[
https://issues.apache.org/jira/browse/HADOOP-14705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133353#comment-16133353
]
Rushabh S Shah commented on HADOOP-14705:
-----------------------------------------
{quote}
>From my understanding, the goal for these is purely for maintenance and
>statistics. Since key level operations are rare, they're aggregated to the
>same meters - either admin.calls or key.calls.
{quote}
I will take your word for this. You are more closer to developers who developed
this feature compared to me. :)
{quote}
Problem with that is, the precondition checks also become IOEs.
The outer wrapper is only to make it possible to log a debug message in the KMS
if things go wrong, the inner exception seems to consider provider-thrown
exceptions more serious and log an error.... I don't fully get the history for
this, so didn't change.
{quote}
This patch is converting all the exceptions from {{doAs}} into {{IOException}}.
If we remove the try catch from {{doAs}} context, then all the exceptions that
originate from Preconditions will be re-thrown as the same exception.
Relevant piece of code is below.
{noformat}
} catch (Exception e) {
LOG.debug("Exception in reencryptEncryptedKeys.", e);
throw e;
} finally {
LOG.trace("Exiting handleEncryptedKeyOp method.");
}
{noformat}
bq. I think the current way is more consistent with other methods in KMS and
creates least surprise.
_Only_ {{KMS#generateEncryptedKeys}} is following this practice i.e.
surrounding try catch around {{user.doAs}}.
bq. Looking at testGenerateEncryptedKey this case is also there, and I think it
doesn't hurt to make sure they're different fruits.
I would rather remove this comparison.
The new developers who will work on this code in future will also follow this
practice and that is not desirable.
If I were you then I will remove that test case from
{{testGenerateEncryptedKey}} also but I would leave it upto you.
> Add batched reencryptEncryptedKey interface to KMS
> --------------------------------------------------
>
> Key: HADOOP-14705
> URL: https://issues.apache.org/jira/browse/HADOOP-14705
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-14705.01.patch, HADOOP-14705.02.patch,
> HADOOP-14705.03.patch, HADOOP-14705.04.patch, HADOOP-14705.05.patch,
> HADOOP-14705.06.patch, HADOOP-14705.07.patch, HADOOP-14705.08.patch
>
>
> HADOOP-13827 already enabled the KMS to re-encrypt a {{EncryptedKeyVersion}}.
> As the performance results of HDFS-10899 turns out, communication overhead
> with the KMS occupies the majority of the time. So this jira proposes to add
> a batched interface to re-encrypt multiple EDEKs in 1 call.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
