[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14116071#comment-14116071
]
Alejandro Abdelnur commented on HADOOP-10758:
---------------------------------------------
*KeyAuthorizationKeyProvider.java*:
* class javadoc, use HTML markup (for the list), else everything will be
collapsed in one line.
* {{authorizeCreateKey()}} & {{checkAccess()}} should throw
{{AuthorizationException}} (it extends {{IOException}}.
* {{warmUpEncryptedKeys()}} should do an initial loop just to check access on
the whole array of names.
* IMO, read methods should be guarded as well, may of them return key material.
In multi-tenancy environments this will be required.
* The constants should be in {{KMSConfiguration}}
*KMSACLs.java*:
* {{setKeyACLs()}}, we shouldn’t set '*' as ACL if an ACL for a key is not
present. Because of a typo you can leave a key avail to everybody. Instead we
should have KEY DEFAULTs.
* KEY DEFAULTs for each operation, we should have them as fallback for keys
that do not have ACLs defined. They can set to a '*' default. At load time, if
the value is the default '*' we should WARN in the logs that the key defaults
are wide open.
> KMS: add ACLs on per key basis.
> -------------------------------
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
