Re: Review Request 73807: Support Ranger KMS integration with TencentKMS

Kirby Zhou Wed, 19 Jan 2022 19:29:14 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73807/
-----------------------------------------------------------


(Updated 一月 20, 2022, 3:29 a.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep 
Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.


Changes
-------

simplify code and fix typo


Bugs: RANGER-3580
    https://issues.apache.org/jira/browse/RANGER-3580


Repository: ranger


Description
-------

Ranger KMS integration with TencentKMS
- This task is to integrate the RANGER KMS Service with TencentKMS.
- To Configure RANGER KMS Service with TencentKMS below configurations need to 
be added in install.properties file bfore running the setup.sh

```
# Do you use Tencent Cloud KMS? 
TENCENT_KMS_ENABLED=true 
# MasterKeyID on Tencent Cloud
TENCENT_MASTERKEY_ID=YourKeyID
# Login ID
TENCENT_CLIENT_ID=YourClientLoginId
# Login password
TENCENT_CLIENT_SECRET=YourClientLoginSecret
# Tencent Cloud area, see Tencent Cloud SDK for details. 
TENCENT_CLIENT_REGION=ap-beijing
```

Run the setup.sh, It will add the below configs in dbks-site.xml
```
    <!--Tencent KMS START-->
    <property>
        <name>ranger.kms.tencentkms.enabled</name>
        <value>false</value>
        <description>Flag for Tencent KMS</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.id</name>
        <value></value>
        <description>Tencent Client Id</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.secret</name>
        <value></value>
        <description>Tencent Client Secret</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.secret.alias</name>
        <value>ranger.ks.tencent.client.secret</value>
        <description>Tencent Client Secret Alias</description>
    </property>
    <property>
        <name>ranger.kms.tencent.client.region</name>
        <value>ap-beijing</value>
        <description>Tencent Client Id</description>
    </property>
    <property>
        <name>ranger.kms.tencent.masterkey.id</name>
        <value></value>
        <description>Tencent master key name</description>
    </property>
    <!--Tencent KMS END-->
```

Generally, we don't want the account bound by KMS to have the right to create a 
Key in TencentKMS. So we have to create Master Key on TencentKMS web console at 
first.
Start the kms service, On start Master Key from TencentKMS should be used.


Diffs (updated)
-----

  distro/src/main/assembly/kms.xml 32bbefa44e372f3abb41d60cd35aa0d706ca3100 
  kms/config/kms-webapp/dbks-site.xml 07de4d494b5d72609b47752109fc40a9e016f6ab 
  kms/pom.xml 8350403c76cd3f5a6d80e263f54b766dcf6e62e4 
  kms/scripts/install.properties 31143d3426565a338c308dc1a7ea8304f3f4e102 
  kms/scripts/setup.sh 2051df59a8bb0be11ba7a54e547f78cf5a0dca36 
  
kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java
 f96cbb7561b2c1a29b7f42c9fb3ed810b05b5054 
  kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java 
bacc928570283708daef7a2573707fddd7ca096e 
  kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 
4324439ba66f9f0fb68d570f1964ed6caa8c07bd 
  
kms/src/main/java/org/apache/hadoop/crypto/key/RangerGoogleCloudHSMProvider.java
 666a8c38faa157a79c3c3e3dd00050978b7681da 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 
5234dc7422793b3b88dcc4574fafcf34556fa33f 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
74c54a7a6f50878ce0f226d72a5e2c5554a0d4e5 
  
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java 
c661268c3c25362e428884a3bb34d88d827e7f31 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java 
PRE-CREATION 
  pom.xml 13f9bfdc5a88ffdf8d3502605831059fbb9ad4cc 


Diff: https://reviews.apache.org/r/73807/diff/4/

Changes: https://reviews.apache.org/r/73807/diff/3-4/


Testing
-------

+ mvn clean compile test verify 
+ Fresh setup


File Attachments (updated)
----------------

0001-add-TencentKMS-as-MasterKeyProvider.patch
  
https://reviews.apache.org/media/uploaded/files/2022/01/19/c0ec963d-95f0-4e77-823d-b7de9d5d54e6__0001-add-TencentKMS-as-MasterKeyProvider.patch


Thanks,

Kirby Zhou

Re: Review Request 73807: Support Ranger KMS integration with TencentKMS

Reply via email to