Attila Bukor has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/18568 )
Change subject: KUDU-3373 Key provider interface ...................................................................... KUDU-3373 Key provider interface Kudu's server keys need to be encrypted on the servers, otherwise its broken, as an attacker who can access Kudu's disks, can easily steal the server keys used to encrypt the file keys. The cluster key, which will be used to encrypt/decrypt the server keys, will live outside the cluster. This commit introduces a key provider interface to encrypt/decrypt server keys, with a reference (test-only) implementation which uses memfrob() (a GNU C function that XORs an array with 42). A follow-up commit will introduce a production-ready implementation that uses Apache Ranger KMS to provide the keys. Change-Id: Ie6ccc05fb991f0fd5cbcd8a49f5b23286d1094ac Reviewed-on: http://gerrit.cloudera.org:8080/18568 Reviewed-by: Alexey Serbin <[email protected]> Tested-by: Attila Bukor <[email protected]> Reviewed-by: Zoltan Chovan <[email protected]> --- M src/kudu/fs/fs_manager.cc M src/kudu/fs/fs_manager.h M src/kudu/mini-cluster/external_mini_cluster.cc M src/kudu/mini-cluster/external_mini_cluster.h M src/kudu/server/CMakeLists.txt A src/kudu/server/default_key_provider-test.cc A src/kudu/server/default_key_provider.h A src/kudu/server/key_provider.h M src/kudu/tools/tool_action_common.cc M src/kudu/util/env.h M src/kudu/util/env_posix.cc M src/kudu/util/test_util.cc 12 files changed, 193 insertions(+), 14 deletions(-) Approvals: Alexey Serbin: Looks good to me, approved Attila Bukor: Verified Zoltan Chovan: Looks good to me, but someone else must approve -- To view, visit http://gerrit.cloudera.org:8080/18568 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ie6ccc05fb991f0fd5cbcd8a49f5b23286d1094ac Gerrit-Change-Number: 18568 Gerrit-PatchSet: 6 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]>
