[
https://issues.apache.org/jira/browse/RANGER-1217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Qiang Zhang updated RANGER-1217:
--------------------------------
Description:
currently,KMS_ACLS_XML = "dbks-site.xml".
we should change KMS_ACLS_XML = "kms-acls.xml".
therefore,in ranger-kms-plugin
we should add the following line in setup.sh,
||cp ${WEBAPP_ROOT}/mini-kms-acls-default.xml
${WEBAPP_ROOT}/WEB-INF/classes/conf/kms-acls.xml||
when we execute the setup.sh command
Also, if I configure as follows in kms-site.xml,
||<property>
<name>hadoop.kms.security.authorization.manager</name>
<value>org.apache.hadoop.crypto.key.kms.server.KMSACLs</value>
</property>||
,the regex of getting the Configuration item "key.acl.<KEY_NAME>.<OP_TYPE>" is
incorrect,
we should add as follows in KMSConfiguration.java,
||public static final String KEY_ACL_PREFIX_REGEX = "^key\\.acl\\..+";||
then change
||Map<String, String> allKeyACLS =
conf.getValByRegex(Pattern.quote(KMSConfiguration.KEY_ACL_PREFIX));||
to
||Map<String, String> allKeyACLS =
conf.getValByRegex(KMSConfiguration.KEY_ACL_PREFIX_REGEX);||
in KMSACLs.java
was:
currently,KMS_ACLS_XML = "dbks-site.xml".
we should change KMS_ACLS_XML = "kms-acls.xml".
therefore,in ranger-kms-plugin
we should add the following line in setup.sh,
||cp ${WEBAPP_ROOT}/mini-kms-acls-default.xml
${WEBAPP_ROOT}/WEB-INF/classes/conf/kms-acls.xml||
when we execute the setup.sh command
Also, if I configure as follows in kms-site.xml,
||<property>
<name>hadoop.kms.security.authorization.manager</name>
<value>org.apache.hadoop.crypto.key.kms.server.KMSACLs</value>
</property>||
,the regex of getting the Configuration item "key.acl.<KEY_NAME>.<OP_TYPE>" is
incorrect,
we should add as follows in KMSConfiguration.java,
||public static final String KEY_ACL_PREFIX_REGEX = "^key\\.acl\\..+";||
then change
||Map<String, String> allKeyACLS =
conf.getValByRegex(Pattern.quote(KMSConfiguration.KEY_ACL_PREFIX));||
to
||Map<String, String> allKeyACLS =
conf.getValByRegex(KMSConfiguration.KEY_ACL_PREFIX_REGEX);||
> ranger-kms, The acl configuration file is incorrect
> ---------------------------------------------------
>
> Key: RANGER-1217
> URL: https://issues.apache.org/jira/browse/RANGER-1217
> Project: Ranger
> Issue Type: Bug
> Components: kms
> Affects Versions: 0.6.1
> Reporter: Qiang Zhang
> Assignee: Qiang Zhang
> Priority: Minor
> Labels: patch
> Attachments: 0001-RANGER-1217-setup.sh.patch
>
>
> currently,KMS_ACLS_XML = "dbks-site.xml".
> we should change KMS_ACLS_XML = "kms-acls.xml".
> therefore,in ranger-kms-plugin
> we should add the following line in setup.sh,
> ||cp ${WEBAPP_ROOT}/mini-kms-acls-default.xml
> ${WEBAPP_ROOT}/WEB-INF/classes/conf/kms-acls.xml||
> when we execute the setup.sh command
> Also, if I configure as follows in kms-site.xml,
> ||<property>
> <name>hadoop.kms.security.authorization.manager</name>
> <value>org.apache.hadoop.crypto.key.kms.server.KMSACLs</value>
> </property>||
> ,the regex of getting the Configuration item "key.acl.<KEY_NAME>.<OP_TYPE>"
> is incorrect,
> we should add as follows in KMSConfiguration.java,
> ||public static final String KEY_ACL_PREFIX_REGEX = "^key\\.acl\\..+";||
> then change
> ||Map<String, String> allKeyACLS =
> conf.getValByRegex(Pattern.quote(KMSConfiguration.KEY_ACL_PREFIX));||
> to
> ||Map<String, String> allKeyACLS =
> conf.getValByRegex(KMSConfiguration.KEY_ACL_PREFIX_REGEX);||
> in KMSACLs.java
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
