Re: Review Request 44757: Add support for Hardware Security Modules (HSM) to Ranger

Velmurugan Periasamy Wed, 13 Apr 2016 10:00:22 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44757/#review128702
-----------------------------------------------------------



Ship it!




Ship It!

- Velmurugan Periasamy


On April 13, 2016, 2:16 p.m., Ankita Sinha wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44757/
> -----------------------------------------------------------
> 
> (Updated April 13, 2016, 2:16 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-868
>     https://issues.apache.org/jira/browse/RANGER-868
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> ** Problem Statement **
> 1. Ranger KMS needs to have a option of saving Master Key in HSM.
> 2. Ranger KMS need to support HSM HA.
> 3. Ranger KMS needs to have functionality of migrating Master Key to HSM from 
> Ranger KMS DB and vice versa.
> 
> ** Proposed Solution **
> 1. To give option to Store Ranger KMS Master Key to either DB/HSM.
> 2. Create a new Provider in Ranger KMS to support HSM.
> 3. Develop Migration script for migrating Ranger KMS Master Key from HSM to 
> Ranger KMS DB and vice versa.
> 
> 
> Diffs
> -----
> 
>   kms/config/kms-webapp/dbks-site.xml edaff93 
>   kms/scripts/DBMK2HSM.sh PRE-CREATION 
>   kms/scripts/HSMMK2DB.sh PRE-CREATION 
>   kms/scripts/install.properties d30b28c 
>   kms/scripts/setup.sh 64abcc7 
>   kms/src/main/java/org/apache/hadoop/crypto/key/DB2HSMMKUtil.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/HSM2DBMKUtil.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> a9e43fc 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 75a34b2 
>   src/main/assembly/kms.xml e267687 
> 
> Diff: https://reviews.apache.org/r/44757/diff/
> 
> 
> Testing
> -------
> 
> ** Testing Done **
> 1. Tested Ranger KMS with HSM enabled as well as disabled.
> 2. Tested Ranger KMS with HSM in secure environment.
> 3. Tested Ranger KMS in HSM HA mode.
> 4. Tested migration script for migrating Master Key from Ranger KMS DB to HSM.
> 5. Tested migration script for migrating Master Key from HSM to Ranger KMS DB.
> 6. Tested for all the Key operations (create, delete, rollover and list) 
> through UI, CURL and hadoop command.
> 7. Tested for Zone operations related operation.
> 8. Tested for Copying file from one Zone to another.
> 
> 
> Thanks,
> 
> Ankita Sinha
> 
>

Re: Review Request 44757: Add support for Hardware Security Modules (HSM) to Ranger

Reply via email to