Review Request 44757: Add support for Hardware Security Modules (HSM) to Ranger

Tue, 15 Mar 2016 08:30:30 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44757/
-----------------------------------------------------------

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Velmurugan Periasamy.


Bugs: RANGER-868
    https://issues.apache.org/jira/browse/RANGER-868


Repository: ranger


Description
-------

** Problem Statement **
1. Ranger KMS needs to have a option of saving Master Key in HSM.
2. Ranger KMS need to support HSM HA.
3. Ranger KMS needs to have functionality of migrating Master Key to HSM from 
Ranger KMS DB and vice versa.

** Proposed Solution **
1. To give option to Store Ranger KMS Master Key to either DB/HSM.
2. Create a new Provider in Ranger KMS to support HSM.
3. Develop Migration script for migrating Ranger KMS Master Key from HSM to 
Ranger KMS DB and vice versa.


Diffs
-----

  kms/config/kms-webapp/dbks-site.xml edaff93 
  kms/scripts/DBMK2HSM.sh PRE-CREATION 
  kms/scripts/HSMMK2DB.sh PRE-CREATION 
  kms/scripts/install.properties cf5dd92 
  kms/scripts/setup.sh 0a825c7 
  kms/src/main/java/org/apache/hadoop/crypto/key/DB2HSMMKUtil.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/HSM2DBMKUtil.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
23547a7 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 75a34b2 
  src/main/assembly/kms.xml e267687 

Diff: https://reviews.apache.org/r/44757/diff/


Testing
-------

** Testing Done **
1. Tested Ranger KMS with HSM enabled as well as disabled.
2. Tested Ranger KMS with HSM in secure environment.
3. Tested Ranger KMS in HSM HA mode.
4. Tested migration script for migrating Master Key from Ranger KMS DB to HSM.
5. Tested migration script for migrating Master Key from HSM to Ranger KMS DB.
6. Tested for all the Key operations (create, delete, rollover and list) 
through UI, CURL and hadoop command.
7. Tested for Zone operations related operation.
8. Tested for Copying file from one Zone to another.


Thanks,

Ankita Sinha

Reply via email to