Re: Review Request 73807: Support Ranger KMS integration with TencentKMS

Tue, 15 Feb 2022 23:54:00 -0800 


> On 二月 15, 2022, 12:15 p.m., Dhaval Shah wrote:
> > Hi Kirby Zhou,
> > 
> > Facing PMD Violation issue.
> > 
> > [INFO] PMD version: 6.29.0
> > [INFO] PMD Failure: org.apache.hadoop.crypto.key.RangerKeyStoreProvider:20 
> > Rule:UnusedImports Priority:4 Avoid unused imports such as 
> > 'com.microsoft.azure.keyvault.KeyVaultClient'.
> > [INFO] PMD Failure: org.apache.hadoop.crypto.key.RangerKeyStoreProvider:45 
> > Rule:UnusedImports Priority:4 Avoid unused imports such as 
> > 'org.apache.commons.lang.StringUtils'.
> > [INFO] PMD Failure: org.apache.hadoop.crypto.key.RangerKeyStoreProvider:55 
> > Rule:UnusedImports Priority:4 Avoid unused imports such as 
> > 'com.tencentcloudapi.kms.v20190118.KmsClient'.
> > [INFO] PMD Failure: org.apache.hadoop.crypto.key.RangerKeyStoreProvider:80 
> > Rule:UnusedPrivateField Priority:3 Avoid unused private fields such as 
> > 'AZURE_KEYVAULT_SSL_ENABLED'..
> > [INFO] PMD Failure: org.apache.hadoop.crypto.key.RangerKeyStoreProvider:81 
> > Rule:UnusedPrivateField Priority:3 Avoid unused private fields such as 
> > 'AZURE_CLIENT_ID'..
> > [INFO] PMD Failure: org.apache.hadoop.crypto.key.RangerKeyStoreProvider:84 
> > Rule:UnusedPrivateField Priority:3 Avoid unused private fields such as 
> > 'AZURE_KEYVAULT_CERTIFICATE_PATH'..
> > [INFO] PMD Failure: org.apache.hadoop.crypto.key.RangerKeyStoreProvider:85 
> > Rule:UnusedPrivateField Priority:3 Avoid unused private fields such as 
> > 'AZURE_KEYVAULT_CERTIFICATE_PASSWORD'..
> > 
> > 
> > Request ypu please upload the patch after successful build using command 
> > "mvn clean install"

% mvn clean install
...
[INFO] Reactor Summary for ranger 3.0.0-SNAPSHOT:
[INFO] 
[INFO] ranger ............................................. SUCCESS [  5.724 s]
...

[INFO] Apache Ranger Distribution ......................... SUCCESS [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  16:19 min
[INFO] Finished at: 2022-02-16T15:44:57+08:00
[INFO] ------------------------------------------------------------------------

is it OK?


- Kirby


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73807/#review224050
-----------------------------------------------------------


On 二月 15, 2022, 8:48 a.m., Kirby Zhou wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73807/
> -----------------------------------------------------------
> 
> (Updated 二月 15, 2022, 8:48 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
> Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul 
> Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3580
>     https://issues.apache.org/jira/browse/RANGER-3580
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Ranger KMS integration with TencentKMS
> - This task is to integrate the RANGER KMS Service with TencentKMS.
> - To Configure RANGER KMS Service with TencentKMS below configurations need 
> to be added in install.properties file bfore running the setup.sh
> 
> ```
> # Do you use Tencent Cloud KMS? 
> TENCENT_KMS_ENABLED=true 
> # MasterKeyID on Tencent Cloud
> TENCENT_MASTERKEY_ID=YourKeyID
> # Login ID
> TENCENT_CLIENT_ID=YourClientLoginId
> # Login password
> TENCENT_CLIENT_SECRET=YourClientLoginSecret
> # Tencent Cloud area, see Tencent Cloud SDK for details. 
> TENCENT_CLIENT_REGION=ap-beijing
> ```
> 
> Run the setup.sh, It will add the below configs in dbks-site.xml
> ```
>     <!--Tencent KMS START-->
>     <property>
>         <name>ranger.kms.tencentkms.enabled</name>
>         <value>false</value>
>         <description>Flag for Tencent KMS</description>
>     </property>
>     <property>
>         <name>ranger.kms.tencent.client.id</name>
>         <value></value>
>         <description>Tencent Client Id</description>
>     </property>
>     <property>
>         <name>ranger.kms.tencent.client.secret</name>
>         <value></value>
>         <description>Tencent Client Secret</description>
>     </property>
>     <property>
>         <name>ranger.kms.tencent.client.secret.alias</name>
>         <value>ranger.ks.tencent.client.secret</value>
>         <description>Tencent Client Secret Alias</description>
>     </property>
>     <property>
>         <name>ranger.kms.tencent.client.region</name>
>         <value>ap-beijing</value>
>         <description>Tencent Client Id</description>
>     </property>
>     <property>
>         <name>ranger.kms.tencent.masterkey.id</name>
>         <value></value>
>         <description>Tencent master key name</description>
>     </property>
>     <!--Tencent KMS END-->
> ```
> 
> Generally, we don't want the account bound by KMS to have the right to create 
> a Key in TencentKMS. So we have to create Master Key on TencentKMS web 
> console at first.
> Start the kms service, On start Master Key from TencentKMS should be used.
> 
> 
> Diffs
> -----
> 
>   distro/src/main/assembly/kms.xml 983a43e5938ecc6a02e918f587d7a8913678087e 
>   kms/config/kms-webapp/dbks-site.xml 
> 07de4d494b5d72609b47752109fc40a9e016f6ab 
>   kms/pom.xml 7a4f98df7a2244a2ae4158b32b047d77db01b0f2 
>   kms/scripts/install.properties 31143d3426565a338c308dc1a7ea8304f3f4e102 
>   kms/scripts/setup.sh 2051df59a8bb0be11ba7a54e547f78cf5a0dca36 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java
>  f96cbb7561b2c1a29b7f42c9fb3ed810b05b5054 
>   kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java 
> bacc928570283708daef7a2573707fddd7ca096e 
>   kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 
> 4324439ba66f9f0fb68d570f1964ed6caa8c07bd 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 
> 5234dc7422793b3b88dcc4574fafcf34556fa33f 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> 74c54a7a6f50878ce0f226d72a5e2c5554a0d4e5 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java
>  c661268c3c25362e428884a3bb34d88d827e7f31 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java 
> PRE-CREATION 
>   pom.xml 8a19c2de42f4ae7acff3ee9b2e399b870ef406f3 
> 
> 
> Diff: https://reviews.apache.org/r/73807/diff/7/
> 
> 
> Testing
> -------
> 
> + mvn clean compile test verify 
> + Fresh setup
> 
> 
> File Attachments
> ----------------
> 
> 0001-add-TencentKMS-as-MasterKeyProvider.patch
>   
> https://reviews.apache.org/media/uploaded/files/2022/01/19/c0ec963d-95f0-4e77-823d-b7de9d5d54e6__0001-add-TencentKMS-as-MasterKeyProvider.patch
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

Reply via email to