vikaskr22 opened a new pull request, #902:
URL: https://github.com/apache/ranger/pull/902
## What changes were proposed in this pull request?
For KMS ZoneKey, this PR makes the key length to be 256 by default.
It still respects the user provided keyLength, like 128, 192 . But if user
doesn't provide any input, it will default to 256. On KeyAdmin create key UI,
256 will be rendered as default keyLength.
Also, 0 is a valid keyLength. It means, user wants to use the Encryption
algorithm's default keySize. And this depends on the underlying
SecurityProvider.
**Note:** If user creates key using `hadoop key create` cli command, then
by default it gets the keyLength from their core-site.xml file and it is 128
there. Also 128 is defined as the default value there. So in this case, Ranger
receives request with keyLength as 128 and it will create the key of 128 length
only.
To avoid this, users can update the following prop in Hadoop's
`core-site.xml `:
```
Key : hadoop.security.key.default.bitlength
Value : 256
```
## How was this patch tested?
- mvn build
- UTs
- Tested following cases on internal cluster:
ZoneKey creation from keyAdmin UI with empty keyLength, 0 keyLength,
user provided keyLength.
ZoneKey creation using RangerAdmin Rest API
ZoneKey creation using KMS Rest endpoint directly.
Hadoop cli command
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
