-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/7021/
-----------------------------------------------------------
(Updated Sept. 11, 2012, 4:56 p.m.)
Review request for Flume.
Changes
-------
updated naming in example (not code)
Description (updated)
-------
This patch makes configuration more like the interceptors. All key related
configuration is in sub properties.
Generating a key with a password seperate from the key store password:
keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
-keysize 128 -validity 9000 -keystore test.keystore \
-storetype jceks -storepass keyStorePassword
Generating a key with the password the same as the key store password:
keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \
-keystore src/test/resources/test.keystore -storetype jceks \
-storepass keyStorePassword
agent.channels.ch-0.encryption.keyAlias = key-0
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyProvider = key-provider-0
agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
/path/to/my.keystore
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
= /path/to/my.keystore.password
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0
Let's say you have aged key-0 out and new files should be encrypted with key-1:
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyProvider = key-provider-0
agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
/path/to/my.keystore
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
= /path/to/my.keystore.password
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
The same scenerio as above, however key-0 has it's own password:
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyProvider = key-provider-0
agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
/path/to/my.keystore
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
= /path/to/my.keystore.password
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys.key-0.passwordFile
= /path/to/key-0.password
This addresses bug FLUME-1563.
https://issues.apache.org/jira/browse/FLUME-1563
Diffs
-----
flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java
f2ccd3a
flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/EncryptionConfiguration.java
909d6bf
flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java
f814993
flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProviderFactory.java
fef0367
flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/EncryptionTestUtils.java
a157661
flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/TestFileChannelEncryption.java
5f3a23d
flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/TestJCEFileKeyProvider.java
519952e
Diff: https://reviews.apache.org/r/7021/diff/
Testing
-------
Unit tests pass and there is an additional unit test meant to test how
configuration properties would come in from the properties file.
Thanks,
Brock Noland
