HDFS-6490. Fix the keyid format for generated keys in FSNamesystem.createEncryptionZone (clamb)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/fs-encryption@1611722 13f79535-47bb-0310-9956-ffa450edef68
2014-07-18 17:13:55 +00:00 · 2014-07-18 17:13:55 +00:00 · 962ef6939e
parent 77f0e2cca5
commit 962ef6939e
2 changed files with 21 additions and 7 deletions
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
@ -46,6 +46,9 @@ fs-encryption (Unreleased)

    HDFS-6405. Test Crypto streams in HDFS. (yliu via wang)

+    HDFS-6490. Fix the keyid format for generated keys in
+    FSNamesystem.createEncryptionZone (clamb)
+
  OPTIMIZATIONS

  BUG FIXES
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
@ -420,6 +420,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
  private final CacheManager cacheManager;
  private final DatanodeStatistics datanodeStatistics;

+  private String nameserviceId;
+
  private RollingUpgradeInfo rollingUpgradeInfo = null;
  /**
   * A flag that indicates whether the checkpointer should checkpoint a rollback
@ -791,7 +793,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,

      // block allocation has to be persisted in HA using a shared edits directory
      // so that the standby has up-to-date namespace information
-      String nameserviceId = DFSUtil.getNamenodeNameServiceId(conf);
+      nameserviceId = DFSUtil.getNamenodeNameServiceId(conf);
      this.haEnabled = HAUtil.isHAEnabled(conf, nameserviceId);  
      
      // Sanity check the HA-related config.
@ -8502,22 +8504,31 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
  /**
   * Create a new key on the KeyProvider for an encryption zone.
   *
-   * @param keyId id of the key
+   * @param keyIdArg id of the key
   * @param src path of the encryption zone.
   * @return KeyVersion of the created key
   * @throws IOException
   */
-  private KeyVersion createNewKey(String keyId, String src)
+  private KeyVersion createNewKey(String keyIdArg, String src)
    throws IOException {
-    Preconditions.checkNotNull(keyId);
+    Preconditions.checkNotNull(keyIdArg);
    Preconditions.checkNotNull(src);
-    // TODO pass in hdfs://HOST:PORT (HDFS-6490)
-    providerOptions.setDescription(src);
+    final StringBuilder sb = new StringBuilder("hdfs://");
+    if (nameserviceId != null) {
+      sb.append(nameserviceId);
+    }
+    sb.append(src);
+    if (!src.endsWith("/")) {
+      sb.append('/');
+    }
+    sb.append(keyIdArg);
+    final String keyId = sb.toString();
+    providerOptions.setDescription(keyId);
    providerOptions.setBitLength(codec.getCipherSuite()
        .getAlgorithmBlockSize()*8);
    KeyVersion version = null;
    try {
-      version = provider.createKey(keyId, providerOptions);
+      version = provider.createKey(keyIdArg, providerOptions);
    } catch (NoSuchAlgorithmException e) {
      throw new IOException(e);
    }