Re: Review Request 71723: RANGER-2637: RangerTags loading issue when Ranger admin service is not available

2019-11-05 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71723/#review218517
---


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
Lines 62 (patched)


Consider replacing #62, #63 with:
  LOG.error("Tag-retriever failed to get tags from Ranger Admin. Will 
continue to use cached tags", e);


- Madhan Neethiraj


On Nov. 5, 2019, 10:09 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71723/
> ---
> 
> (Updated Nov. 5, 2019, 10:09 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2637:
> https://issues.apache.org/jira/browse/RANGER-2637:
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2637: RangerTags loading issue when Ranger admin service is not 
> available
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
>  4caed81 
> 
> 
> Diff: https://reviews.apache.org/r/71723/diff/1/
> 
> 
> Testing
> ---
> 
> - Testing done in Local VM
> - Shutdown ranger and check that Ranger Plugins for the services gets the tag 
> from the cache file.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 71723: RANGER-2637: RangerTags loading issue when Ranger admin service is not available

2019-11-05 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71723/#review218516
---


Ship it!




Ship It!

- Abhay Kulkarni


On Nov. 5, 2019, 10:09 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71723/
> ---
> 
> (Updated Nov. 5, 2019, 10:09 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2637:
> https://issues.apache.org/jira/browse/RANGER-2637:
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2637: RangerTags loading issue when Ranger admin service is not 
> available
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
>  4caed81 
> 
> 
> Diff: https://reviews.apache.org/r/71723/diff/1/
> 
> 
> Testing
> ---
> 
> - Testing done in Local VM
> - Shutdown ranger and check that Ranger Plugins for the services gets the tag 
> from the cache file.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Review Request 71723: RANGER-2637: RangerTags loading issue when Ranger admin service is not available

2019-11-05 Thread Ramesh Mani 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71723/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2637:
https://issues.apache.org/jira/browse/RANGER-2637:


Repository: ranger


Description
---

RANGER-2637: RangerTags loading issue when Ranger admin service is not available


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
 4caed81 


Diff: https://reviews.apache.org/r/71723/diff/1/


Testing
---

- Testing done in Local VM
- Shutdown ranger and check that Ranger Plugins for the services gets the tag 
from the cache file.


Thanks,

Ramesh Mani

[jira] [Updated] (RANGER-2637) RangerTags loading issue when Ranger admin service is not available.

2019-11-05 Thread Ramesh Mani (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-2637:

Attachment: 0001-RANGER-2637-RangerTags-loading-issue-when-Ranger-adm.patch

> RangerTags loading issue when Ranger admin service is not available.
> 
>
> Key: RANGER-2637
> URL: https://issues.apache.org/jira/browse/RANGER-2637
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 1.2.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Attachments: 
> 0001-RANGER-2637-RangerTags-loading-issue-when-Ranger-adm.patch
>
>
> RangerTags loading issue when Ranger admin service is not available.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[GitHub] [ranger] acharneski commented on issue #42: DINF-1390 Added start of implementation for ElasticSearch write/searc…

2019-11-05 Thread GitBox 
acharneski commented on issue #42: DINF-1390 Added start of implementation for 
ElasticSearch write/searc…
URL: https://github.com/apache/ranger/pull/42#issuecomment-549890409
 
 
   Apologies about the premature PR. Please close this if you wish, I'll reopen 
when complete. I had intended to make a PR within my own fork to track the 
change before release. I will review the comments, though, thank you for taking 
a look!


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Re: Review Request 71718: RANGER-2635 : Backport hadoop-kms changes in ranger-kms

2019-11-05 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71718/
---

(Updated Nov. 5, 2019, 2:33 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul 
Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2635
https://issues.apache.org/jira/browse/RANGER-2635


Repository: ranger


Description
---

Backported hadoop-kms changes in ranger-kms to support hadoop 3.1


Diffs
-

  kms/dev-support/findbugsExcludeFile.xml bc92ed7 
  kms/pom.xml 12c0002 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java 
ff2f6d9 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 
053d7e4 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuditLogger.java 
PRE-CREATION 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
 c818ce5 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java 
4bf2886 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 
ae24e5b 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/SimpleKMSAuditLogger.java
 PRE-CREATION 
  kms/src/main/resources/log4j-kmsaudit.properties cca6941 
  kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSACLs.java 
3ff48d0 
  kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 
ced8610 
  kms/src/test/resources/kms/kms-site.xml 5f2575a 
  
plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizerTest.java
 647f431 
  pom.xml 2140028 


Diff: https://reviews.apache.org/r/71718/diff/1/


Testing
---

Tested all the operations related to ranger-kms


Thanks,

Fatima Khan

[jira] [Commented] (RANGER-2616) Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs

2019-11-05 Thread Fatima Amjad Khan (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16967501#comment-16967501
 ] 

Fatima Amjad Khan commented on RANGER-2616:
---

committed on master 
[https://github.com/apache/ranger/commit/e5afd844a3020c6c9872481c6dd76a3489dd5c19]

> Add reencryptEncryptedKey, batch reencryption interface to KMS and improve 
> logs
> ---
>
> Key: RANGER-2616
> URL: https://issues.apache.org/jira/browse/RANGER-2616
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2616-v3.patch, 0001-RANGER-2616.patch, 
> 0001-RANGER-2616_v2.patch, RANGER-2616_v1.patch
>
>
> Currently when an encryption zone (EZ) key is rotated, it only takes effect 
> on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
> rotation, for improved security.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2635) Backport hadoop-kms changes in ranger-kms

2019-11-05 Thread Fatima Amjad Khan (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2635:
--
Attachment: (was: 0001-RANGER-2635.patch)

> Backport hadoop-kms changes in ranger-kms
> -
>
> Key: RANGER-2635
> URL: https://issues.apache.org/jira/browse/RANGER-2635
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Attachments: RANGER-2635.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2635) Backport hadoop-kms changes in ranger-kms

2019-11-05 Thread Fatima Amjad Khan (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2635:
--
Attachment: RANGER-2635.patch

> Backport hadoop-kms changes in ranger-kms
> -
>
> Key: RANGER-2635
> URL: https://issues.apache.org/jira/browse/RANGER-2635
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Attachments: RANGER-2635.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 71713: RANGER-2616: Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs

2019-11-05 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71713/
---

(Updated Nov. 5, 2019, 12:32 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul 
Parikh, Nikhil P, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan 
Periasamy.


Bugs: RANGER-2616
https://issues.apache.org/jira/browse/RANGER-2616


Repository: ranger


Description
---

Currently when an encryption zone (EZ) key is rotated, it only takes effect on 
new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
rotation, for improved security.


Diffs (updated)
-

  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java
 854c831 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java 04cc984 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 
56d25d2 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
 cdca8e1 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJSONReader.java 
2b85276 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java
 24af81b 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 
501ee30 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
 bd35a6b 
  kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 
04daeee 


Diff: https://reviews.apache.org/r/71713/diff/2/

Changes: https://reviews.apache.org/r/71713/diff/1-2/


Testing
---

Tested the CRUD operations related to keys and re-encrypt EDEKs after the EZ 
key rotation works fine.


Thanks,

Fatima Khan

[jira] [Updated] (RANGER-2616) Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs

2019-11-05 Thread Fatima Amjad Khan (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2616:
--
Attachment: 0001-RANGER-2616-v3.patch

> Add reencryptEncryptedKey, batch reencryption interface to KMS and improve 
> logs
> ---
>
> Key: RANGER-2616
> URL: https://issues.apache.org/jira/browse/RANGER-2616
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2616-v3.patch, 0001-RANGER-2616.patch, 
> 0001-RANGER-2616_v2.patch, RANGER-2616_v1.patch
>
>
> Currently when an encryption zone (EZ) key is rotated, it only takes effect 
> on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
> rotation, for improved security.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 71654: RANGER-2629 Service disabled should not use the last known version of policies

2019-11-05 Thread Xing Peng 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71654/
---

(Updated 十一月 5, 2019, 10:52 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, 
Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, 
pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, Qiang Zhang, 
and Zsombor Gegesy.


Bugs: RANGER-2629
https://issues.apache.org/jira/browse/RANGER-2629


Repository: ranger


Description
---

When service is disabled, the plugins should use an empty policy instead of the 
last known version of policies.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
 86469fd5a 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java 
7ec8495bc 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java
 38ba6cfb4 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceDisabledException.java
 PRE-CREATION 
  
knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
 0fafa6e4b 
  security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
2b1a3fa30 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fdda883a2 


Diff: https://reviews.apache.org/r/71654/diff/2/

Changes: https://reviews.apache.org/r/71654/diff/1-2/


Testing (updated)
---

Test Result:

Tested  policy download?role download?grant and revoke


Thanks,

Xing Peng

Re: Review Request 71654: RANGER-2629 Service disabled should not use the last known version of policies

2019-11-05 Thread Xing Peng 


> On 十月 31, 2019, 5:33 a.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
> > Lines 228 (patched)
> > 
> >
> > RangerServiceDisabledException is also thrown if grant or revoke 
> > endpoint or role-download endpoint) is invoked for disabled service. It 
> > needs to be handled for those cases as well.

I have updated the patch to handle those cases


> On 十月 31, 2019, 5:33 a.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
> > Line 1365 (original), 1366 (patched)
> > 
> >
> > This code will be executed only if https is enabled. Please review.

When service is disabled, http request will also execute this code and throw 
RangerServiceDisabledException


> On 十月 31, 2019, 5:33 a.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
> > Line 1500 (original), 1501 (patched)
> > 
> >
> > This code will not be executed when unsecured REST endpoints (for 
> > policy download, grant and revoke) are called. Correspondingly, client 
> > calling these endpoints will not get this exception even when service is 
> > invalid.

Unsecured REST will throw RangerServiceDisabledException in method  
isValidateHttpsAuthentication(String serviceName, HttpServletRequest request)


- Xing


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71654/#review218471
---


On 十月 23, 2019, 9:08 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71654/
> ---
> 
> (Updated 十月 23, 2019, 9:08 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, Qiang Zhang, and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2629
> https://issues.apache.org/jira/browse/RANGER-2629
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When service is disabled, the plugins should use an empty policy instead of 
> the last known version of policies.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
>  86469fd5a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
>  7ec8495bc 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceDisabledException.java
>  PRE-CREATION 
>   
> knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
>  0fafa6e4b 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
> 2b1a3fa30 
> 
> 
> Diff: https://reviews.apache.org/r/71654/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

[jira] [Updated] (RANGER-2635) Backport hadoop-kms changes in ranger-kms

2019-11-05 Thread Fatima Amjad Khan (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2635:
--
Attachment: (was: 0001-RANGER-2635.patch)

> Backport hadoop-kms changes in ranger-kms
> -
>
> Key: RANGER-2635
> URL: https://issues.apache.org/jira/browse/RANGER-2635
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Attachments: 0001-RANGER-2635.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2635) Backport hadoop-kms changes in ranger-kms

2019-11-05 Thread Fatima Amjad Khan (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2635:
--
Attachment: 0001-RANGER-2635.patch

> Backport hadoop-kms changes in ranger-kms
> -
>
> Key: RANGER-2635
> URL: https://issues.apache.org/jira/browse/RANGER-2635
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Attachments: 0001-RANGER-2635.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 71713: RANGER-2616: Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs

2019-11-05 Thread Gautam Borad 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71713/#review218498
---


Ship it!




Ship It!

- Gautam Borad


On Nov. 5, 2019, 6:53 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71713/
> ---
> 
> (Updated Nov. 5, 2019, 6:53 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, 
> Mehul Parikh, Nikhil P, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2616
> https://issues.apache.org/jira/browse/RANGER-2616
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently when an encryption zone (EZ) key is rotated, it only takes effect 
> on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
> rotation, for improved security.
> 
> 
> Diffs
> -
> 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java
>  854c831 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java 04cc984 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 
> 56d25d2 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
>  cdca8e1 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJSONReader.java 
> 2b85276 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java
>  24af81b 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 
> 501ee30 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
>  bd35a6b 
>   kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 
> 04daeee 
> 
> 
> Diff: https://reviews.apache.org/r/71713/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the CRUD operations related to keys and re-encrypt EDEKs after the EZ 
> key rotation works fine.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>