----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71176/#review216999 -----------------------------------------------------------
pom.xml Lines 198 (patched) <https://reviews.apache.org/r/71176/#comment304237> Make sure these new dependencies are added to LICENSE and NOTICE as required kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java Lines 92 (patched) <https://reviews.apache.org/r/71176/#comment304388> Would it be cleaner to isolate this to a separate class? kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java Lines 76 (patched) <https://reviews.apache.org/r/71176/#comment304389> Would it be better to isolate this to a separate class? I see similar approach is done for other HSM as well, but it might become challenging to maintain as more integrations keep being added. - Velmurugan Periasamy On Aug. 1, 2019, 12:57 p.m., Dhaval Shah wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71176/ > ----------------------------------------------------------- > > (Updated Aug. 1, 2019, 12:57 p.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, > Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, > Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-2497 > https://issues.apache.org/jira/browse/RANGER-2497 > > > Repository: ranger > > > Description > ------- > > User story: As a security admin, I want to escrow and manage master > encryption keys for securing my Hadoop cluster EZs in Ranger KMS service with > Azure Key Vault service. > > For Microsoft Azure Key Vault overview refer to: > https://docs.microsoft.com/en-us/azure/key-vault/ > For REST API guide refer to: > https://docs.microsoft.com/en-us/rest/api/keyvault/ > > Acceptance Criteria: > > 1.) Ranger KMS has ability to configure AKV service to be used for master key > offload > 2.) Ranger KMS provides ability to provide key management functions (create > keys, manage keys, retrieve keys, rollover) using AKV > > > Diffs > ----- > > kms/config/kms-webapp/dbks-site.xml 05a1a13 > kms/pom.xml df46496 > kms/scripts/DBMKTOAZUREKEYVAULT.sh PRE-CREATION > kms/scripts/install.properties 798dd8c > kms/scripts/setup.sh c430ef9 > > kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 5e394de > kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java f542364 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 86f1a29 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > b280cbf > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java > PRE-CREATION > pom.xml 7cf134c > src/main/assembly/kms.xml 468bede > > > Diff: https://reviews.apache.org/r/71176/diff/2/ > > > Testing > ------- > > 1.) Fresh installation of Ranger KMS with Azure Key Vault. > 2.) Export / Import of zone keys from / to keystore file. > 3.) Migration of Ranger KMS DB to Azure Key Vault. > > > Thanks, > > Dhaval Shah > >
