>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>Deleted encryption zone /foo/bar/baz</expected-output>
|
||||
<expected-output>Added encryption zone /foo/bar/baz</expected-output>
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
|
@ -276,8 +211,6 @@
|
|||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rmdir /src/subdir</command>
|
||||
<crypto-admin-command>-deleteZone -path /src</crypto-admin-command>
|
||||
<crypto-admin-command>-deleteZone -path /dst</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /src</command>
|
||||
<command>-fs NAMENODE -rmdir /dst</command>
|
||||
</cleanup-commands>
|
||||
|
@ -299,7 +232,6 @@
|
|||
<command>-fs NAMENODE -mv /src /dst</command>-
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<crypto-admin-command>-deleteZone -path /dst</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /src</command>
|
||||
<command>-fs NAMENODE -rmdir /dst</command>
|
||||
</cleanup-commands>
|
||||
|
@ -321,7 +253,6 @@
|
|||
<command>-fs NAMENODE -mv /src /dst</command>-
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<crypto-admin-command>-deleteZone -path /src</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /src</command>
|
||||
<command>-fs NAMENODE -rmdir /dst</command>
|
||||
</cleanup-commands>
|
||||
|
@ -345,7 +276,6 @@
|
|||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rmdir /src/subdir2/subdir1</command>
|
||||
<command>-fs NAMENODE -rmdir /src/subdir2</command>
|
||||
<crypto-admin-command>-deleteZone -path /src</crypto-admin-command>
|
||||
<command>-fs NAMENODE -rmdir /src</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
|
|
Loading…
Reference in New Issue