KeDeng has posted comments on this change. ( http://gerrit.cloudera.org:8080/19622 )
Change subject: [multi-tenancy] KUDU-3413 update server key for multi-tenancy ...................................................................... Patch Set 3: (2 comments) Thank you very much for your attention! Due to this future being a very large feature, I plan to roughly break it down into the following steps: 1. Solve the problem of upgrading existing encrypted data to multiple tenants, and at the same time, determine the metadata definition of tenants; 2. Add a multi tenant implementation with a namespace; 3. Add management interfaces for CRUD on upper level tenants; 4. Add key acquisition and management for multiple tenants; 5. Add control implementation of encryption mode; Each step may be split into multiple patches due to varying implementation complexity. Do you think there are any omissions? http://gerrit.cloudera.org:8080/#/c/19622/3//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/19622/3//COMMIT_MSG@14 PS3, Line 14: I replaced the server key with the : tenant key, which belongs to the default tenant. > Although mapping a node to a single tenant at first may be ok, how would th Each tenant will have their own ENV, and each ENV will have their own encryption key, which means that each tenant can ensure that their encryption key is exclusive. To some extent, each tenant is similar to the current independent server, and we need to expand its functionality. When adding new tenants in the future, there will be a new creation process, and this patch is mainly to solve the problem of switching existing encrypted data to the default tenant. http://gerrit.cloudera.org:8080/#/c/19622/3/src/kudu/fs/fs.proto File src/kudu/fs/fs.proto: http://gerrit.cloudera.org:8080/#/c/19622/3/src/kudu/fs/fs.proto@59 PS3, Line 59: tenant_name > Do you think we need to have a way to make tenants uniquely identifiable? M That's really a good idea. It can make us more flexible in managing tenant changes in certain scenarios. I will add this implementation later. Thank you for your suggestion! -- To view, visit http://gerrit.cloudera.org:8080/19622 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I9e450d73940eb1dbaac6f905a46d6ccd084f15cf Gerrit-Change-Number: 19622 Gerrit-PatchSet: 3 Gerrit-Owner: KeDeng <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Ashwani Raina <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: KeDeng <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Wang Xixu <[email protected]> Gerrit-Reviewer: Yifan Zhang <[email protected]> Gerrit-Reviewer: Yingchun Lai <[email protected]> Gerrit-Reviewer: Yuqi Du <[email protected]> Gerrit-Comment-Date: Wed, 05 Apr 2023 04:40:16 +0000 Gerrit-HasComments: Yes
