[ https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15895062#comment-15895062 ]
Yongjun Zhang commented on HADOOP-14104: ---------------------------------------- Hi [~daryn], Took a further look, my understanding is: Credentials is an object stored in UGI, and it is passed around to various components such as mappers and reducers to get a job done. The Credentials object contains two maps: {code} private Map<Text, byte[]> secretKeysMap = new HashMap<Text, byte[]>(); private Map<Text, Token<? extends TokenIdentifier>> tokenMap = new HashMap<Text, Token<? extends TokenIdentifier>>(); {code} When initializing the Credentials object for the client, the token map is populated by asking NN for the tokens with FSNamesystem#getDelegationToken(Text renewer) The secretKeysMap is populated by UserProvider. To add fs/keyProvider entries to secretKeysMap, we call getServerDefaults once to get back the keyProvider info, and update secretKeysMap with entries <fs, keyProvider>. Is that understanding correct? Thanks. --Yongjun > Client should always ask namenode for kms provider path. > -------------------------------------------------------- > > Key: HADOOP-14104 > URL: https://issues.apache.org/jira/browse/HADOOP-14104 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Reporter: Rushabh S Shah > Assignee: Rushabh S Shah > Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch > > > According to current implementation of kms provider in client conf, there can > only be one kms. > In multi-cluster environment, if a client is reading encrypted data from > multiple clusters it will only get kms token for local cluster. > Not sure whether the target version is correct or not. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org