[jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API

Thu, 10 Jul 2014 15:59:19 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14058084#comment-14058084
 ] 

Alejandro Abdelnur commented on HADOOP-10720:
---------------------------------------------

*CommonConfigurationKeysPublic.java*:
* 80 char rule not being observed by the patch

*kms-acls.xml*: 
* it has 2 </configuration> elements at the end, should be one.

*KMS.java*:
* unused import for {{ExecutionException}}
* white space changes
* 80 char rule not being observed by the patch
* {{generateEncryptedKeys()}}, assert for numKeys > 0
* we should have 2 new meters, one for generateEEK calls and other for 
decryptEEK calls instead using the {{getKeyCallsMeter()}} meter for both.

*KMSClientProvider.java*:
* white space changes
* unused import for {{SyncGenerationPolicy}}

*TestKMS.java*:
* white space changes
* 80 char rule not being observed by the patch

*TetValueQueue.java*:
* missing license header

*ValueQueue*:
* Instead having a periodic check for below watermark, wouldn’t be more 
efficient to check  if below the watermark after getting an EEK and if so 
schedule an async filling? we should  just take care of not scheduling 
additional fillings while one is scheduled/in-progress.

*KeyProviderCryptoExtension.java*:
* it does not expose the method  {{warmupEncryptedKeys}} which it should be 
wired, in the case of the KMS client, to {{ValueQueue}}

> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10720
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10720
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, 
> COMBO.patch, HADOOP-10720.1.patch, HADOOP-10720.2.patch, 
> HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.5.patch, 
> HADOOP-10720.6.patch, HADOOP-10720.patch, HADOOP-10720.patch, 
> HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and 
> decrypting them via the REST API being introduced by HADOOP-10719.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to