[ https://issues.apache.org/jira/browse/HADOOP-10177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870280#comment-13870280 ]
Larry McCay commented on HADOOP-10177: -------------------------------------- "All of the commands should use the first non-transient provider unless there is only one provider. (typically because the user specified --provider)" Let's make sure that this is clear: * if there is more than one provider configured then ALL commands will try and find the first non-transient - if there are none then we will choose the first? * if there is only one provider configured or indicated via the --provider then that provider is used irrespective of it being transient or not. * these requirements end up allowing keys to be "created" in transient providers - i'm not sure that the semantics of our versioning hold up in that context. When the transient provider expires so does the entire set of keyversions. > Create CLI tools for managing keys via the KeyProvider API > ---------------------------------------------------------- > > Key: HADOOP-10177 > URL: https://issues.apache.org/jira/browse/HADOOP-10177 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Owen O'Malley > Assignee: Larry McCay > Attachments: 10177.patch > > > The KeyProvider API provides access to keys, but we need CLI tools to provide > the ability to create and delete keys. I'd think it would look something like: > {code} > % hadoop key -create key1 > % hadoop key -roll key1 > % hadoop key -list key1 > % hadoop key -delete key1 > {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)