hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10141) Create an API to separate encryption key storage from applications
Date Wed, 04 Dec 2013 17:46:37 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839110#comment-13839110

Hadoop QA commented on HADOOP-10141:

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 2 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 javadoc{color}.  The javadoc tool did not generate any warning messages.

    {color:green}+1 eclipse:eclipse{color}.  The patch built with eclipse:eclipse.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new Findbugs (version
1.3.9) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:red}-1 core tests{color}.  The patch failed these unit tests in hadoop-common-project/hadoop-common:


    {color:green}+1 contrib tests{color}.  The patch passed contrib unit tests.

Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3333//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3333//console

This message is automatically generated.

> Create an API to separate encryption key storage from applications
> ------------------------------------------------------------------
>                 Key: HADOOP-10141
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10141
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Owen O'Malley
>            Assignee: Owen O'Malley
>         Attachments: hadoop-10141.patch
> As with the filesystem API, we need to provide a generic mechanism to support multiple
key storage mechanisms that are potentially from third parties. 
> An additional requirement for long term data lakes is to keep multiple versions of each
key so that keys can be rolled periodically without requiring the entire data set to be re-written.
Rolling keys provides containment in the event of keys being leaked.
> Toward that end, I propose an API that is configured using a list of URLs of KeyProviders.
The implementation will look for implementations using the ServiceLoader interface and thus
support third party libraries.
> Two providers will be included in this patch. One using the credentials cache in MapReduce
jobs and the other using Java KeyStores from either HDFS or local file system. 

This message was sent by Atlassian JIRA

View raw message