You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Vikas Kumar <ta...@gmail.com> on 2022/09/28 14:39:49 UTC

Review Request 74147: Ranger KMS generates master key on every restart before inserting into DB

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74147/
-----------------------------------------------------------

Review request for ranger and Sailaja Polavarapu.


Bugs: RANGER-3927
    https://issues.apache.org/jira/browse/RANGER-3927


Repository: ranger


Description
-------

Issue: Master Key(MK) was being first generated and then it was checking into DB that if MK actually exists on each restart of the KMS process. If exists, it simply returns. The same check could have been added before regenerating the MK to avoid this unnecessary execution.

FIX: Added the same check before calling the method RangerMasterKey.saveEncryptedMK(). Also removed the check from saveEncryptedMK().

New logs: If MK doesn't exist, then 

logger.info("Master Key doesn't exist in DB, Generating the Master Key");

if MK already exists, then

logger.debug("Ranger Master Key already exists in the DB, returning.");


Diffs
-----

  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java c37e98ee5 


Diff: https://reviews.apache.org/r/74147/diff/1/


Testing
-------

verified through logs on restart of the KMS service. And I got "Ranger Master Key already exists in the DB, returning." It was not going to generate and save the MK into DB.


Thanks,

Vikas Kumar