Re: Review Request 73912: RANGER-3682 Unify the ways that rangerkeystore to encapsulate zonekey

Abhishek Kumar Tue, 24 Jan 2023 13:57:49 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73912/#review225129
-----------------------------------------------------------





kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKIFactory.java
Lines 157 (patched)
<https://reviews.apache.org/r/73912/#comment313910>

    Since the exception message is the same, this can be written as:
    
    catch (ClassNotFoundException | InstantiationException | 
InvocationTargetException | IllegalAccessException e){
     throw new NoSuchProviderException(e.getMessage());
    }


- Abhishek  Kumar


On Jan. 17, 2023, 9:34 a.m., Kirby Zhou wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73912/
> -----------------------------------------------------------
> 
> (Updated Jan. 17, 2023, 9:34 a.m.)
> 
> 
> Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, 
> Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen 
> Mansoori, Madhan Neethiraj, Mateen Mansoori, Mehul Parikh, Pradeep Agrawal, 
> Ramesh Mani, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3682
>     https://issues.apache.org/jira/browse/RANGER-3682
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Unify the ways that rangerkeystore to encapsulate zonekey
> 
> Now we have 2 styles of MasterKeyProvider:
> 1. RangerMasterKey, RangerHSM, RangerSafenetKeySecure
> 2. RangerAzureKeyVaultKeyGenerator, RangerGoogleCloudHSMProvider, 
> RangerTencentKMSProvider
> 
> Style 1 can get out master key string from provider, Style 2 can not.
> In old, I add a flag KeyVaultEnabled to distinguish them. 
> KeyVaultEnabled=false means style1, true means style2
> RangerKeyStore with  style1 use SecretKeyEntry with SealedObject to store a 
> key and do encryption / decryption by itself.
> RangerKeyStore with  style2 use SecretKeyByteEntry to store a key and let MK 
> provider to encryption / decryption.
> These are ugly and hard to maintain. I refactor it by removing 
> SecretKeyEntry, and let providers of style1 do encryption / decryption.
> Add a  common base class of RangerMasterKey, RangerHSM andd 
> RangerSafenetKeySecure, named AbstractRangerMasterKey. It provides the common 
> logic of encryptZoneKey and decryptZoneKey.
> And, there is no unified method to initialize a master key provider. 
> Duplicate code is distributed in RangerKeyStoreProvider and a bunch of CLI 
> classes.
> I made a new RangerKMSMKIFactory class to unify it.
> 
> 
> Diffs
> -----
> 
>   kms/src/main/java/org/apache/hadoop/crypto/key/AbstractRangerMasterKey.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java 
> 39de0a503 
>   kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 
> a1a6f348b 
>   kms/src/main/java/org/apache/hadoop/crypto/key/MigrateDBMKeyToGCP.java 
> d3b717a8a 
>   kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 
> 1935a0185 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerGoogleCloudHSMProvider.java
>  a61cabb1b 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java 90ef729b2 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java b09cd5bad 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKIFactory.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 
> 7188b19b2 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> 429d1ce45 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 
> b6fc32950 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 
> eb8a90a71 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/VerifyIsDBMasterkeyCorrect.java
>  632e728f4 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/VerifyIsHSMMasterkeyCorrect.java
>  e5ebeb783 
>   kms/src/main/java/org/apache/ranger/kms/biz/RangerKMSStartUp.java 8b0f74eac 
>   kms/src/test/java/org/apache/hadoop/crypto/key/kms/TestRangerKeyStore.java 
> bcdf2e337 
>   
> kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/RangerMasterKeyTest.java
>  f420322ca 
> 
> 
> Diff: https://reviews.apache.org/r/73912/diff/4/
> 
> 
> Testing
> -------
> 
> Tested by fresh install and update.
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

Re: Review Request 73912: RANGER-3682 Unify the ways that rangerkeystore to encapsulate zonekey

Reply via email to