You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by bhavik patel <bh...@gmail.com> on 2018/03/29 12:10:08 UTC
Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2017
https://issues.apache.org/jira/browse/RANGER-2017
Repository: ranger
Description
-------
Code Improvement To Follow Best Practices.
Diffs
-----
kms/config/kms-webapp/dbks-site.xml 2fc5177
kms/scripts/DBMK2HSM.sh 89c8c2d
kms/scripts/HSMMK2DB.sh 2637cf6
kms/scripts/importJCEKSKeys.sh d72c93e
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
Diff: https://reviews.apache.org/r/66357/diff/1/
Testing
-------
1. Verified Ranger Kms is working as expected.
2. Import/Export of key's working as expected.
Thanks,
bhavik patel
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Qiang Zhang <zh...@zte.com.cn>.
> On April 3, 2018, 1:34 a.m., Qiang Zhang wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
> > Lines 81-84 (original), 133-141 (patched)
> > <https://reviews.apache.org/r/66357/diff/1/?file=1990118#file1990118line134>
> >
> > The getEncryptedMK function can return null. This segment code has logic error if the getEncryptedMK return null.
Please follow the logic of the getMasterSecretKey function to handle this code logic.
- Qiang
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200338
-----------------------------------------------------------
On April 4, 2018, 3:56 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated April 4, 2018, 3:56 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/2/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Qiang Zhang <zh...@zte.com.cn>.
> On April 3, 2018, 1:34 a.m., Qiang Zhang wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
> > Lines 81-84 (original), 133-141 (patched)
> > <https://reviews.apache.org/r/66357/diff/1/?file=1990118#file1990118line134>
> >
> > The getEncryptedMK function can return null. This segment code has logic error if the getEncryptedMK return null.
>
> Qiang Zhang wrote:
> Please follow the logic of the getMasterSecretKey function to handle this code logic.
This segment code had been fixed.
- Qiang
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200338
-----------------------------------------------------------
On April 4, 2018, 3:56 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated April 4, 2018, 3:56 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/2/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Qiang Zhang <zh...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200338
-----------------------------------------------------------
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Lines 81-84 (original), 133-141 (patched)
<https://reviews.apache.org/r/66357/#comment281054>
The getEncryptedMK function can return null. This segment code has logic error if the getEncryptedMK return null.
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Lines 81-84 (original), 133-141 (patched)
<https://reviews.apache.org/r/66357/#comment281055>
The getEncryptedMK function can return null. This segment code has logic error if the getEncryptedMK return null.
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Lines 211-219 (patched)
<https://reviews.apache.org/r/66357/#comment281056>
This segment code will throw exception if encryptedPwd.length > 1 and encryptedPwd.length < 7
- Qiang Zhang
On March 29, 2018, 12:10 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated March 29, 2018, 12:10 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/1/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by bhavik patel <bh...@gmail.com>.
> On April 2, 2018, 9:58 p.m., Velmurugan Periasamy wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
> > Line 200 (original), 322 (patched)
> > <https://reviews.apache.org/r/66357/diff/1/?file=1990118#file1990118line324>
> >
> > Why is salt generated from password? Change to random values.
We can not use random values because at the time of encryption & decryption of key will require same value of saltGen. If we want, we can also make it configurable properties like other.
- bhavik
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200319
-----------------------------------------------------------
On March 29, 2018, 12:10 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated March 29, 2018, 12:10 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/1/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
> On April 2, 2018, 9:58 p.m., Velmurugan Periasamy wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
> > Line 200 (original), 322 (patched)
> > <https://reviews.apache.org/r/66357/diff/1/?file=1990118#file1990118line324>
> >
> > Why is salt generated from password? Change to random values.
>
> bhavik patel wrote:
> We can not use random values because at the time of encryption & decryption of key will require same value of saltGen. If we want, we can also make it configurable properties like other.
Yes, that's what I meant. Make it a configurable option. Thanks.
- Velmurugan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200319
-----------------------------------------------------------
On March 29, 2018, 12:10 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated March 29, 2018, 12:10 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/1/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200319
-----------------------------------------------------------
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Line 200 (original), 322 (patched)
<https://reviews.apache.org/r/66357/#comment281015>
Why is salt generated from password? Change to random values.
- Velmurugan Periasamy
On March 29, 2018, 12:10 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated March 29, 2018, 12:10 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/1/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Qiang Zhang <zh...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200423
-----------------------------------------------------------
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Line 74 (original), 121-125 (patched)
<https://reviews.apache.org/r/66357/#comment281187>
Please follow the logic of the getMasterSecretKey function to handle this code logic.
- Qiang Zhang
On April 4, 2018, 3:56 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated April 4, 2018, 3:56 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/2/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Qiang Zhang <zh...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200439
-----------------------------------------------------------
Ship it!
Ship It!
- Qiang Zhang
On April 4, 2018, 6:02 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated April 4, 2018, 6:02 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/3/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200636
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On April 4, 2018, 6:02 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated April 4, 2018, 6:02 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/3/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/
-----------------------------------------------------------
(Updated April 4, 2018, 6:02 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2017
https://issues.apache.org/jira/browse/RANGER-2017
Repository: ranger
Description
-------
Code Improvement To Follow Best Practices.
Diffs (updated)
-----
kms/config/kms-webapp/dbks-site.xml 2fc5177
kms/scripts/DBMK2HSM.sh 89c8c2d
kms/scripts/HSMMK2DB.sh 2637cf6
kms/scripts/importJCEKSKeys.sh d72c93e
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
Diff: https://reviews.apache.org/r/66357/diff/3/
Changes: https://reviews.apache.org/r/66357/diff/2-3/
Testing
-------
1. Verified Ranger Kms is working as expected.
2. Import/Export of key's working as expected.
Thanks,
bhavik patel
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/
-----------------------------------------------------------
(Updated April 4, 2018, 3:56 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2017
https://issues.apache.org/jira/browse/RANGER-2017
Repository: ranger
Description
-------
Code Improvement To Follow Best Practices.
Diffs (updated)
-----
kms/config/kms-webapp/dbks-site.xml 2fc5177
kms/scripts/DBMK2HSM.sh 89c8c2d
kms/scripts/HSMMK2DB.sh 2637cf6
kms/scripts/importJCEKSKeys.sh d72c93e
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
Diff: https://reviews.apache.org/r/66357/diff/2/
Changes: https://reviews.apache.org/r/66357/diff/1-2/
Testing
-------
1. Verified Ranger Kms is working as expected.
2. Import/Export of key's working as expected.
Thanks,
bhavik patel