[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120491#comment-14120491
]
Alejandro Abdelnur commented on HADOOP-10758:
---------------------------------------------
*index.apt.vm*:
* empty line between 'For all...' and 'If no ACL...' paragraphs.
*KeyAuthorizationKeyProvider.java*:
* Use {{String.format()}} in all exception msgs
* Move this class (and test) to KMS module
*KMSACLs.java*:
* instead using a special __DEFAULT__ keyname, why simply have a a
defaultKeyAcls Map<KeyOpType, AccessControlList> >
*KeyAuthorizationProvider.java*:
* doAccessCheck() should use the key name as aclName if the KEY_ACL_NAME attr
is NULL (this to enable older keys with KEY_ACL_NAME to work)
* in the setKeyACLs(), all the splitting of prop name could be done more
readable as:
{code}
int keyNameStarts = KMSConfiguration.KEY_ACL_PREFIX.length();
int keyNameEnds = k.lastIndexOf(".");
if (keyNameStarts <= keyNameEnds) {
//LOG WARN 'invalid config $k'
} else {
String keyName = k.substring(keyNameStarts, keyNameEnds);
String keyOp = k.substring(keyNameEnds + 1);
KeyOpType aclType = null;
try {
aclType = KeyOpType.valueOf(keyOp);
} catch (IllegalArgumentException e) {
//LOG WARN ' invalid key operation for $keyName : $aclType
}
}
{code}
> KMS: add ACLs on per key basis.
> -------------------------------
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
> HADOOP-10758.6.patch, HADOOP-10758.7.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
