[jira] [Commented] (HADOOP-12699) TestKMS#testKMSProvider intermittently fails during 'test rollover draining'

Mon, 01 Feb 2016 17:13:03 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127350#comment-15127350
 ] 

Andrew Wang commented on HADOOP-12699:
--------------------------------------

Thanks for all the work here [~xiaochen], LGTM overall, just doc notes 
basically:

* Need a {{<p/>}} tag to get a line break in Javadoc
* Using single line comment in TestKMS rather than {{/**}} means that the 
{{@see}} doesn't work, so need to make it into actual Javadoc if you want this 
to work.

I'll also note a little discrepancy in the unit test vs. actual usage, which is 
that we're using a CryptoExtension in the test rather than a KMSClientProvider. 
KMSClientProvider has another level of caching via ValueQueue, so it makes our 
story to users even more complicated.

The KMS documentation is available here: 
{{hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm}} and has a 
cache section. We could update it to mention the server and client side 
caching, and what kind of behavior can be expected. Basically, I as a user 
might have the following questions which the docs should answer:

* What caches are present on the system? KMS and client. NN could be called out 
specifically as a KMS client.
* What config keys control these caches?
* What is my window of staleness after I roll a key? I'd expect server cache 
timeout + client cache timeout, but I don't know how eagerly Guava caches 
expire items.
* Anything else you can think of

> TestKMS#testKMSProvider intermittently fails during 'test rollover draining'
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-12699
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12699
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-12699.01.patch, HADOOP-12699.02.patch, 
> HADOOP-12699.03.patch, HADOOP-12699.04.patch, HADOOP-12699.06.patch, 
> HADOOP-12699.07.patch, HADOOP-12699.08.patch, HADOOP-12699.repro.2, 
> HADOOP-12699.repro.patch
>
>
> I've seen several failures of testKMSProvider, all failed in the following 
> snippet:
> {code}
>         // test rollover draining
>         KeyProviderCryptoExtension kpce = KeyProviderCryptoExtension.
>             createKeyProviderCryptoExtension(kp);
>         .....
>         EncryptedKeyVersion ekv1 = kpce.generateEncryptedKey("k6");
>         kpce.rollNewVersion("k6");
>         EncryptedKeyVersion ekv2 = kpce.generateEncryptedKey("k6");
>         Assert.assertNotEquals(ekv1.getEncryptionKeyVersionName(),
>             ekv2.getEncryptionKeyVersionName());
> {code}
> with error message
> {quote}Values should be different. Actual: k6@0{quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to