You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2014/01/09 01:42:55 UTC

[jira] [Commented] (HADOOP-10177) Create CLI tools for managing keys via the KeyProvider API

    [ https://issues.apache.org/jira/browse/HADOOP-10177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13866124#comment-13866124 ] 

Larry McCay commented on HADOOP-10177:
--------------------------------------

Given a configured provider list the expected behavior will be:

-create, -delete, -roll: will affect the first non-transient provider (UserProvider is a transient context for job access to key material)
-list: the first provider

isTransient will be added to the KeyProvider interface.

The CLI will support a flag for indicating the specific provider to use as well for overriding the configured list.
Deleting keys will result in the old store being moved to the Trash in hdfs.

CLI output will indicate the provider/store being affected by the command and will indicate whether it is choosing the first of many - indicating that a deleted key may be recovered from Trash. Recovery will need some further thought however - considering that other keys may have been affected by subsequent CLI interactions. We may need have to introduce an addKey to the providers to move in a single key (and versions) at a time.

> Create CLI tools for managing keys via the KeyProvider API
> ----------------------------------------------------------
>
>                 Key: HADOOP-10177
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10177
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Owen O'Malley
>            Assignee: Larry McCay
>
> The KeyProvider API provides access to keys, but we need CLI tools to provide the ability to create and delete keys. I'd think it would look something like:
> {code}
> % hadoop key -create key1
> % hadoop key -roll key1
> % hadoop key -list key1
> % hadoop key -delete key1
> {code}



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)