Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.0.0-beta1
-
None
-
Reviewed
Description
In HDFS-12359, a fix for the KMS ACLs required for re-encryption was done. As part of the fix, the following code is used to make sure the local provider cache in the NN is drained.
if (dir.getProvider() instanceof CryptoExtension) { ((CryptoExtension) dir.getProvider()).drain(keyName); }
This doesn't work, because the provider is KeyProviderCryptoExtension instead of CryptoExtension - the latter is composite of the former.
Unfortunately unit test didn't catch this, because it conveniently rolled the from the NN's provider.
Attachments
Attachments
Issue Links
- is broken by
-
HDFS-12359 Re-encryption should operate with minimum KMS ACL requirements.
- Resolved