use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.
the class KeyManagerImpl method getFileEncryptionInfo.
private FileEncryptionInfo getFileEncryptionInfo(OmBucketInfo bucketInfo) throws IOException {
FileEncryptionInfo encInfo = null;
BucketEncryptionKeyInfo ezInfo = bucketInfo.getEncryptionKeyInfo();
if (ezInfo != null) {
if (getKMSProvider() == null) {
throw new OMException("Invalid KMS provider, check configuration " + HADOOP_SECURITY_KEY_PROVIDER_PATH, INVALID_KMS_PROVIDER);
}
final String ezKeyName = ezInfo.getKeyName();
EncryptedKeyVersion edek = generateEDEK(ezKeyName);
encInfo = new FileEncryptionInfo(ezInfo.getSuite(), ezInfo.getVersion(), edek.getEncryptedKeyVersion().getMaterial(), edek.getEncryptedKeyIv(), ezKeyName, edek.getEncryptionKeyVersionName());
}
return encInfo;
}
use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.
the class BucketManagerImpl method createBucket.
/**
* MetadataDB is maintained in MetadataManager and shared between
* BucketManager and VolumeManager. (and also by BlockManager)
*
* BucketManager uses MetadataDB to store bucket level information.
*
* Keys used in BucketManager for storing data into MetadataDB
* for BucketInfo:
* {volume/bucket} -> bucketInfo
*
* Work flow of create bucket:
*
* -> Check if the Volume exists in metadataDB, if not throw
* VolumeNotFoundException.
* -> Else check if the Bucket exists in metadataDB, if so throw
* BucketExistException
* -> Else update MetadataDB with VolumeInfo.
*/
/**
* Creates a bucket.
*
* @param bucketInfo - OmBucketInfo.
*/
@Override
public void createBucket(OmBucketInfo bucketInfo) throws IOException {
Preconditions.checkNotNull(bucketInfo);
String volumeName = bucketInfo.getVolumeName();
String bucketName = bucketInfo.getBucketName();
boolean acquiredBucketLock = false;
metadataManager.getLock().acquireWriteLock(VOLUME_LOCK, volumeName);
try {
acquiredBucketLock = metadataManager.getLock().acquireWriteLock(BUCKET_LOCK, volumeName, bucketName);
String volumeKey = metadataManager.getVolumeKey(volumeName);
String bucketKey = metadataManager.getBucketKey(volumeName, bucketName);
OmVolumeArgs volumeArgs = metadataManager.getVolumeTable().get(volumeKey);
// Check if the volume exists
if (volumeArgs == null) {
LOG.debug("volume: {} not found ", volumeName);
throw new OMException("Volume doesn't exist", VOLUME_NOT_FOUND);
}
// Check if bucket already exists
if (metadataManager.getBucketTable().get(bucketKey) != null) {
LOG.debug("bucket: {} already exists ", bucketName);
throw new OMException("Bucket already exist", OMException.ResultCodes.BUCKET_ALREADY_EXISTS);
}
BucketEncryptionKeyInfo bek = bucketInfo.getEncryptionKeyInfo();
boolean hasSourceVolume = bucketInfo.getSourceVolume() != null;
boolean hasSourceBucket = bucketInfo.getSourceBucket() != null;
if (hasSourceBucket != hasSourceVolume) {
throw new OMException("Both source volume and source bucket are " + "required for bucket links", OMException.ResultCodes.INVALID_REQUEST);
}
if (bek != null && hasSourceBucket) {
throw new OMException("Encryption cannot be set for bucket links", OMException.ResultCodes.INVALID_REQUEST);
}
BucketEncryptionKeyInfo.Builder bekb = createBucketEncryptionKeyInfoBuilder(bek);
OmBucketInfo.Builder omBucketInfoBuilder = bucketInfo.toBuilder().setCreationTime(Time.now());
OzoneAclUtil.inheritDefaultAcls(omBucketInfoBuilder.getAcls(), volumeArgs.getDefaultAcls());
if (bekb != null) {
omBucketInfoBuilder.setBucketEncryptionKey(bekb.build());
}
OmBucketInfo omBucketInfo = omBucketInfoBuilder.build();
commitBucketInfoToDB(omBucketInfo);
if (hasSourceBucket) {
LOG.debug("created link {}/{} to bucket: {}/{}", volumeName, bucketName, omBucketInfo.getSourceVolume(), omBucketInfo.getSourceBucket());
} else {
LOG.debug("created bucket: {} in volume: {}", bucketName, volumeName);
}
} catch (IOException ex) {
if (!(ex instanceof OMException)) {
LOG.error("Bucket creation failed for bucket:{} in volume:{}", bucketName, volumeName, ex);
}
throw ex;
} finally {
if (acquiredBucketLock) {
metadataManager.getLock().releaseWriteLock(BUCKET_LOCK, volumeName, bucketName);
}
metadataManager.getLock().releaseWriteLock(VOLUME_LOCK, volumeName);
}
}
use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.
the class OMKeyRequest method getFileEncryptionInfo.
protected static Optional<FileEncryptionInfo> getFileEncryptionInfo(OzoneManager ozoneManager, OmBucketInfo bucketInfo) throws IOException {
Optional<FileEncryptionInfo> encInfo = Optional.absent();
BucketEncryptionKeyInfo ezInfo = bucketInfo.getEncryptionKeyInfo();
if (ezInfo != null) {
final String ezKeyName = ezInfo.getKeyName();
EncryptedKeyVersion edek = generateEDEK(ozoneManager, ezKeyName);
encInfo = Optional.of(new FileEncryptionInfo(ezInfo.getSuite(), ezInfo.getVersion(), edek.getEncryptedKeyVersion().getMaterial(), edek.getEncryptedKeyIv(), ezKeyName, edek.getEncryptionKeyVersionName()));
}
return encInfo;
}
use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.
the class RpcClient method createBucket.
@Override
public void createBucket(String volumeName, String bucketName, BucketArgs bucketArgs) throws IOException {
verifyVolumeName(volumeName);
verifyBucketName(bucketName);
Preconditions.checkNotNull(bucketArgs);
verifyCountsQuota(bucketArgs.getQuotaInNamespace());
verifySpaceQuota(bucketArgs.getQuotaInBytes());
String owner = bucketArgs.getOwner() == null ? ugi.getShortUserName() : bucketArgs.getOwner();
Boolean isVersionEnabled = bucketArgs.getVersioning() == null ? Boolean.FALSE : bucketArgs.getVersioning();
StorageType storageType = bucketArgs.getStorageType() == null ? StorageType.DEFAULT : bucketArgs.getStorageType();
BucketEncryptionKeyInfo bek = null;
if (bucketArgs.getEncryptionKey() != null) {
bek = new BucketEncryptionKeyInfo.Builder().setKeyName(bucketArgs.getEncryptionKey()).build();
}
List<OzoneAcl> listOfAcls = getAclList();
// ACLs from BucketArgs
if (bucketArgs.getAcls() != null) {
listOfAcls.addAll(bucketArgs.getAcls());
}
OmBucketInfo.Builder builder = OmBucketInfo.newBuilder();
builder.setVolumeName(volumeName).setBucketName(bucketName).setIsVersionEnabled(isVersionEnabled).addAllMetadata(bucketArgs.getMetadata()).setStorageType(storageType).setSourceVolume(bucketArgs.getSourceVolume()).setSourceBucket(bucketArgs.getSourceBucket()).setQuotaInBytes(bucketArgs.getQuotaInBytes()).setQuotaInNamespace(bucketArgs.getQuotaInNamespace()).setAcls(listOfAcls.stream().distinct().collect(Collectors.toList())).setBucketLayout(bucketArgs.getBucketLayout()).setOwner(owner);
if (bek != null) {
builder.setBucketEncryptionKey(bek);
}
LOG.info("Creating Bucket: {}/{}, with {} as owner and Versioning {} and " + "Storage Type set to {} and Encryption set to {} ", volumeName, bucketName, owner, isVersionEnabled, storageType, bek != null);
ozoneManagerClient.createBucket(builder.build());
}
Aggregations