We have encrypted the hdfs /user directory in our cluster and are having issues when we try to execute a "hdfs dfs -rm" command on a file in the hdfs /tmp directory. We get a "can't be moved into an encryption zone" because it's trying the use the "users" trash folder under /user/ directory.
We can use -skipTrash and it works fine, but we DO want to use the .Trash folder.
I know we can't move data from an encrpytion zone into a non encrypted folder, but wasn't epecting the reverse.
We can use a distcp command to copy data from an un-encrypted directory into an encryption zone, so not sure why the -rm command does not.
We've verified permissions on the directories and the kms-acls.xml
Has anyone seen this issue?