[
https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14055543#comment-14055543
]
Andrew Wang commented on HADOOP-10720:
--------------------------------------
Hey Arun, did a quick skim of this patch, few comments:
* typos: "IOExeption", "atleast", "funciton", "Defalt"
* New config keys should be added/documented in core-default.xml. Can c+p the
reference to core-default.xml for the javadocs in CommonConfigurationKeys.java.
* Let's also put the time unit into the config key name, e.g. appending {{_MS}}
* Could we rename the config params to say "refill" rather than just "fill"?
* I'd prefer to use ArrayLists rather than LinkedLists if we already know the
size upfront. Should be more efficient.
* It looks like the keyQueueFiller could race with an ongoing refill, so it
refills above the desired size.
* Tucu might have already asked this (didn't quite follow the above
discussion), but we want to make sure that there isn't a race such that a
client triggers a refill, a bunch of others come in and take all the keys, and
then the first client blocks on {{keyQueue.take()}}. One solution is using
{{poll()}} instead, continuing to trigger refills while the return value is
null.
* It looks like client requests will only will refill a single key. It seems
like we should request a batch of keys, assuming that network overhead is the
dominant cost here. I don't know how costly key generation is, but filling up
all the way to the {{threshold}} or at least to the {{lowWatermark}} would be
simple policies.
* Would also prefer {{lowWatermark}} rather than {{lowWaterMark}}, since
"watermark" is a single word.
Thanks for working on this! I'll give a more thorough review with your next
patch rev.
> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
> Key: HADOOP-10720
> URL: https://issues.apache.org/jira/browse/HADOOP-10720
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch,
> COMBO.patch, HADOOP-10720.1.patch, HADOOP-10720.2.patch,
> HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.patch,
> HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and
> decrypting them via the REST API being introduced by HADOOP-10719.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
