[
https://issues.apache.org/jira/browse/HADOOP-10430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13973345#comment-13973345
]
Andrew Wang commented on HADOOP-10430:
--------------------------------------
Stepping up a level, how many keys do we expect? The plan for HADOOP-10150 is
something like a key per encrypted user directory, meaning we're going to have
maybe hundreds of keys. Thousands or more would be surprising to me.
If it is O(hundreds), I'm not that worried about a return-everything
getMetadata command, even over RPC.
I'm also told that serious key providers have their own ways of doing key
management. KeyShell (which would use this getMetadata() API) could be used in
a pinch, but would not be the primary way of interacting with keys at a
large-scale deployment. With that in mind, the scalability of this API doesn't
seem as important.
> KeyProvider Metadata should have an optional description, there should be a
> method to retrieve the metadata from all keys
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10430
> URL: https://issues.apache.org/jira/browse/HADOOP-10430
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 3.0.0
>
> Attachments: HADOOP-10430.patch, HADOOP-10430.patch,
> HADOOP-10430.patch, HADOOP-10430.patch
>
>
> Being able to attach an optional description (and show it when displaying
> metadata) will enable giving some context on the keys.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
