Details
-
Type:
Sub-task
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: fs-encryption (HADOOP-10150 and HDFS-6134)
-
Fix Version/s: fs-encryption (HADOOP-10150 and HDFS-6134)
-
Component/s: security
-
Labels:None
-
Target Version/s:
Description
When users try to create an encryption zone on a system that is not configured with a KeyProvider, they will run into a NullPointerException.
For example:
[hdfs@schu-enc2 ~]$ hdfs crypto -createZone -keyName abc123 -path /user/hdfs
2014-07-22 23:18:23,273 WARN [main] crypto.CryptoCodec (CryptoCodec.java:getInstance(70)) - Crypto codec org.apache.hadoop.crypto.OpensslAesCtrCryptoCodec is not available.
RemoteException: java.lang.NullPointerException
This error happens in FSNamesystem.createEncryptionZone(FSNamesystem.java:8456):
try {
if (keyName == null || keyName.isEmpty()) {
keyName = UUID.randomUUID().toString();
createNewKey(keyName, src);
createdKey = true;
} else {
KeyVersion keyVersion = provider.getCurrentKey(keyName);
if (keyVersion == null) {
provider can be null.
An improvement would be to make the error message more specific/say that KeyProvider was not found.
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Rather than making a new test file, could we just jigger the conf and restart the minicluster? Otherwise looks good.
Thanks Andrew Wang for the review.
I moved testCreateEZWithNoProvider into TestEncryptionZones and as you suggested, grabbed the conf from the minicluster, diddled it, restarted the NN, ...
I'll commit this to fs-encryption shortly.
Committed to fs-encryption.
Here's a patch and a unit test. I thought about putting the unit test in TestEncryptionZone, but the @Before always configures a key provider so I just created a new Testxxx.java.