[
https://issues.apache.org/jira/browse/HADOOP-17208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17211647#comment-17211647
]
Ayush Saxena commented on HADOOP-17208:
---------------------------------------
[~xyao]/[~hexiaoqiao]
This seems to have broken {{TestKMS.testACLs}}
https://ci-hadoop.apache.org/job/hadoop-qbt-trunk-java8-linux-x86_64/290/testReport/junit/org.apache.hadoop.crypto.key.kms.server/TestKMS/testACLs/
Please give a check
> LoadBalanceKMSClientProvider#deleteKey should invalidateCache via all
> KMSClientProvider instances
> -------------------------------------------------------------------------------------------------
>
> Key: HADOOP-17208
> URL: https://issues.apache.org/jira/browse/HADOOP-17208
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 2.8.4
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Without invalidateCache, the deleted key may still exists in the servers' key
> cache (CachingKeyProvider in KMSWebApp.java) where the delete key was not
> hit. Client may still be able to access encrypted files by specifying to
> connect to KMS instances with a cached version of the deleted key before the
> cache entry (10 min by default) expired.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
