hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
Date Tue, 08 Jul 2014 21:10:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14055543#comment-14055543

Andrew Wang commented on HADOOP-10720:

Hey Arun, did a quick skim of this patch, few comments:

* typos: "IOExeption", "atleast", "funciton", "Defalt"
* New config keys should be added/documented in core-default.xml. Can c+p the reference to
core-default.xml for the javadocs in CommonConfigurationKeys.java.
* Let's also put the time unit into the config key name, e.g. appending {{_MS}}
* Could we rename the config params to say "refill" rather than just "fill"?
* I'd prefer to use ArrayLists rather than LinkedLists if we already know the size upfront.
Should be more efficient.
* It looks like the keyQueueFiller could race with an ongoing refill, so it refills above
the desired size.
* Tucu might have already asked this (didn't quite follow the above discussion), but we want
to make sure that there isn't a race such that a client triggers a refill, a bunch of others
come in and take all the keys, and then the first client blocks on {{keyQueue.take()}}. One
solution is using {{poll()}} instead, continuing to trigger refills while the return value
is null.
* It looks like client requests will only will refill a single key. It seems like we should
request a batch of keys, assuming that network overhead is the dominant cost here. I don't
know how costly key generation is, but filling up all the way to the {{threshold}} or at least
to the {{lowWatermark}} would be simple policies.
* Would also prefer {{lowWatermark}} rather than {{lowWaterMark}}, since "watermark" is a
single word.

Thanks for working on this! I'll give a more thorough review with your next patch rev.

> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>                 Key: HADOOP-10720
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10720
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch,
HADOOP-10720.1.patch, HADOOP-10720.2.patch, HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.patch,
HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch
> KMS client/server should implement support for generating encrypted keys and decrypting
them via the REST API being introduced by HADOOP-10719.

This message was sent by Atlassian JIRA

View raw message