[
https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14045580#comment-14045580
]
Alejandro Abdelnur commented on HADOOP-10720:
---------------------------------------------
On generateEDEK API being batch?
I wouldn't make it batch, that is a client/server implementation detail. being
batch would complicate things for clients as clients would have to hold on to N
values and then use them as needed. I'd say let the KMS client do that holding
entirely, and the NN asks one at the time.
On how watermarks are determined?
First, I would start simple, fixed by configuration, then i would make them
variable based on demand.
On punting the caching and batch to a follow up jira?
sure, we could have the KMS client/server batch REST API for now and the client
having a queue, which gets refilled when depleted. later we add the refill
daemons on both ends and the queue on the server side. by doing this we don't
have to change the REST API for the optimizations.
> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
> Key: HADOOP-10720
> URL: https://issues.apache.org/jira/browse/HADOOP-10720
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch,
> COMBO.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch,
> HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and
> decrypting them via the REST API being introduced by HADOOP-10719.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
