kirby zhou created RANGER-3701:
----------------------------------
Summary: Establish plug-in system for KMS MasterKeyProvider
Key: RANGER-3701
URL: https://issues.apache.org/jira/browse/RANGER-3701
Project: Ranger
Issue Type: Improvement
Components: kms
Affects Versions: 3.0.0, 2.3.0
Reporter: kirby zhou
At present, RangerKMS has six different MasterKey Provider. Among them, three
types can access MK, and KMS can complete the encryption and decryption of
ZoneKey by itself, and three types can only entrust the encryption and
decryption of ZoneKey to MasterKey Provider.
Except the built-in JDBC-based RangerMasterKey class, other provider have more
or less introduced a large number of dependencies. This makes the dependence of
KMS quite complicated and confusing. In the future, these dependencies may
conflict. Therefore, it is necessary to refine MasterKey Provider into a
plug-in mechanism, similar to plugin shim of Ranger Admin.
A preliminary idea, we can define a MKProviderFactory interface which can
create instance of RangerKMSMKI from a URL. Then we use
ServiceLoader<MKProviderFactory> to create MK Provider at runtime. The
dependencies of actual MK Provider is hidden by plugin class loader.
URL schema can like "mkp-azure://conffile/keyprefix",
"mkp-jdbc://connectionstring", ...
At last we can unify the way of key import / export / migration CLI utilities.
Task Blocked on: https://issues.apache.org/jira/browse/RANGER-3682
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
