[
https://issues.apache.org/jira/browse/HADOOP-11335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14516595#comment-14516595
]
Hadoop QA commented on HADOOP-11335:
------------------------------------
\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch | 14m 36s | Pre-patch trunk compilation is
healthy. |
| {color:green}+1{color} | @author | 0m 0s | The patch does not contain any
@author tags. |
| {color:green}+1{color} | tests included | 0m 0s | The patch appears to
include 6 new or modified test files. |
| {color:red}-1{color} | whitespace | 0m 0s | The patch has 6 line(s) that
end in whitespace. |
| {color:green}+1{color} | javac | 7m 30s | There were no new javac warning
messages. |
| {color:red}-1{color} | javadoc | 9m 36s | The applied patch generated 4
additional warning messages. |
| {color:green}+1{color} | release audit | 0m 22s | The applied patch does
not increase the total number of release audit warnings. |
| {color:red}-1{color} | checkstyle | 5m 22s | The applied patch generated
16 additional checkstyle issues. |
| {color:green}+1{color} | install | 1m 33s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse | 0m 32s | The patch built with
eclipse:eclipse. |
| {color:red}-1{color} | findbugs | 5m 22s | The patch appears to introduce 3
new Findbugs (version 2.0.3) warnings. |
| {color:green}+1{color} | common tests | 24m 26s | Tests passed in
hadoop-common. |
| {color:green}+1{color} | common tests | 1m 42s | Tests passed in
hadoop-kms. |
| {color:red}-1{color} | hdfs tests | 185m 12s | Tests failed in hadoop-hdfs. |
| | | 256m 33s | |
\\
\\
|| Reason || Tests ||
| FindBugs | module:hadoop-common |
| | Impossible downcast of toArray() result to String[] in
org.apache.hadoop.crypto.key.KeyShell$RemoveAttributeCommand.execute() At
KeyShell.java:to String[] in
org.apache.hadoop.crypto.key.KeyShell$RemoveAttributeCommand.execute() At
KeyShell.java:[line 599] |
| | Impossible downcast of toArray() result to String[] in
org.apache.hadoop.crypto.key.KeyShell$RemoveAttributeCommand.validate() At
KeyShell.java:to String[] in
org.apache.hadoop.crypto.key.KeyShell$RemoveAttributeCommand.validate() At
KeyShell.java:[line 573] |
| FindBugs | module:hadoop-kms |
| | Write to static field
org.apache.hadoop.crypto.key.kms.server.keyacls.PerKeyACLs.perKeyACLs from
instance method
org.apache.hadoop.crypto.key.kms.server.keyacls.PerKeyACLs.clear() At
PerKeyACLs.java:from instance method
org.apache.hadoop.crypto.key.kms.server.keyacls.PerKeyACLs.clear() At
PerKeyACLs.java:[line 59] |
| Timed out tests |
org.apache.hadoop.hdfs.server.blockmanagement.TestDatanodeManager |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL |
http://issues.apache.org/jira/secure/attachment/12728686/HADOOP-11335.007.patch
|
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / feb68cb |
| whitespace |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/whitespace.txt
|
| javadoc |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/diffJavadocWarnings.txt
|
| checkstyle |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/checkstyle-result-diff.txt
|
| Findbugs warnings |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/newPatchFindbugsWarningshadoop-common.html
|
| Findbugs warnings |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/newPatchFindbugsWarningshadoop-kms.html
|
| hadoop-common test log |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/testrun_hadoop-common.txt
|
| hadoop-kms test log |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/testrun_hadoop-kms.txt
|
| hadoop-hdfs test log |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/artifact/patchprocess/testrun_hadoop-hdfs.txt
|
| Test Results |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP
PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output |
https://builds.apache.org/job/PreCommit-HADOOP-Build/6200/console |
This message was automatically generated.
> KMS ACL in meta data or database
> --------------------------------
>
> Key: HADOOP-11335
> URL: https://issues.apache.org/jira/browse/HADOOP-11335
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Jerry Chen
> Assignee: Dian Fu
> Labels: Security
> Attachments: HADOOP-11335.001.patch, HADOOP-11335.002.patch,
> HADOOP-11335.003.patch, HADOOP-11335.004.patch, HADOOP-11335.005.patch,
> HADOOP-11335.006.patch, HADOOP-11335.007.patch, HADOOP-11335.re-design.patch,
> KMS ACL in metadata or database.pdf
>
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> Currently Hadoop KMS has implemented ACL for keys and the per key ACL are
> stored in the configuration file kms-acls.xml.
> The management of ACL in configuration file would not be easy in enterprise
> usage and it is put difficulties for backup and recovery.
> It is ideal to store the ACL for keys in the key meta data similar to what
> file system ACL does. In this way, the backup and recovery that works on
> keys should work for ACL for keys too.
> On the other hand, with the ACL in meta data, the ACL of each key can be
> easily manipulate with API or command line tool and take effect instantly.
> This is very important for enterprise level access control management. This
> feature can be addressed by separate JIRA. While with the configuration file,
> these would be hard to provide.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
