[ https://issues.apache.org/jira/browse/HADOOP-12699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127350#comment-15127350 ]
Andrew Wang commented on HADOOP-12699: -------------------------------------- Thanks for all the work here [~xiaochen], LGTM overall, just doc notes basically: * Need a {{<p/>}} tag to get a line break in Javadoc * Using single line comment in TestKMS rather than {{/**}} means that the {{@see}} doesn't work, so need to make it into actual Javadoc if you want this to work. I'll also note a little discrepancy in the unit test vs. actual usage, which is that we're using a CryptoExtension in the test rather than a KMSClientProvider. KMSClientProvider has another level of caching via ValueQueue, so it makes our story to users even more complicated. The KMS documentation is available here: {{hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm}} and has a cache section. We could update it to mention the server and client side caching, and what kind of behavior can be expected. Basically, I as a user might have the following questions which the docs should answer: * What caches are present on the system? KMS and client. NN could be called out specifically as a KMS client. * What config keys control these caches? * What is my window of staleness after I roll a key? I'd expect server cache timeout + client cache timeout, but I don't know how eagerly Guava caches expire items. * Anything else you can think of > TestKMS#testKMSProvider intermittently fails during 'test rollover draining' > ---------------------------------------------------------------------------- > > Key: HADOOP-12699 > URL: https://issues.apache.org/jira/browse/HADOOP-12699 > Project: Hadoop Common > Issue Type: Bug > Reporter: Xiao Chen > Assignee: Xiao Chen > Attachments: HADOOP-12699.01.patch, HADOOP-12699.02.patch, > HADOOP-12699.03.patch, HADOOP-12699.04.patch, HADOOP-12699.06.patch, > HADOOP-12699.07.patch, HADOOP-12699.08.patch, HADOOP-12699.repro.2, > HADOOP-12699.repro.patch > > > I've seen several failures of testKMSProvider, all failed in the following > snippet: > {code} > // test rollover draining > KeyProviderCryptoExtension kpce = KeyProviderCryptoExtension. > createKeyProviderCryptoExtension(kp); > ..... > EncryptedKeyVersion ekv1 = kpce.generateEncryptedKey("k6"); > kpce.rollNewVersion("k6"); > EncryptedKeyVersion ekv2 = kpce.generateEncryptedKey("k6"); > Assert.assertNotEquals(ekv1.getEncryptionKeyVersionName(), > ekv2.getEncryptionKeyVersionName()); > {code} > with error message > {quote}Values should be different. Actual: k6@0{quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)