[ https://issues.apache.org/jira/browse/HADOOP-12699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15120323#comment-15120323 ]
Zhe Zhang commented on HADOOP-12699: ------------------------------------ Great analysis [~xiaochen]! I think the above sequence does cause an EDEK generated from the old EZ key to be returned. The approach in the patch is reasonable. I wonder if there's anything we can do on the entrance of {{keyQueue}}? E.g. compare {{keyProviderCryptoExtension.getCurrentKey()}} and the {{encryptionKeyVersionName}} of the added key? > TestKMS#testKMSProvider intermittently fails during 'test rollover draining' > ---------------------------------------------------------------------------- > > Key: HADOOP-12699 > URL: https://issues.apache.org/jira/browse/HADOOP-12699 > Project: Hadoop Common > Issue Type: Bug > Reporter: Xiao Chen > Assignee: Xiao Chen > Attachments: HADOOP-12699.01.patch, HADOOP-12699.02.patch, > HADOOP-12699.03.patch, HADOOP-12699.04.patch, HADOOP-12699.06.patch, > HADOOP-12699.07.patch, HADOOP-12699.repro.2, HADOOP-12699.repro.patch > > > I've seen several failures of testKMSProvider, all failed in the following > snippet: > {code} > // test rollover draining > KeyProviderCryptoExtension kpce = KeyProviderCryptoExtension. > createKeyProviderCryptoExtension(kp); > ..... > EncryptedKeyVersion ekv1 = kpce.generateEncryptedKey("k6"); > kpce.rollNewVersion("k6"); > EncryptedKeyVersion ekv2 = kpce.generateEncryptedKey("k6"); > Assert.assertNotEquals(ekv1.getEncryptionKeyVersionName(), > ekv2.getEncryptionKeyVersionName()); > {code} > with error message > {quote}Values should be different. Actual: k6@0{quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)