hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10177) Create CLI tools for managing keys via the KeyProvider API
Date Tue, 14 Jan 2014 01:44:52 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870280#comment-13870280

Larry McCay commented on HADOOP-10177:

"All of the commands should use the first non-transient provider unless there is only one
provider. (typically because the user specified --provider)"

Let's make sure that this is clear:

* if there is more than one provider configured then ALL commands will try and find the first
    - if there are none then we will choose the first?
* if there is only one provider configured or indicated via the --provider then that provider
is used irrespective of it being transient or not.
* these requirements end up allowing keys to be "created" in transient providers - i'm not
sure that the semantics of our versioning hold up in that context. When the transient provider
expires so does the entire set of keyversions.

> Create CLI tools for managing keys via the KeyProvider API
> ----------------------------------------------------------
>                 Key: HADOOP-10177
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10177
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Owen O'Malley
>            Assignee: Larry McCay
>         Attachments: 10177.patch
> The KeyProvider API provides access to keys, but we need CLI tools to provide the ability
to create and delete keys. I'd think it would look something like:
> {code}
> % hadoop key -create key1
> % hadoop key -roll key1
> % hadoop key -list key1
> % hadoop key -delete key1
> {code}

This message was sent by Atlassian JIRA

View raw message