[
https://issues.apache.org/jira/browse/HADOOP-14951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16819296#comment-16819296
]
Daryn Sharp commented on HADOOP-14951:
--------------------------------------
This would be a good change. I expected to see something smaller. Since this
is dicey security code, not changing a lot of tests would make it much easier
to quickly prove that a subtle bug has not been introduced.
Can we scale it back a little? {{KMSConfiguration/KMSWebApp}} obviously needed
to be changed. Is it feasible to change {{KMSACLs}} into an abstract class,
then subclass as something like {{FileBasedKMSACLs}} and move the loading
methods into it? Hopefully that would be the extent of the change?
> KMSACL implementation is not configurable
> -----------------------------------------
>
> Key: HADOOP-14951
> URL: https://issues.apache.org/jira/browse/HADOOP-14951
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Priority: Major
> Labels: key-management, kms
> Attachments: HADOOP-14951-10.patch, HADOOP-14951-9.patch
>
>
> Currently, it is not possible to customize KMS's key management, if KMSACLs
> behaviour is not enough. If an external key management solution is used, that
> would need a higher level API, where it can decide, if the given operation is
> allowed, or not.
> For this to achieve, it would be a solution, to introduce a new interface,
> which could be implemented by KMSACLs - and also other KMS - and a new
> configuration point could be added, where the actual interface implementation
> could be specified.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
