Re: Review Request 73807: Support Ranger KMS integration with TencentKMS

Wed, 19 Jan 2022 02:40:43 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73807/
-----------------------------------------------------------

(Updated 一月 19, 2022, 10:40 a.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep 
Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.


Changes
-------

switch-from-log4j-to-slf4j


Bugs: RANGER-3580
    https://issues.apache.org/jira/browse/RANGER-3580


Repository: ranger


Description
-------

Ranger KMS integration with TencentKMS
- This task is to integrate the RANGER KMS Service with TencentKMS.
- To Configure RANGER KMS Service with TencentKMS below configurations need to 
be added in install.properties file bfore running the setup.sh

```
# Do you use Tencent Cloud KMS? 
TENCENT_KMS_ENABLED=true 
# MasterKeyID on Tencent Cloud
TENCENT_MASTERKEY_ID=YourKeyID
# Login ID
TENCENT_CLIENT_ID=YourClientLoginId
# Login password
TENCENT_CLIENT_SECRET=YourClientLoginSecret
# Tencent Cloud area, see Tencent Cloud SDK for details. 
TENCENT_CLIENT_REGION=ap-beijing
```

Run the setup.sh, It will add the below configs in dbks-site.xml
```
    <!--Tencent KMS START-->
    <property>
        <name>ranger.kms.tencentkms.enabled</name>
        <value>false</value>
        <description>Flag for Tencent KMS</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.id</name>
        <value></value>
        <description>Tencent Client Id</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.secret</name>
        <value></value>
        <description>Tencent Client Secret</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.secret.alias</name>
        <value>ranger.ks.tencent.client.secret</value>
        <description>Tencent Client Secret Alias</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.region</name>
        <value>ap-beijing</value>
        <description>Tencent Client Id</description>
    </property>
    <property>
        <name>ranger.kms.tencent.masterkey.id</name>
        <value></value>
        <description>Tencent master key name</description>
    </property>
    <!--Tencent KMS END-->
```

Generally, we don't want the account bound by KMS to have the right to create a 
Key in TencentKMS. So we have to create Master Key on TencentKMS web console at 
first.
Start the kms service, On start Master Key from TencentKMS should be used.


Diffs
-----

  distro/src/main/assembly/kms.xml 32bbefa44e372f3abb41d60cd35aa0d706ca3100 
  kms/config/kms-webapp/dbks-site.xml 07de4d494b5d72609b47752109fc40a9e016f6ab 
  kms/pom.xml 8350403c76cd3f5a6d80e263f54b766dcf6e62e4 
  kms/scripts/install.properties 31143d3426565a338c308dc1a7ea8304f3f4e102 
  kms/scripts/setup.sh 2051df59a8bb0be11ba7a54e547f78cf5a0dca36 
  
kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java
 f96cbb7561b2c1a29b7f42c9fb3ed810b05b5054 
  kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java 
bacc928570283708daef7a2573707fddd7ca096e 
  kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 
4324439ba66f9f0fb68d570f1964ed6caa8c07bd 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 
5234dc7422793b3b88dcc4574fafcf34556fa33f 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
74c54a7a6f50878ce0f226d72a5e2c5554a0d4e5 
  
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java 
c661268c3c25362e428884a3bb34d88d827e7f31 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java 
PRE-CREATION 
  pom.xml 13f9bfdc5a88ffdf8d3502605831059fbb9ad4cc 


Diff: https://reviews.apache.org/r/73807/diff/3/


Testing
-------

+ mvn clean compile test verify 
+ Fresh setup


File Attachments (updated)
----------------

0001-add-TencentKMS-as-MasterKeyProvider.patch
  
https://reviews.apache.org/media/uploaded/files/2022/01/19/c0ec963d-95f0-4e77-823d-b7de9d5d54e6__0001-add-TencentKMS-as-MasterKeyProvider.patch
0002-switch-from-log4j-to-slf4j.patch
  
https://reviews.apache.org/media/uploaded/files/2022/01/19/2f5c0202-c13f-420e-926a-61728f8b041e__0002-switch-from-log4j-to-slf4j.patch


Thanks,

Kirby Zhou

Reply via email to