[ https://issues.apache.org/jira/browse/HADOOP-14705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16131330#comment-16131330 ]
Wei-Chiu Chuang edited comment on HADOOP-14705 at 8/17/17 10:19 PM: -------------------------------------------------------------------- Thanks for the new patch, Xiao. Looking at rev 007, I feel like adding an artificial, hard-coded limit of size of payload is not the best approach. {code:title=EagerKeyGeneratorKeyProviderCryptoExtension#reencryptEncryptedKeys} Preconditions.checkArgument(jsonPayload.size() <= MAX_NUM_PER_BATCH, "jsonPayload too many objects"); {code} I would actually prefer to log a warning if the size exceed a certain limit, than rejecting it right away. After adding this interface, does it deprecate the old reencrypt interface added in HADOOP-13827? Regarding doc: it might be useful to mention the batch reencryption interface only supports EEKs in the same encryption zone (or has the same EK) was (Author: jojochuang): Thanks for the new patch, Xiao. Looking at rev 007, I feel like adding an artificial, hard-coded limit of size of payload is not the best approach. {code:title=EagerKeyGeneratorKeyProviderCryptoExtension#reencryptEncryptedKeys} Preconditions.checkArgument(jsonPayload.size() <= MAX_NUM_PER_BATCH, "jsonPayload too many objects"); {code} I would actually prefer to log a warning if the size exceed a certain limit, than rejecting it right away. After adding this interface, does it deprecate the old reencrypt interface added in HADOOP-13827? > Add batched reencryptEncryptedKey interface to KMS > -------------------------------------------------- > > Key: HADOOP-14705 > URL: https://issues.apache.org/jira/browse/HADOOP-14705 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Reporter: Xiao Chen > Assignee: Xiao Chen > Attachments: HADOOP-14705.01.patch, HADOOP-14705.02.patch, > HADOOP-14705.03.patch, HADOOP-14705.04.patch, HADOOP-14705.05.patch, > HADOOP-14705.06.patch, HADOOP-14705.07.patch > > > HADOOP-13827 already enabled the KMS to re-encrypt a {{EncryptedKeyVersion}}. > As the performance results of HDFS-10899 turns out, communication overhead > with the KMS occupies the majority of the time. So this jira proposes to add > a batched interface to re-encrypt multiple EDEKs in 1 call. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org