-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.0.0-beta1
-
Fix Version/s: 3.0.0-beta1
-
Component/s: encryption
-
Labels:None
-
Target Version/s:
-
Hadoop Flags:Reviewed
This was caught from KMS acl testing.
HDFS-10899 gets the current key versions from KMS directly, which requires READ acls.
It also calls invalidateCache, which requires MANAGEMENT acls.
We should fix re-encryption to not require additional ACLs than original encryption.
- breaks
-
HDFS-12400 Provide a way for NN to drain the local key cache before re-encryption
-
- Resolved
-
- is broken by
-
HDFS-10899 Add functionality to re-encrypt EDEKs
-
- Resolved
-