Re: Review Request 71176: RANGER-2497 Support Azure Key Vault for storing master keys of Ranger KMS

Thu, 01 Aug 2019 05:57:54 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71176/
-----------------------------------------------------------

(Updated Aug. 1, 2019, 12:57 p.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam 
Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Ramesh Mani, 
and Velmurugan Periasamy.


Bugs: RANGER-2497
    https://issues.apache.org/jira/browse/RANGER-2497


Repository: ranger


Description
-------

User story: As a security admin, I want to escrow and manage master encryption 
keys for securing my Hadoop cluster EZs in Ranger KMS service with Azure Key 
Vault service.

For Microsoft Azure Key Vault overview refer to: 
https://docs.microsoft.com/en-us/azure/key-vault/
For REST API guide refer to: https://docs.microsoft.com/en-us/rest/api/keyvault/

Acceptance Criteria:

1.) Ranger KMS has ability to configure AKV service to be used for master key 
offload
2.) Ranger KMS provides ability to provide key management functions (create 
keys, manage keys, retrieve keys, rollover) using AKV


Diffs (updated)
-----

  kms/config/kms-webapp/dbks-site.xml 05a1a13 
  kms/pom.xml df46496 
  kms/scripts/DBMKTOAZUREKEYVAULT.sh PRE-CREATION 
  kms/scripts/install.properties 798dd8c 
  kms/scripts/setup.sh c430ef9 
  
kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java
 PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 5e394de 
  kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java f542364 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 86f1a29 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
b280cbf 
  
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java 
PRE-CREATION 
  pom.xml 7cf134c 
  src/main/assembly/kms.xml 468bede 


Diff: https://reviews.apache.org/r/71176/diff/2/

Changes: https://reviews.apache.org/r/71176/diff/1-2/


Testing
-------

1.) Fresh installation of Ranger KMS with Azure Key Vault.
2.) Export / Import of zone keys from / to keystore file.
3.) Migration of Ranger KMS DB to Azure Key Vault.


Thanks,

Dhaval Shah

Reply via email to