You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Wei-Chiu Chuang (JIRA)" <ji...@apache.org> on 2019/08/02 03:14:00 UTC
[jira] [Commented] (HADOOP-14951) KMSACL implementation is not
configurable
[ https://issues.apache.org/jira/browse/HADOOP-14951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898513#comment-16898513 ]
Wei-Chiu Chuang commented on HADOOP-14951:
------------------------------------------
I am planning to commit this patch. We are in an attempt to migrate Ranger KMS users to Hadoop KMS, and this is an important missing feature not in Hadoop KMS.
> KMSACL implementation is not configurable
> -----------------------------------------
>
> Key: HADOOP-14951
> URL: https://issues.apache.org/jira/browse/HADOOP-14951
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Priority: Major
> Labels: key-management, kms
> Attachments: HADOOP-14951-10.patch, HADOOP-14951-11.patch, HADOOP-14951-12.patch, HADOOP-14951-13.patch, HADOOP-14951-9.patch
>
>
> Currently, it is not possible to customize KMS's key management, if KMSACLs behaviour is not enough. If an external key management solution is used, that would need a higher level API, where it can decide, if the given operation is allowed, or not.
> For this to achieve, it would be a solution, to introduce a new interface, which could be implemented by KMSACLs - and also other KMS - and a new configuration point could be added, where the actual interface implementation could be specified.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org