[
https://issues.apache.org/jira/browse/RANGER-3682?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17512200#comment-17512200
]
kirby zhou commented on RANGER-3682:
------------------------------------
Patch here: [https://reviews.apache.org/r/73912/]
> Unify the ways that rangerkeystore to encapsulate zonekey
> ---------------------------------------------------------
>
> Key: RANGER-3682
> URL: https://issues.apache.org/jira/browse/RANGER-3682
> Project: Ranger
> Issue Type: Improvement
> Components: kms
> Affects Versions: 3.0.0, 2.3.0
> Reporter: kirby zhou
> Priority: Major
>
> Unify the ways that rangerkeystore to encapsulate zonekey
> Now we have 2 styles of MasterKeyProvider:
> # RangerMasterKey, RangerHSM, RangerSafenetKeySecure
> # RangerAzureKeyVaultKeyGenerator, RangerGoogleCloudHSMProvider,
> RangerTencentKMSProvider
> Style 1 can get out master key string from provider, Style 2 can not.
> In old, I add a flag KeyVaultEnabled to distinguish them.
> KeyVaultEnabled=false means style1, true means style2
> RangerKeyStore with style1 use SecretKeyEntry with SealedObject to store a
> key and do encryption / decryption by itself.
> RangerKeyStore with style2 use SecretKeyByteEntry to store a key and let MK
> provider to encryption / decryption.
> These are ugly and hard to maintain. I refactor it by removing
> SecretKeyEntry, and let providers of style1 do encryption / decryption.
> Add a common base class of RangerMasterKey, RangerHSM andd
> RangerSafenetKeySecure, named AbstractRangerMasterKey. It provides the common
> logic of encryptZoneKey and decryptZoneKey.
> And, there is no unified method to initialize a master key provider.
> Duplicate code is distributed in RangerKeyStoreProvider and a bunch of CLI
> classes.
> I made a new RangerKMSMKIFactory class to unify it.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
