[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120491#comment-14120491 ]
Alejandro Abdelnur commented on HADOOP-10758: --------------------------------------------- *index.apt.vm*: * empty line between 'For all...' and 'If no ACL...' paragraphs. *KeyAuthorizationKeyProvider.java*: * Use {{String.format()}} in all exception msgs * Move this class (and test) to KMS module *KMSACLs.java*: * instead using a special __DEFAULT__ keyname, why simply have a a defaultKeyAcls Map<KeyOpType, AccessControlList> > *KeyAuthorizationProvider.java*: * doAccessCheck() should use the key name as aclName if the KEY_ACL_NAME attr is NULL (this to enable older keys with KEY_ACL_NAME to work) * in the setKeyACLs(), all the splitting of prop name could be done more readable as: {code} int keyNameStarts = KMSConfiguration.KEY_ACL_PREFIX.length(); int keyNameEnds = k.lastIndexOf("."); if (keyNameStarts <= keyNameEnds) { //LOG WARN 'invalid config $k' } else { String keyName = k.substring(keyNameStarts, keyNameEnds); String keyOp = k.substring(keyNameEnds + 1); KeyOpType aclType = null; try { aclType = KeyOpType.valueOf(keyOp); } catch (IllegalArgumentException e) { //LOG WARN ' invalid key operation for $keyName : $aclType } } {code} > KMS: add ACLs on per key basis. > ------------------------------- > > Key: HADOOP-10758 > URL: https://issues.apache.org/jira/browse/HADOOP-10758 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0 > Reporter: Alejandro Abdelnur > Assignee: Arun Suresh > Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, > HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, > HADOOP-10758.6.patch, HADOOP-10758.7.patch > > > The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)