-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73807/
-----------------------------------------------------------
(Updated 一月 19, 2022, 3:09 a.m.)
Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad,
Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep
Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
Bugs: RANGER-3580
https://issues.apache.org/jira/browse/RANGER-3580
Repository: ranger
Description
-------
Ranger KMS integration with TencentKMS
- This task is to integrate the RANGER KMS Service with TencentKMS.
- To Configure RANGER KMS Service with TencentKMS below configurations need to
be added in install.properties file bfore running the setup.sh
```
# Do you use Tencent Cloud KMS?
TENCENT_KMS_ENABLED=true
# MasterKeyID on Tencent Cloud
TENCENT_MASTERKEY_ID=YourKeyID
# Login ID
TENCENT_CLIENT_ID=YourClientLoginId
# Login password
TENCENT_CLIENT_SECRET=YourClientLoginSecret
# Tencent Cloud area, see Tencent Cloud SDK for details.
TENCENT_CLIENT_REGION=ap-beijing
```
Run the setup.sh, It will add the below configs in dbks-site.xml
```
<!--Tencent KMS START-->
<property>
<name>ranger.kms.tencentkms.enabled</name>
<value>false</value>
<description>Flag for Tencent KMS</description>
</property>
<property>
<name>ranger.kms.tencent.client.id</name>
<value></value>
<description>Tencent Client Id</description>
</property>
<property>
<name>ranger.kms.tencent.client.secret</name>
<value></value>
<description>Tencent Client Secret</description>
</property>
<property>
<name>ranger.kms.tencent.client.secret.alias</name>
<value>ranger.ks.tencent.client.secret</value>
<description>Tencent Client Secret Alias</description>
</property>
<property>
<name>ranger.kms.tencent.client.region</name>
<value>ap-beijing</value>
<description>Tencent Client Id</description>
</property>
<property>
<name>ranger.kms.tencent.masterkey.id</name>
<value></value>
<description>Tencent master key name</description>
</property>
<!--Tencent KMS END-->
```
Generally, we don't want the account bound by KMS to have the right to create a
Key in TencentKMS. So we have to create Master Key on TencentKMS web console at
first.
Start the kms service, On start Master Key from TencentKMS should be used.
Diffs (updated)
-----
distro/src/main/assembly/kms.xml 32bbefa44e372f3abb41d60cd35aa0d706ca3100
kms/config/kms-webapp/dbks-site.xml 07de4d494b5d72609b47752109fc40a9e016f6ab
kms/pom.xml 908e8841a4a8c0627622d35486ffe2dac7bbdc61
kms/scripts/install.properties 31143d3426565a338c308dc1a7ea8304f3f4e102
kms/scripts/setup.sh 2051df59a8bb0be11ba7a54e547f78cf5a0dca36
kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java
19335893a4d875743fcf71b12124b1c40a4ee6e1
kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java
bacc928570283708daef7a2573707fddd7ca096e
kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java
4324439ba66f9f0fb68d570f1964ed6caa8c07bd
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
12d485a36423d1c25a3b59cc8436e0a40863a78f
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
bd85c0d364ad06691a0f5d8f19b5124189261db3
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java
d21d32320bbd32e4efbe83c701d11c94dc804765
kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java
PRE-CREATION
kms/src/main/resources/log4j.properties
5cd037a49c670a3a0eec9e85fdcafeeeabff1405
pom.xml c663937eba452321b4e2400cc6d3f528f74596de
Diff: https://reviews.apache.org/r/73807/diff/2/
Changes: https://reviews.apache.org/r/73807/diff/1-2/
Testing
-------
File Attachments (updated)
----------------
0001-add-TencentKMS-as-MasterKeyProvider.patch
https://reviews.apache.org/media/uploaded/files/2022/01/19/c0ec963d-95f0-4e77-823d-b7de9d5d54e6__0001-add-TencentKMS-as-MasterKeyProvider.patch
Thanks,
Kirby Zhou
