[
https://issues.apache.org/jira/browse/HADOOP-17208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17212623#comment-17212623
]
Xiaoyu Yao commented on HADOOP-17208:
-------------------------------------
Good catch [~ayushtkn]. And thanks [~hexiaoqiao] for looking into this.
The original design of the INVALIDATE_CACHE op is tied to ROLLOVER ACL. The
test itself can be fixed by allowing "DELETE" user to have ROLLOVER just like
SET_KEY_MATERIAL does.
conf.set(KMSACLs.Type.ROLLOVER.getAclConfigKey(),
KMSACLs.Type.ROLLOVER.toString() + ",SET_KEY_MATERIAL,DELETE");
It would be much clean if we can have a separate INVALIDATE_CACHE ACL type to
differentiate INVALIDATE_CACHE other than ROLLOVER itself like SET_KEY_MATERIAL
and DELETE.
> LoadBalanceKMSClientProvider#deleteKey should invalidateCache via all
> KMSClientProvider instances
> -------------------------------------------------------------------------------------------------
>
> Key: HADOOP-17208
> URL: https://issues.apache.org/jira/browse/HADOOP-17208
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 2.8.4
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Without invalidateCache, the deleted key may still exists in the servers' key
> cache (CachingKeyProvider in KMSWebApp.java) where the delete key was not
> hit. Client may still be able to access encrypted files by specifying to
> connect to KMS instances with a cached version of the deleted key before the
> cache entry (10 min by default) expired.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
