Package org.apache.hadoop.hbase.keymeta

Class KeymetaAdminImpl

java.lang.Object

org.apache.hadoop.hbase.keymeta.KeymetaAdminImpl

All Implemented Interfaces:

KeymetaAdmin

@Private
public class KeymetaAdminImpl
extends Object
implements KeymetaAdmin

STUB IMPLEMENTATION - Feature not yet complete. This class will be fully implemented in HBASE-29368 feature PR.

Constructor Summary

Constructors

Constructor	Description
KeymetaAdminImpl(Object server)
KeymetaAdminImpl(org.apache.hadoop.conf.Configuration conf)

Method Summary

Modifier and Type	Method	Description
void	clearManagedKeyDataCache()	Clear all entries in the managed key data cache on all live region servers.
ManagedKeyData	disableKeyManagement(byte[] keyCust, String keyNamespace)	Disables key management for the specified custodian and namespace.
ManagedKeyData	disableManagedKey(byte[] keyCust, String keyNamespace, byte[] keyMetadataHash)	Disables the specific managed key identified by the specified custodian, namespace, and metadata hash.
void	ejectManagedKeyDataCacheEntry(byte[] keyCustodian, String keyNamespace, String keyMetadata)	Eject a specific managed key entry from the managed key data cache on all live region servers.
ManagedKeyData	enableKeyManagement(byte[] keyCust, String keyNamespace)	Enables key management for the specified custodian and namespace.
List<ManagedKeyData>	getManagedKeys(byte[] keyCust, String keyNamespace)	Get the status of all the keys for the specified custodian.
void	refreshManagedKeys(byte[] keyCust, String keyNamespace)	Refresh all the keymeta entries for the specified custodian and namespace.
ManagedKeyData	rotateManagedKey(byte[] keyCust, String keyNamespace)	Attempt a key rotation for the active key of the specified custodian and namespace.
boolean	rotateSTK()	Triggers rotation of the System Key (STK) by checking for a new key and propagating it to all region servers.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

KeymetaAdminImpl

public KeymetaAdminImpl(org.apache.hadoop.conf.Configuration conf)

KeymetaAdminImpl

public KeymetaAdminImpl(Object server)

Method Details

enableKeyManagement

public ManagedKeyData enableKeyManagement(byte[] keyCust,
 String keyNamespace)
                                   throws IOException,
KeyException

Description copied from interface: KeymetaAdmin

Enables key management for the specified custodian and namespace.

Specified by:

enableKeyManagement in interface KeymetaAdmin

Parameters:

keyCust - The key custodian identifier.

keyNamespace - The namespace for the key management.

Returns:

The list of ManagedKeyData objects each identifying the key and its current status.

Throws:

IOException - if an error occurs while enabling key management.

KeyException

getManagedKeys

public List<ManagedKeyData> getManagedKeys(byte[] keyCust,
 String keyNamespace)
                                    throws IOException,
KeyException

Description copied from interface: KeymetaAdmin

Get the status of all the keys for the specified custodian.

Specified by:

getManagedKeys in interface KeymetaAdmin

Parameters:

keyCust - The key custodian identifier.

keyNamespace - The namespace for the key management.

Returns:

The list of ManagedKeyData objects each identifying the key and its current status.

Throws:

IOException - if an error occurs while enabling key management.

KeyException

rotateSTK

public boolean rotateSTK()
                  throws IOException

Description copied from interface: KeymetaAdmin

Triggers rotation of the System Key (STK) by checking for a new key and propagating it to all region servers.

Specified by:

rotateSTK in interface KeymetaAdmin

Returns:

true if a new STK was found and rotated, false if no change was detected

Throws:

IOException - if an error occurs while rotating the STK

ejectManagedKeyDataCacheEntry

public void ejectManagedKeyDataCacheEntry(byte[] keyCustodian,
 String keyNamespace,
 String keyMetadata)
                                   throws IOException

Description copied from interface: KeymetaAdmin

Eject a specific managed key entry from the managed key data cache on all live region servers.

Specified by:

ejectManagedKeyDataCacheEntry in interface KeymetaAdmin

Parameters:

keyCustodian - the key custodian

keyNamespace - the key namespace

keyMetadata - the key metadata

Throws:

IOException - if an error occurs while ejecting the key

clearManagedKeyDataCache

public void clearManagedKeyDataCache()
                              throws IOException

Description copied from interface: KeymetaAdmin

Clear all entries in the managed key data cache on all live region servers.

Specified by:

clearManagedKeyDataCache in interface KeymetaAdmin

Throws:

IOException - if an error occurs while clearing the cache

disableKeyManagement

public ManagedKeyData disableKeyManagement(byte[] keyCust,
 String keyNamespace)
                                    throws IOException,
KeyException

Description copied from interface: KeymetaAdmin

Disables key management for the specified custodian and namespace. This marks any ACTIVE keys as INACTIVE and adds a DISABLED state marker such that no new ACTIVE key is retrieved, so the new data written will not be encrypted.

Specified by:

disableKeyManagement in interface KeymetaAdmin

Parameters:

keyCust - The key custodian identifier.

keyNamespace - The namespace for the key management.

Returns:

The ManagedKeyData object identifying the previously active key and its current state.

Throws:

IOException - if an error occurs while disabling key management.

KeyException - if an error occurs while disabling key management.

disableManagedKey

public ManagedKeyData disableManagedKey(byte[] keyCust,
 String keyNamespace,
 byte[] keyMetadataHash)
                                 throws IOException,
KeyException

Description copied from interface: KeymetaAdmin

Disables the specific managed key identified by the specified custodian, namespace, and metadata hash.

Specified by:

disableManagedKey in interface KeymetaAdmin

Parameters:

keyCust - The key custodian identifier.

keyNamespace - The namespace for the key management.

keyMetadataHash - The key metadata hash.

Returns:

A ManagedKeyData object identifying the key and its current status.

Throws:

IOException - if an error occurs while disabling the managed key.

KeyException - if an error occurs while disabling the managed key.

rotateManagedKey

public ManagedKeyData rotateManagedKey(byte[] keyCust,
 String keyNamespace)
                                throws IOException,
KeyException

Description copied from interface: KeymetaAdmin

Attempt a key rotation for the active key of the specified custodian and namespace.

Specified by:

rotateManagedKey in interface KeymetaAdmin

Parameters:

keyCust - The key custodian identifier.

keyNamespace - The namespace for the key management.

Returns:

A ManagedKeyData object identifying the key and its current status.

Throws:

IOException - if an error occurs while rotating the managed key.

KeyException - if an error occurs while rotating the managed key.

refreshManagedKeys

public void refreshManagedKeys(byte[] keyCust,
 String keyNamespace)
                        throws IOException,
KeyException

Description copied from interface: KeymetaAdmin

Refresh all the keymeta entries for the specified custodian and namespace.

Specified by:

refreshManagedKeys in interface KeymetaAdmin

Parameters:

keyCust - The key custodian identifier.

keyNamespace - The namespace for the key management.

Throws:

IOException - if an error occurs while refreshing managed keys.

KeyException - if an error occurs while refreshing managed keys.