You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Vikas Kumar <ta...@gmail.com> on 2022/09/28 14:39:49 UTC
Review Request 74147: Ranger KMS generates master key on every restart before inserting into DB
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74147/
-----------------------------------------------------------
Review request for ranger and Sailaja Polavarapu.
Bugs: RANGER-3927
https://issues.apache.org/jira/browse/RANGER-3927
Repository: ranger
Description
-------
Issue: Master Key(MK) was being first generated and then it was checking into DB that if MK actually exists on each restart of the KMS process. If exists, it simply returns. The same check could have been added before regenerating the MK to avoid this unnecessary execution.
FIX: Added the same check before calling the method RangerMasterKey.saveEncryptedMK(). Also removed the check from saveEncryptedMK().
New logs: If MK doesn't exist, then
logger.info("Master Key doesn't exist in DB, Generating the Master Key");
if MK already exists, then
logger.debug("Ranger Master Key already exists in the DB, returning.");
Diffs
-----
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java c37e98ee5
Diff: https://reviews.apache.org/r/74147/diff/1/
Testing
-------
verified through logs on restart of the KMS service. And I got "Ranger Master Key already exists in the DB, returning." It was not going to generate and save the MK into DB.
Thanks,
Vikas Kumar