Inicio Explorar Axuda
Iniciar sesión
python
/
dm
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 8f1e703bc2
Ramas Etiquetas
dm
/
container
/
conf
/
java
/
hadoop
/
kms-acls.xml

kms-acls.xml 3.4 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. <?xml version="1.0" encoding="UTF-8"?>
    2. 

  2. <!--
    3. 

  3.   Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4.   you may not use this file except in compliance with the License.
    5. 

  5.   You may obtain a copy of the License at
    6. 

  6. 

  7.   http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. 

  9.   Unless required by applicable law or agreed to in writing, software
    10. 

  10.   distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11.   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12.   See the License for the specific language governing permissions and
    13. 

  13.   limitations under the License.
    14. 

  14. -->
    15. 

  15. <configuration>
    16. 

  16. 

  17.   <!-- This file is hot-reloaded when it changes -->
    18. 

  18. 

  19.   <!-- KMS ACLs -->
    20. 

  20. 

  21.   <property>
    22. 

  22.     <name>hadoop.kms.acl.CREATE</name>
    23. 

  23.     <value>*</value>
    24. 

  24.     <description>
    25. 

  25.       ACL for create-key operations.
    26. 

  26.       If the user is not in the GET ACL, the key material is not returned
    27. 

  27.       as part of the response.
    28. 

  28.     </description>
    29. 

  29.   </property>
    30. 

  30. 

  31.   <property>
    32. 

  32.     <name>hadoop.kms.acl.DELETE</name>
    33. 

  33.     <value>*</value>
    34. 

  34.     <description>
    35. 

  35.       ACL for delete-key operations.
    36. 

  36.     </description>
    37. 

  37.   </property>
    38. 

  38. 

  39.   <property>
    40. 

  40.     <name>hadoop.kms.acl.ROLLOVER</name>
    41. 

  41.     <value>*</value>
    42. 

  42.     <description>
    43. 

  43.       ACL for rollover-key operations.
    44. 

  44.       If the user is not in the GET ACL, the key material is not returned
    45. 

  45.       as part of the response.
    46. 

  46.     </description>
    47. 

  47.   </property>
    48. 

  48. 

  49.   <property>
    50. 

  50.     <name>hadoop.kms.acl.GET</name>
    51. 

  51.     <value>*</value>
    52. 

  52.     <description>
    53. 

  53.       ACL for get-key-version and get-current-key operations.
    54. 

  54.     </description>
    55. 

  55.   </property>
    56. 

  56. 

  57.   <property>
    58. 

  58.     <name>hadoop.kms.acl.GET_KEYS</name>
    59. 

  59.     <value>*</value>
    60. 

  60.     <description>
    61. 

  61.       ACL for get-keys operations.
    62. 

  62.     </description>
    63. 

  63.   </property>
    64. 

  64. 

  65.   <property>
    66. 

  66.     <name>hadoop.kms.acl.GET_METADATA</name>
    67. 

  67.     <value>*</value>
    68. 

  68.     <description>
    69. 

  69.       ACL for get-key-metadata and get-keys-metadata operations.
    70. 

  70.     </description>
    71. 

  71.   </property>
    72. 

  72. 

  73.   <property>
    74. 

  74.     <name>hadoop.kms.acl.SET_KEY_MATERIAL</name>
    75. 

  75.     <value>*</value>
    76. 

  76.     <description>
    77. 

  77.       Complementary ACL for CREATE and ROLLOVER operations to allow the client
    78. 

  78.       to provide the key material when creating or rolling a key.
    79. 

  79.     </description>
    80. 

  80.   </property>
    81. 

  81. 

  82.   <property>
    83. 

  83.     <name>hadoop.kms.acl.GENERATE_EEK</name>
    84. 

  84.     <value>*</value>
    85. 

  85.     <description>
    86. 

  86.       ACL for generateEncryptedKey CryptoExtension operations.
    87. 

  87.     </description>
    88. 

  88.   </property>
    89. 

  89. 

  90.   <property>
    91. 

  91.     <name>hadoop.kms.acl.DECRYPT_EEK</name>
    92. 

  92.     <value>*</value>
    93. 

  93.     <description>
    94. 

  94.       ACL for decryptEncryptedKey CryptoExtension operations.
    95. 

  95.     </description>
    96. 

  96.   </property>
    97. 

  97. 

  98.   <property>
    99. 

  99.     <name>default.key.acl.MANAGEMENT</name>
    100. 

  100.     <value>*</value>
    101. 

  101.     <description>
    102. 

  102.       default ACL for MANAGEMENT operations for all key acls that are not
    103. 

  103.       explicitly defined.
    104. 

  104.     </description>
    105. 

  105.   </property>
    106. 

  106. 

  107.   <property>
    108. 

  108.     <name>default.key.acl.GENERATE_EEK</name>
    109. 

  109.     <value>*</value>
    110. 

  110.     <description>
    111. 

  111.       default ACL for GENERATE_EEK operations for all key acls that are not
    112. 

  112.       explicitly defined.
    113. 

  113.     </description>
    114. 

  114.   </property>
    115. 

  115. 

  116.   <property>
    117. 

  117.     <name>default.key.acl.DECRYPT_EEK</name>
    118. 

  118.     <value>*</value>
    119. 

  119.     <description>
    120. 

  120.       default ACL for DECRYPT_EEK operations for all key acls that are not
    121. 

  121.       explicitly defined.
    122. 

  122.     </description>
    123. 

  123.   </property>
    124. 

  124. 

  125.   <property>
    126. 

  126.     <name>default.key.acl.READ</name>
    127. 

  127.     <value>*</value>
    128. 

  128.     <description>
    129. 

  129.       default ACL for READ operations for all key acls that are not
    130. 

  130.       explicitly defined.
    131. 

  131.     </description>
    132. 

  132.   </property>
    133. 

  133. 

  134. 

  135. </configuration>
    136.