[jira] [Work logged] (HADOOP-17208) LoadBalanceKMSClientProvider#deleteKey should invalidateCache via all KMSClientProvider instances

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-17208?focusedWorklogId=482385&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-482385
 ]

ASF GitHub Bot logged work on HADOOP-17208:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/Sep/20 00:51
            Start Date: 12/Sep/20 00:51
    Worklog Time Spent: 10m 
      Work Description: xiaoyuyao commented on pull request #2259:
URL: https://github.com/apache/hadoop/pull/2259#issuecomment-691368970


   Thanks @Hexiaoqiao and @jiwq for the review. The LBKMSCP is tricky to unit 
test within MiniCluster environment. The scenario here fits better for an 
end-to-end test that requires multiple KMS server instances to work with JCEKS, 
which does not have consistency guarantee like Ranger KMS. I would suggest open 
a separate ticket to add end-to-end test for KMS-HA, some of this can be 
implemented with docker based tests under junit. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 482385)
    Time Spent: 0.5h  (was: 20m)

> LoadBalanceKMSClientProvider#deleteKey should invalidateCache via all 
> KMSClientProvider instances
> -------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-17208
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17208
>             Project: Hadoop Common
>          Issue Type: Improvement
>    Affects Versions: 2.8.4
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Without invalidateCache, the deleted key may still exists in the servers' key 
> cache (CachingKeyProvider in KMSWebApp.java)  where the delete key was not 
> hit. Client may still be able to access encrypted files by specifying to 
> connect to KMS instances with a cached version of the deleted key before the 
> cache entry (10 min by default) expired. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org