[jira] [Commented] (HADOOP-11335) KMS ACL in meta data or database

Tue, 10 Mar 2015 20:23:55 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14356171#comment-14356171
 ] 

Dian Fu commented on HADOOP-11335:
----------------------------------

Thanks a lot for review and comments [~asuresh].

{quote}1. do we need a setMetadata() ? what happens if there is no keyname ? I 
feel we should not allow adding metadata for a key that does not exist. In 
which ocase only the add/remove MetadataAttribute methods are all that are 
required.{quote}
Agree, will remove {{setMetadata()}}
{quote}2. Like i mentioned earlier, I feel ACL related stuff should not find 
its way into the KeyProvider API. The KeyShell can expose create / delete 
ACL... but it should translate to add/remove metadata on the KeyProvider.{quote}
Add/remove metadata is only used for Metadata based ACL, so {{KeyShell}} cannot 
simply translate create/delete ACL to add/remove metadata. For example, for 
{{KMSClientProvider}}, whether Metadata based ACL or Configuration based ACL is 
used depends on the configurations of KMS and {{KeyShell}} don't know this 
information. Any thoughts?


> KMS ACL in meta data or database
> --------------------------------
>
>                 Key: HADOOP-11335
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11335
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Jerry Chen
>            Assignee: Dian Fu
>              Labels: Security
>         Attachments: HADOOP-11335.001.patch, HADOOP-11335.002.patch, 
> HADOOP-11335.003.patch, HADOOP-11335.004.patch, HADOOP-11335.005.patch, 
> HADOOP-11335.006.patch, HADOOP-11335.re-design.patch, KMS ACL in metadata or 
> database.pdf
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> Currently Hadoop KMS has implemented ACL for keys and the per key ACL are 
> stored in the configuration file kms-acls.xml.
> The management of ACL in configuration file would not be easy in enterprise 
> usage and it is put difficulties for backup and recovery.
> It is ideal to store the ACL for keys in the key meta data similar to what 
> file system ACL does.  In this way, the backup and recovery that works on 
> keys should work for ACL for keys too.
> On the other hand, with the ACL in meta data, the ACL of each key can be 
> easily manipulate with API or command line tool and take effect instantly.  
> This is very important for enterprise level access control management.  This 
> feature can be addressed by separate JIRA. While with the configuration file, 
> these would be hard to provide.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to