hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
Date Wed, 03 Sep 2014 21:27:52 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120491#comment-14120491
] 

Alejandro Abdelnur commented on HADOOP-10758:
---------------------------------------------

*index.apt.vm*: 

* empty line between 'For all...' and 'If no ACL...' paragraphs.

*KeyAuthorizationKeyProvider.java*:

* Use {{String.format()}} in all exception msgs
* Move this class (and test) to KMS module

*KMSACLs.java*:

* instead using a special __DEFAULT__ keyname, why simply have a a defaultKeyAcls Map<KeyOpType,
AccessControlList> >

*KeyAuthorizationProvider.java*:

* doAccessCheck() should use the key name as aclName if the KEY_ACL_NAME attr is NULL (this
to enable older keys with KEY_ACL_NAME to work)

* in the setKeyACLs(), all the splitting of prop name could be done more readable as:

{code}
      int keyNameStarts = KMSConfiguration.KEY_ACL_PREFIX.length();
      int keyNameEnds = k.lastIndexOf(".");
      if (keyNameStarts <= keyNameEnds) {
        //LOG WARN 'invalid config $k'
      } else {
        String keyName = k.substring(keyNameStarts, keyNameEnds);
        String keyOp = k.substring(keyNameEnds + 1);
        KeyOpType aclType = null;
        try {
          aclType = KeyOpType.valueOf(keyOp);
        } catch (IllegalArgumentException e) {
          //LOG WARN ' invalid key operation for $keyName : $aclType
        }        
      }
{code}


> KMS: add ACLs on per key basis.
> -------------------------------
>
>                 Key: HADOOP-10758
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10758
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch,
HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch, HADOOP-10758.7.patch
>
>
> The KMS server should enforce ACLs on per key basis.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message