[jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API

Fri, 18 Jul 2014 20:47:28 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14067366#comment-14067366
 ] 

Alejandro Abdelnur commented on HADOOP-10720:
---------------------------------------------

The refactoring into a crypto extension is good idea, I like it.

The constant {{KEY_CACHE_PREFIX}} could be renamed to {{CONFIG_PREFIX}}. Its 
value, to be consistent with other KMS server configs, should be 
{{"hadoop.kms.encrypted.key.cache."}}. We should adde these configs to the KMS 
documentation page.

The {{setKeyProvider()}} in the {{Extension}} interface is defining a contract 
on how the KeyProvider is passed to the extension, we should honor that 
contract in all extension creations (instead passing it in the constructor of 
the default extensions).

In the {{KeyProviderCryptoExtension}}, the 
{{createKeyProviderCryptoExtension(KeyProvider keyProvider)}} method should 
delegate to the other signature of the method.





> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10720
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10720
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, 
> COMBO.patch, HADOOP-10720-10750.COMBO.patch, HADOOP-10720.1.patch, 
> HADOOP-10720.10.patch, HADOOP-10720.11.patch, HADOOP-10720.12.patch, 
> HADOOP-10720.13.patch, HADOOP-10720.14.patch, HADOOP-10720.15.patch, 
> HADOOP-10720.16.patch, HADOOP-10720.2.patch, HADOOP-10720.3.patch, 
> HADOOP-10720.4.patch, HADOOP-10720.5.patch, HADOOP-10720.6.patch, 
> HADOOP-10720.7.patch, HADOOP-10720.8.patch, HADOOP-10720.9.patch, 
> HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, 
> HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and 
> decrypting them via the REST API being introduced by HADOOP-10719.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to