You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Dhaval Shah <dh...@gmail.com> on 2022/02/09 07:11:29 UTC
Re: Review Request 73807: Support Ranger KMS integration with TencentKMS
> On Jan. 19, 2022, 7:56 a.m., bhavik patel wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java
> > Line 36 (original), 37 (patched)
> > <https://reviews.apache.org/r/73807/diff/3/?file=2265347#file2265347line37>
> >
> > is it better option to upadate the class name to RangerAzure*?
> > @dhavalshah any thought on this?
>
> Kirby Zhou wrote:
> KeyVault looks like a gerneral name, so I think should add “Azure" here.
>
> Kirby Zhou wrote:
> @dhavalshah ?
> Any idea?
Its fine.
- Dhaval
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73807/#review223972
-----------------------------------------------------------
On Jan. 29, 2022, 9:53 a.m., Kirby Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73807/
> -----------------------------------------------------------
>
> (Updated Jan. 29, 2022, 9:53 a.m.)
>
>
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3580
> https://issues.apache.org/jira/browse/RANGER-3580
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Ranger KMS integration with TencentKMS
> - This task is to integrate the RANGER KMS Service with TencentKMS.
> - To Configure RANGER KMS Service with TencentKMS below configurations need to be added in install.properties file bfore running the setup.sh
>
> ```
> # Do you use Tencent Cloud KMS?
> TENCENT_KMS_ENABLED=true
> # MasterKeyID on Tencent Cloud
> TENCENT_MASTERKEY_ID=YourKeyID
> # Login ID
> TENCENT_CLIENT_ID=YourClientLoginId
> # Login password
> TENCENT_CLIENT_SECRET=YourClientLoginSecret
> # Tencent Cloud area, see Tencent Cloud SDK for details.
> TENCENT_CLIENT_REGION=ap-beijing
> ```
>
> Run the setup.sh, It will add the below configs in dbks-site.xml
> ```
> <!--Tencent KMS START-->
> <property>
> <name>ranger.kms.tencentkms.enabled</name>
> <value>false</value>
> <description>Flag for Tencent KMS</description>
> </property>
> <property>
> <name>ranger.kms.tencent.client.id</name>
> <value></value>
> <description>Tencent Client Id</description>
> </property>
> <property>
> <name>ranger.kms.tencent.client.secret</name>
> <value></value>
> <description>Tencent Client Secret</description>
> </property>
> <property>
> <name>ranger.kms.tencent.client.secret.alias</name>
> <value>ranger.ks.tencent.client.secret</value>
> <description>Tencent Client Secret Alias</description>
> </property>
> <property>
> <name>ranger.kms.tencent.client.region</name>
> <value>ap-beijing</value>
> <description>Tencent Client Id</description>
> </property>
> <property>
> <name>ranger.kms.tencent.masterkey.id</name>
> <value></value>
> <description>Tencent master key name</description>
> </property>
> <!--Tencent KMS END-->
> ```
>
> Generally, we don't want the account bound by KMS to have the right to create a Key in TencentKMS. So we have to create Master Key on TencentKMS web console at first.
> Start the kms service, On start Master Key from TencentKMS should be used.
>
>
> Diffs
> -----
>
> distro/src/main/assembly/kms.xml 33d754b491c166cc781338b6530b8a0b9623529e
> kms/config/kms-webapp/dbks-site.xml 07de4d494b5d72609b47752109fc40a9e016f6ab
> kms/pom.xml 35fbe8a9d94eb156e3510b5b611e5ce329ad8af5
> kms/scripts/install.properties 31143d3426565a338c308dc1a7ea8304f3f4e102
> kms/scripts/setup.sh 2051df59a8bb0be11ba7a54e547f78cf5a0dca36
> kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java f96cbb7561b2c1a29b7f42c9fb3ed810b05b5054
> kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java bacc928570283708daef7a2573707fddd7ca096e
> kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 4324439ba66f9f0fb68d570f1964ed6caa8c07bd
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 5234dc7422793b3b88dcc4574fafcf34556fa33f
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 74c54a7a6f50878ce0f226d72a5e2c5554a0d4e5
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java c661268c3c25362e428884a3bb34d88d827e7f31
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java PRE-CREATION
> pom.xml 5982ace7d0acf16e63809aef7914819a0f908df6
>
>
> Diff: https://reviews.apache.org/r/73807/diff/5/
>
>
> Testing
> -------
>
> + mvn clean compile test verify
> + Fresh setup
>
>
> File Attachments
> ----------------
>
> 0001-add-TencentKMS-as-MasterKeyProvider.patch
> https://reviews.apache.org/media/uploaded/files/2022/01/19/c0ec963d-95f0-4e77-823d-b7de9d5d54e6__0001-add-TencentKMS-as-MasterKeyProvider.patch
>
>
> Thanks,
>
> Kirby Zhou
>
>