You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Wei-Chiu Chuang (JIRA)" <ji...@apache.org> on 2018/12/21 20:08:00 UTC
[jira] [Commented] (HBASE-20900) Improve FsDelegationToken to
support KMS delegation tokens
[ https://issues.apache.org/jira/browse/HBASE-20900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16727021#comment-16727021 ]
Wei-Chiu Chuang commented on HBASE-20900:
-----------------------------------------
Extend FsDelegationToken such that it gets multiple delegation tokens at once. Possible scenarios where multiple delegation tokens may be associated with a file system: 1. Viewfs-based HDFS federation 2. HDFS at-rest encryption.
The patch is sizable, but the patch is straightforward -- update the code to pass around multiple delegation tokens in protobuf messages.
No test yet -- will add unit tests later.
> Improve FsDelegationToken to support KMS delegation tokens
> ----------------------------------------------------------
>
> Key: HBASE-20900
> URL: https://issues.apache.org/jira/browse/HBASE-20900
> Project: HBase
> Issue Type: Sub-task
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Priority: Major
> Attachments: HBASE-20900.master.001.patch
>
>
> Currently FsDelegationToken acquires HDFS delegation token. Any tools that use it to access encryption zone files could fail because they don't have KMS delegation token. We should fix it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)