Re: Review Request 73783: RANGER-3569 : Support Ranger KMS integration with Google cloud HSM

Tue, 04 Jan 2022 03:20:46 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73783/
-----------------------------------------------------------

(Updated Jan. 4, 2022, 11:20 a.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep 
Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.


Bugs: RANGER-3569
    https://issues.apache.org/jira/browse/RANGER-3569


Repository: ranger


Description
-------

Ranger KMS integration with Google cloud HSM
- This task is to integrate the RANGER KMS Service with Google Cloud HSM.
- To Configure RANGER KMS Service with Google Cloud HSM below configurations 
need to be added in install.properties file bfore running the setup.sh

IS_GCP_ENABLED=true
GCP_KEYRING_ID=YourKeyRingId
GCP_CRED_JSON_FILE=/full/path/to/downloadedCredfile.json
GCP_PROJECT_ID=YourProjectId
GCP_LOCATION_ID=LocationId
GCP_MASTER_KEY_NAME=MyMasterKeyNameChangeIt

- Run the setup.sh, It will add the below configs in dbks-site.xml

<property>
                <name>ranger.kms.gcp.enabled</name>
                <value>false</value>
                <description></description>
        </property>
        <property>
                <name>ranger.kms.gcp.keyring.id</name>
                <value></value>
                <description></description>
        </property>
        <property>
                <name>ranger.kms.gcp.cred.file</name>
                <value></value>
                <description></description>
        </property>
        <property>
                <name>ranger.kms.gcp.project.id</name>
                <value></value>
                <description></description>
        </property>
        <property>
                <name>ranger.kms.gcp.location.id</name>
                <value></value>
                <description></description>
        </property>
        <property>
                <name>ranger.kms.gcp.masterkey.name</name>
                <value></value>
                <description></description>
        </property>

- Start the kms service, On start Master Key should be created in Google Cloud 
HSM.


Diffs (updated)
-----

  distro/src/main/assembly/kms.xml aacdcf103 
  kms/config/kms-webapp/dbks-site.xml 75f21c80e 
  kms/pom.xml b940e75c0 
  kms/scripts/MigrateMKeyStorageDbToGCP.sh PRE-CREATION 
  kms/scripts/install.properties 4cf79080f 
  kms/scripts/setup.sh 60c026b80 
  kms/src/main/java/org/apache/hadoop/crypto/key/MigrateDBMKeyToGCP.java 
PRE-CREATION 
  
kms/src/main/java/org/apache/hadoop/crypto/key/RangerGoogleCloudHSMProvider.java
 PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java 75e70fffa 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java b9e7cb2fd 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
db8fa69e0 
  
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java 
854d7f0b6 
  kms/src/main/resources/META-INF/context.xml PRE-CREATION 
  pom.xml 5c621a5b4 


Diff: https://reviews.apache.org/r/73783/diff/2/

Changes: https://reviews.apache.org/r/73783/diff/1-2/


Testing
-------

Build Succeeded - mvn clean compile test verify install
Testing : Verified fresh and upgrade scenarios.


Thanks,

Mateen Mansoori

Reply via email to