This is an automated email from the ASF dual-hosted git repository.
wangdan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pegasus.git
The following commit(s) were added to refs/heads/master by this push:
new c4d4a7e15 feat(encryption): add a new security configuration for
encryption key (#1999)
c4d4a7e15 is described below
commit c4d4a7e15c94641285557957ccd127abf83adcc9
Author: Samunroyu <[email protected]>
AuthorDate: Sat May 11 17:46:53 2024 +0800
feat(encryption): add a new security configuration for encryption key
(#1999)
Separate the cluster_name and encryption key configurations for clearer
usage.
A new config [security] encryption_cluster_key_name has been introduced for
managing kms key:
```diff
[security]
+encryption_cluster_key_name
```
---
src/replica/replica_stub.cpp | 5 +++--
src/security/access_controller.cpp | 5 +++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/replica/replica_stub.cpp b/src/replica/replica_stub.cpp
index 3c845a2b9..3558fb7a4 100644
--- a/src/replica/replica_stub.cpp
+++ b/src/replica/replica_stub.cpp
@@ -234,8 +234,8 @@ DSN_DECLARE_int32(fd_check_interval_seconds);
DSN_DECLARE_int32(fd_grace_seconds);
DSN_DECLARE_int32(fd_lease_seconds);
DSN_DECLARE_int32(gc_interval_ms);
-DSN_DECLARE_string(cluster_name);
DSN_DECLARE_string(data_dirs);
+DSN_DECLARE_string(encryption_cluster_key_name);
DSN_DECLARE_string(server_key);
DSN_DEFINE_bool(replication,
@@ -448,7 +448,8 @@ void replica_stub::initialize(const replication_options
&opts, bool clear /* = f
dsn::replication::kms_info kms_info;
if (FLAGS_encrypt_data_at_rest && !utils::is_empty(FLAGS_hadoop_kms_url)) {
_key_provider.reset(new dsn::security::kms_key_provider(
- ::absl::StrSplit(FLAGS_hadoop_kms_url, ",", ::absl::SkipEmpty()),
FLAGS_cluster_name));
+ ::absl::StrSplit(FLAGS_hadoop_kms_url, ",", ::absl::SkipEmpty()),
+ FLAGS_encryption_cluster_key_name));
const auto &ec = dsn::utils::load_rjobj_from_file(
kms_path, dsn::utils::FileDataType::kNonSensitive, &kms_info);
if (ec != dsn::ERR_PATH_NOT_FOUND && ec != dsn::ERR_OK) {
diff --git a/src/security/access_controller.cpp
b/src/security/access_controller.cpp
index 1cc708d08..2d74e8f4a 100644
--- a/src/security/access_controller.cpp
+++ b/src/security/access_controller.cpp
@@ -32,6 +32,11 @@ DSN_DEFINE_string(security,
super_users,
"",
"super users for access controller, comma-separated list of
user names");
+DSN_DEFINE_string(security,
+ encryption_cluster_key_name,
+ "pegasus_cluster_key",
+ "Name of the cluster key that is used to encrypt server
encryption keys as"
+ "stored in Ranger KMS.");
namespace dsn {
namespace security {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
