Fixed Issues in Ranger KMS

Review the list of Ranger KMS issues that are resolved in Cloudera Runtime 7.3.1, its service packs and cumulative hotfixes.

Cloudera Runtime 7.3.1.500 SP3

CDPD-83428: Logic to check if metric collection is thread-safe or not, not to parse the entire configuration every-time: Previously, the KMSWenApp metric collection logic tried getting and parsing the Key Management Server (KMS) configuration every time KMS configuration was required. The underlying configuration class acquired a lock for initialization blocking other threads from using the KMS configuration.
This issue is now fixed. The configuration value is now initialized and kept as an instance member, which is used every time to check metrics collection thread safety flags.

There are no fixed issues in this release.

There are no fixed issues in this release.

There are no fixed issues in this release.

There are no fixed issues in this release.

OPSAPS-70657: KEYTRUSTEE_SERVER & RANGER_KMS_KTS migration to RANGER_KMS from Cloudera Runtime 7.1.x to UCL: KEYTRUSTEE_SERVER and RANGER_KMS_KTS services are not supported starting from the Cloudera Runtime 7.3.1.0 release. Therefore added validation and confirmation messages to the Cloudera Manager upgrade wizard to alert the user to migrate KEYTRUSTEE_SERVER keys to RANGER_KMS before upgrading to Cloudera Runtime 7.3.1.0 release.
OPSAPS-70656: Remove KEYTRUSTEE_SERVER & RANGER_KMS_KTS from Cloudera Manager for UCL: The Keytrustee components - KEYTRUSTEE_SERVER and RANGER_KMS_KTS services are not supported starting from the Cloudera Runtime 7.3.1.0 release. These services cannot be installed or managed with Cloudera Manager 7.13.1.0 using Cloudera Runtime 7.3.1.0.
CDPD-19186: Replacement of algorithm PBEWithMD5AndTripleDES for Ranger KMS key operations: Support for PBKDF2WithHmacSHA256 is added in KMS.
Code to decrypt the Masterkey and all Zonekeys using the older algorithm and then re-encrypt it using the latest algorithm is implemented.