jameschen1519 opened a new pull request #383: URL: https://github.com/apache/knox/pull/383
(It is very **important** that you created an Apache Knox JIRA for this change and that the PR title/commit message includes the Apache Knox JIRA ID!) ## What changes were proposed in this pull request? This patch fixes a potential issue regarding the creation of Knox's keystores. The current logic checks to see if the keystore path exists--if it doesn't, it tries to create the parent folder of the keystore path. However, there is an edge case, as described in JDK-8130464, where the directory creation fails if the final, parent directory of the keystore path is a symlink. This causes a failure during startup. This PR remedies this by checking if the keystore parent directory exists instead of checking the keystore itself, as checking directories is symlink-safe. There is also no extra logic after the keystore creation, so if the keystore does exist, this turns into a no-op. (Please fill in changes proposed in this fix) ## How was this patch tested? (Please explain how this patch was tested. For instance: running automated unit/integration tests, manual tests. Please write down your test steps as detailed as possible) (If this patch involves UI changes, please attach a screen-shot; otherwise, remove this) This PR was tested against an environment in which the keystore path's parent directory is a symlink. The tests that pass before this change pass after this change, locally. One issue that may be worth noting is that this does not fix the case where some ancestor directory within the keystore path directory chain is an invalid symlink. If C:\a is a symlink to C:\b but C:\b does not exist, then the attempt to create C:\a\z will fail. However, depending on how we would like to do this, this might be a task best assigned to the users. Please review [Knox Contributing Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow) before opening a pull request. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
