-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53751/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Ramesh Mani, and Velmurugan
Periasamy.
Bugs: RANGER-1217
https://issues.apache.org/jira/browse/RANGER-1217
Repository: ranger
Description
-------
currently,KMS_ACLS_XML = "dbks-site.xml".
we should change KMS_ACLS_XML = "kms-acls.xml".
therefore,in ranger-kms-plugin
we should add the following line in setup.sh,
cp ${WEBAPP_ROOT}/mini-kms-acls-default.xml
${WEBAPP_ROOT}/WEB-INF/classes/conf/kms-acls.xml
when we execute the setup.sh command
Also, if I configure as follows in kms-site.xml,
<property>
<name>hadoop.kms.security.authorization.manager</name>
<value>org.apache.hadoop.crypto.key.kms.server.KMSACLs</value>
</property>
,the regex of getting the Configuration item "key.acl.<KEY_NAME>.<OP_TYPE>" is
incorrect,
we should add as follows in KMSConfiguration.java,
public static final String KEY_ACL_PREFIX_REGEX = "^key\\.acl\\..+";
then change
Map<String, String> allKeyACLS =
conf.getValByRegex(Pattern.quote(KMSConfiguration.KEY_ACL_PREFIX));
to
Map<String, String> allKeyACLS =
conf.getValByRegex(KMSConfiguration.KEY_ACL_PREFIX_REGEX);
in KMSACLs.java
Diffs
-----
kms/scripts/setup.sh 568350b
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
ff2f6d9
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java
4bf2886
Diff: https://reviews.apache.org/r/53751/diff/
Testing
-------
Thanks,
Qiang Zhang
