[
https://issues.apache.org/jira/browse/HADOOP-14705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HADOOP-14705:
-------------------------------
Attachment: HADOOP-14705.11.patch
Patch 11 to address comments from Rushabh. Thanks for the review, hopefully #11
works.
The check here is just a safety check to make sure it's not insanely huge. Not
setting to the same level of NN because by KMS as part of hadoop-common should
not depend on HDFS NN.
For the test comment, I added the '// Decrypt it again and it should be the
same' test. Don't think we need the '// Generate another EEK and make sure it's
different from the first' since we're already comparing with the original EEKs,
which shouldn't be the same, which is covered by existing test in TestGenerate.
> Add batched reencryptEncryptedKey interface to KMS
> --------------------------------------------------
>
> Key: HADOOP-14705
> URL: https://issues.apache.org/jira/browse/HADOOP-14705
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-14705.01.patch, HADOOP-14705.02.patch,
> HADOOP-14705.03.patch, HADOOP-14705.04.patch, HADOOP-14705.05.patch,
> HADOOP-14705.06.patch, HADOOP-14705.07.patch, HADOOP-14705.08.patch,
> HADOOP-14705.09.patch, HADOOP-14705.10.patch, HADOOP-14705.11.patch
>
>
> HADOOP-13827 already enabled the KMS to re-encrypt a {{EncryptedKeyVersion}}.
> As the performance results of HDFS-10899 turns out, communication overhead
> with the KMS occupies the majority of the time. So this jira proposes to add
> a batched interface to re-encrypt multiple EDEKs in 1 call.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
