[
https://issues.apache.org/jira/browse/HADOOP-11469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14293085#comment-14293085
]
Yi Liu commented on HADOOP-11469:
---------------------------------
Hi Dian, it's better we don't add the suffix check ({{KeyOpType}}) to regex:
{code}
+ StringUtils.join("|", Arrays.asList(KeyOpType.values())) + ")$"
{code}
Since we also have this check in the code:
{code}
String keyOp = k.substring(keyNameEnds + 1);
KeyOpType aclType = null;
try {
aclType = KeyOpType.valueOf(keyOp);
} catch (IllegalArgumentException e) {
LOG.warn("Invalid key Operation '{}'", keyOp);
}
{code}
And if some {{KeyOpType}} is typo in the configuration file, there is warning
log. I think the {{KeyOpType}} is easy for typo, right? But the prefix
({{key.acl.}}) is simple.
> KMS should skip default.key.acl and whitelist.key.acl when loading key acl
> --------------------------------------------------------------------------
>
> Key: HADOOP-11469
> URL: https://issues.apache.org/jira/browse/HADOOP-11469
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Reporter: Dian Fu
> Assignee: Dian Fu
> Priority: Minor
> Attachments: HADOOP-11469.001.patch, HADOOP-11469.002.patch,
> HADOOP-11469.003.patch, HADOOP-11469.004.patch
>
>
> KMSACLs#setKeyACLs, loads key ACLs from the configuration by checking if the
> key name contains "key.acl". However, this also matches "default.key.acl" and
> "whitelist.key.acl" which is incorrect.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
