----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/7021/#review11413 -----------------------------------------------------------
Ship it! Ship It! - Mike Percy On Sept. 12, 2012, 5:37 p.m., Brock Noland wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/7021/ > ----------------------------------------------------------- > > (Updated Sept. 12, 2012, 5:37 p.m.) > > > Review request for Flume. > > > Description > ------- > > This patch makes configuration more like the interceptors. All key related > configuration is in sub properties. > > Generating a key with a password seperate from the key store password: > > keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \ > -keysize 128 -validity 9000 -keystore test.keystore \ > -storetype jceks -storepass keyStorePassword > > Generating a key with the password the same as the key store password: > > keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \ > -keystore src/test/resources/test.keystore -storetype jceks \ > -storepass keyStorePassword > > > agent.channels.ch-0.encryption.keyAlias = key-0 > agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING > agent.channels.ch-0.encryption.keyProvider = key-provider-0 > agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = > /path/to/my.keystore > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile > = /path/to/my.keystore.password > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 > > Let's say you have aged key-0 out and new files should be encrypted with > key-1: > > agent.channels.ch-0.encryption.keyAlias = key-1 > agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING > agent.channels.ch-0.encryption.keyProvider = key-provider-0 > agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = > /path/to/my.keystore > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile > = /path/to/my.keystore.password > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1 > > The same scenerio as above, however key-0 has it's own password: > > agent.channels.ch-0.encryption.keyAlias = key-1 > agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING > agent.channels.ch-0.encryption.keyProvider = key-provider-0 > agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = > /path/to/my.keystore > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile > = /path/to/my.keystore.password > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1 > agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys.key-0.passwordFile > = /path/to/key-0.password > > > This addresses bug FLUME-1563. > https://issues.apache.org/jira/browse/FLUME-1563 > > > Diffs > ----- > > > flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java > f2ccd3a > > flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/EncryptionConfiguration.java > 909d6bf > > flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java > f814993 > > flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProviderFactory.java > fef0367 > > flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/EncryptionTestUtils.java > a157661 > > flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/TestFileChannelEncryption.java > 5f3a23d > > flume-ng-channels/flume-file-channel/src/test/java/org/apache/flume/channel/file/encryption/TestJCEFileKeyProvider.java > 519952e > > Diff: https://reviews.apache.org/r/7021/diff/ > > > Testing > ------- > > Unit tests pass and there is an additional unit test meant to test how > configuration properties would come in from the properties file. > > > Thanks, > > Brock Noland > >
