[jira] [Commented] (HADOOP-11017) KMS delegation token secret manager should be able to use zookeeper as store

Fri, 19 Sep 2014 19:51:01 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14141695#comment-14141695
 ] 

Alejandro Abdelnur commented on HADOOP-11017:
---------------------------------------------

*SecretManager.java*:
*  the introduced constants shouldn't be here as they are not used here

*ZKDelegationTokenSecretManager.java*:
* The {{if (authType.equals("sasl")) }} has an {{else}} block, it should have 
an {{else if (authType.equals("none"))}} block and the final else should throw 
an exception.

*DelegationTokenAuthenticationHandler.java*:
* I keep insisting that the following conf setup is not need it. Please check 
using KMS to verify. Also, in case they are needed, they are wrong, the set 
property is always {{UPDATE_INTERVAL}}

{code}
    conf.setLong(SecretManager.UPDATE_INTERVAL,
        conf.getLong(configPrefix + SecretManager.UPDATE_INTERVAL,
            SecretManager.UPDATE_INTERVAL_DEFAULT));
    conf.setLong(SecretManager.UPDATE_INTERVAL,
        conf.getLong(configPrefix + SecretManager.MAX_LIFETIME,
            SecretManager.MAX_LIFETIME_DEFAULT));
    conf.setLong(SecretManager.UPDATE_INTERVAL,
        conf.getLong(configPrefix + SecretManager.RENEW_INTERVAL,
            SecretManager.RENEW_INTERVAL_DEFAULT));
    conf.setLong(SecretManager.UPDATE_INTERVAL, conf.getLong(
        configPrefix + SecretManager.REMOVAL_SCAN_INTERVAL,
        SecretManager.REMOVAL_SCAN_INTERVAL_DEFAULT));
{code}

+1 after these things are addressed. Please open up a follow up JIRAs for doing 
a KMS test and for use a single DT_ tree in ZK.

> KMS delegation token secret manager should be able to use zookeeper as store
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-11017
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11017
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-11017.1.patch, HADOOP-11017.2.patch, 
> HADOOP-11017.3.patch, HADOOP-11017.4.patch, HADOOP-11017.5.patch, 
> HADOOP-11017.6.patch, HADOOP-11017.7.patch, HADOOP-11017.WIP.patch
>
>
> This will allow supporting multiple KMS instances behind a load balancer.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to