Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
HDFS-14884 checks if the encryption info of a file matches the encryption zone key.
if (!KeyProviderCryptoExtension. getBaseName(keyVersionName).equals(zoneKeyName)) { throw new IllegalArgumentException(String.format( "KeyVersion '%s' does not belong to the key '%s'", keyVersionName, zoneKeyName)); }
Here it assumes the "base name" can be derived from key version name, and that the base name should be the same as zone key.
However, there is no published definition of what a key version name should be.
While the code works for the builtin JKS key provider, it may not work for other kind of key providers. (Specifically, it breaks Cloudera's KeyTrustee KMS KeyProvider)
Attachments
Issue Links
- is broken by
-
HDFS-14884 Add sanity check that zone key equals feinfo key while setting Xattrs
- Resolved