[
https://issues.apache.org/jira/browse/HADOOP-17208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17212811#comment-17212811
]
Xiaoqiao He commented on HADOOP-17208:
--------------------------------------
Thanks [~xyao] for your comments, I am concerned if this is incompatible
improvement. After changes, we expose INVALIDATE_CACHE acl to end user which
does not need to care about before. Please correct me if something I missed.
Thanks.
> LoadBalanceKMSClientProvider#deleteKey should invalidateCache via all
> KMSClientProvider instances
> -------------------------------------------------------------------------------------------------
>
> Key: HADOOP-17208
> URL: https://issues.apache.org/jira/browse/HADOOP-17208
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 2.8.4
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Without invalidateCache, the deleted key may still exists in the servers' key
> cache (CachingKeyProvider in KMSWebApp.java) where the delete key was not
> hit. Client may still be able to access encrypted files by specifying to
> connect to KMS instances with a cached version of the deleted key before the
> cache entry (10 min by default) expired.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
