[jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API

Tue, 08 Jul 2014 10:04:48 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14055134#comment-14055134
 ] 

Arun Suresh commented on HADOOP-10720:
--------------------------------------

[~tucu00], thanks for the feedback. Will upload a patch shortly addressing 
these. Couplo things though :

bq. why are we moving EncryptedKeyVersion inside of CryptoExtension?
So the {{KMSClientProvider}} is an instance of {{CryptoExtension}}, not 
{{KeyProviderCryptoExtension}}. Thus since the {{EncryptedKeyVersion}} 
constructor is protected, it will not be assessable to {{KMSClientProvider}} to 
subclass unless it part {{CryptoExtension}}.
Also, I felt having {{EncryptedKeyVersion}} in {{CryptoExtension}} makes more 
sense since this will allow different implementations of CE to have its own 
EncKeyVersion without forcing it to be a subclass of KPCE.


bq. getAtLeast(), if queue is empty should trigger async queue filling and fill 
1 value synchronous to avoid stealing from other request.
Sure, but I put the getAtLeast() to enforce the contract that the client 
requires at-least 'n' keys from the call.. Maybe I could change the signature 
to getAtMost() ? and return 1 if Queue is empty ?

> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10720
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10720
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, 
> COMBO.patch, HADOOP-10720.1.patch, HADOOP-10720.2.patch, 
> HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.patch, 
> HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and 
> decrypting them via the REST API being introduced by HADOOP-10719.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to