hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13443) KMS uses DefaultCryptoProvider when active keyprovider implements KeyProviderCryptoExtension
Date Fri, 29 Jul 2016 23:57:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15400269#comment-15400269
] 

Xiao Chen commented on HADOOP-13443:
------------------------------------

Thanks very much for finding and fixing this, [~anthony.young-garner@cloudera.com]!

Patch looks good in general. A few comments:
- Before this patch, if the {{KeyProvider}} itself implements {{CryptoExtension}}, it will
be used, no matter whether it implements {{KeyProviderExtension}} or not. This behavior is
changed from this patch, is it what we intend to do? IMHO we should check on {{CryptoExtension}}
first, and add the {{KeyProviderExtension}} check as a fall back of the former.

- In patch 1, if {{keyProvider instanceof KeyProviderExtension == true}} but {{keyProviderExtension.getKeyProvider()
instanceof KeyProviderCryptoExtension.CryptoExtension == false}}, {{cryptoExtension}} will
end up being {{null}}. Let's make sure the default is used in any case.

- Please fix the checkstyle warnings.

> KMS uses DefaultCryptoProvider when active keyprovider implements KeyProviderCryptoExtension
> --------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-13443
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13443
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Anthony Young-Garner
>            Assignee: Anthony Young-Garner
>            Priority: Minor
>         Attachments: HADOOP-13443.patch
>
>
> By default, the KMS wraps the active key provider in a CachingKeyProvider at runtime.
This prevents the KeyProviderCryptoExtension.createKeyProviderCryptoExtension method from
ever detecting whether the active key provider implements theKeyProviderCryptoExtension interface.
Therefore, the DefaultCryptoExtension is always used. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message