This is an automated email from the ASF dual-hosted git repository.
pifta pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 1bd11f25a2 HDDS-10605. Add a configuration option for compliance mode
(#6470)
1bd11f25a2 is described below
commit 1bd11f25a204374c94f1473765b4e339d8c6ea43
Author: Galsza <[email protected]>
AuthorDate: Mon Apr 15 22:28:47 2024 +0200
HDDS-10605. Add a configuration option for compliance mode (#6470)
---
.../src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java | 4 ++++
hadoop-hdds/common/src/main/resources/ozone-default.xml | 10 +++++++++-
.../src/main/java/org/apache/hadoop/hdds/conf/ConfigTag.java | 3 ++-
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
index c9a3a40852..56ec09c900 100644
---
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
@@ -682,6 +682,10 @@ public final class OzoneConfigKeys {
public static final String
OZONE_OM_NETWORK_TOPOLOGY_REFRESH_DURATION_DEFAULT = "1h";
+ public static final String OZONE_SECURITY_CRYPTO_COMPLIANCE_MODE =
+ "ozone.security.crypto.compliance.mode";
+ public static final String
OZONE_SECURITY_CRYPTO_COMPLIANCE_MODE_UNRESTRICTED = "unrestricted";
+
/**
* There is no need to instantiate this class.
diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml
b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index 876eb2ff2d..f6321dd48e 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -1931,7 +1931,15 @@
set, ozone.security.http.kerberos.enabled should be set to true.
</description>
</property>
-
+ <property>
+ <name>ozone.security.crypto.compliance.mode</name>
+ <value>none</value>
+ <tag>OZONE, SECURITY, HDDS, CRYPTO_COMPLIANCE</tag>
+ <description>Based on this property the security compliance mode
+ is loaded and enables filtering cryptographic configuration options
+ according to the specified compliance mode.
+ </description>
+ </property>
<property>
<name>ozone.client.read.timeout</name>
diff --git
a/hadoop-hdds/config/src/main/java/org/apache/hadoop/hdds/conf/ConfigTag.java
b/hadoop-hdds/config/src/main/java/org/apache/hadoop/hdds/conf/ConfigTag.java
index 24feb69389..15a4dde021 100644
---
a/hadoop-hdds/config/src/main/java/org/apache/hadoop/hdds/conf/ConfigTag.java
+++
b/hadoop-hdds/config/src/main/java/org/apache/hadoop/hdds/conf/ConfigTag.java
@@ -52,5 +52,6 @@ public enum ConfigTag {
TLS,
TOKEN,
UPGRADE,
- X509
+ X509,
+ CRYPTO_COMPLIANCE
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
