[
https://issues.apache.org/jira/browse/HADOOP-12699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127350#comment-15127350
]
Andrew Wang commented on HADOOP-12699:
--------------------------------------
Thanks for all the work here [~xiaochen], LGTM overall, just doc notes
basically:
* Need a {{<p/>}} tag to get a line break in Javadoc
* Using single line comment in TestKMS rather than {{/**}} means that the
{{@see}} doesn't work, so need to make it into actual Javadoc if you want this
to work.
I'll also note a little discrepancy in the unit test vs. actual usage, which is
that we're using a CryptoExtension in the test rather than a KMSClientProvider.
KMSClientProvider has another level of caching via ValueQueue, so it makes our
story to users even more complicated.
The KMS documentation is available here:
{{hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm}} and has a
cache section. We could update it to mention the server and client side
caching, and what kind of behavior can be expected. Basically, I as a user
might have the following questions which the docs should answer:
* What caches are present on the system? KMS and client. NN could be called out
specifically as a KMS client.
* What config keys control these caches?
* What is my window of staleness after I roll a key? I'd expect server cache
timeout + client cache timeout, but I don't know how eagerly Guava caches
expire items.
* Anything else you can think of
> TestKMS#testKMSProvider intermittently fails during 'test rollover draining'
> ----------------------------------------------------------------------------
>
> Key: HADOOP-12699
> URL: https://issues.apache.org/jira/browse/HADOOP-12699
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-12699.01.patch, HADOOP-12699.02.patch,
> HADOOP-12699.03.patch, HADOOP-12699.04.patch, HADOOP-12699.06.patch,
> HADOOP-12699.07.patch, HADOOP-12699.08.patch, HADOOP-12699.repro.2,
> HADOOP-12699.repro.patch
>
>
> I've seen several failures of testKMSProvider, all failed in the following
> snippet:
> {code}
> // test rollover draining
> KeyProviderCryptoExtension kpce = KeyProviderCryptoExtension.
> createKeyProviderCryptoExtension(kp);
> .....
> EncryptedKeyVersion ekv1 = kpce.generateEncryptedKey("k6");
> kpce.rollNewVersion("k6");
> EncryptedKeyVersion ekv2 = kpce.generateEncryptedKey("k6");
> Assert.assertNotEquals(ekv1.getEncryptionKeyVersionName(),
> ekv2.getEncryptionKeyVersionName());
> {code}
> with error message
> {quote}Values should be different. Actual: k6@0{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
