----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71713/#review218498 -----------------------------------------------------------
Ship it! Ship It! - Gautam Borad On Nov. 5, 2019, 6:53 a.m., Fatima Khan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71713/ > ----------------------------------------------------------- > > (Updated Nov. 5, 2019, 6:53 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, > Mehul Parikh, Nikhil P, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan > Periasamy. > > > Bugs: RANGER-2616 > https://issues.apache.org/jira/browse/RANGER-2616 > > > Repository: ranger > > > Description > ------- > > Currently when an encryption zone (EZ) key is rotated, it only takes effect > on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key > rotation, for improved security. > > > Diffs > ----- > > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java > 854c831 > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java 04cc984 > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java > 56d25d2 > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java > cdca8e1 > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJSONReader.java > 2b85276 > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java > 24af81b > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java > 501ee30 > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java > bd35a6b > kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java > 04daeee > > > Diff: https://reviews.apache.org/r/71713/diff/1/ > > > Testing > ------- > > Tested the CRUD operations related to keys and re-encrypt EDEKs after the EZ > key rotation works fine. > > > Thanks, > > Fatima Khan > >
