[kudu-CR] KUDU-3373 Key provider interface

Wed, 01 Jun 2022 12:11:26 -0700 

Hello Tidy Bot, Zoltan Chovan, Alexey Serbin, Kudu Jenkins,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/18568

to look at the new patch set (#5).

Change subject: KUDU-3373 Key provider interface
......................................................................

KUDU-3373 Key provider interface

Kudu's server keys need to be encrypted on the servers, otherwise its
broken, as an attacker who can access Kudu's disks, can easily steal the
server keys used to encrypt the file keys. The cluster key, which will
be used to encrypt/decrypt the server keys, will live outside the
cluster. This commit introduces a key provider interface to
encrypt/decrypt server keys, with a reference (test-only) implementation
which uses memfrob() (a GNU C function that XORs an array with 42). A
follow-up commit will introduce a production-ready implementation that
uses Apache Ranger KMS to provide the keys.

Change-Id: Ie6ccc05fb991f0fd5cbcd8a49f5b23286d1094ac
---
M src/kudu/fs/fs_manager.cc
M src/kudu/fs/fs_manager.h
M src/kudu/mini-cluster/external_mini_cluster.cc
M src/kudu/mini-cluster/external_mini_cluster.h
M src/kudu/server/CMakeLists.txt
A src/kudu/server/default_key_provider-test.cc
A src/kudu/server/default_key_provider.h
A src/kudu/server/key_provider.h
M src/kudu/tools/tool_action_common.cc
M src/kudu/util/env.h
M src/kudu/util/env_posix.cc
M src/kudu/util/test_util.cc
12 files changed, 193 insertions(+), 14 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/68/18568/5
--
To view, visit http://gerrit.cloudera.org:8080/18568
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ie6ccc05fb991f0fd5cbcd8a49f5b23286d1094ac
Gerrit-Change-Number: 18568
Gerrit-PatchSet: 5
Gerrit-Owner: Attila Bukor <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Reviewer: Zoltan Chovan <[email protected]>

Reply via email to