[jira] [Commented] (RANGER-3998) Support Ranger KMS integration with AWS KMS
[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844512#comment-17844512 ] kirby zhou commented on RANGER-3998: It gets 2 ship now. Who can merge it ? > Support Ranger KMS integration with AWS KMS > --- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.4.0 >Reporter: kirby zhou >Assignee: kirby zhou >Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3998) Support Ranger KMS integration with AWS KMS
[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834769#comment-17834769 ] kirby zhou commented on RANGER-3998: This patch is just a simple imitation of RangerGoogleCloudHSMProvider. The work is done for using the key stored in AWS KMS as the master key of Ranger KMS. class RangerAWSKMSProvider just implements RangerKMSMKI interface. The generateMasterKey method does not actually create a masterkey, It calls AWSKMS.listAliases and AWSKMS.getKeyMetadata to verify whether the masterkey exists. The encryptZoneKey method calls AWSKMS.encrypt to encrypt zone key, and the decryptZoneKey calls AWSKMS.decrypt to decrypt. RangerKeyStoreProvider.java is modified to load and activate RangerAWSKMSProvider according to the configuration. I add 5 lines in install.properties, the meaning is * #- Ranger AWS KMS -- AWS_KMS_ENABLED=false AWS_KMS_MASTERKEY_ID=#The id of master key in AWS KMS AWS_CLIENT_ACCESSKEY=#The access key to AWS service AWS_CLIENT_SECRETKEY=#The secret key to AWS service AWS_CLIENT_REGION=#The region of AWS service The modification of setup.sh will map the 5 properties into dbks-site.xml as * AWS_KMS_ENABLED = "ranger.kms.awskms.enabled"; * AWSKMS_MASTER_KEY_ID = "ranger.kms.awskms.masterkey.id"; * AWS_CLIENT_ACCESSKEY = "ranger.kms.aws.client.accesskey"; * AWS_CLIENT_SECRETKEY = "ranger.kms.aws.client.secretkey"; * AWS_CLIENT_REGION = "ranger.kms.aws.client.region"; And the patch do some minor changes to prevent conflicting of Tencent KMS. BTW: AWS KMS API is here: [https://docs.aws.amazon.com/kms/latest/developerguide/programming-top.html] > Support Ranger KMS integration with AWS KMS > --- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.4.0 >Reporter: kirby zhou >Assignee: kirby zhou >Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3998) Support Ranger KMS integration with AWS KMS
[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17831198#comment-17831198 ] Dhaval Shah commented on RANGER-3998: - Hi [~kirbyzhou], Can you please share the documentation link for this feature. Thanks > Support Ranger KMS integration with AWS KMS > --- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.4.0 >Reporter: kirby zhou >Assignee: kirby zhou >Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3998) Support Ranger KMS integration with AWS KMS
[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17829816#comment-17829816 ] Dhaval Shah commented on RANGER-3998: - Hi [~kirbyzhou], RangerAWSKMSProvider class is missing in last uploaded patch. Can you please update the patch with RangerAWSKMSProvider.java. Thanks > Support Ranger KMS integration with AWS KMS > --- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.4.0 >Reporter: kirby zhou >Assignee: kirby zhou >Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3998) Support Ranger KMS integration with AWS KMS
[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689467#comment-17689467 ] kirby zhou commented on RANGER-3998: Anybody have more ideas ? Can help to commit this? > Support Ranger KMS integration with AWS KMS > --- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.4.0 >Reporter: kirby zhou >Assignee: kirby zhou >Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3998) Support Ranger KMS integration with AWS KMS
[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17676458#comment-17676458 ] Bhavik Patel commented on RANGER-3998: -- [~sneethiraj] [~madhan] [~dhavalshah9131] [~mehul] Can you help to commit this? > Support Ranger KMS integration with AWS KMS > --- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.4.0 >Reporter: kirby zhou >Assignee: kirby zhou >Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3998) Support Ranger KMS integration with AWS KMS
[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652352#comment-17652352 ] kirby zhou commented on RANGER-3998: Any other idea? Review is required for commit. Thanks. > Support Ranger KMS integration with AWS KMS > --- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.4.0 >Reporter: kirby zhou >Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
