[
https://issues.apache.org/jira/browse/HADOOP-10177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870280#comment-13870280
]
Larry McCay commented on HADOOP-10177:
--------------------------------------
"All of the commands should use the first non-transient provider unless there
is only one provider. (typically because the user specified --provider)"
Let's make sure that this is clear:
* if there is more than one provider configured then ALL commands will try and
find the first non-transient
- if there are none then we will choose the first?
* if there is only one provider configured or indicated via the --provider then
that provider is used irrespective of it being transient or not.
* these requirements end up allowing keys to be "created" in transient
providers - i'm not sure that the semantics of our versioning hold up in that
context. When the transient provider expires so does the entire set of
keyversions.
> Create CLI tools for managing keys via the KeyProvider API
> ----------------------------------------------------------
>
> Key: HADOOP-10177
> URL: https://issues.apache.org/jira/browse/HADOOP-10177
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Owen O'Malley
> Assignee: Larry McCay
> Attachments: 10177.patch
>
>
> The KeyProvider API provides access to keys, but we need CLI tools to provide
> the ability to create and delete keys. I'd think it would look something like:
> {code}
> % hadoop key -create key1
> % hadoop key -roll key1
> % hadoop key -list key1
> % hadoop key -delete key1
> {code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
