[ https://issues.apache.org/jira/browse/HADOOP-11335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572940#comment-14572940 ]
Hadoop QA commented on HADOOP-11335: ------------------------------------ \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | pre-patch | 20m 6s | Pre-patch trunk compilation is healthy. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:green}+1{color} | tests included | 0m 0s | The patch appears to include 6 new or modified test files. | | {color:green}+1{color} | javac | 7m 36s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 9m 36s | There were no new javadoc warning messages. | | {color:green}+1{color} | release audit | 0m 22s | The applied patch does not increase the total number of release audit warnings. | | {color:red}-1{color} | checkstyle | 2m 27s | The applied patch generated 13 new checkstyle issues (total was 129, now 142). | | {color:red}-1{color} | whitespace | 0m 33s | The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix. | | {color:green}+1{color} | install | 1m 38s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 34s | The patch built with eclipse:eclipse. | | {color:green}+1{color} | findbugs | 5m 49s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. | | {color:green}+1{color} | common tests | 23m 33s | Tests passed in hadoop-common. | | {color:green}+1{color} | common tests | 1m 41s | Tests passed in hadoop-kms. | | {color:green}+1{color} | hdfs tests | 160m 47s | Tests passed in hadoop-hdfs. | | | | 235m 22s | | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12737534/HADOOP-11335.008.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / e830207 | | checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/6917/artifact/patchprocess/diffcheckstylehadoop-common.txt | | whitespace | https://builds.apache.org/job/PreCommit-HADOOP-Build/6917/artifact/patchprocess/whitespace.txt | | hadoop-common test log | https://builds.apache.org/job/PreCommit-HADOOP-Build/6917/artifact/patchprocess/testrun_hadoop-common.txt | | hadoop-kms test log | https://builds.apache.org/job/PreCommit-HADOOP-Build/6917/artifact/patchprocess/testrun_hadoop-kms.txt | | hadoop-hdfs test log | https://builds.apache.org/job/PreCommit-HADOOP-Build/6917/artifact/patchprocess/testrun_hadoop-hdfs.txt | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/6917/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf901.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/6917/console | This message was automatically generated. > KMS ACL in meta data or database > -------------------------------- > > Key: HADOOP-11335 > URL: https://issues.apache.org/jira/browse/HADOOP-11335 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Affects Versions: 2.6.0 > Reporter: Jerry Chen > Assignee: Dian Fu > Labels: BB2015-05-TBR, Security > Attachments: HADOOP-11335.001.patch, HADOOP-11335.002.patch, > HADOOP-11335.003.patch, HADOOP-11335.004.patch, HADOOP-11335.005.patch, > HADOOP-11335.006.patch, HADOOP-11335.007.patch, HADOOP-11335.008.patch, > HADOOP-11335.re-design.patch, KMS ACL in metadata or database.pdf > > Original Estimate: 504h > Remaining Estimate: 504h > > Currently Hadoop KMS has implemented ACL for keys and the per key ACL are > stored in the configuration file kms-acls.xml. > The management of ACL in configuration file would not be easy in enterprise > usage and it is put difficulties for backup and recovery. > It is ideal to store the ACL for keys in the key meta data similar to what > file system ACL does. In this way, the backup and recovery that works on > keys should work for ACL for keys too. > On the other hand, with the ACL in meta data, the ACL of each key can be > easily manipulate with API or command line tool and take effect instantly. > This is very important for enterprise level access control management. This > feature can be addressed by separate JIRA. While with the configuration file, > these would be hard to provide. -- This message was sent by Atlassian JIRA (v6.3.4#6332)