You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Qiang Zhang (JIRA)" <ji...@apache.org> on 2017/02/10 06:31:43 UTC
[jira] [Resolved] (RANGER-1217) ranger-kms, The acl configuration
file is incorrect
[ https://issues.apache.org/jira/browse/RANGER-1217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Qiang Zhang resolved RANGER-1217.
---------------------------------
Resolution: Not A Problem
> ranger-kms, The acl configuration file is incorrect
> ---------------------------------------------------
>
> Key: RANGER-1217
> URL: https://issues.apache.org/jira/browse/RANGER-1217
> Project: Ranger
> Issue Type: Bug
> Components: kms
> Affects Versions: 0.6.1
> Reporter: Qiang Zhang
> Assignee: Qiang Zhang
> Priority: Minor
> Labels: patch
> Attachments: 0001-RANGER-1217.patch, 0001-RANGER-1217-setup.sh.patch
>
>
> currently,KMS_ACLS_XML = "dbks-site.xml".
> we should change KMS_ACLS_XML = "kms-acls.xml".
> therefore,in ranger-kms-plugin
> we should add the following line in setup.sh,
> {code:java}
> cp ${WEBAPP_ROOT}/mini-kms-acls-default.xml ${WEBAPP_ROOT}/WEB-INF/classes/conf/kms-acls.xml
> {code}
> when we execute the setup.sh command
> Also, if I configure as follows in kms-site.xml,
> {code:xml}
> <property>
> <name>hadoop.kms.security.authorization.manager</name>
> <value>org.apache.hadoop.crypto.key.kms.server.KMSACLs</value>
> </property>
> {code}
> ,the regex of getting the Configuration item "key.acl.<KEY_NAME>.<OP_TYPE>" is incorrect,
> we should add as follows in KMSConfiguration.java,
> {code:java}
> public static final String KEY_ACL_PREFIX_REGEX = "^key\\.acl\\..+";
> {code}
> then change
> {code:java}
> Map<String, String> allKeyACLS = conf.getValByRegex(Pattern.quote(KMSConfiguration.KEY_ACL_PREFIX));
> {code}
> to
> {code:java}
> Map<String, String> allKeyACLS = conf.getValByRegex(KMSConfiguration.KEY_ACL_PREFIX_REGEX);
> {code}
> in KMSACLs.java
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)