[
https://issues.apache.org/jira/browse/HADOOP-14951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16832369#comment-16832369
]
Zsombor Gegesy commented on HADOOP-14951:
-----------------------------------------
Sure, good idea. The only thing which concern me currently, is that currently
we have _boolean hasAccess(Type keyOperationType, UserGroupInformation ugi,
String key)_ and _boolean hasAccessToKey(String keyName, UserGroupInformation
ugi, KeyOpType opType)_ which looks very similar, the only real difference is
the operation type enum. Do we really need two separate types?
> KMSACL implementation is not configurable
> -----------------------------------------
>
> Key: HADOOP-14951
> URL: https://issues.apache.org/jira/browse/HADOOP-14951
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Priority: Major
> Labels: key-management, kms
> Attachments: HADOOP-14951-10.patch, HADOOP-14951-11.patch,
> HADOOP-14951-9.patch
>
>
> Currently, it is not possible to customize KMS's key management, if KMSACLs
> behaviour is not enough. If an external key management solution is used, that
> would need a higher level API, where it can decide, if the given operation is
> allowed, or not.
> For this to achieve, it would be a solution, to introduce a new interface,
> which could be implemented by KMSACLs - and also other KMS - and a new
> configuration point could be added, where the actual interface implementation
> could be specified.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
