[
https://issues.apache.org/jira/browse/HADOOP-17208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shilun Fan updated HADOOP-17208:
--------------------------------
Component/s: common
> LoadBalanceKMSClientProvider#deleteKey should invalidateCache via all
> KMSClientProvider instances
> -------------------------------------------------------------------------------------------------
>
> Key: HADOOP-17208
> URL: https://issues.apache.org/jira/browse/HADOOP-17208
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common
> Affects Versions: 2.8.4
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Without invalidateCache, the deleted key may still exists in the servers' key
> cache (CachingKeyProvider in KMSWebApp.java) where the delete key was not
> hit. Client may still be able to access encrypted files by specifying to
> connect to KMS instances with a cached version of the deleted key before the
> cache entry (10 min by default) expired.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
