Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-6891 Follow-on work for transparent data at rest encryption
  3. HDFS-7032

Add WebHDFS support for reading and writing to encryption zones

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0, 3.0.0-alpha1
    • Fix Version/s: 2.6.0
    • Component/s: encryption, webhdfs
    • Labels:
      None

      Description

      Currently, decrypting files within encryption zones does not work through WebHDFS. Users will get returned the raw data.

      For example:

      bash-4.1$ hdfs crypto -listZones
      /enc2     key128 
      /jenkins  key128 
      
      bash-4.1$ hdfs dfs -cat /enc2/hello
      hello and goodbye
      bash-4.1$ hadoop fs -cat webhdfs://hdfs-cdh5-vanilla-1.host.com:20101/enc2/hello14/09/08 15:55:26 WARN ssl.FileBasedKeyStoresFactory: The property 'ssl.client.truststore.location' has not been set, no TrustStore will be loaded
      忡?~?A
      ?`?y???Wbash-4.1$ 
      bash-4.1$ curl -i -L "http://hdfs-cdh5-vanilla-1.host.com:20101/webhdfs/v1/enc2/hello?user.name=hdfs&op=OPEN"
      HTTP/1.1 307 TEMPORARY_REDIRECT
      Cache-Control: no-cache
      Expires: Mon, 08 Sep 2014 22:56:08 GMT
      Date: Mon, 08 Sep 2014 22:56:08 GMT
      Pragma: no-cache
      Expires: Mon, 08 Sep 2014 22:56:08 GMT
      Date: Mon, 08 Sep 2014 22:56:08 GMT
      Pragma: no-cache
      Content-Type: application/octet-stream
      Set-Cookie: hadoop.auth=u=hdfs&p=hdfs&t=simple&e=1410252968270&s=QzpylAy1ltts1F6hHpsVFGC0TfA=; Version=1; Path=/; Expires=Tue, 09-Sep-2014 08:56:08 GMT; HttpOnly
      Location: http://hdfs-cdh5-vanilla-1.host.com:20003/webhdfs/v1/enc2/hello?op=OPEN&user.name=hdfs&namenoderpcaddress=hdfs-cdh5-vanilla-1.host.com:8020&offset=0
      Content-Length: 0
      Server: Jetty(6.1.26)
      
      HTTP/1.1 200 OK
      Cache-Control: no-cache
      Expires: Mon, 08 Sep 2014 22:56:08 GMT
      Date: Mon, 08 Sep 2014 22:56:08 GMT
      Pragma: no-cache
      Expires: Mon, 08 Sep 2014 22:56:08 GMT
      Date: Mon, 08 Sep 2014 22:56:08 GMT
      Pragma: no-cache
      Content-Type: application/octet-stream
      Content-Length: 18
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Origin: *
      Server: Jetty(6.1.26)
      
      忡?~?A
      ?`?y???Wbash-4.1$ 
      

        Attachments

        1. HDFS-7032.002.patch
          5 kB
          Charles Lamb
        2. HDFS-7032.001.patch
          5 kB
          Charles Lamb

          Activity

            People

            • Assignee:
              clamb Charles Lamb
              Reporter:
              schu Stephen Chu
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: