Re: Review Request: FLUME-1563: FileChannel Encryption KeyProvider configuration properties should be more consistent

Mike Percy Wed, 12 Sep 2012 10:27:28 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/7021/#review11411
-----------------------------------------------------------



Looks good, except for one issue that was previously there. Please see below.


flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProviderFactory.java
<https://reviews.apache.org/r/7021/#comment24452>

    I think this should read KeyProvider.Builder.class.isAssignableFrom(c)


- Mike Percy


On Sept. 11, 2012, 4:56 p.m., Brock Noland wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/7021/
> -----------------------------------------------------------
> 
> (Updated Sept. 11, 2012, 4:56 p.m.)
> 
> 
> Review request for Flume.
> 
> 
> Description
> -------
> 
> This patch makes configuration more like the interceptors. All key related 
> configuration is in sub properties.
> 
> Generating a key with a password seperate from the key store password:
> 
>     keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
>       -keysize 128 -validity 9000 -keystore test.keystore \
>       -storetype jceks -storepass keyStorePassword
> 
> Generating a key with the password the same as the key store password:      
> 
>     keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \
>       -keystore src/test/resources/test.keystore -storetype jceks \
>       -storepass keyStorePassword
>       
> 
> agent.channels.ch-0.encryption.keyAlias = key-0
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = 
> /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
>  = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0
> 
> Let's say you have aged key-0 out and new files should be encrypted with 
> key-1:
> 
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = 
> /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
>  = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> 
> The same scenerio as above, however key-0 has it's own password:
> 
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = 
> /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
>  = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys.key-0.passwordFile
>  = /path/to/key-0.password
> 
> 
> This addresses bug FLUME-1563.
>     https://issues.apache.org/jira/browse/FLUME-1563
> 
> 
> Diffs
> -----
> 
>   
> flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java
>  f2ccd3a 
>   
> flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/EncryptionConfiguration.java
>  909d6bf 
>   
> flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java
>  f814993 
>   
> flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProviderFactory.java
>  fef0367 
>   
> flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/EncryptionTestUtils.java
>  a157661 
>   
> flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/TestFileChannelEncryption.java
>  5f3a23d 
>   
> flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/TestJCEFileKeyProvider.java
>  519952e 
> 
> Diff: https://reviews.apache.org/r/7021/diff/
> 
> 
> Testing
> -------
> 
> Unit tests pass and there is an additional unit test meant to test how 
> configuration properties would come in from the properties file.
> 
> 
> Thanks,
> 
> Brock Noland
> 
>

Re: Review Request: FLUME-1563: FileChannel Encryption KeyProvider configuration properties should be more consistent

Reply via email to