kirby zhou created RANGER-3682: ---------------------------------- Summary: Unify the ways that rangerkeystore to encapsulate zonekey Key: RANGER-3682 URL: https://issues.apache.org/jira/browse/RANGER-3682 Project: Ranger Issue Type: Improvement Components: kms Affects Versions: 3.0.0, 2.3.0 Reporter: kirby zhou
Unify the ways that rangerkeystore to encapsulate zonekey Now we have 2 styles of MasterKeyProvider: # RangerMasterKey, RangerHSM, RangerSafenetKeySecure # RangerAzureKeyVaultKeyGenerator, RangerGoogleCloudHSMProvider, RangerTencentKMSProvider Style 1 can get out master key string from provider, Style 2 can not. In old, I add a flag KeyVaultEnabled to distinguish them. KeyVaultEnabled=false means style1, true means style2 RangerKeyStore with style1 use SecretKeyEntry with SealedObject to store a key and do encryption / decryption by itself. RangerKeyStore with style2 use SecretKeyByteEntry to store a key and let MK provider to encryption / decryption. These are ugly and hard to maintain. I refactor it by removing SecretKeyEntry, and let providers of style1 do encryption / decryption. Add a common base class of RangerMasterKey, RangerHSM andd RangerSafenetKeySecure, named AbstractRangerMasterKey. It provides the common logic of encryptZoneKey and decryptZoneKey. And, there is no unified method to initialize a master key provider. Duplicate code is distributed in RangerKeyStoreProvider and a bunch of CLI classes. I made a new RangerKMSMKIFactory class to unify it. -- This message was sent by Atlassian Jira (v8.20.1#820001)