You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Qiang Zhang (JIRA)" <ji...@apache.org> on 2016/11/14 03:11:58 UTC

[jira] [Created] (RANGER-1217) ranger-kms, The acl configuration file is incorrect

Qiang Zhang created RANGER-1217:
-----------------------------------

             Summary: ranger-kms, The acl configuration file is incorrect
                 Key: RANGER-1217
                 URL: https://issues.apache.org/jira/browse/RANGER-1217
             Project: Ranger
          Issue Type: Bug
          Components: kms
    Affects Versions: 0.6.1
            Reporter: Qiang Zhang
            Assignee: Qiang Zhang
            Priority: Minor


currently,KMS_ACLS_XML = "dbks-site.xml".
we should change KMS_ACLS_XML = "kms-acls.xml".

therefore,in ranger-kms-plugin
we should add the following line in setup.sh,
    cp ${WEBAPP_ROOT}/mini-kms-acls-default.xml ${WEBAPP_ROOT}/WEB-INF/classes/conf/kms-acls.xml
when we execute the setup.sh command

Also, if I configure as follows in kms-site.xml,
  <property>
  	<name>hadoop.kms.security.authorization.manager</name>
	<value>org.apache.hadoop.crypto.key.kms.server.KMSACLs</value>
  </property>
,the regex of getting the Configuration item "key.acl.<KEY_NAME>.<OP_TYPE>" is incorrect,
we should add as follows in KMSConfiguration.java,
  public static final String KEY_ACL_PREFIX_REGEX = "^key\\.acl\\..+";
then change
   Map<String, String> allKeyACLS = conf.getValByRegex(Pattern.quote(KMSConfiguration.KEY_ACL_PREFIX));
to Map<String, String> allKeyACLS = conf.getValByRegex(KMSConfiguration.KEY_ACL_PREFIX_REGEX);



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)