HDFS-8451. DFSClient probe for encryption testing interprets empty URI property for enabled. Contributed by Steve Loughran.

(cherry picked from commit 05e04f34f27149537fdb89f46af26bee14531ca4)

hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

@@ -552,6 +552,9 @@ Release 2.7.1 - UNRELEASED
     HDFS-8404. Pending block replication can get stuck using older genstamp
     (Nathan Roberts via kihwal)
 
+    HDFS-8451. DFSClient probe for encryption testing interprets empty URI
+    property for "enabled". (Steve Loughran via xyao)
+
 Release 2.7.0 - 2015-04-20
 
   INCOMPATIBLE CHANGES

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java

@@ -3179,10 +3179,15 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
     }
   }
 
+  /**
+   * Probe for encryption enabled on this filesystem.
+   * See {@link DFSUtil#isHDFSEncryptionEnabled(Configuration)}
+   * @return true if encryption is enabled
+   */
   public boolean isHDFSEncryptionEnabled() {
-    return conf.get(
-        DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null) != null;
+    return DFSUtil.isHDFSEncryptionEnabled(this.conf);
   }
+
   /**
    * Returns the SaslDataTransferClient configured for this DFSClient.
    *

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java

@@ -147,8 +147,8 @@ public class DFSUtil {
           a.isDecommissioned() ? 1 : -1;
       }
     };
-    
-      
+
+
   /**
    * Comparator for sorting DataNodeInfo[] based on decommissioned/stale states.
    * Decommissioned/stale nodes are moved to the end of the array on sorting
@@ -1495,9 +1495,9 @@ public class DFSUtil {
   public static KeyProvider createKeyProvider(
       final Configuration conf) throws IOException {
     final String providerUriStr =
-        conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
+        conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
     // No provider set in conf
-    if (providerUriStr == null) {
+    if (providerUriStr.isEmpty()) {
       return null;
     }
     final URI providerUri;
@@ -1548,4 +1548,18 @@ public class DFSUtil {
   public static int getSmallBufferSize(Configuration conf) {
     return Math.min(getIoFileBufferSize(conf) / 2, 512);
   }
+
+  /**
+   * Probe for HDFS Encryption being enabled; this uses the value of
+   * the option {@link DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI},
+   * returning true if that property contains a non-empty, non-whitespace
+   * string.
+   * @param conf configuration to probe
+   * @return true if encryption is considered enabled.
+   */
+  public static boolean isHDFSEncryptionEnabled(Configuration conf) {
+    return !conf.getTrimmed(
+        DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "").isEmpty();
+  }
+
 }

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/KeyProviderCache.java

@@ -83,9 +83,9 @@ public class KeyProviderCache {
 
   private URI createKeyProviderURI(Configuration conf) {
     final String providerUriStr =
-        conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
+        conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
     // No provider set in conf
-    if (providerUriStr == null) {
+    if (providerUriStr.isEmpty()) {
       LOG.error("Could not find uri with key ["
           + DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI
           + "] to create a keyProvider !!");

hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSUtil.java

@@ -897,4 +897,22 @@ public class TestDFSUtil {
     } catch (IOException ignored) {
     }
   }
+
+  @Test
+  public void testEncryptionProbe() throws Throwable {
+    Configuration conf = new Configuration(false);
+    conf.unset(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI);
+    assertFalse("encryption enabled on no provider key",
+        DFSUtil.isHDFSEncryptionEnabled(conf));
+    conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "");
+    assertFalse("encryption enabled on empty provider key",
+        DFSUtil.isHDFSEncryptionEnabled(conf));
+    conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "\n\t\n");
+    assertFalse("encryption enabled on whitespace provider key",
+        DFSUtil.isHDFSEncryptionEnabled(conf));
+    conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "http://hadoop.apache.org");
+    assertTrue("encryption disabled on valid provider key",
+        DFSUtil.isHDFSEncryptionEnabled(conf));
+
+  }
 }

hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java

@@ -699,7 +699,7 @@ public class TestEncryptionZones {
     // Flushing the KP on the NN, since it caches, and init a test one
     cluster.getNamesystem().getProvider().flush();
     KeyProvider provider = KeyProviderFactory
-        .get(new URI(conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)),
+        .get(new URI(conf.getTrimmed(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)),
             conf);
     List<String> keys = provider.getKeys();
     assertEquals("Expected NN to have created one key per zone", 1,