You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Wei-Chiu Chuang (JIRA)" <ji...@apache.org> on 2019/08/02 03:14:00 UTC
[jira] [Comment Edited] (HADOOP-14951) KMSACL implementation is not
configurable
[ https://issues.apache.org/jira/browse/HADOOP-14951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898513#comment-16898513 ]
Wei-Chiu Chuang edited comment on HADOOP-14951 at 8/2/19 3:14 AM:
------------------------------------------------------------------
I am planning to commit this patch soon. We are in an attempt to migrate Ranger KMS users to Hadoop KMS, and this is an important missing feature not in Hadoop KMS.
was (Author: jojochuang):
I am planning to commit this patch. We are in an attempt to migrate Ranger KMS users to Hadoop KMS, and this is an important missing feature not in Hadoop KMS.
> KMSACL implementation is not configurable
> -----------------------------------------
>
> Key: HADOOP-14951
> URL: https://issues.apache.org/jira/browse/HADOOP-14951
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Priority: Major
> Labels: key-management, kms
> Attachments: HADOOP-14951-10.patch, HADOOP-14951-11.patch, HADOOP-14951-12.patch, HADOOP-14951-13.patch, HADOOP-14951-9.patch
>
>
> Currently, it is not possible to customize KMS's key management, if KMSACLs behaviour is not enough. If an external key management solution is used, that would need a higher level API, where it can decide, if the given operation is allowed, or not.
> For this to achieve, it would be a solution, to introduce a new interface, which could be implemented by KMSACLs - and also other KMS - and a new configuration point could be added, where the actual interface implementation could be specified.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org