[
https://issues.apache.org/jira/browse/HADOOP-13437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15421342#comment-15421342
]
Arun Suresh commented on HADOOP-13437:
--------------------------------------
bq. ..Is this an expected behavior (so we need to keep compatible behavior), or
is this a bug (so we can fix it here)? Thanks in advance...
IIRC, this is actually expected behavior. This way, the default and whitelists
are specified only once at startup, based on some deployment policy. New
KeyACLs for individual users/groups and keys can be added / removed as users /
keys are created.
bq. After the replacement (suppose there was no backup), how could the admin
figure out what exactly the whitelist/defaults are?
I feel this outside the scope of what KMS should worry about (Or we should
build config management features that supports stuff like rollback etc. into
KMS). The deployment environment / admin should ensure backups of the files are
maintained.
> KMS should reload whitelist and default key ACLs when hot-reloading
> -------------------------------------------------------------------
>
> Key: HADOOP-13437
> URL: https://issues.apache.org/jira/browse/HADOOP-13437
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-13437.01.patch, HADOOP-13437.02.patch,
> HADOOP-13437.03.patch, HADOOP-13437.04.patch
>
>
> When hot-reloading, {{KMSACLs#setKeyACLs}} ignores whitelist and default key
> entries if they're present in memory.
> We should reload them, hot-reload and cold-start should not have any
> difference in behavior.
> Credit to [~dilaver] for finding this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
