[
https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14045573#comment-14045573
]
Andrew Wang commented on HADOOP-10720:
--------------------------------------
This sounds really good Tucu. We're still going to have some complexity on the
NN since there's still the possibility of a synchronous call, but having the
pre-populated cache on the KMSClientProvider will save us having to do it in
the NN.
Few q's and comments:
* Are you planning to make the generateEDEK API batch? Would be more efficient
at filling the queue.
* How are the watermarks determined? The rate of generation will differ greatly
between EZs, ideally we have enough to handle bursts of write traffic (i.e. MR
output)
* This client caching and batch stuff could also be punted to a later JIRA,
I'm interested in seeing this committed soon so we can start using it on the
fs-encryption branch.
> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
> Key: HADOOP-10720
> URL: https://issues.apache.org/jira/browse/HADOOP-10720
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch,
> COMBO.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch,
> HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and
> decrypting them via the REST API being introduced by HADOOP-10719.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
