[jira] [Commented] (HADOOP-11017) KMS delegation token secret manager should be able to use zookeeper as store

Thu, 18 Sep 2014 09:18:53 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14139129#comment-14139129
 ] 

Alejandro Abdelnur commented on HADOOP-11017:
---------------------------------------------

Initial pass of feedback, just skimmed the ZK impl details, will do another 
pass on that logic and follow up.

*AbstractDelegationTokenSecretManager.java*:
* the comments '// for ZK based secretManager' should read something like 'For 
subclasses externalizing the storage, for example Zookeeper based 
implementations'

*DelegationTokenAuthenticationHandler.java*:
* in the {{initTokenManager()}} we now pass the configuration to the 
{{DelegationTokenManager}}, we can move all the parameter resolution into the 
{{DelegationTokenManager}}, also, pass the {{conf}} Configuration var instead 
the [{config}} Properties var. Move all the related constants to the 
{{DegationTokenManager}} class as well.

*DelegationTokenManager.java*:
* {{ENABLE_ZK_KEY}} has a typo 'delgation', also this constant should work like 
the ones coming from {{DelegationTokenAuthenticationHandler}} with trimmed 
prefix.
* Passing a {{Configuration}} instead of a {{Properties}} will make thinks 
easier for the {{ZKDelegationTokenSecretManager}}

*KMSConfiguration.java*:
* The newly added constants don’t seem to be used 

*TestDelegationTokenManager.java*:
* A bunch of unused imports

*ZKDelegationTokenSecretManager.java*:
* Using a {{Configuration}} will make things shorter and you don't need the 
{ZKConf}} inner class, you can simply resolve all property values upfront in 
the constructor
* many of the {{process*()}} are not using the the {{path}} parameter is that 
intentional?
* we should support ZK 'none’ and 'sasl' authentication/acls
* typo in comments 'SecretMangager'





> KMS delegation token secret manager should be able to use zookeeper as store
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-11017
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11017
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-11017.1.patch, HADOOP-11017.WIP.patch
>
>
> This will allow supporting multiple KMS instances behind a load balancer.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to