Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17208

LoadBalanceKMSClientProvider#deleteKey should invalidateCache via all KMSClientProvider instances

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.4
    • 3.4.0
    • None
    • Reviewed

    Description

      Without invalidateCache, the deleted key may still exists in the servers' key cache (CachingKeyProvider in KMSWebApp.java) where the delete key was not hit. Client may still be able to access encrypted files by specifying to connect to KMS instances with a cached version of the deleted key before the cache entry (10 min by default) expired.

      Attachments

        Issue Links

          Activity

            People

              xyao Xiaoyu Yao
              xyao Xiaoyu Yao
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 20m
                  2h 20m