/** * Deletes an encryption key using the parameters passed through the 'delete_key' action. * * @param params Parameters passed to the 'delete_key' command action. * @throws Exception If key deletion failed. */ private void deleteEncryptionKey(String[] params) throws Exception { CommandLine args = parseCommandArgs(DELETE_KEY_OPTIONS, params); String keyName = args.getOptionValue("keyName"); try { encryptionShim.deleteKey(keyName); } catch (IOException e) { throw new Exception("Cannot delete encryption key: " + e.getMessage()); } writeTestOutput("Encryption key deleted: '" + keyName + "'"); } }
HadoopShims.HdfsEncryptionShim shim = ShimLoader.getHadoopShims().createHdfsEncryptionShim(fs, conf); if (!shim.isPathEncrypted(location)) { HdfsUtils.HadoopFileStatus status = new HdfsUtils.HadoopFileStatus(conf, fs, location); FileStatus targetStatus = fs.getFileStatus(location);
/** * Creates an encryption zone using the parameters passed through the 'create_zone' action. * * @param params Parameters passed to the 'create_zone' command action. * @throws Exception If zone creation failed. */ private void createEncryptionZone(String[] params) throws Exception { CommandLine args = parseCommandArgs(CREATE_ZONE_OPTIONS, params); String keyName = args.getOptionValue("keyName"); Path cryptoZone = new Path(args.getOptionValue("path")); if (cryptoZone == null) { throw new Exception("Cannot create encryption zone: Invalid path '" + args.getOptionValue("path") + "'"); } try { encryptionShim.createEncryptionZone(cryptoZone, keyName); } catch (IOException e) { throw new Exception("Cannot create encryption zone: " + e.getMessage()); } writeTestOutput("Encryption zone created: '" + cryptoZone + "' using key: '" + keyName + "'"); }
if (hdfsEncryptionShim != null && (hdfsEncryptionShim.isPathEncrypted(srcf) || hdfsEncryptionShim.isPathEncrypted(destf)) && !hdfsEncryptionShim.arePathsOnSameEncryptionZone(srcf, destf))
HadoopShims.HdfsEncryptionShim shim = ShimLoader.getHadoopShims().createHdfsEncryptionShim(FileSystem.get(hiveConf), hiveConf); if (shim.isPathEncrypted(pathToData)) { throw new MetaException("Unable to drop " + objectName + " because it is in an encryption zone" + " and trash is enabled. Use PURGE option to skip trash.");
HadoopShims.HdfsEncryptionShim shim = ShimLoader.getHadoopShims().createHdfsEncryptionShim(FileSystem.get(hiveConf), hiveConf); if (shim.isPathEncrypted(pathToData)) { throw new MetaException("Unable to drop " + objectName + " because it is in an encryption zone" + " and trash is enabled. Use PURGE option to skip trash.");
/** * Creates an encryption zone using the parameters passed through the 'create_zone' action. * * @param params Parameters passed to the 'create_zone' command action. * @throws Exception If zone creation failed. */ private void createEncryptionZone(String[] params) throws Exception { CommandLine args = parseCommandArgs(CREATE_ZONE_OPTIONS, params); String keyName = args.getOptionValue("keyName"); Path cryptoZone = new Path(args.getOptionValue("path")); if (cryptoZone == null) { throw new Exception("Cannot create encryption zone: Invalid path '" + args.getOptionValue("path") + "'"); } try { encryptionShim.createEncryptionZone(cryptoZone, keyName); } catch (IOException e) { throw new Exception("Cannot create encryption zone: " + e.getMessage()); } writeTestOutput("Encryption zone created: '" + cryptoZone + "' using key: '" + keyName + "'"); }
/** * Checks if a given path is encrypted (valid only for HDFS files) * @param path The path to check for encryption * @return True if the path is encrypted; False if it is not encrypted * @throws HiveException If an error occurs while checking for encryption */ private boolean isPathEncrypted(Path path) throws HiveException { HadoopShims.HdfsEncryptionShim hdfsEncryptionShim; hdfsEncryptionShim = SessionState.get().getHdfsEncryptionShim(); if (hdfsEncryptionShim != null) { try { if (hdfsEncryptionShim.isPathEncrypted(path)) { return true; } } catch (Exception e) { throw new HiveException("Unable to determine if " + path + " is encrypted: " + e, e); } } return false; }
/** * Compares to path key encryption strenghts. * * @param p1 Path to an HDFS file system * @param p2 Path to an HDFS file system * @return -1 if strength is weak; 0 if is equals; 1 if it is stronger * @throws HiveException If an error occurs while comparing key strengths. */ private int comparePathKeyStrength(Path p1, Path p2) throws HiveException { HadoopShims.HdfsEncryptionShim hdfsEncryptionShim; hdfsEncryptionShim = SessionState.get().getHdfsEncryptionShim(); if (hdfsEncryptionShim != null) { try { return hdfsEncryptionShim.comparePathKeyStrength(p1, p2); } catch (Exception e) { throw new HiveException("Unable to compare key strength for " + p1 + " and " + p2 + " : " + e, e); } } return 0; // Non-encrypted path (or equals strength) }
/** * Deletes an encryption key using the parameters passed through the 'delete_key' action. * * @param params Parameters passed to the 'delete_key' command action. * @throws Exception If key deletion failed. */ private void deleteEncryptionKey(String[] params) throws Exception { CommandLine args = parseCommandArgs(DELETE_KEY_OPTIONS, params); String keyName = args.getOptionValue("keyName"); try { encryptionShim.deleteKey(keyName); } catch (IOException e) { throw new Exception("Cannot delete encryption key: " + e.getMessage()); } writeTestOutput("Encryption key deleted: '" + keyName + "'"); } }
/** * Creates an encryption key using the parameters passed through the 'create_key' action. * * @param params Parameters passed to the 'create_key' command action. * @throws Exception If key creation failed. */ private void createEncryptionKey(String[] params) throws Exception { CommandLine args = parseCommandArgs(CREATE_KEY_OPTIONS, params); String keyName = args.getOptionValue("keyName"); String bitLength = args.getOptionValue("bitLength", Integer.toString(DEFAULT_BIT_LENGTH)); try { encryptionShim.createKey(keyName, new Integer(bitLength)); } catch (Exception e) { throw new Exception("Cannot create encryption key: " + e.getMessage()); } writeTestOutput("Encryption key created: '" + keyName + "'"); }
HadoopShims.HdfsEncryptionShim shim = ShimLoader.getHadoopShims().createHdfsEncryptionShim(fs, conf); if (!shim.isPathEncrypted(location)) { HdfsUtils.HadoopFileStatus status = new HdfsUtils.HadoopFileStatus(conf, fs, location); FileStatus targetStatus = fs.getFileStatus(location);
return srcHdfsEncryptionShim != null && destHdfsEncryptionShim != null && (srcHdfsEncryptionShim.isPathEncrypted(srcf) || destHdfsEncryptionShim.isPathEncrypted(destf)) && !srcHdfsEncryptionShim.arePathsOnSameEncryptionZone(srcf, destf, destHdfsEncryptionShim); } catch (IOException e) { throw new HiveException(e);
/** * If moving across different FileSystems or differnent encryption zone, need to do a File copy instead of rename. * TODO- consider if need to do this for different file authority. * @throws HiveException */ static protected boolean needToCopy(Path srcf, Path destf, FileSystem srcFs, FileSystem destFs) throws HiveException { //Check if different FileSystems if (!FileUtils.equalsFileSystem(srcFs, destFs)) { return true; } //Check if different encryption zones HadoopShims.HdfsEncryptionShim srcHdfsEncryptionShim = SessionState.get().getHdfsEncryptionShim(srcFs); HadoopShims.HdfsEncryptionShim destHdfsEncryptionShim = SessionState.get().getHdfsEncryptionShim(destFs); try { return srcHdfsEncryptionShim != null && destHdfsEncryptionShim != null && (srcHdfsEncryptionShim.isPathEncrypted(srcf) || destHdfsEncryptionShim.isPathEncrypted(destf)) && !srcHdfsEncryptionShim.arePathsOnSameEncryptionZone(srcf, destf, destHdfsEncryptionShim); } catch (IOException e) { throw new HiveException(e); } }
/** * Compares to path key encryption strenghts. * * @param p1 Path to an HDFS file system * @param p2 Path to an HDFS file system * @return -1 if strength is weak; 0 if is equals; 1 if it is stronger * @throws HiveException If an error occurs while comparing key strengths. */ private int comparePathKeyStrength(Path p1, Path p2) throws HiveException { HadoopShims.HdfsEncryptionShim hdfsEncryptionShim; hdfsEncryptionShim = SessionState.get().getHdfsEncryptionShim(); if (hdfsEncryptionShim != null) { try { return hdfsEncryptionShim.comparePathKeyStrength(p1, p2); } catch (Exception e) { throw new HiveException("Unable to compare key strength for " + p1 + " and " + p2 + " : " + e, e); } } return 0; // Non-encrypted path (or equals strength) }
/** * Checks if a given path is encrypted (valid only for HDFS files) * @param path The path to check for encryption * @return True if the path is encrypted; False if it is not encrypted * @throws HiveException If an error occurs while checking for encryption */ private boolean isPathEncrypted(Path path) throws HiveException { try { HadoopShims.HdfsEncryptionShim hdfsEncryptionShim = SessionState.get().getHdfsEncryptionShim(path.getFileSystem(conf)); if (hdfsEncryptionShim != null) { if (hdfsEncryptionShim.isPathEncrypted(path)) { return true; } } } catch (Exception e) { throw new HiveException("Unable to determine if " + path + " is encrypted: " + e, e); } return false; }
/** * Creates an encryption key using the parameters passed through the 'create_key' action. * * @param params Parameters passed to the 'create_key' command action. * @throws Exception If key creation failed. */ private void createEncryptionKey(String[] params) throws Exception { CommandLine args = parseCommandArgs(CREATE_KEY_OPTIONS, params); String keyName = args.getOptionValue("keyName"); String bitLength = args.getOptionValue("bitLength", Integer.toString(DEFAULT_BIT_LENGTH)); try { encryptionShim.createKey(keyName, new Integer(bitLength)); } catch (Exception e) { throw new Exception("Cannot create encryption key: " + e.getMessage()); } writeTestOutput("Encryption key created: '" + keyName + "'"); }
/** * Creates an encryption zone using the parameters passed through the 'create_zone' action. * * @param params Parameters passed to the 'create_zone' command action. * @throws Exception If zone creation failed. */ private void createEncryptionZone(String[] params) throws Exception { CommandLine args = parseCommandArgs(CREATE_ZONE_OPTIONS, params); String keyName = args.getOptionValue("keyName"); Path cryptoZone = new Path(args.getOptionValue("path")); if (cryptoZone == null) { throw new Exception("Cannot create encryption zone: Invalid path '" + args.getOptionValue("path") + "'"); } try { encryptionShim.createEncryptionZone(cryptoZone, keyName); } catch (IOException e) { throw new Exception("Cannot create encryption zone: " + e.getMessage()); } writeTestOutput("Encryption zone created: '" + cryptoZone + "' using key: '" + keyName + "'"); }
/** * Compares to path key encryption strenghts. * * @param p1 Path to an HDFS file system * @param p2 Path to an HDFS file system * @return -1 if strength is weak; 0 if is equals; 1 if it is stronger * @throws HiveException If an error occurs while comparing key strengths. */ private int comparePathKeyStrength(Path p1, Path p2) throws HiveException { HadoopShims.HdfsEncryptionShim hdfsEncryptionShim; hdfsEncryptionShim = SessionState.get().getHdfsEncryptionShim(); if (hdfsEncryptionShim != null) { try { return hdfsEncryptionShim.comparePathKeyStrength(p1, p2); } catch (Exception e) { throw new HiveException("Unable to compare key strength for " + p1 + " and " + p2 + " : " + e, e); } } return 0; // Non-encrypted path (or equals strength) }