[jira] [Updated] (RANGER-2335) Overlapping of 'include' toggle button on policy create/edit page.

[Nitin Galave (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nitin Galave updated RANGER-2335:
-
Attachment: RANGER-2335.patch

> Overlapping of 'include' toggle button on policy create/edit page.
> --
>
> Key: RANGER-2335
> URL: https://issues.apache.org/jira/browse/RANGER-2335
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Attachments: RANGER-2335.patch, include_toggle_overlap.png
>
>
> Steps to reproduce:
> 1) In HDFS service definition, for path resource field set exclude and 
> recursive support to true.
> 2) Go to HDFS-Policy creation/edit page.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2335) Overlapping of 'include' toggle button on policy create/edit page.

[Nitin Galave (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nitin Galave updated RANGER-2335:
-
Attachment: (was: 
0001-RANGER-2335-Overlapping-of-include-toggle-button-on-.patch)

> Overlapping of 'include' toggle button on policy create/edit page.
> --
>
> Key: RANGER-2335
> URL: https://issues.apache.org/jira/browse/RANGER-2335
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Attachments: RANGER-2335.patch, include_toggle_overlap.png
>
>
> Steps to reproduce:
> 1) In HDFS service definition, for path resource field set exclude and 
> recursive support to true.
> 2) Go to HDFS-Policy creation/edit page.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 70006: RANGER-2335: Overlapping of 'include' toggle button on policy create/edit page.

[Nitin Galave]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70006/
---

Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and 
Velmurugan Periasamy.


Bugs: RANGER-2335
https://issues.apache.org/jira/browse/RANGER-2335


Repository: ranger


Description
---

Steps to reproduce:
1) In HDFS service definition, for path resource field set exclude and 
recursive support to true.
2) Go to HDFS-Policy creation/edit page.


Diffs
-

  security-admin/src/main/webapp/scripts/modules/XAOverrides.js c45f74d 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 
e494bcc 
  security-admin/src/main/webapp/styles/xa.css 7fb868d 
  security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html 
856e92a 


Diff: https://reviews.apache.org/r/70006/diff/1/


Testing
---

1. Verified that overlap of "include" toggle button does not occur in case of 
exclude & recursive support sets to true.
2. Covered following test scenario's for resource `path`:
   exclude:true, recursive:false :
   exclude:false, recursive:true: 
   exclude:true, recursive:true :
   exclude:false, recursive:false:
3. Tested by adding new resources as well.


Thanks,

Nitin Galave

[jira] [Updated] (RANGER-2335) Overlapping of 'include' toggle button on policy create/edit page.

[Nitin Galave (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nitin Galave updated RANGER-2335:
-
Fix Version/s: master

> Overlapping of 'include' toggle button on policy create/edit page.
> --
>
> Key: RANGER-2335
> URL: https://issues.apache.org/jira/browse/RANGER-2335
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2335.patch, include_toggle_overlap.png
>
>
> Steps to reproduce:
> 1) In HDFS service definition, for path resource field set exclude and 
> recursive support to true.
> 2) Go to HDFS-Policy creation/edit page.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2339) UI changes for User role users should also have access to Security Zone

[Pradeep Agrawal (JIRA)]

Pradeep Agrawal created RANGER-2339:
---

 Summary: UI changes for User role users should also have access to 
Security Zone
 Key: RANGER-2339
 URL: https://issues.apache.org/jira/browse/RANGER-2339
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 2.0.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 2.0.0


User role user should be able to view the "Security Zone" tab and should get 
access to security zones.
Expected Result: "Security Zone" tab should be visible to user role user also. 
Operations on zones (create/update/delete) should be restricted to admin users 
only (system-wide admin and zone admins)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 69985: RANGER-2331 : Ranger-KMS - KeySecure HSM Integration

[Gautam Borad]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69985/
---

(Updated Feb. 19, 2019, 1:58 p.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2331
https://issues.apache.org/jira/browse/RANGER-2331


Repository: ranger


Description
---

User story: As a security admin, I want to manage encryption keys for securing 
my Hadoop cluster files in Ranger KMS service with Safenet KeySecure crypto 
platform.


For Safenet KeySecure overview refer to: 
https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/


Acceptance Criteria:


1) Ranger KMS has ability to configure Safenet KeySecure platform to be used 
for key offload


2) Ranger KMS provides ability to provide key management functions (create 
keys, manage keys, retrieve keys, rollover) using Safenet KeySecure platform


3) Ranger KMS UI panel on Ambari can be used to configure Safenet KeySecure 
platform


Diffs (updated)
-

  kms/config/kms-webapp/dbks-site.xml 0e0f2ec 
  kms/scripts/DBMKTOKEYSECURE.sh PRE-CREATION 
  kms/scripts/KEYSECUREMKTOKMSDB.sh PRE-CREATION 
  kms/scripts/install.properties ddc779d 
  kms/scripts/setup.sh 2db05b8 
  kms/src/main/java/org/apache/hadoop/crypto/key/DBToKeySecure.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 22dce0f 
  kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 1abbf8e 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
267fcf0 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 
PRE-CREATION 
  src/main/assembly/kms.xml fca6a32 


Diff: https://reviews.apache.org/r/69985/diff/2/

Changes: https://reviews.apache.org/r/69985/diff/1-2/


Testing
---

Verified below scenario:


1) Fresh Installation Of Ranger KMS with Safenet Key Secure (NAE-XML Protocol)
2) DB to Key Secure (NAE-XML) master key Migration utility
3) Key Secure (NAE-XML) to DB master key Migration utility


Thanks,

Gautam Borad

Re: Review Request 69985: RANGER-2331 : Ranger-KMS - KeySecure HSM Integration

[Gautam Borad]

> On Feb. 14, 2019, 12:02 p.m., Zsombor Gegesy wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java
> > Lines 50 (patched)
> > 
> >
> > You can mark all variable as final

I am initializing non final variables in constructor.


- Gautam


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69985/#review212827
---


On Feb. 19, 2019, 1:58 p.m., Gautam Borad wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69985/
> ---
> 
> (Updated Feb. 19, 2019, 1:58 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2331
> https://issues.apache.org/jira/browse/RANGER-2331
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> User story: As a security admin, I want to manage encryption keys for 
> securing my Hadoop cluster files in Ranger KMS service with Safenet KeySecure 
> crypto platform.
> 
> 
> For Safenet KeySecure overview refer to: 
> https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/
> 
> 
> Acceptance Criteria:
> 
> 
> 1) Ranger KMS has ability to configure Safenet KeySecure platform to be used 
> for key offload
> 
> 
> 2) Ranger KMS provides ability to provide key management functions (create 
> keys, manage keys, retrieve keys, rollover) using Safenet KeySecure platform
> 
> 
> 3) Ranger KMS UI panel on Ambari can be used to configure Safenet KeySecure 
> platform
> 
> 
> Diffs
> -
> 
>   kms/config/kms-webapp/dbks-site.xml 0e0f2ec 
>   kms/scripts/DBMKTOKEYSECURE.sh PRE-CREATION 
>   kms/scripts/KEYSECUREMKTOKMSDB.sh PRE-CREATION 
>   kms/scripts/install.properties ddc779d 
>   kms/scripts/setup.sh 2db05b8 
>   kms/src/main/java/org/apache/hadoop/crypto/key/DBToKeySecure.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 22dce0f 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 1abbf8e 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> 267fcf0 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 
> PRE-CREATION 
>   src/main/assembly/kms.xml fca6a32 
> 
> 
> Diff: https://reviews.apache.org/r/69985/diff/2/
> 
> 
> Testing
> ---
> 
> Verified below scenario:
> 
> 
> 1) Fresh Installation Of Ranger KMS with Safenet Key Secure (NAE-XML Protocol)
> 2) DB to Key Secure (NAE-XML) master key Migration utility
> 3) Key Secure (NAE-XML) to DB master key Migration utility
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 69864: RANGER-1935:Upgrade Ranger to support Apache Hadoop 3.0.0

[Velmurugan Periasamy]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69864/#review212926
---


Ship it!




Ship It!

- Velmurugan Periasamy


On Feb. 13, 2019, 10:31 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69864/
> ---
> 
> (Updated Feb. 13, 2019, 10:31 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Gautam 
> Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, 
> Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1935
> https://issues.apache.org/jira/browse/RANGER-1935
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-1935:Upgrade Ranger to support Apache Hadoop 3.0.0
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java
>  0f29138 
>   credentialbuilder/pom.xml 461dcd0 
>   hbase-agent/pom.xml c044ef0 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
>  9a83bc7 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
>  01e0af2 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseUserUtilsImpl.java
>  23cd5fc 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  ddb6d9b 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessorBase.java
>  1062c9e 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
>  4006afc 
>   
> hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java
>  e74c3e5 
>   
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
>  f1cd893 
>   
> hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/HDFSRangerTest.java 
> a7215ce 
>   hive-agent/pom.xml 0a091b2 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java
>  c313870 
>   
> hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveClient.java
>  bf1bc1d 
>   
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
>  7dc5c54 
>   kms/pom.xml 043c67f 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java
>  f853a84 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java be3700f 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
>  ada9a56 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 
> b2540cb 
>   knox-agent/pom.xml 0c45c84 
>   
> plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
>  a4de016 
>   pom.xml 2a2540a 
>   ranger-examples/plugin-sampleapp/pom.xml bef0f5c 
>   
> ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
>  1afe0ba 
>   
> ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  87c6586 
>   ranger-storm-plugin-shim/pom.xml 89efe34 
>   
> ranger-yarn-plugin-shim/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
>  7b7f1f3 
>   security-admin/pom.xml 479f46d 
>   src/main/assembly/admin-web.xml 8ea728b 
>   src/main/assembly/hbase-agent.xml 3ebc334 
>   src/main/assembly/hdfs-agent.xml 561d137 
>   src/main/assembly/hive-agent.xml 03bd31a 
>   src/main/assembly/kms.xml 3adc55c 
>   src/main/assembly/knox-agent.xml 8357d49 
>   src/main/assembly/plugin-atlas.xml 35096d0 
>   src/main/assembly/plugin-kafka.xml 7c55128 
>   src/main/assembly/plugin-kms.xml 53cf302 
>   src/main/assembly/plugin-kylin.xml f4e0820 
>   src/main/assembly/plugin-solr.xml f5fb0a7 
>   src/main/assembly/plugin-sqoop.xml d2bd69a 
>   src/main/assembly/plugin-yarn.xml c6a48e8 
>   src/main/assembly/ranger-tools.xml 249de9a 
>   src/main/assembly/storm-agent.xml fdaf678 
>   src/main/assembly/tagsync.xml 0b6596f 
>   src/main/assembly/usersync.xml d170d8c 
>   storm-agent/pom.xml a084e68 
>   
> storm-agent/src/test/java/org/apache/ranger/authorization/storm/StormRangerAuthorizerTest.java
>  2e72193 
>   tagsync/pom.xml e98cf63 
>   ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml d49001a 
>   
> ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
>  9a77ced 
>   ugsync/pom.xml c30d8ca 
>   unixauthclient/pom.xml 4625925 
>   unixauthservice/pom.xml 4c50d6c 
> 
> 
> Diff: https://reviews.apache.org/r

Re: Review Request 70006: RANGER-2335: Overlapping of 'include' toggle button on policy create/edit page.

[Velmurugan Periasamy]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70006/#review212927
---


Ship it!




Ship It!

- Velmurugan Periasamy


On Feb. 19, 2019, 12:59 p.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70006/
> ---
> 
> (Updated Feb. 19, 2019, 12:59 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2335
> https://issues.apache.org/jira/browse/RANGER-2335
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Steps to reproduce:
> 1) In HDFS service definition, for path resource field set exclude and 
> recursive support to true.
> 2) Go to HDFS-Policy creation/edit page.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/modules/XAOverrides.js c45f74d 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 
> e494bcc 
>   security-admin/src/main/webapp/styles/xa.css 7fb868d 
>   security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html 
> 856e92a 
> 
> 
> Diff: https://reviews.apache.org/r/70006/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Verified that overlap of "include" toggle button does not occur in case of 
> exclude & recursive support sets to true.
> 2. Covered following test scenario's for resource `path`:
>exclude:true, recursive:false :
>exclude:false, recursive:true: 
>exclude:true, recursive:true :
>exclude:false, recursive:false:
> 3. Tested by adding new resources as well.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 69985: RANGER-2331 : Ranger-KMS - KeySecure HSM Integration

[Zsombor Gegesy]

> On Feb. 14, 2019, 12:02 p.m., Zsombor Gegesy wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java
> > Lines 50 (patched)
> > 
> >
> > You can mark all variable as final
> 
> Gautam Borad wrote:
> I am initializing non final variables in constructor.

Yes, that's the way to use final variables: you need to initialize them in the 
constructor.


- Zsombor


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69985/#review212827
---


On Feb. 19, 2019, 1:58 p.m., Gautam Borad wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69985/
> ---
> 
> (Updated Feb. 19, 2019, 1:58 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2331
> https://issues.apache.org/jira/browse/RANGER-2331
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> User story: As a security admin, I want to manage encryption keys for 
> securing my Hadoop cluster files in Ranger KMS service with Safenet KeySecure 
> crypto platform.
> 
> 
> For Safenet KeySecure overview refer to: 
> https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/
> 
> 
> Acceptance Criteria:
> 
> 
> 1) Ranger KMS has ability to configure Safenet KeySecure platform to be used 
> for key offload
> 
> 
> 2) Ranger KMS provides ability to provide key management functions (create 
> keys, manage keys, retrieve keys, rollover) using Safenet KeySecure platform
> 
> 
> 3) Ranger KMS UI panel on Ambari can be used to configure Safenet KeySecure 
> platform
> 
> 
> Diffs
> -
> 
>   kms/config/kms-webapp/dbks-site.xml 0e0f2ec 
>   kms/scripts/DBMKTOKEYSECURE.sh PRE-CREATION 
>   kms/scripts/KEYSECUREMKTOKMSDB.sh PRE-CREATION 
>   kms/scripts/install.properties ddc779d 
>   kms/scripts/setup.sh 2db05b8 
>   kms/src/main/java/org/apache/hadoop/crypto/key/DBToKeySecure.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 22dce0f 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 1abbf8e 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> 267fcf0 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 
> PRE-CREATION 
>   src/main/assembly/kms.xml fca6a32 
> 
> 
> Diff: https://reviews.apache.org/r/69985/diff/2/
> 
> 
> Testing
> ---
> 
> Verified below scenario:
> 
> 
> 1) Fresh Installation Of Ranger KMS with Safenet Key Secure (NAE-XML Protocol)
> 2) DB to Key Secure (NAE-XML) master key Migration utility
> 3) Key Secure (NAE-XML) to DB master key Migration utility
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 69985: RANGER-2331 : Ranger-KMS - KeySecure HSM Integration

[Pradeep Agrawal]

> On Feb. 14, 2019, 12:02 p.m., Zsombor Gegesy wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java
> > Lines 50 (patched)
> > 
> >
> > You can mark all variable as final
> 
> Gautam Borad wrote:
> I am initializing non final variables in constructor.
> 
> Zsombor Gegesy wrote:
> Yes, that's the way to use final variables: you need to initialize them 
> in the constructor.

@Zsombor Gegesy : To me its seems okay as he is reinitializing the mkSize 
variable at line 60. I don't think it need to be final, however we can make it 
static.


- Pradeep


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69985/#review212827
---


On Feb. 19, 2019, 1:58 p.m., Gautam Borad wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69985/
> ---
> 
> (Updated Feb. 19, 2019, 1:58 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2331
> https://issues.apache.org/jira/browse/RANGER-2331
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> User story: As a security admin, I want to manage encryption keys for 
> securing my Hadoop cluster files in Ranger KMS service with Safenet KeySecure 
> crypto platform.
> 
> 
> For Safenet KeySecure overview refer to: 
> https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/
> 
> 
> Acceptance Criteria:
> 
> 
> 1) Ranger KMS has ability to configure Safenet KeySecure platform to be used 
> for key offload
> 
> 
> 2) Ranger KMS provides ability to provide key management functions (create 
> keys, manage keys, retrieve keys, rollover) using Safenet KeySecure platform
> 
> 
> 3) Ranger KMS UI panel on Ambari can be used to configure Safenet KeySecure 
> platform
> 
> 
> Diffs
> -
> 
>   kms/config/kms-webapp/dbks-site.xml 0e0f2ec 
>   kms/scripts/DBMKTOKEYSECURE.sh PRE-CREATION 
>   kms/scripts/KEYSECUREMKTOKMSDB.sh PRE-CREATION 
>   kms/scripts/install.properties ddc779d 
>   kms/scripts/setup.sh 2db05b8 
>   kms/src/main/java/org/apache/hadoop/crypto/key/DBToKeySecure.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 22dce0f 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 1abbf8e 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> 267fcf0 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 
> PRE-CREATION 
>   src/main/assembly/kms.xml fca6a32 
> 
> 
> Diff: https://reviews.apache.org/r/69985/diff/2/
> 
> 
> Testing
> ---
> 
> Verified below scenario:
> 
> 
> 1) Fresh Installation Of Ranger KMS with Safenet Key Secure (NAE-XML Protocol)
> 2) DB to Key Secure (NAE-XML) master key Migration utility
> 3) Key Secure (NAE-XML) to DB master key Migration utility
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>