HDFS-8451. DFSClient probe for encryption testing interprets empty URI property for enabled. Contributed by Steve Loughran.
(cherry picked from commit 05e04f34f2
)
This commit is contained in:
parent
0b909d028f
commit
61d7ccb27e
|
@ -552,6 +552,9 @@ Release 2.7.1 - UNRELEASED
|
|||
HDFS-8404. Pending block replication can get stuck using older genstamp
|
||||
(Nathan Roberts via kihwal)
|
||||
|
||||
HDFS-8451. DFSClient probe for encryption testing interprets empty URI
|
||||
property for "enabled". (Steve Loughran via xyao)
|
||||
|
||||
Release 2.7.0 - 2015-04-20
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -3179,10 +3179,15 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Probe for encryption enabled on this filesystem.
|
||||
* See {@link DFSUtil#isHDFSEncryptionEnabled(Configuration)}
|
||||
* @return true if encryption is enabled
|
||||
*/
|
||||
public boolean isHDFSEncryptionEnabled() {
|
||||
return conf.get(
|
||||
DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null) != null;
|
||||
return DFSUtil.isHDFSEncryptionEnabled(this.conf);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the SaslDataTransferClient configured for this DFSClient.
|
||||
*
|
||||
|
|
|
@ -147,8 +147,8 @@ public class DFSUtil {
|
|||
a.isDecommissioned() ? 1 : -1;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Comparator for sorting DataNodeInfo[] based on decommissioned/stale states.
|
||||
* Decommissioned/stale nodes are moved to the end of the array on sorting
|
||||
|
@ -1495,9 +1495,9 @@ public class DFSUtil {
|
|||
public static KeyProvider createKeyProvider(
|
||||
final Configuration conf) throws IOException {
|
||||
final String providerUriStr =
|
||||
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
|
||||
conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
|
||||
// No provider set in conf
|
||||
if (providerUriStr == null) {
|
||||
if (providerUriStr.isEmpty()) {
|
||||
return null;
|
||||
}
|
||||
final URI providerUri;
|
||||
|
@ -1548,4 +1548,18 @@ public class DFSUtil {
|
|||
public static int getSmallBufferSize(Configuration conf) {
|
||||
return Math.min(getIoFileBufferSize(conf) / 2, 512);
|
||||
}
|
||||
|
||||
/**
|
||||
* Probe for HDFS Encryption being enabled; this uses the value of
|
||||
* the option {@link DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI},
|
||||
* returning true if that property contains a non-empty, non-whitespace
|
||||
* string.
|
||||
* @param conf configuration to probe
|
||||
* @return true if encryption is considered enabled.
|
||||
*/
|
||||
public static boolean isHDFSEncryptionEnabled(Configuration conf) {
|
||||
return !conf.getTrimmed(
|
||||
DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "").isEmpty();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -83,9 +83,9 @@ public class KeyProviderCache {
|
|||
|
||||
private URI createKeyProviderURI(Configuration conf) {
|
||||
final String providerUriStr =
|
||||
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
|
||||
conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
|
||||
// No provider set in conf
|
||||
if (providerUriStr == null) {
|
||||
if (providerUriStr.isEmpty()) {
|
||||
LOG.error("Could not find uri with key ["
|
||||
+ DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI
|
||||
+ "] to create a keyProvider !!");
|
||||
|
|
|
@ -897,4 +897,22 @@ public class TestDFSUtil {
|
|||
} catch (IOException ignored) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testEncryptionProbe() throws Throwable {
|
||||
Configuration conf = new Configuration(false);
|
||||
conf.unset(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI);
|
||||
assertFalse("encryption enabled on no provider key",
|
||||
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
|
||||
assertFalse("encryption enabled on empty provider key",
|
||||
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "\n\t\n");
|
||||
assertFalse("encryption enabled on whitespace provider key",
|
||||
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||
conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "http://hadoop.apache.org");
|
||||
assertTrue("encryption disabled on valid provider key",
|
||||
DFSUtil.isHDFSEncryptionEnabled(conf));
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -699,7 +699,7 @@ public class TestEncryptionZones {
|
|||
// Flushing the KP on the NN, since it caches, and init a test one
|
||||
cluster.getNamesystem().getProvider().flush();
|
||||
KeyProvider provider = KeyProviderFactory
|
||||
.get(new URI(conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)),
|
||||
.get(new URI(conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)),
|
||||
conf);
|
||||
List<String> keys = provider.getKeys();
|
||||
assertEquals("Expected NN to have created one key per zone", 1,
|
||||
|
|
Loading…
Reference in New Issue