hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11110) JavaKeystoreProvider should not report a key as created if it was not flushed to the backing file
Date Sat, 27 Sep 2014 00:27:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11110?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14150262#comment-14150262
] 

Andrew Wang commented on HADOOP-11110:
--------------------------------------

Hi Arun, this looks great. I just have a few small comments:

- KeyShell, I notice that we print the success message before flushing in various places.
Should these prints be moved down? I think we wouldn't see this when testing with the KMS
since it always flushes implicitly, but we might when using JKS.
- FailureInjectingJKSP, could we make the "failjceks" string a public constant like "jceks"
is in JKSP? We can also use JKSP#SCHEME_NAME rather than hardcoding "jceks" again.

Test:
- Some lines longer than 80 chars
- "faulre furing" is in two comments, typo ;)
- Rather than the wrapper that checks the getClass() is FIJKSP, we could use KeyProviderFactory#get
to get explicitly a failjceks. This is more of a sure thing, and also we'd definitely not
skip the test if somehow what we get out is not a FIJKSP.

> JavaKeystoreProvider should not report a key as created if it was not flushed to the
backing file
> -------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11110
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11110
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.5.0
>            Reporter: Andrew Wang
>            Assignee: Arun Suresh
>         Attachments: HADOOP-11110.1.patch
>
>
> Testing with the KMS backed by JKS reveals the following:
> {noformat}
> [root@dlo-4 ~]# hadoop key create testkey -provider kms://http@localhost:16000/kms
> testkey has not been created. Mkdirs failed to create file:xxxxx
> ....<stack trace>....
> [root@dlo-4 ~]# hadoop key list -provider kms://http@localhost:16000/kms
> Listing keys for KeyProvider: KMSClientProvider[http://localhost:16000/kms/v1/]
> testkey
> {noformat}
> The JKS still has the key in memory and serves it up, but will disappear if the KMS is
restarted since it's not flushed to the file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message