Details

      Description

      When users try to create an encryption zone on a system that is not configured with a KeyProvider, they will run into a NullPointerException.

      For example:
      [hdfs@schu-enc2 ~]$ hdfs crypto -createZone -keyName abc123 -path /user/hdfs
      2014-07-22 23:18:23,273 WARN [main] crypto.CryptoCodec (CryptoCodec.java:getInstance(70)) - Crypto codec org.apache.hadoop.crypto.OpensslAesCtrCryptoCodec is not available.
      RemoteException: java.lang.NullPointerException

      This error happens in FSNamesystem.createEncryptionZone(FSNamesystem.java:8456):

          try {
            if (keyName == null || keyName.isEmpty()) {
              keyName = UUID.randomUUID().toString();
              createNewKey(keyName, src);
              createdKey = true;
            } else {
              KeyVersion keyVersion = provider.getCurrentKey(keyName);
              if (keyVersion == null) {
      

      provider can be null.

      An improvement would be to make the error message more specific/say that KeyProvider was not found.

      1. HDFS-6733.002.patch
        3 kB
        Charles Lamb
      2. HDFS-6733.001.patch
        3 kB
        Charles Lamb

        Activity

        Hide
        Charles Lamb added a comment -

        Here's a patch and a unit test. I thought about putting the unit test in TestEncryptionZone, but the @Before always configures a key provider so I just created a new Testxxx.java.

        Show
        Charles Lamb added a comment - Here's a patch and a unit test. I thought about putting the unit test in TestEncryptionZone, but the @Before always configures a key provider so I just created a new Testxxx.java.
        Hide
        Andrew Wang added a comment -

        Rather than making a new test file, could we just jigger the conf and restart the minicluster? Otherwise looks good.

        Show
        Andrew Wang added a comment - Rather than making a new test file, could we just jigger the conf and restart the minicluster? Otherwise looks good.
        Hide
        Charles Lamb added a comment -

        Thanks Andrew Wang for the review.

        I moved testCreateEZWithNoProvider into TestEncryptionZones and as you suggested, grabbed the conf from the minicluster, diddled it, restarted the NN, ...

        I'll commit this to fs-encryption shortly.

        Show
        Charles Lamb added a comment - Thanks Andrew Wang for the review. I moved testCreateEZWithNoProvider into TestEncryptionZones and as you suggested, grabbed the conf from the minicluster, diddled it, restarted the NN, ... I'll commit this to fs-encryption shortly.
        Hide
        Charles Lamb added a comment -

        Committed to fs-encryption.

        Show
        Charles Lamb added a comment - Committed to fs-encryption.

          People

          • Assignee:
            Charles Lamb
            Reporter:
            Stephen Chu
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development