| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <configuration> |
| |
| <!-- This file is hot-reloaded when it changes --> |
| |
| <!-- KMS ACLs --> |
| |
| <property> |
| <name>hadoop.kms.acl.CREATE</name> |
| <value>*</value> |
| <description> |
| ACL for create-key operations. |
| If the user does is not in the GET ACL, the key material is not returned |
| as part of the response. |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.DELETE</name> |
| <value>*</value> |
| <description> |
| ACL for delete-key operations. |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.ROLLOVER</name> |
| <value>*</value> |
| <description> |
| ACL for rollover-key operations. |
| If the user does is not in the GET ACL, the key material is not returned |
| as part of the response. |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.GET</name> |
| <value>*</value> |
| <description> |
| ACL for get-key-version and get-current-key operations. |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.GET_KEYS</name> |
| <value>*</value> |
| <description> |
| ACL for get-keys operation. |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.GET_METADATA</name> |
| <value>*</value> |
| <description> |
| ACL for get-key-metadata an get-keys-metadata operations. |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.SET_KEY_MATERIAL</name> |
| <value>*</value> |
| <description> |
| Complimentary ACL for CREATE and ROLLOVER operation to allow the client |
| to provide the key material when creating or rolling a key. |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.GENERATE_EEK</name> |
| <value>*</value> |
| <description> |
| ACL for generateEncryptedKey CryptoExtension operations |
| </description> |
| </property> |
| |
| <property> |
| <name>hadoop.kms.acl.DECRYPT_EEK</name> |
| <value>*</value> |
| <description> |
| ACL for decrypt EncryptedKey CryptoExtension operations |
| </description> |
| </property> |
| |
| <property> |
| <name>default.key.acl.MANAGEMENT</name> |
| <value>*</value> |
| <description> |
| default ACL for MANAGEMENT operations for all key acls that are not |
| explicitly defined. |
| </description> |
| </property> |
| |
| <property> |
| <name>default.key.acl.GENERATE_EEK</name> |
| <value>*</value> |
| <description> |
| default ACL for GENERATE_EEK operations for all key acls that are not |
| explicitly defined. |
| </description> |
| </property> |
| |
| <property> |
| <name>default.key.acl.DECRYPT_EEK</name> |
| <value>*</value> |
| <description> |
| default ACL for DECRYPT_EEK operations for all key acls that are not |
| explicitly defined. |
| </description> |
| </property> |
| |
| <property> |
| <name>default.key.acl.READ</name> |
| <value>*</value> |
| <description> |
| default ACL for READ operations for all key acls that are not |
| explicitly defined. |
| </description> |
| </property> |
| |
| |
| </configuration> |