[
https://issues.apache.org/jira/browse/HADOOP-13827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15688392#comment-15688392
]
Andrew Wang commented on HADOOP-13827:
--------------------------------------
Thanks for splitting this out Xiao. Some review comments:
* It's be more future proof if the reencryption API also took a keyName. This
way we could rotate to a new key entirely, or rename between encryption zones.
* Regarding authorization, reencrypt right now reuses the DECRYPT_EEK ACL. We
separated out the GENERATE_EEK and DECRYPT_EEK so that the namenode doesn't
need DECRYPT_EEK. Also, the other ops all have per-op ACLs, so this should
probably be per-op as well.
* Related, I'd like to see some authorization-related tests.
* KMSAudit whitelists DECRYPT_EEK and GENERATE_EEK, should probably add
REENCRYPT_EEK as well. Audit test update would be good too.
* A doc update to explain this new op and what additionally needs to be
configured would be good.
* We need KMS-level tests as well, looks like the added tests only cover the
KPCE implementation.
> Add reencryptEDEK interface for KMS
> -----------------------------------
>
> Key: HADOOP-13827
> URL: https://issues.apache.org/jira/browse/HADOOP-13827
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HDFS-11159.01.patch
>
>
> This is the KMS part. Please refer to HDFS-10899 for the design doc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
