[jira] [Commented] (HADOOP-14705) Add batched reencryptEncryptedKey interface to KMS

Sun, 20 Aug 2017 15:54:23 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16134586#comment-16134586
 ] 

Wei-Chiu Chuang commented on HADOOP-14705:
------------------------------------------

Did a final review before I sign off --

Found a few very minor log messages that worth improvement:

{code:title=KeyProviderCryptoExtension#reencryptEncryptedKeys}
"encryptedKey version name must be '%s', is '%s'"
...
"All keys must be with same key name. found '%s', '%s'"
{code}
can be updated with 
{code}
"encryptedKey version name must be '%s', but found '%s'"
and
"All keys must have the same key name. Expected '%s' but found '%s'"
{code}
(KMSClientProvider#reencryptEncryptedKeys has the same Preconditions check that 
can also be updated)

Would it make sense to move the following encryptor/decryptor initilalization 
{code}
                  if (decryptor == null) {
                    decryptor = cc.createDecryptor();
                  }
                  if (encryptor == null) {
                    encryptor = cc.createEncryptor();
                  }
{code}
to right after 
{code}
try (CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf())) {
{code}? (i.e. before the while loop)

Thanks for the work. I am +1 after these nits are addressed.

> Add batched reencryptEncryptedKey interface to KMS
> --------------------------------------------------
>
>                 Key: HADOOP-14705
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14705
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-14705.01.patch, HADOOP-14705.02.patch, 
> HADOOP-14705.03.patch, HADOOP-14705.04.patch, HADOOP-14705.05.patch, 
> HADOOP-14705.06.patch, HADOOP-14705.07.patch, HADOOP-14705.08.patch, 
> HADOOP-14705.09.patch
>
>
> HADOOP-13827 already enabled the KMS to re-encrypt a {{EncryptedKeyVersion}}.
> As the performance results of HDFS-10899 turns out, communication overhead 
> with the KMS occupies the majority of the time. So this jira proposes to add 
> a batched interface to re-encrypt multiple EDEKs in 1 call.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to