Currently, when users save namespace and restart the NameNode, pre-existing encryption zones will be wiped out.
I could reproduce this on a pseudo-distributed cluster:
- Create an encryption zone
- List encryption zones and verify the newly created zone is present
- Save the namespace
- Kill and restart the NameNode
- List the encryption zones and you'll find the encryption zone is missing
I've attached a test case for TestEncryptionZones that reproduces this as well. Removing the saveNamespace call will get the test to pass.