Re: Review Request 69984: RANGER-2331 : Ranger-KMS - KeySecure HSM Integration

Mon, 25 Feb 2019 04:59:43 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69984/
-----------------------------------------------------------

(Updated Feb. 25, 2019, 12:59 p.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
-------

Fix the review comment for same patch against ranger-0.7 branch 
(https://reviews.apache.org/r/69985)


Bugs: RANGER-2331
    https://issues.apache.org/jira/browse/RANGER-2331


Repository: ranger


Description
-------

User story: As a security admin, I want to manage encryption keys for securing 
my Hadoop cluster files in Ranger KMS service with Safenet KeySecure crypto 
platform.

For Safenet KeySecure overview refer to: 
https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/

Acceptance Criteria:

1) Ranger KMS has ability to configure Safenet KeySecure platform to be used 
for key offload

2) Ranger KMS provides ability to provide key management functions (create 
keys, manage keys, retrieve keys, rollover) using Safenet KeySecure platform

3) Ranger KMS UI panel on Ambari can be used to configure Safenet KeySecure 
platform


Diffs (updated)
-----

  kms/config/kms-webapp/dbks-site.xml ec649a7 
  kms/scripts/DBMKTOKEYSECURE.sh PRE-CREATION 
  kms/scripts/KEYSECUREMKTOKMSDB.sh PRE-CREATION 
  kms/scripts/install.properties aea0bb8 
  kms/scripts/setup.sh c695e74 
  kms/src/main/java/org/apache/hadoop/crypto/key/DBToKeySecure.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java dd4408f 
  kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 4f337bb 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
88a545e 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java eb4f75a 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 
PRE-CREATION 
  src/main/assembly/kms.xml 3adc55c 


Diff: https://reviews.apache.org/r/69984/diff/2/

Changes: https://reviews.apache.org/r/69984/diff/1-2/


Testing
-------

Verified below scenario:

1) Fresh Installation Of Ranger KMS with Safenet Key Secure (NAE-XML Protocol)
2) DB to Key Secure (NAE-XML) master key Migration utility
3) Key Secure (NAE-XML) to DB master key Migration utility


Thanks,

Gautam Borad

Reply via email to