Search in sources :

Example 1 with BucketEncryptionKeyInfo

use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.

the class KeyManagerImpl method getFileEncryptionInfo.

private FileEncryptionInfo getFileEncryptionInfo(OmBucketInfo bucketInfo) throws IOException {
    FileEncryptionInfo encInfo = null;
    BucketEncryptionKeyInfo ezInfo = bucketInfo.getEncryptionKeyInfo();
    if (ezInfo != null) {
        if (getKMSProvider() == null) {
            throw new OMException("Invalid KMS provider, check configuration " + HADOOP_SECURITY_KEY_PROVIDER_PATH, INVALID_KMS_PROVIDER);
        }
        final String ezKeyName = ezInfo.getKeyName();
        EncryptedKeyVersion edek = generateEDEK(ezKeyName);
        encInfo = new FileEncryptionInfo(ezInfo.getSuite(), ezInfo.getVersion(), edek.getEncryptedKeyVersion().getMaterial(), edek.getEncryptedKeyIv(), ezKeyName, edek.getEncryptionKeyVersionName());
    }
    return encInfo;
}
Also used : EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) BucketEncryptionKeyInfo(org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo) FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo) OMException(org.apache.hadoop.ozone.om.exceptions.OMException)

Example 2 with BucketEncryptionKeyInfo

use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.

the class BucketManagerImpl method createBucket.

/**
 * MetadataDB is maintained in MetadataManager and shared between
 * BucketManager and VolumeManager. (and also by BlockManager)
 *
 * BucketManager uses MetadataDB to store bucket level information.
 *
 * Keys used in BucketManager for storing data into MetadataDB
 * for BucketInfo:
 * {volume/bucket} -> bucketInfo
 *
 * Work flow of create bucket:
 *
 * -> Check if the Volume exists in metadataDB, if not throw
 * VolumeNotFoundException.
 * -> Else check if the Bucket exists in metadataDB, if so throw
 * BucketExistException
 * -> Else update MetadataDB with VolumeInfo.
 */
/**
 * Creates a bucket.
 *
 * @param bucketInfo - OmBucketInfo.
 */
@Override
public void createBucket(OmBucketInfo bucketInfo) throws IOException {
    Preconditions.checkNotNull(bucketInfo);
    String volumeName = bucketInfo.getVolumeName();
    String bucketName = bucketInfo.getBucketName();
    boolean acquiredBucketLock = false;
    metadataManager.getLock().acquireWriteLock(VOLUME_LOCK, volumeName);
    try {
        acquiredBucketLock = metadataManager.getLock().acquireWriteLock(BUCKET_LOCK, volumeName, bucketName);
        String volumeKey = metadataManager.getVolumeKey(volumeName);
        String bucketKey = metadataManager.getBucketKey(volumeName, bucketName);
        OmVolumeArgs volumeArgs = metadataManager.getVolumeTable().get(volumeKey);
        // Check if the volume exists
        if (volumeArgs == null) {
            LOG.debug("volume: {} not found ", volumeName);
            throw new OMException("Volume doesn't exist", VOLUME_NOT_FOUND);
        }
        // Check if bucket already exists
        if (metadataManager.getBucketTable().get(bucketKey) != null) {
            LOG.debug("bucket: {} already exists ", bucketName);
            throw new OMException("Bucket already exist", OMException.ResultCodes.BUCKET_ALREADY_EXISTS);
        }
        BucketEncryptionKeyInfo bek = bucketInfo.getEncryptionKeyInfo();
        boolean hasSourceVolume = bucketInfo.getSourceVolume() != null;
        boolean hasSourceBucket = bucketInfo.getSourceBucket() != null;
        if (hasSourceBucket != hasSourceVolume) {
            throw new OMException("Both source volume and source bucket are " + "required for bucket links", OMException.ResultCodes.INVALID_REQUEST);
        }
        if (bek != null && hasSourceBucket) {
            throw new OMException("Encryption cannot be set for bucket links", OMException.ResultCodes.INVALID_REQUEST);
        }
        BucketEncryptionKeyInfo.Builder bekb = createBucketEncryptionKeyInfoBuilder(bek);
        OmBucketInfo.Builder omBucketInfoBuilder = bucketInfo.toBuilder().setCreationTime(Time.now());
        OzoneAclUtil.inheritDefaultAcls(omBucketInfoBuilder.getAcls(), volumeArgs.getDefaultAcls());
        if (bekb != null) {
            omBucketInfoBuilder.setBucketEncryptionKey(bekb.build());
        }
        OmBucketInfo omBucketInfo = omBucketInfoBuilder.build();
        commitBucketInfoToDB(omBucketInfo);
        if (hasSourceBucket) {
            LOG.debug("created link {}/{} to bucket: {}/{}", volumeName, bucketName, omBucketInfo.getSourceVolume(), omBucketInfo.getSourceBucket());
        } else {
            LOG.debug("created bucket: {} in volume: {}", bucketName, volumeName);
        }
    } catch (IOException ex) {
        if (!(ex instanceof OMException)) {
            LOG.error("Bucket creation failed for bucket:{} in volume:{}", bucketName, volumeName, ex);
        }
        throw ex;
    } finally {
        if (acquiredBucketLock) {
            metadataManager.getLock().releaseWriteLock(BUCKET_LOCK, volumeName, bucketName);
        }
        metadataManager.getLock().releaseWriteLock(VOLUME_LOCK, volumeName);
    }
}
Also used : OmBucketInfo(org.apache.hadoop.ozone.om.helpers.OmBucketInfo) OmVolumeArgs(org.apache.hadoop.ozone.om.helpers.OmVolumeArgs) BucketEncryptionKeyInfo(org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo) IOException(java.io.IOException) OMException(org.apache.hadoop.ozone.om.exceptions.OMException)

Example 3 with BucketEncryptionKeyInfo

use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.

the class OMKeyRequest method getFileEncryptionInfo.

protected static Optional<FileEncryptionInfo> getFileEncryptionInfo(OzoneManager ozoneManager, OmBucketInfo bucketInfo) throws IOException {
    Optional<FileEncryptionInfo> encInfo = Optional.absent();
    BucketEncryptionKeyInfo ezInfo = bucketInfo.getEncryptionKeyInfo();
    if (ezInfo != null) {
        final String ezKeyName = ezInfo.getKeyName();
        EncryptedKeyVersion edek = generateEDEK(ozoneManager, ezKeyName);
        encInfo = Optional.of(new FileEncryptionInfo(ezInfo.getSuite(), ezInfo.getVersion(), edek.getEncryptedKeyVersion().getMaterial(), edek.getEncryptedKeyIv(), ezKeyName, edek.getEncryptionKeyVersionName()));
    }
    return encInfo;
}
Also used : EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) BucketEncryptionKeyInfo(org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo) FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo)

Example 4 with BucketEncryptionKeyInfo

use of org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo in project ozone by apache.

the class RpcClient method createBucket.

@Override
public void createBucket(String volumeName, String bucketName, BucketArgs bucketArgs) throws IOException {
    verifyVolumeName(volumeName);
    verifyBucketName(bucketName);
    Preconditions.checkNotNull(bucketArgs);
    verifyCountsQuota(bucketArgs.getQuotaInNamespace());
    verifySpaceQuota(bucketArgs.getQuotaInBytes());
    String owner = bucketArgs.getOwner() == null ? ugi.getShortUserName() : bucketArgs.getOwner();
    Boolean isVersionEnabled = bucketArgs.getVersioning() == null ? Boolean.FALSE : bucketArgs.getVersioning();
    StorageType storageType = bucketArgs.getStorageType() == null ? StorageType.DEFAULT : bucketArgs.getStorageType();
    BucketEncryptionKeyInfo bek = null;
    if (bucketArgs.getEncryptionKey() != null) {
        bek = new BucketEncryptionKeyInfo.Builder().setKeyName(bucketArgs.getEncryptionKey()).build();
    }
    List<OzoneAcl> listOfAcls = getAclList();
    // ACLs from BucketArgs
    if (bucketArgs.getAcls() != null) {
        listOfAcls.addAll(bucketArgs.getAcls());
    }
    OmBucketInfo.Builder builder = OmBucketInfo.newBuilder();
    builder.setVolumeName(volumeName).setBucketName(bucketName).setIsVersionEnabled(isVersionEnabled).addAllMetadata(bucketArgs.getMetadata()).setStorageType(storageType).setSourceVolume(bucketArgs.getSourceVolume()).setSourceBucket(bucketArgs.getSourceBucket()).setQuotaInBytes(bucketArgs.getQuotaInBytes()).setQuotaInNamespace(bucketArgs.getQuotaInNamespace()).setAcls(listOfAcls.stream().distinct().collect(Collectors.toList())).setBucketLayout(bucketArgs.getBucketLayout()).setOwner(owner);
    if (bek != null) {
        builder.setBucketEncryptionKey(bek);
    }
    LOG.info("Creating Bucket: {}/{}, with {} as owner and Versioning {} and " + "Storage Type set to {} and Encryption set to {} ", volumeName, bucketName, owner, isVersionEnabled, storageType, bek != null);
    ozoneManagerClient.createBucket(builder.build());
}
Also used : OmBucketInfo(org.apache.hadoop.ozone.om.helpers.OmBucketInfo) StorageType(org.apache.hadoop.hdds.protocol.StorageType) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) BucketEncryptionKeyInfo(org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo)

Aggregations

BucketEncryptionKeyInfo (org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo)4 EncryptedKeyVersion (org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)2 FileEncryptionInfo (org.apache.hadoop.fs.FileEncryptionInfo)2 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)2 OmBucketInfo (org.apache.hadoop.ozone.om.helpers.OmBucketInfo)2 IOException (java.io.IOException)1 StorageType (org.apache.hadoop.hdds.protocol.StorageType)1 OzoneAcl (org.apache.hadoop.ozone.OzoneAcl)1 OmVolumeArgs (org.apache.hadoop.ozone.om.helpers.OmVolumeArgs)1