[FLUME-1578] Proposal to modify file channel encryption config - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0
Fix Version/s: 1.3.0
Component/s: Channel
Labels:
None

Description

Currently our config looks like:

a1.channels.c1.type = FILE
a1.channels.c1.checkpointDir = /var/run/flume-ng/.flume/file-channel-c1/checkpoint
a1.channels.c1.dataDirs = /var/run/flume-ng/.flume/file-channel-c1/data
a1.channels.c1.encryption.keyAlias = key-1
a1.channels.c1.encryption.cipherProvider = AESCTRNOPADDING
a1.channels.c1.encryption.keyProvider = p0
a1.channels.c1.encryption.keyProvider.p0.type = JCEKSFILE
a1.channels.c1.encryption.keyProvider.p0.keyStoreFile = /etc/flume-ng/conf/flume.keystore
a1.channels.c1.encryption.keyProvider.p0.keyStorePasswordFile = /etc/flume-ng/conf/key-1.password
a1.channels.c1.encryption.keyProvider.p0.keys = key-1
a1.channels.c1.encryption.keyProvider.p0.keys.key-1.passwordFile = /etc/flume-ng/conf/key-1.password
a1.channels.c1.encryption.keyProvider.p0.keys.key-2.passwordFile = /etc/flume-ng/conf/key-2.password

I propose changing 'keyAlias' to 'activeKey'. Also, AFAIK multiple keyProvider's can't be specified for a single file channel config so I propose removing the need for this line:

a1.channels.c1.encryption.keyProvider = p0
...and thus also removing the additional 'p0' namespace. And I don't think there's any need for specifying a 'type' after keyProvider. So that the entire file channel config will look like this:

a1.channels.c1.type = FILE
a1.channels.c1.checkpointDir = /var/run/flume-ng/.flume/file-channel-c1/checkpoint
a1.channels.c1.dataDirs = /var/run/flume-ng/.flume/file-channel-c1/data
a1.channels.c1.encryption.activeKey = key-1
a1.channels.c1.encryption.cipherProvider = AESCTRNOPADDING
a1.channels.c1.encryption.keyProvider = JCEKSFILE
a1.channels.c1.encryption.keyProvider.keyStoreFile = /etc/flume-ng/conf/flume.keystore
a1.channels.c1.encryption.keyProvider.keyStorePasswordFile = /etc/flume-ng/conf/key-1.password
a1.channels.c1.encryption.keyProvider.keys = key-1 key-2
a1.channels.c1.encryption.keyProvider.keys.key-1.passwordFile = /etc/flume-ng/conf/key-1.password
a1.channels.c1.encryption.keyProvider.keys.key-2.passwordFile = /etc/flume-ng/conf/key-2.password

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FLUME-1577-2.patch
13/Sep/12 20:58
21 kB
Brock Noland

Issue Links

links to

Review Board

Activity

People

Assignee:: Brock Noland

Reporter:: Will McQueen

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Sep/12 20:52

Updated:: 14/Sep/12 02:55

Resolved:: 13/Sep/12 21:29