[
https://issues.apache.org/jira/browse/HDDS-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zita Dombi reassigned HDDS-10604:
---------------------------------
Assignee: Zita Dombi
> Whitelist based compliance check for crypto related configuration options
> -------------------------------------------------------------------------
>
> Key: HDDS-10604
> URL: https://issues.apache.org/jira/browse/HDDS-10604
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: István Fajth
> Assignee: Zita Dombi
> Priority: Major
>
> In our configuration objects, create a method/ensure the existing methods
> check configuration options that are tagged with CRYPTO_COMPLIANCE against
> their respective whitelist options.
> The basic idea is that we have the {{ozone.security.crypto.compliance.mode}}
> option, that contains a String value and defaults to "unrestricted".
> This check should allow any option for a given CRYPTO_COMPLIANCE tagged
> configuration option in case the {{ozone.security.crypto.compliance.mode}} is
> the default value ("unrestricted").
> This check should check if a configured whitelist exists for the property for
> the given compliance mode, and if the whitelist exists, it should ensure that
> the value for a property is whitelisted. The whitelist property for a given
> cryptography parameter should be expected to be defined based on the
> cryptography parameter name. As an example, if
> {{ozone.security.crypto.compliance.mode}} is set to "foo", and we are getting
> the {{hdds.key.algo}} property, then this check should expect a
> {{hdds.key.algo.foo.whitelist}} property, and if it exists, it should check
> that the value configured for {{hdds.key.algo}} is present in the whitelist.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
